View Current

Records Management Policy

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Purpose

(1) The University of Wollongong (the University) is required to comply with the State Records Act 1998, Museums of History Act 2022 and associated regulations, standards, policies, codes of best practice, and guidelines to ensure full and accurate records are created, captured, and managed for all UOW business activities.

(2) The purpose of this Policy is to provide a framework for records management to:

  1. facilitate the University’s compliance obligations with the State Records Act 1998;
  2. establish principles for the creation, management, storage, use and disposal of records at the University;
  3. define the responsibilities of staff and affiliates in complying with the State Records Act 1998; and
  4. establish a records management program for the University that is in conformity with standards and codes of best practice.
Top of Page

Section 2 - Application and Scope

(3) This Policy applies to all records in all formats created, received, or managed by the University for all its business activities and functions. These records are State records for the purposes of the State Records Act 1998.

(4) Any reference to a record includes information and data. Data is considered to be the basis of a business transaction and as such is part of a State record and is to be managed in accordance with this Policy.

(5) This Policy applies to all digital platforms and physical locations used by the University to conduct its business activities and functions. This includes all systems, applications, databases, and communication channels used by the University across all platforms and locations whether managed on premises, off-site or cloud based.

(6) This Policy applies to all University staff and affiliates.

(7) A breach of this Policy may constitute misconduct pursuant to University Codes, Policies, and Guidelines, and may be subject to disciplinary action.

(8) This Policy does not apply to the University’s controlled entities. the University’s controlled entities have their own policies and procedures for the management of records.

Top of Page

Section 3 - Principles

(9) Records are considered a key asset of the University, integral to its functions.

(10) The University is committed to establishing and maintaining records management practices that achieve appropriate and ongoing management of its valuable assets to meet compliance obligations, advance UOW’s strategic priorities, support accountability requirements and satisfy community expectations.

(11) Effective records management at the University is based on the following principles:

  1. the organisation takes responsibility for records management by establishing governance frameworks, assigning responsibilities and undertaking monitoring activities;
  2. records are created and well managed to ensure they are authentic, useable, reliable, accessible, and safeguarded;
  3. records management supports short and long-term business operations;
  4. records are comprehensively managed across all operating environments, including diverse system environment and physical locations; and
  5. records risks are identified, managed or mitigated to ensure the integrity and availability of records.

(12) This Policy also aims to demonstrate compliance with standard 7.3 Information Management of the Higher Education Standards Framework (Threshold Standards) 2021 (Cth) and the AS ISO 15489.1:2017 Information and documentation.

Top of Page

Section 4 - Records Management Program

(13) The University is required to establish and maintain a Records Management Program that satisfies the requirements of the State Records Act 1998.

(14) The University’s Program covers records management across the following categories:

  1. People and Governance – Records are able to support all corporate business operations. Governance frameworks are established to focus on assigning responsibility, policy development, monitoring records management activities and establishing provisions relating to outsourcing and service delivery arrangements;
  2. Business Systems and Operations – Records management is designed to support short and long-term business operations. This involved ensuring that records are accessible, reliable, and usable to facilitate decision-making, accountability and transparency;
  3. Effective Records Management – Records are managed throughout their lifecycle, from creation to disposal, ensuring security, retention and availability;
  4. Training and Awareness - Ongoing training and awareness initiatives to ensure all staff and affiliates understand their records management responsibilities and the importance of compliance with relevant legislation and standards; and
  5. Monitoring and Reporting- Regular monitoring and reporting mechanisms are in place to assess the effectiveness of the records management program. This includes assessments to ensure continuous improvement and compliance.
Top of Page

Section 5 - Ownership, Custody and Control of UOW Records

(15) All records created or received by staff or affiliates, in the course of the University’s operations and activities, are owned by the University, subject to provisions under the University’s Intellectual Property Policy or as specified under contractual arrangements. Regardless of the ownership of records, any record created, accessed, and or stored by the University must be managed pursuant to this Policy.

(16) Museums of History NSW is entitled to control University records once they are no longer is use for official University purposes.

Top of Page

Section 6 - Creation of Records

(17) The University is required to ensure that records are routinely created as part of normal business practice.

(18) Records that are created must be reliable and trustworthy, identifiable, retrievable and accessible. This is achieved through the application of adequate metadata.

Top of Page

Section 7 - Business Systems and Databases

(19) The University is required to ensure that records management is a designed component across all platforms so that records management risks are adequately identified, managed, and mitigated, especially where high-risk and/or high-value business is conducted.

(20) The UOW Recordkeeping Impact Assessment (RIA) Tool is to be utilised in the assessment of any new or existing system to meet the University’s information compliance obligations.

(21) In accordance with the IT Acceptable Use Policy, only enterprise storage solutions provided or approved by IMTS are suitable for storing University records.

(22) The State Records NSW ‘Standard on Records Management’ requires that systems:

  1. are able to manage the required retention period and disposal process; and
  2. appropriately protect records from unauthorised or unlawful access, destruction, loss, deletion, and alteration.

(23) The Electronic Document and Records Management System (EDRMS) is the dedicated enterprise system for records management at the University and provides compliant management of records.

(24) Where one system is being replaced by another system, the University must ensure the transfer is planned and documented in a manner that ensures the integrity, accuracy and context of the records and associated metadata is maintained. The migration process is to be in compliance with the requirements of GA48- Source records that have been migrated.

(25) Where a system is decommissioned the handling of the associated records must be planned and documented in accordance with the relevant retention and disposal authority issued under the State Records Act 1998.

(26) All enterprise storage solutions provided or approved by IMTS are to be monitored, audited or tested to ensure there are no issues affecting records integrity, useability or accessibility. This is in accordance with the Cyber Security Policy, Data Governance Procedureand/or contractual arrangements.

Top of Page

Section 8 - Physical Records

(27) Security and environmental control measures are to be implemented and monitored to ensure the integrity and protection of physical records. This is in accordance with the State Records NSW Standard on the Physical Storage of State records.

(28) Storage of physical records in any other location, other than storage areas and facilities which are controlled and managed by the University is not permitted.

(29) Any commercial storage services utilised by the University are to be assessed to ensure that the storage area/facility meets the requirements of the standard. See section 11 for obligations regarding third-party service providers.

Top of Page

Section 9 - Management of Records outside NSW

(30) The University must not take or send a record outside NSW unless permitted or authorised under the State Records Act 1998. Subject to clause 31 and section 11 of this Policy.

(31) Permission for the transfer of records outside NSW for the purposes of maintenance or storage with a service provider is authorised under GA35- General Authority for transferring records out of NSW for storage with or maintenance by service providers based outside of the State. The University must meet the conditions as outlined in GA35 to effect any transfers outside NSW for the purpose of maintenance or storage with a service provider.

Top of Page

Section 10 - Security

(32) Staff and affiliates must only access records for which they have a legitimate business need in the course of their employment and for which they have authorised access.

(33) The University is required to ensure:

  1. all records are stored, accessed, managed and used in accordance with their information security classification as documented in the Data Governance Procedure, Data Handling Guidelines, and Research Data Management Policy;
  2. all personal and health records are managed in compliance with the requirements as outlined in the Privacy Policy
  3. all records are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration, in accordance with the Cyber Security Policy and IT Acceptable Use Policy, and IT Server Security Policy; and
  4. records management practices are regularly monitored and reviewed to ensure they meet information security needs.

(34) If it is necessary for a record to be given to a person in connection with the provision of a service to UOW (third-party engagement), everything reasonably within the power of the University is done to prevent unauthorised access, use or disclosure of the record. See section 11 of this Policy for obligations regarding third-party engagements.

(35) The University applies appropriate backup and disaster recovery practices in accordance with the Business Continuity Management Policy, to meet its obligations under the State Records Act 1998.

Top of Page

Section 11 - Use of Third-Party Service Providers

(36) In circumstances where the University engages a third-party service provider to create, capture, store, exchange, and/or dispose of records with, or on behalf of, the University, including where a service provider hosts an information system or provides software as a service or cloud storage, the University must:

  1. ensure that the third-party has adequate measures in place to manage the records and information in accordance with this Policy;
  2. retain ownership of the records and right of access; and
  3. include appropriate compliance obligations in any contractual arrangement with the third-party.

(37) See UOW’s Data Security and Third-Party Engagement for further information.

(38) Contracts and agreements, between the University and third parties that have a value of $150,000 or more must be published on the University’s GIPA Contracts Register within 45 working days after the contract becomes effective. This is in accordance with the University’s reporting requirements under the Government Information (Public Access) Act 2009 (NSW) (GIPA Act).

Top of Page

Section 12 - Access to Records under the State Records Act

(39) The State Records Act 1998 (NSW) promotes the principle of open government by presuming all records are open to public access by default after 20 years.

(40) The University must ensure that records that contain personal, sensitive, commercial or confidential information are subject to a closed public access direction to restrict access by the public.

(41) The University must register the access directions with the Museums of History NSW and is required to be reviewed every 5 years.

Top of Page

Section 13 - Public Access to Records via the Government Information (Public Access) Act 2009 (NSW) (GIPA Act)

(42) The University is bound by the GIPA Act, which facilitates public access to records held by the University.

(43) There are 4 avenues which the public may access records held by the University unless there is an overriding public interest against disclosure. These avenues include:

  1. open access information;
  2. proactive release of information;
  3. informal access requests; and
  4. formal access applications.

(44) For further information please see the UOW Agency Information Guide.

(45) The Vice-Chancellor and President, as UOW’s Principal Officer, has authorised Right to Information Officers to exercise the functions of the University under the GIPA Act.

(46) Requests for information via legal instruments are managed by the Information Compliance Unit (ICU). Staff and affiliates are required to assist with any direction relating to a request for information managed by ICU. This is in accordance with the University Code of Conduct.

Top of Page

Section 14 - Retention Periods and Disposal of Records

Retention

(47) Records must be retained for the minimum legal retention periods as specified in the relevant retention and disposal authority under the State Records Act 1998. High-value and high-risk records must be prioritised, safeguarded and closely managed.

(48) Extended retention periods require an evaluation based on the University’s operational needs, resource implications, public interest considerations, and privacy obligations (refer to the UOW Privacy Policy).

(49) Extended retention requirements may apply in the following circumstances:

  1. to meet specified or implied legislative obligations;
  2. where required to meet contractual arrangements; or
  3. to satisfy ongoing University business needs.

Disposal

(50) Records must be systematically and accountably disposed of (by destruction or by any other means i.e. transfer) as permitted by the relevant authority issued under the State Records Act 1998 (NSW). Disposals must be appropriately authorised by the relevant officer as outlined in this Policy (see Section 15 Roles and Responsibilities). The University’s records disposal form is available to assist the authorised officers to carry out the disposal process in a compliant manner.

(51) Records documenting the disposal process must be retained for an additional 20 years from the date of disposal as outlined in GA28 - Administrative Records.

(52) The University’s EDRMS facilitates storage of these records.

(53) Any records related to current litigation or formal access applications under the GIPA Act must be retained and removed from any disposal processes. The records may only be returned for disposal with the approval of the General Counsel.

(54) Records that have met their legislative and business retention requirements and are appraised and selected for inclusion in the UOW archival collection will be managed in accordance with the Library Collections Policy.

(55) Where a change management process occurs resulting in the consolidation or cessation of a particular function, the authorised officer of the portfolio that is most closely aligned with that previous function will the appropriate delegate for the management of those records. Transfer of records to a different portfolio is to be planned and documented. This will ensure the proper management, retention and/or disposal of records takes place. ICU is to be consulted to assist in facilitating this process.

Normal Administrative Practice

(56)  Certain low-value or short-term records that are not required to be retained may be destroyed without formal authorisation in accordance with Normal Administrative Practice (NAP). Please refer to the State Records Regulation 2024 guideline: Schedule 2 Guidelines on what constitutes normal administrative practice

State archives - Transfer of Records and Information

(57) Records identified as State archives are required to be routinely transferred into the custody of the Museums of History NSW when no longer in use for University business activities.

(58) Transfer plans are required to be developed and submitted to Museums of History NSW every five years, regardless of the intention to transfer records.

Top of Page

Section 15 - Roles and Responsibilities

(59) The Vice-Chancellor and President is responsible for:

  1. ensuring the University complies with the requirements of the State Records Act 1998;
  2. assigning the oversight of records management to a designated senior officer (Senior Responsible Officer); and
  3. the exercise of the University’s functions under the GIPA Act

(60) The Senior Responsible Officer (SRO) is the Vice-President Operations (VPO) and oversees:

  1. the strategic and managerial responsibility for records management including the records management program; and
  2. ensures that records management is in place and operating effectively to support Unviersity business operations.

(61) The General Counsel is responsible for:

  1. the operational oversight of the records management program managed by ICU;
  2. providing approval of access directions and the transfer of records to the Museums of History NSW; and
  3. providing approval to return records subject to litigation or formal access applications to a compliant disposal process.

(62) The Information Compliance Unit (ICU) is responsible for:

  1. implementing and maintaining the Records Management Program;
  2. facilitating compliance activities associated with the State Records Act 1998 and this Policy;
  3. managing the University’s EDRMS with the support of IMTS;
  4. liaising, cooperating and preparing mandatory reports with relevant regulatory agencies such as State Records NSW and Museums of History NSW;
  5. facilitating the submission of Transfer Plans and Access Directions to the Museums of History NSW ;and
  6. providing advice and training to staff and affiliates in relation to recordkeeping obligations.

(63) The Executive Dean of Faculty/Director/Chief Officer or delegate is responsible for:

  1. compliant records management for their respective areas in accordance with the State Records Act 1998 and the records management program including:
    1. providing approval of records disposal via the University records disposal form;
    2. authorising access to EDRMS for staff and affiliates who have a legitimate business need;
    3. ensuring records management is a designed component of all business systems, programs, and processes in their portfolio, especially where high-risk and high-value business is undertaken; and
    4. ensuring that records are not retained for longer than required for business needs.
    5. implementing and supporting a culture of strong records management compliance;
    6. embedding records management strategies that align with the University’s critical business priorities;
    7. ensuring that all staff in their portfolio are aware of the records management requirements outlined in this Policy, the records management program and the enterprise storage solution used by the portfolio;
    8. Identifying high-risk, high-value records and records required to meet short and long-term needs in business systems and processes used by the portfolio; and mitigating and/or managing any associated information risks;
    9. carrying out their duties, as they apply to the management of records, as outlined in the Data Governance Procedure.

(64) Archives is responsible for:

  1. custody and control of UOW archival collections in accordance with the Library Collections Policy.

(65) All staff and affiliates are responsible for:

  1. complying with the University’s recordkeeping obligations as specified in this Policy and the Records Management Program;
  2. attending training or completing online training to ensure that records principles and requirements are maintained;
  3. ensuring that records made and kept, or received and kept, in the course of the exercise of their official function at the University are captured, managed, accessed and retained in accordance with the provisions of this Policy;
  4. carrying out their duties, as they apply to the management of records, as outlined in the Data Governance Procedure
Top of Page

Section 16 - Review

(66) This policy will be reviewed and updated as required to ensure changes in legislation, University business activities, priorities, technologies, and resources available to the University are considered.

Top of Page

Section 17 -  Definitions

Word/Term
Definition
Access direction
Direction detailing the early access to or the closing of records to public access under the State Records Act 1998.
Affiliate
Includes people holding the University of Wollongong Honorary Awards as conferred by the University Council, including the awards of Emeritus Professor, Honorary Doctor and University Fellow; people appointed in accordance with the University’s Appointment of Visiting and Honorary Academics Policy; and people engaged by the University as agency staff, contractors, volunteers and work experience students.
Appraisal
The assessment of UOW records to determine their retention period in accordance with business need and legislative requirements.
Continuing value
Records that have administrative, business, fiscal, legal, evidential, or historic value to UOW.
Controlled entities
UOW Global Enterprises group of Companies and UOW Pulse Limited.
Data
Any facts, statistics, instructions, concepts or other information in a form that is capable of being communicated, analysed or processed (whether by an individual or by a computer or other automated means) (Data Sharing (Government Sector) Act 2015 (NSW) section 4).
Decommission Decommissioning is a process by which a business application (or system) is removed from use at UOW.
Disposal
A range of processes associated with implementing appraisal decisions. They include permanently removing records from UOW’s control through an approved process, such as destruction or the transfer of custody or ownership of records.
Electronic Documents and Records Management System (EDRMS)
UOW’s official recordkeeping system designed to control information as required by this Policy and legislative requirements
High-risk / High-value
High risk and high value records will generally be those that:
support UOW’s critical business processes; demonstrate the performance of the University’s principal functions under the University of Wollongong Act 1989, Higher Education Standards Framework (Threshold Standards) 2021, Education Services for Overseas Students Act 2000; hold personal or health information as defined in the Privacy Management Plan; are required as State archives or have long-term (20+ years) retention requirements.
Metadata
Information about the context, content, quality, provenance, and/or accessibility that describes a Record.
Migration
Process of moving records from one hardware or software configuration to another or from one generation of technology to another.
Normal Administrative Practice (NAP)
An instrument that allows destruction of certain types of low-value and short-term records in the normal course of business.
Privacy Impact Assessment Tool (PIA Tool)
A tool that facilitates the identification and examination of privacy impacts associated with a UOW program, activity, or technology including consideration of the steps required to minimize privacy risks.
The use of the PIA Tool aims to achieve best practice privacy compliance, protect UOW’s reputation and meet community standards.
Record(s)
Information created, received and maintained as evidence and as an asset by an organisation or person, in pursuit of legal obligations, or in the transaction of business (AS ISO 15489.1:2017 section 3.14).
Records Impact Assessment Tool (RIA Tool)
A tool that facilitates the identification and examination of recordkeeping impacts associated with a UOW program, activity, or technology including consideration of the steps required to minimize recordkeeping risks.
The use of the RIA tool aims to achieve best practice recordkeeping compliance, protect UOW’s reputation and meet community standards.
Records Management Program (Program)
A program developed by the University to create and maintain a records suite of policies and procedures and ensure it has skilled people and appropriate technology and systems required to manage records. The program will be monitored and evaluated to provide continuous improvement and assurance that the needs of the University and regulatory requirements are met.
Retention Period
A period of time for which records should be kept to meet regulatory, business and community requirements before they can be disposed.
Right to Information Officers (RIO) Right to Information Officers (RIO) are the General Counsel, Deputy General Counsel and Legal Counsels in the Legal Services Unit, and the Senior Manager and Information Compliance Coordinators in the Information Compliance Unit.
Senior Responsible Officer (SRO)
The officer within the University who has been assigned strategic and managerial responsibility for records management.
SR Act Authority
A formal instrument approved and published by the State Records Authority of NSW in accordance with section 21 of the State Records Act 1998.
State archive
 
A Record that must be retained permanently and that the Museums of History NSW is entitled to take control of under the State Records Act 1998 when no longer required for UOW’s business activities.
State record 
A record made or received by a UOW staff member or affiliate; in the course of exercising official functions in a public office, or for a purpose of a public office, or for the use of a public office (State Records Act 1998 (NSW) section 3).
Staff
All people employed by UOW including conjoint appointments, whether on continuing, permanent, fixed term, casual, cadet or traineeship basis.