Records Management Policy
The intent of this policy is to:
- outline the principles, approach and rules associated with records management at JCU;
- ensure that employees and any other representative of the University understand their recordkeeping roles and responsibilities; and
- outline JCU's commitment to effective, efficient and compliance recordkeeping practices.
The Records Management Policy applies to:
- all officers, employees and any other persons acting in their official capacity for or on behalf of, or in the name of, the University including contractors and third parties;
- to all aspects of the University“s business, including teaching and learning, research, student administration and services, governance and corporate/administrative services; and
- to University records in all formats, including physical (hard copy or paper) records, digitized and scanned records, electronic records including email, records held in databases or on websites, microfiche and other technology-dependent records.
This policy is a component of the Records Management Framework and one of the domains covered by the JCU Information Management Framework (to be developed). It is acknowledged that the development and implementation of the recordkeeping framework and program will be progressive and evolve over time. The records management program operationalizes the Records Management Framework and this policy.
NOTE: The management of some records types such as research data or legal records are subject to additional policy requirements – please refer to the Policy Library or contact Corporate Information Services if you are unsure what the requirements are or what policies relate to the record types you are responsible for.
Refer to the Records Management Glossary (under development)
What is a University record?
A University record is defined as recorded information, in any form, created or received by JCU or any person acting on behalf of JCU, in the transaction of business or the conduct of affairs and that provides evidence of such business or affairs.
Records can be in any form including paper based, email, microfiche, voice recording, data stored in a business system (such as Student One, HR or Finance system), disks, memory sticks, CD“s, maps, plans, photographs, internet and intranet etc. A record may exist in more than one form, for example as a paper letter, as a word document and as a scanned image.
It should be noted that except in limited circumstances drafts are not considered a record. For more information refer to “What is a record?” Guideline
Policy and Procedures
The University recognizes that corporate records play a critical role in:
- supporting good business practices that aligns to the strategic direction;
- supporting service delivery, business continuity and good corporate governance;
- providing for evidence based and informed decision making;
- promoting accountability and transparency;
- supporting compliance with various legislative and regulatory provisions (including Right to Information, Information Privacy, ethical conduct etc.);
- capturing the corporate memory of the University; and
- providing evidence of what the University, its employees, students and stakeholders have (or haven“t) done, decisions made and any undertakings given.
James Cook University is committed to establishing, maintaining and continually improving its records management practices, processes and culture, and strives to establish a compliant, effective and efficient records management program led by the Corporate Information Services.
All JCU staff (and those acting on behalf of JCU) are responsible for the making, management and keeping of University records in accordance with this policy.
This Policy is based on 4 overarching Records Management Principles
1. Records Management must be systematic and comprehensive.
- JCU records must be made to reflect all University business including all activities, transactions, decisions, representations, considerations and undertakings.
- Records must be made at the time of, or as soon as practicable after, the event to which they relate.
- Standardized records management processes will be entrenched within the business processes in which records are created, received, accessed, used, disclosed, transferred, preserved or destroyed.
- JCU records must be captured in a systematic and standardized manner in an approved business system or the electronic document and records management system to ensure ongoing authenticity.
- All records will be classified according to JCU“s Business Classification Scheme (BCS), any other applicable classification tools and the relevant standards (e.g. Naming, Data quality etc.).
- Ownership of all JCU records is vested in James Cook University.
2. Records Management is everyone’s responsibility.
- Under the Public Records Act 2002 the Vice-Chancellor is ultimately responsible for records management within JCU.
- The Vice-Chancellor has assigned recordkeeping responsibility to all staff. All staff are responsible for making and keeping full and accurate records that adequately document University business and support any decisions made. Further all staff are responsible for capturing records in JCU“s recordkeeping system (TRIM) or an approved JCU business system (with required recordkeeping functionality).
- Any JCU employee or other person acting in an official capacity for or on behalf of, or in the name of, the University cannot delegate responsibility for ensuring that the records they create or receive are managed in accordance with JCU“s records management framework, however this does not prevent a JCU employee from assigning the activity of capturing records to another employee. If this activity is to be assigned to another person, the assigning officer will still remain accountable for ensuring the records are captured appropriately and in a timely manner.
- Records Management governance has been assigned to the Manager, Corporate Information and eRecords who is responsible for the development, maintenance, monitoring and implementation of records management strategy, framework, programs, monitoring and applications. Disaster planning and recovery along with the vital records program are the responsibility of the Manager, Corporate Information & eRecords.
- Business continuity of the eDRMS and technical system administration is the responsibility of Information Technology & Resources.
- Corporate Information Services will provide operational support and advice to implement the records management framework and programs.
- The University is moving towards a decentralized and devolved records management model where records management activity (aligning to the stages of the lifecycle) are conducted by the work area that creates, receives and uses the applicable records. For example, Human Resource Management maintains the records relating the employee services, recruitment, remuneration etc. This model will be progressively rolled out across the University.
3. Records must be full and accurate and the systems that make, manage or keep them reliable and secure.
- Full and accurate records must demonstrate the following attributes;
- Officers must ensure that the records accurately and completely represent the transaction, activity, decision, discussion or undertaking made by the University.
- Not creating records at all, creating incomplete or inaccurate records, falsification and unauthorized modification may result in legal liability and/or an individual breaching the Code of Conduct and disciplinary action.
- Physical and electronic security measures will be utilized to protect records from unauthorized access, use or disclosure, alteration, damage or destruction.
- The location, access and use of records will be recorded and tracked. Users of records and files are accountable for the records/files while they are in their custody including appropriately protecting the records/files from unauthorized access.
- To ensure that all records are placed in their correct context within the University, all records will be captured within a file (that is, there will be no loose records).
- All staff will be provided with access to the records they require to perform their role unless there are valid business reasons to restrict access (e.g. privacy, confidentiality etc.). Reasons for and access restrictions relating to records are documented in the Records Management Security Classification Scheme.
- Security and access permission to records and the eDRMS will be provided on an as needed basis and must be approved by the relevant Executive.
- Security and access will be monitored and breaches reported to the relevant Executive.
- Prior to obtaining access to the eDRMS a user must complete the required training (as specified by the Manager, Corporate Information and eRecords).
- Physical records must be filed in line with the Filing Standard, digitized in accordance with the Digitisation Standard and stored in conditions consistent with the Storage Standard.
- Records, irrespective of format, will be managed within the electronic document and records management system (eDRMS), TRIM, or an approved business system1.
- Copies of records should not be stored on (removable) peripheral storage devices (e.g. USB, flash drive, memory stick/card, CD etc.) unless the device and its contents are appropriately secured. Original records must never be stored on a (removable) peripheral storage device.
- Records maintained in business systems and the eDRMS may be subject to migration or conversion, or the system may be decommissioned, any such activity will be conducted in line with and consider JCU“s compliance obligations around records management.
4. Records must be retained for as long as they are required and disposed of in a lawful, planned and approved manner.
- Records will be retained in a useable and accessible form for at least the minimum retention period contained within the applicable Retention & Disposal Schedule as approved by the Queensland State Archivist.
- The disposal of records must be conducted in accordance with the Records Disposal Procedure.
- Files created in the eDRMS will be sentenced in accordance with an approved Retention and Disposal Schedule and appraised prior to their transition to inactive storage, permanent retention or their disposal.
- Only officers with Records Management Disposal Delegation may approve the disposal of JCU records. (Any other disposal will be considered unlawful under the Public Records Act and may be subject to fines of $16,500 for each record disposal).
These principles in conjunction with the policy statements will ensure that the University“s Records Management Framework supports good governance including compliance, accountability and transparency.
This Policy along with the supporting Records Management Framework artifacts is the responsibility of the Manager, Corporate Information and eRecords. It will be implemented though:
- a defined and identifiable records management program administered by Corporate Information and eRecords Services;
- the ongoing management of a comprehensive records collection through their lifecycle;
- provision of records management framework including policy, procedures, delegations, standards, forms and records management tools;
- administration and utilization of the electronic document and records management system, TRIM;
- support for the management of records within other business systems (e.g. transactions records relating to finance, HR etc.);
- the provision of advice, support and training to JCU officers in the fulfilment of their records management responsibilities;
- monitoring, auditing and reporting on the performance and quality of the records management system/s, processes and programs; and
- continual improvement of the records management program.
1 - In time all core corporate business systems that make, receive, manage or keep JCU records will be assessed against the relevant recordkeeping standards. Only those systems that meet the standard will be approved for the ongoing storage of records, where a system does not meet the standard then a strategy will be developed to address known gaps.
Records Management Policy Approach
Fundamental to the Records Management approach is the management of records through the Records Management Lifecycle as this provides a logical sequence to records management processes, procedures and activity. All stages of the lifecycle must be managed effectively to support good recordkeeping practice. Many of the supporting artifacts associated with this policy and records management training will focus on specific stages of the lifecycle (for example, the disposal procedure or capture procedures).
What is the Records Lifecycle?
The records lifecycle is a records and archival management model which describes the stages through which a record is said to pass during its „life“. Records do not necessarily experience all stages. For example, some records are retained permanently and never disposed. The lifecycle is a key concept utilized through the framework as many artifacts will align to a specific stage of the lifecycle.
For more information refer to “The Records Lifecycle – birth to death” Guideline
Procedures are not contained within this policy. To view the records management procedures refer to the Corporate Information and eRecords section of the JCU website (staff section).
Related documents, legislation or JCU Statutes
JCU Frameworks, Policy and Procedures
Date for next review:
In JCU Frameworks, Policy and Procedures section: removed Use of Recycled Paper Policy (Disestablished) and replaced with Waste Reduction Management Plan which is now in place and has incorporated into it, recycling of paper.
|16-1||25/02/2016||25/02/2016||Policy Sponsor and Approval Authority amended to reflect Council approved Policy and Delegations Framework.|
Revised to reflect contemporary records management practices and align to sector standards and compliance requirements. Approved by Deputy Vice Chancellor.