Standard for Records and Information Governance


Standard for Records and Information Governance

Purpose

To set the principles and minimum standard for records and information governance in the ACT Public Service, in support of the purposes of the Territory Records Act 2002:

  • to encourage open and accountable government by ensuring that Territory records are made, managed and, if appropriate, preserved, in accessible form
  • to support the management and operation of Territory agencies
  • to preserve Territory records for the benefit of present and future generations
  • to ensure that public access to records is consistent with the principles of the Freedom of Information Act 2016.

Introduction

Information governance is a system for managing information assets across an entire organisation to support its business outcomes.

Records are evidence of business activity. The Territory Records Act 2002 defines them as ‘information created and kept, or received and kept, as evidence and information by a person in accordance with a legal obligation or in the course of conducting business’.

There are many definitions of information. Most simply, the Macquarie Dictionary definition is ‘knowledge communicated or received concerning some fact or circumstance’.

Closely related to records and information is data. The ACT Government’s Data Governance and Management Policy Framework defines data as ‘observations and measurements of things that we are interested and care about’. The policy further identifies administrative data as ‘information collected for delivering public administration’.

Records are, then, specialised forms of information that serve to capture data and information to preserve evidence about transactions, in ways that demonstrate reliably what was decided, said, or done in the course of business activity. Data can provide evidence to inform decision-making. Records provide evidence of the who, what, when, where, why or how of the decisions that are made. They can be in any format, including hard copy or digital.

Standard

Within the context of the Territory Records Act, to be understandable, usable and reliable as evidence of an ACT Government business transaction or event, a record must have the following properties:

  1. Content – Text, data, symbols or images that convey information.
  2. Structure –Arrangement of this information into understandable formats, such as designated fields for required information.
  3. Context – A direct relationship to the technical and/or business environment that created the record, for example through software applications or metadata.

The goals of this Standard and the Data Governance and Management Policy Framework are complementary. Each aims to provide a framework in which information assets can be made, kept and used by the ACT Government. This Standard for Records and Information Governance articulates the principles that must be applied to ensure that data and information can be managed in ways that allow them to function as records when this is required to support business and accountability requirements.

This Standard complements and is informed by other standards and codes in the information governance field, such as:

Benefits

In ACT Government organisations (directorates, agencies, offices, and so on) records are important assets, and some are vital to ACT Government functions. They help to inform, plan for and achieve outcomes that are relevant and valuable to the community, business and government. ACT Government records support efficient, transparent and accountable government, protect individual rights and entitlements, and constitute a valuable and irreplaceable source of community and cultural memory.

Records help to:

  • drive collaboration and communications
  • preserve knowledge for reference and re-use by the community and government;
  • provide the foundation for sustainable and effective products and services;
  • outline responsibilities;
  • support decision-making;
  • document rights and entitlements;
  • make up the corporate memory of an organisation;
  • provide stakeholders with transparency around, and accountability for, government operations; and
  • preserve and contribute to community memory and identity.

To support the benefits identified above, records need to be:

  • trustworthy, and managed accountably;
  • readily accessible, understandable, useable and securable;
  • valued as important to business operations and community memory;
  • governed by appropriate risk management approaches; and
  • maintained to meet business, government and community purposes.

To achieve these outcomes, records must be supported by effective governance and management processes. This standard establishes the requirements for effective records and information governance. It is designed to assist ACT Government organisations and their employees to meet their legislative responsibilities in accordance with the Act. It operates alongside the Data Governance and Management Policy Framework.

Applying this standard will assist ACT Government organisations to:

  • create trustworthy, useful and accountable records in evolving business environments;
  • ensure that meaningful, accurate, reliable and useable records are available whenever required for government business and community needs;
  • sustain and secure the records needed to support both short and long-term business outcomes;
  • enable the reliable sharing of records;
  • automate governance, sharing and continuity processes;
  • prevent unnecessary digital and physical storage and management costs; and
  • proactively protect and manage the records that provide ongoing value to government business and the ACT community.

Principles

The ACT Government’s records and information governance practices will encourage open and accountable government by ensuring that Territory records are managed and preserved in accessible formats to meet business requirements and community expectations.

To achieve this, the following principles apply.


Principle 1: Strategy Principle

Recordkeeping must be planned, rather than ad hoc or reactive. Strategic management for recordkeeping processes allows organisations to set and understand their recordkeeping objectives, manage risk, and plan for and respond to change. Particularly in the digital environment, records will not be created and captured if they are not actively considered and planned for.

Organisations must strategically manage records, information and data by following guidelines for:

  • developing a Records Management Program; and
  • developing and promulgating a Records and Information Governance Policy and supporting procedures and guidelines.

Principle 2: Capability Principle

Recordkeeping strategies and processes cannot be effectively implemented if they are not supported by appropriate resources, including skilled staff, adequate systems and tools, and funding.

Organisations must establish and maintain appropriate records and information governance capabilities by following guidelines for:

  • identifying and providing financial, human and other resources for records and information governance;
  • planning for and measuring the performance of records and information governance activities; and
  • reviewing and improving performance to meet the changing requirements of government business.

Principle 3: Assess Principle

Recordkeeping systems and processes may be misdirected or inadequate if the organisation does not assess and understand its recordkeeping requirements. This includes understanding its needs to create, describe, protect, retain and provide access to records.

Organisations must assess their records and information governance requirements by following guidelines for:

  • establishing processes for identifying the records they need to create and keep, including by supporting ‘records by design’ approaches to business systems development;
  • ascertaining the significance of their records and the risks that are addressed by, or arise from, their creation and management
  • managing records in accordance with their significance, risk and other relevant factors.

Principle 4: Describe Principle

Records cannot be reliable, retrievable or understood if they are not adequately described. This involves capturing and preserving metadata about the record’s creation, content, business context and use.

Organisations must deliberately control records, information and data by following guidelines for:

  • ensuring appropriate and sufficient descriptive elements are incorporated into the systems that manage records; and
  • ensuring the descriptive elements are managed appropriately so the authenticity, usability and reliability of the records are protected.

Principle 5: Protect Principle

To ensure their ongoing reliability, usability and integrity, and to protect the legitimate interests of records creators, users and subjects, records need to be protected from inappropriate access, alteration or disposal.

Organisations must manage the appropriate storage and preservation of records by following guidelines for:

  • identifying the protection requirements for their records; and
  • ensuring appropriate protection measures are in place.

Principle 6: Retain Principle

Records cannot fulfil their functions of protecting rights and entitlements and preserving business and community memory if they are not retained for as long as those requirements remain. At the same time, recordkeeping processes will be inefficient if records are retained for longer than they are needed to support business and community purposes.

Organisations must identify the retention requirements of their records by following guidelines for:

  • assessing which of their records must be retained in perpetuity;
  • assessing which of their records are eligible for destruction; and
  • ensuring destruction of records is managed appropriately, in accordance with legislative and security requirements.

Principle 7: Access Principle

Records cannot fulfil their purpose if they remain inaccessible.

Organisations must support the access to and openness of records, information and data by following guidelines for:

  • encouraging open access of records, both across government and publicly;
  • ensuring records can be found, accessed, used and re-used when appropriate; and
  • enabling appropriate public access.

Scope

In accordance with the Territory Records Act 2002 the principal officer must ensure that an ACT Government organisation complies with the Act and this standard.

This standard applies to all ACT Government employees: full-time and part-time staff, volunteers, contractors and outsourced providers.

This standard covers records in all their formats (digital and physical). It has been designed to support records and information governance as the ACT Government transitions to digital business processes.

Underpinning this standard is the need to ensure that business is supported by robust governance structures and records management practices.

Authority

This standard is produced in accordance with section 18 of the Territory Records Act 2002, which allows the Director of Territory Records to approve standards or codes for an organisation’s records management.

Under section 17 of the Act, an organisation’s principal officer may only approve a Records Management Program that complies with the standards and codes set by the Director of Territory Records.

This standard will be reviewed as soon as practicable five years after its commencement.

Further Information

To assist ACT Government organisations to implement this standard, the Territory Records Office has developed a range of tools:

  • seven guidelines detailing the seven principles contained within the standard; and
  • a self-assessment checklist for ACT Government organisations to use to assess their records and information governance capabilities.

For more information about this standard, the guidelines and self-assessment checklist, please contact the Territory Records Office at tro@act.gov.au.