1. Purpose

1.1 These procedures operationalise the University’s principles of data governance and ensures that full and accurate records of all University activities, transactions and decisions are created, managed, retained, and disposed of in accordance with the legislative requirements of the Public Records Act 2002 (Qld).

1.2 These procedures must be read in conjunction with the linked Data Governance – Operational Policy, Data Management - Procedures, Data Classification - Procedures, Digitisation of Physical Records – Guidelines (login required) and Disposal of Records – Guidelines (login required).

2. Scope and application

2.1 These procedures apply to all University staff, students undertaking research or involved in other University business, approved third parties, contractors, and sub-contractors. It includes all individuals who handle University data and information, regardless of their role or affiliation.

 2.2 These procedures apply to all University data and information.

3. Definitions

3.1 Refer to the University’s Glossary of Terms for definitions as they specifically relate to policy documents.

3.2 The terms data and information are used interchangeably within this policy, recognising the overlap between the two. In their simplest form, data is often considered as raw values and individual facts in any form, and information is data that has been contextualised. Both data and information can be University records.

4. Identification of records

4.1 Records are any form of data or information, including documents in digital or physical form, that capture evidence of a University decision, transaction or activity and therefore have a retention requirement under the Public Records Act 2002 (Qld).

4.2 Records can be categorised as high-value or high-risk. Information that the University would have considerable difficulty operating without are considered high-value records and those that would result in significant risk to the University should they be lost, damaged, or deleted prematurely, are deemed high-risk records.

4.4 Examples of records include:

(a) any data or information vital to business continuity;

(b) data and information pertaining to historical, cultural or legal matters;

(c) student and employee details;

(d) course and study information;

(e) contracts, agreements, Memorandum of Understanding (MOU) and other legal documents;

(f) financial information;

(g) strategic and operational plans;

(h) project management documentation.

5. Managing records through the data lifecycle

5.1 Records management aligns with the stages of the University’s data lifecycle depicted in Figure 1: Data lifecycle, and in accordance with Data Governance – Operational Policy and Data Management - Procedures.

Figure 1: Data lifecycle

5.2 Capture

5.2.1 Complete and reliable records must be captured in a University approved business system (login required), including relevant metadata to ensure discoverability and integrity. Metadata can include:

(a) dates;

(b) business area;

(c) people, processes;

(d) events;

(e) relationships to other records; and

(f) legal context.

5.2.2 All high-value and high-risk records, along with any other record that has a minimum retention period must be captured within the approved University records management system, Technology One Enterprise Content Management (T1ECM).

5.2.3 Records created in digital format must remain digital, adhering to the concept of ‘born digital, stay digital’ in the management of records. Physical copies of ‘born digital’ records must not be kept.

5.2.4 Ownership of records created or received during the course of business is vested in the University unless otherwise agreed.

5.3 Store

5.3.1 Digital records must be stored within T1ECM when they are no longer in day-to-day business use. This ensures that minimum retention periods and disposal are managed and controlled in accordance with legislative requirements. The storage of contracts in T1ECM is exempt, as they must be captured in the Contracts Register (login required).

5.3.2 Physical records must be stored in either an on-site University approved secure location or an approved off-site storage facility, which is coordinated through the Records Management team. This includes any records that are managed as part of outsourced contractual arrangements. A record of their storage and associated context must be included in T1ECM.

5.3.3 Where practicable, physical records should be digitised to improve discoverability and accessibility in accordance with the Digitisation of Physical Records – Guidelines (login required). Some physical records can be disposed of once they have been captured as a digitised copy in T1ECM. Disposal must be facilitated by the Records Management team (login required).

5.4 Utilise

5.4.1 Storing records in T1ECM increases the value of the information as a strategic asset through discoverability and access.

5.4.2 When utilising records, it is imperative that the integrity and quality of information is maintained. This includes ensuring that the information is current, correct and up to date. Records should be used in such a way as to maintain the intent of the information provided and ensure all changes or modifications are audited and discoverable.

5.4.3 Duplication of the record should be avoided. Use links to the record rather than creating and sending a copy. Versioning and version control should be maintained to manage changes or modifications.

5.4.4 When possible, physical records should be digitised and used in digital format. The use of physical records as part of a business process should be avoided.

5.5 Share

5.5.1 Records must have the appropriate level of access control applied, to enable secure sharing of information that protects privacy and confidentiality, in accordance with the Data Classification - Procedures, legislative requirements and business needs.

5.5.2 These controls are balanced with the University’s approach for openness to enhance discoverability of records, encouraging a culture of information sharing to ensure organisational effectiveness.

5.6 Archive

5.6.1 Capturing records within T1ECM ensures that records are retained for the correct length of time, according to the retention and disposal schedules administered by Queensland State Archives, in accordance with the Public Records Act 2002 (Qld).

5.6.2 Records can be retained for longer than the minimum period required, when they are determined to be of archival or enduring value to the University. This includes records that substantially contribute to the knowledge and understanding of aspects of university history, society, culture, environment, and people. Guidance should be sought from the Records Management Team on records of archival or enduring value.

5.7 Dispose

5.7.1 The disposal of records encompasses the:

(a) destruction of physical records;

(b) erasure of digital records; or

(c) transfer of digital or physical records.

5.7.2 The Records Management Team must have confirmed the following requirements prior to the disposal of records (digital or physical):

(a) records have met the minimum retention period under the retention and disposal schedule administered by Queensland State Archives, in accordance with the Public Records Act 2002 (Qld);

(b) records are confirmed as having no further business need, including under Right to Information requests or as evidence in current or pending legal proceedings;

(c) records are approval for disposal by the Executive Officer under the Public Records Act 2002 (Qld), as identified in Delegations Schedule B.

5.7.3 Records disposal must in in accordance with the Disposal of Records – Guidelines (login required), and overseen by the Records Management Team (login required). This includes ensuring that evidence that demonstrates all requirements for disposal were met is captured in T1ECM.

5.7.4 Ensuring all records with minimum retention requirements as stipulated by legislative requirements, including high-risk and high-value records are held in T1ECM, guarantees that records are retained for the correct length of time, reducing the risk of accidental or premature disposal.

5.7.5 Physical records that have been digitised can be eligible for disposal if retention of the physical form is not required for artistic or artefactual value or to meet a legislative requirement. Guidance must be sought from the Records Management Team (login required) prior to physical records disposal.

5.7.6 When University approved business systems are decommissioned the Records Management Team (login required) must approve and oversee the appropriate disposal of the data and information.

6. Monitoring and Reporting

6.1 Regular monitoring and reporting on the application of record keeping practices as defined in these procedures is reported to the Data Analytics and Information Management Advisory Committee.

6.2 The Chief Data Officer reports on University compliance with these procedures in accordance with the Compliance Management Framework - Governing Policy.

6.3 The Records Management Team monitors the opertations within the T1ECM system to ensure compliance with records entry, application of retention periods and the integrity and security or records and reports to the Chief Data Officer on compliance.

7. Authorities and responsibilities

7.1 As the Approval Authority the Chief Operating Officer approves these procedures to operationalise the Data Governance – Operational Policy.

7.2 As the Responsible Executive Member the Chief Operating Officer can approve guidelines to further support the operationalisation of these procedures. All procedures and guidelines must be compatible with the provisions of the policy they operationalise.

7.3 As the Designated Officer the Chief Data Officer is authorised to approve associated documents to support the application of these procedures.

7.4 These procedures operate from the last amended date, and all previous iterations of policy documents on records management are replaced and have no further operation from this date.

7.5 All records relating to records management must be stored and managed in accordance with the Data Governance – Operational Policy.

7.6 These procedures must be maintained in accordance with the Policy Framework – Procedures and reviewed on a shortened 2-year policy review cycle.

7.7 Any exception to this policy to enable a more appropriate result must be approved in accordance with the Policy Framework – Procedures prior to any deviation from these procedures.

7.8 Refer to Schedule B and Schedule C of the Delegations Manual in relation to the approved delegations detailed within these procedures.

7.9 Records Management Roles

7.9.1 The following roles, responsibilities and accountabilities are specific to these procedures and cascade from the high-level roles and responsibilities in the Data Governance – Operational Policy.

END