The function of developing or acquiring, testing and implementing hardware infrastructure, and applications and databases to support the business needs of an organisation to capture, store, retrieve, transfer, communicate and disseminate information through automated systems. Includes the evaluation of software and hardware and the acquisition, tendering, leasing, licensing and disposal of systems. Also includes communication network systems such as video conferencing, voice mail and electronic mail and the technical aspects of the Internet, Intranet and websites.

See EQUIPMENT & STORES - Acquisition for records relating to the acquisition of other equipment and stores.

See EQUIPMENT & STORES - Disposal for records relating to the disposal of other equipment and stores.

See FINANCIAL MANAGEMENT - Asset register for records relating to the monitoring and assessment of technology and telecommunications equipment as corporate assets.

See INFORMATION MANAGEMENT for records relating to the management of information resources.

See PUBLICATION - Production for records relating to the updating of the content of websites.

ACQUISITION 20.1.0

The process of gaining ownership or use of technology and telecommunications equipment and systems required for the conduct of business through purchase or requisition.

See FINANCIAL MANAGEMENT - Accounting for records relating to financial transactions supporting acquisition activities.

See FINANCIAL MANAGEMENT - Asset register for records relating to the monitoring and assessment of equipment and systems as corporate assets.

See TECHNOLOGY & TELECOMMUNICATIONS - Agreements for records relating to agreements regarding the provision or use of technology and telecommunications services that do not form part of contracting-out or tendering arrangements, e.g. software licences.

See TECHNOLOGY & TELECOMMUNICATIONS - Evaluation for records relating to feasibility studies, assessments and other evaluations of technology and telecommunications programs, equipment, services and systems prior to purchase.

No Description of records Disposal action
20.1.1 Records relating to the acquisition of services for the development of systems or the acquisition of off-the-shelf systems where the system is proceeded with and is acquired through a tendering or contracting-out process. Includes systems acquired through period contracts that involve tendering.
Note: Organisations may choose to maintain all evaluation, acquisition, contracting-out and/or tendering records relating to systems according to this disposal action, or may refer to TENDERING or CONTRACTING-OUT if they wish to destroy some of the tendering or contracting-out documentation at an earlier date. Decisions may differ according to the system and should be based on a determination of how long records are required to meet the organisation's business needs in consultation with operational employees or business units.

Retain minimum of 7 years after system is superseded, then destroy
20.1.2 Records relating to the acquisition of technology and telecommunications equipment or systems through any means (purchase, acquisition, requisition etc) where there is no tender or contracting-out process, i.e. where the cost of the acquisition is below the threshold for tendering. Records include:

  • requests for quotes
  • orders
  • correspondence and records of negotiations
  • minutes or notes of meetings.

Retain minimum of 7 years after action completed, then destroy
20.1.3 Records relating to investigations into the acquisition of technology and telecommunications equipment or systems not proceeded with.

Retain until administrative or reference use ceases, then destroy
20.1.4 Records relating to warranties and guarantees.

Retain until warranty or guarantee expires or until item is disposed of, whichever is shorter, then destroy

ADVICE

See TECHNOLOGY & TELECOMMUNICATIONS /relevant activity for records relating to advice given or received by the organisation regarding technology and telecommunications, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – ACQUISITION for records relating to advice given or received as part of the acquisition process, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – APPLICATION DEVELOPMENT & MANAGEMENT for records relating to advice regarding the development and management of applications, including advice from consultants, suppliers and vendors, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – CUSTOMER SERVICE for records relating to the provision of internal advice given and suggestions received from internal customers on technology and telecommunications issues.

AGREEMENTS 20.2.0

The processes associated with the establishment, negotiation, maintenance and review of agreements.

See CONTRACTING-OUT for records relating to the acquisition of services through a contracting-out or outsourcing process.

See TENDERING for records relating to receiving and assessing tenders.

No Description of records Disposal action
20.2.1 Records relating to the establishment, negotiation, maintenance and review of agreements regarding the provision or use of technology and telecommunications services that do not form part of contracting-out or tendering arrangements, e.g. software licences. Records include:

  • correspondence and records of negotiations, including minutes or notes of meetings
  • drafts containing significant changes/alterations or formally circulated for comment
  • final, approved versions of agreements
  • reviews of agreements.

Retain minimum of 7 years after expiry or termination of agreement or minimum of 7 years after action completed, whichever is longer, then destroy

ALLOCATION 20.3.0

The process of assigning technology or telecommunications equipment to employees or organisational units.

See FINANCIAL MANAGEMENT - Accounting for records relating to billing of employees regarding personal use of organisational equipment.

See FINANCIAL MANAGEMENT - Asset register for notations on the asset register regarding the allocation of assets.

See TECHNOLOGY & TELECOMMUNICATIONS - Arrangements for records relating to the routine usage of technology and telecommunications equipment, e.g. booking to use laptops.

See TECHNOLOGY & TELECOMMUNICATIONS - Audit for records relating to audits of employees or business units to examine what technology and telecommunications equipment, services, facilities, hardware or software have been allocated to them.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to the allocation of equipment, services, facilities, hardware or software to individuals or organisational units as part of the implementation of new or upgraded systems. Includes the allocation of telephones, mobile telephones and voicemail facilities.

No Description of records Disposal action
20.3.1 Records relating to the routine allocation and distribution of technology and telecommunications equipment, services, facilities, hardware or software to business units within the organisation.

Retain minimum of 2 years after action completed, then destroy
20.3.2 Records relating to the routine allocation and distribution of technology and telecommunications equipment, services, facilities, hardware or software to individuals for their ongoing use.

Retain minimum of 2 years after reallocation of equipment, then destroy

APPLICATION DEVELOPMENT & MANAGEMENT 20.4.0

The activities associated with developing systems and managing them over time. Includes developing software and programming codes for business applications, developing specifications, testing and prototyping systems, developing the technical aspects of the design of databases including those for the Internet and Intranet, customising or configuring off-the-shelf packages and making system changes such as major problem solving, major enhancements and upgrades.

See TECHNOLOGY & TELECOMMUNICATIONS - Evaluation for records relating to the establishment of user requirements, development of specifications and feasibility studies and evaluation of potential solutions prior to purchase.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to the implementation and roll-out of technology and telecommunications strategies, projects and systems.

See TECHNOLOGY & TELECOMMUNICATIONS - Maintenance for records relating to the maintenance of technology and telecommunications equipment.

See TECHNOLOGY & TELECOMMUNICATIONS - Procedures for records relating to the development of user and technical manuals.

See TECHNOLOGY & TELECOMMUNICATIONS - Reviewing for records relating to the review of technology and telecommunications programs and services.

No Description of records Disposal action
20.4.1 Records relating to the design and development of systems which are proceeded with. Records include:

  • background research
  • project proposals
  • project management records
  • notes of meetings or reports analysing issues and the outcomes of consultation with employees, stakeholders etc
  • systems documentation
  • information regarding the source code and the source code itself
  • information regarding the interrelationship between systems
  • system specific data dictionaries
  • records of establishment of system logs
  • records of application and allocation of metadata
  • records of business rules
  • records of user requirements
  • records of system specifications and configurations
  • records of rectification of developmental problems
  • records of requests for system changes during development
  • records of final signoff by parties.

Retain minimum of 7 years after system is superseded, either through upgrade or major modification, and any data supported is migrated or destroyed, then destroy
20.4.2 Records relating to proposals for the development and modification of specific applications which are not proceeded with.

Retain minimum of 2 years after action completed, then destroy
20.4.3 Records relating to testing of applications. Records include:

  • records of testing strategies, e.g. user testing
  • result forms
  • test reports.

See 20.4.1 for records relating to the rectification of problems detected.

Retain minimum of 5 years after system goes live, then destroy
20.4.4 Records relating to the configuration or customisation of off-the-shelf packages to meet the needs of the organisation.

Retain minimum of 7 years after system is superseded, then destroy
20.4.5 Records relating to enhancements and upgrades to systems, and system-changing maintenance and problem management.

Retain minimum of 7 years after system is superseded, then destroy
20.4.6 Records relating to the maintenance of system logs which are used to show a history of access or change to data, e.g. system access logs, Internet access and activity logs, system change logs, audit trails etc.
Note: The Government Chief Information Office (GCIO), Information Security Guideline for NSW Government agencies indicates that the minimum retention period for audit logs should at least be sufficient to support the investigation of security incidents (p.97). System logs may be required for accountability purposes or as evidence in investigations to trace who accessed what records. The length of retention will be dependent on the organisation, the system and the nature of the risks faced.
Remark: Audit trails relating to financial systems may be embedded in the transaction record or may be maintained separately. Where an audit trail is maintained separately it should be retained for the period of the base transaction record itself (as per GA28, 7.1.1).

Retain in accordance with the organisation's requirements, then destroy
20.4.7 Records relating to the maintenance of system logs which are not used to show a history of access or change to data, e.g. backup logs.
Note: Backup logs are maintained by backup software to report the status of backups performed and information such as devices and tapes used, errors encountered, systems and lists of files backed up etc. Backups (e.g. backup tapes) are different: they store the actual backed up data and their disposal is covered by normal administrative practice (NAP) as they are facilitative records. It is not good practice to rely on backups as official records of business as they are not considered to be reliable recordkeeping systems. There should be established and documented routines for the destruction of backups in accordance with NAP.

Retain until administrative or reference use ceases, then destroy
20.4.8 Records relating to rectification plans, reports, remediation processes and testing of systems for year 2000 (Y2K) compliance.

Retain minimum of 5 years after action completed, then destroy

ARRANGEMENTS 20.5.0

The activities involved in making arrangements for the usage of technology and telecommunications equipment.

See TECHNOLOGY & TELECOMMUNICATIONS - Allocation for records relating to the routine allocation and distribution of technology and telecommunications equipment, services, facilities, hardware or software to business units and individual employees.

No Description of records Disposal action
20.5.1 Records relating to the routine usage of technology and telecommunications equipment, e.g. bookings to use laptops, videoconferencing facilities, data projectors etc.

Retain until administrative or reference use ceases, then destroy

AUDIT 20.6.0

The activities associated with officially checking quality assurance and operational records, systems or processes to confirm legislation, directions and regulations have been adhered to or that operations are carried out efficiently, economically and in compliance with requirements.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the establishment and maintenance of system logs, including audit trails.

See TECHNOLOGY & TELECOMMUNICATIONS - Compliance for records relating to the organisation's compliance with mandatory or optional standards or statutory requirements regarding technology and telecommunications.

See TECHNOLOGY & TELECOMMUNICATIONS - Evaluation for records relating to the evaluation of technology & telecommunications programs, equipment, services and systems that are not formal audits.

See TECHNOLOGY & TELECOMMUNICATIONS - Reviewing or records relating to the review of technology & telecommunications programs, equipment, services and systems that are not formal audits.

See TECHNOLOGY & TELECOMMUNICATIONS - Security for records relating to security testing and audit.

No Description of records Disposal action
20.6.1 Records relating to audits of technology and telecommunications services, programs and systems, e.g. audits of licensing, equipment. Records include:

  • records of audit planning or liaison with auditing body
  • minutes or notes of meetings
  • notes taken at interviews
  • correspondence
  • draft versions of reports containing significant changes/alterations or formally circulated for comment
  • final, approved versions of reports
  • records of remedial action.

Retain minimum of 6 years after action completed, then destroy

COMMITTEES

See COMMITTEES for records relating to the formation, meetings and decisions of committees, task forces, working groups or parties etc, including meetings of steering committees to discuss technology and telecommunications issues.

COMPLIANCE 20.7.0

The activities associated with complying with mandatory or optional accountability, legal, regulatory or quality standards or requirements to which the organisation is subject. Includes compliance with legislation and with national and international standards.

See the organisation's functional retention and disposal authority for records relating to compliance if one of the functions of the organisation is to measure the compliance of other organisations with technology and telecommunications standards, requirements and policies etc.

See INFORMATION MANAGEMENT - Compliance for records relating to the investigation of alleged breaches of privacy by the organisation.

See LEGAL SERVICES - Litigation for records relating to prosecution of the organisation for breaches of compliance requirements.

See TECHNOLOGY & TELECOMMUNICATIONS - Audit for records relating to formal audits against compliance requirements.

See TECHNOLOGY & TELECOMMUNICATIONS - Security for records relating to compliance with security protection measures and breaches of security.

No Description of records Disposal action
20.7.1 Records relating to the organisation's compliance with mandatory or optional standards or statutory requirements regarding technology and telecommunications, e.g. AS/NZS ISO/IEC 17799: 2001, Information Technology: Code of practice for information security management. Includes records of assessment and certification of compliance with standards.
Note: Retention period is provided as a guide only. Any records providing evidence of organisational compliance with statutory or operational requirements must be kept as long as the organisation has to account for its actions.

Retain minimum of 6 years after action completed, then destroy

CONTRACTING-OUT

See CONTRACTING-OUT for records relating to the acquisition of services through a contracting-out or outsourcing process.

See TENDERING for records relating to receiving and assessing tenders.

CONTROL

See COMMUNITY RELATIONS - Customer service for records relating to the maintenance of external contact details, e.g. email lists, address lists or INFORMATION MANAGEMENT – CUSTOMER SERVICE for records relating to the maintenance of internal contact details.

See INFORMATION MANAGEMENT - Control for control records relating to the organisation’s library and recordkeeping systems and for thesauri and business rules for recordkeeping metadata.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the application, allocation and maintenance of metadata in electronic systems.

CUSTOMER SERVICE 20.8.0

The activities associated with establishing standards of customer service and administering specialised services provided to customers by the organisation.

No Description of records Disposal action
20.8.1 Final, approved versions of charters, standards or guarantees relating to the provision of technology and telecommunications services to clients.

Retain minimum of 2 years after superseded, then destroy
20.8.2 Records relating to the development and review of charters, standards or guarantees relating to the provision of technology and telecommunications services to clients. Records include:

  • background research
  • draft versions containing significant changes/alterations or formally circulated for comment
  • reports analysing issues and the outcomes of consultation with employees, unions, other stakeholders etc.

Retain until administrative or reference use ceases, then destroy
20.8.3 Records relating to the administration of specialised customer services relating to technology and telecommunications, e.g. help desks, and advice and assistance regarding technology and telecommunications systems, operations and services, e.g. advice to internal business units.

Retain minimum of 2 years after action completed, then destroy
20.8.4 Records relating to suggestions received from personnel in relation to technology and telecommunications.

Retain until administrative or reference use ceases, then destroy

DATA ADMINISTRATION 20.9.0

The activities associated with maintaining and using the data that is held in a system, either automated or manual. Includes the maintenance of data dictionaries and the application of vital records and counter disaster plan objectives to safeguard against data loss or corruption.

See the organisation's functional retention and disposal authority for records relating to the retention of the data itself.

See INFORMATION MANAGEMENT - Control for records relating to the research, development, implementation and maintenance of system data standards such as metadata rules and dictionaries.

See STRATEGIC MANAGEMENT - Implementation for records relating to the implementation of business continuity or counter disaster plans.

See STRATEGIC MANAGEMENT - Planning for records relating to the development and review of business continuity or counter disaster plans, including Year 2000 compliance risk assessments.

See STRATEGIC MANAGEMENT - Reporting for records relating to reports on the implementation of business continuity or counter disaster plans.

See STRATEGIC MANAGEMENT - Risk management for records relating to the identification and assessment of technology and telecommunications risks as part of broader strategic risk management processes, e.g. the analysis of insurance policies and legal liabilities across the organisation.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the maintenance of system specific data dictionaries.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to migration strategies and quality assurance checks for migration.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to data clean-up performed as part of migration processes.

No Description of records Disposal action
20.9.1 Records relating to the recovery of data, e.g. data lost during disasters, data corrupted by viruses etc. Records include records of testing for data recovery and post-incident reviews.

Retain minimum of 7 years after system is superseded, then destroy
20.9.2 Records relating to the maintenance of organisation-wide data dictionaries.

Retain until administrative or reference use ceases, then destroy

DATABASE MANAGEMENT

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the development of applications and the ongoing management of systems, including major changes, enhancements, upgrades, customisations or configurations.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to the implementation and roll-out of technology and telecommunications strategies, projects and systems.

DISPOSAL 20.10.0

The process of disposing of technology and telecommunications equipment no longer required by the organisation by sale, transfer, termination of lease, auction or destruction.

See FINANCIAL MANAGEMENT - Asset register for records relating to the removal of items from the organisation's asset register.

See TECHNOLOGY & TELECOMMUNICATIONS - Security for records relating to the sanitisation of technology equipment prior to disposal.

No Description of records Disposal action
20.10.1 Records relating to the disposal of technology and telecommunications equipment through any means including sale, transfer, auction, exchange, return or destruction. Records include for leased equipment:

  • written notices and related correspondence, e.g. to and from leasing companies
  • handover reports.

Records include for purchased equipment:

  • independent valuation certificates verifying work undertaken on assets prior to valuation
  • written quotes
  • auction records
  • related correspondence.

Retain minimum of 7 years after disposal of asset, then destroy

EVALUATION 20.11.0

The process of determining the suitability of potential or existing programs, items of equipment, systems or services in relation to meeting the needs of the given situation. Includes ongoing monitoring.

No Description of records Disposal action
20.11.1 Records relating to the evaluation of potential or existing technology and telecommunications programs, equipment, services and systems. Records include:

  • notes of meetings or reports analysing issues and the outcomes of consultation with employees, stakeholders etc
  • records establishing requirements for systems, including analysis of business processes and systems analysis
  • records of development and issue of specifications, including statements of requirements, requests for proposals, expressions of interest and business cases, initial pilot testing
  • records of evaluation of commercial 'off the shelf' products and services and whole of government solutions (including shared systems suites and endorsed suppliers) against user requirements
  • records of investigations into the feasibility of contracting-out technology and telecommunications activities.

If evaluation proceeds to purchase:

Retain in accordance with TECHNOLOGY & TELECOMMUNICATIONS – ACQUISITION.

If evaluation does not proceed to purchase:

Retain minimum of 5 years after action completed, then destroy

IMPLEMENTATION 20.12.0

The activities associated with carrying out or putting into action plans, policies, procedures or instructions, all of which could be internally or externally driven. Includes the implementation of manual or automated databases, applications or systems, and stand alone projects for installation but excludes the minor installation of equipment. Also includes monitoring to ensure that the implementation goes according to schedule and that standards are met.

See FINANCIAL MANAGEMENT - Accounting for computer transaction input forms and documents used to update financial information.

See STAFF DEVELOPMENT - Training for records relating to training provided to employees as part of the implementation of technology and telecommunications systems.

See STRATEGIC MANAGEMENT - Implementation for records relating to the implementation of business continuity or counter disaster plans.

See STRATEGIC MANAGEMENT - Planning for records relating to the development and review of business continuity or counter disaster plans.

See STRATEGIC MANAGEMENT - Reporting for records relating to reports on the effects of disasters.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the development of applications and the ongoing management of systems, including major changes, enhancements, upgrades, customisations or configurations.

See TECHNOLOGY & TELECOMMUNICATIONS - Data administration for records relating to the recovery of data, e.g. data lost during disasters.

See TECHNOLOGY & TELECOMMUNICATIONS - Planning for records relating to the development and review of technology and telecommunications plans.

See TECHNOLOGY & TELECOMMUNICATIONS - Policy for records relating to the development and review of technology and telecommunications policies.

See TECHNOLOGY & TELECOMMUNICATIONS - Procedures for records relating to the development and review of technology and telecommunications procedures.

No Description of records Disposal action
20.12.1 Records relating to the implementation of technology and telecommunications strategies, projects, equipment and systems. Systems can include off-the-shelf products or internally developed applications. Records include:

  • notes of meetings or reports analysing issues and the outcomes of consultation with employees, stakeholders etc
  • project management documentation
  • records of implementation strategies and pilots
  • records of implementation testing
  • records of migration strategies and quality assurance checks for migration
  • records of allocation of technology and telecommunications equipment to individuals or organisational units as part of implementation roll-outs
  • records of monitoring of implementation.

Retain minimum of 5 years after action completed, then destroy

INSPECTIONS

See TECHNOLOGY & TELECOMMUNICATIONS - Audit for records relating to audits of the organisation’s records, systems, processes etc including management of licences and technology and telecommunications equipment.

See TECHNOLOGY & TELECOMMUNICATIONS - Compliance for records relating to complying with standards or requirements, and inspections carried out due to breaches or suspected breaches of compliance requirements.

INSTALLATION 20.13.0

The activities involved in placing equipment in position and connecting and adjusting it for use.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to the installation of stand-alone projects, e.g. those involving capital expenditure.

See TECHNOLOGY & TELECOMMUNICATIONS - Security for records relating to permissions for use of systems.

No Description of records Disposal action
20.13.1 Records relating to arrangements for the routine installation or relocation of technology and telecommunications equipment including software and hardware when they are not part of stand-alone projects, e.g. installation of a few PCs or printers.

Retain minimum of 2 years after action completed, then destroy

INTELLECTUAL PROPERTY 20.14.0

The activities involved in managing the organisation's intellectual property, both published and unpublished.

See FINANCIAL MANAGEMENT - Accounting for records relating to the payment of money.

See LEGAL SERVICES - Advice for records relating to legal advice furnished to the organisation by internal and external legal service providers on intellectual property issues.

See LEGAL SERVICES - Litigation for records relating to prosecution of the organisation for breaches of intellectual property rights.

See STRATEGIC MANAGEMENT - Agreements for records relating to intellectual property agreements.

See STRATEGIC MANAGEMENT - Compliance for records relating to infringements of intellectual property.

See STRATEGIC MANAGEMENT - Intellectual property for records relating to the establishment, registration and documentation of the organisation's intellectual property, including intellectual property registers.

No Description of records Disposal action
20.14.1 Records relating to managing applications:

  • made by the organisation to use portions of software developed by another organisation or individual, or
  • from the public or other organisations for permission to reproduce portions of software developed by the organisation where permission has been granted.

Retain minimum of 7 years after action completed or minimum of 7 years after permission expires, whichever is longer, then destroy
20.14.2 Records relating to managing applications:

  • made by the organisation to use portions of software developed by another organisation or individual, or
  • from the public or other organisations for permission to reproduce portions of software developed by the organisation where permission has not been granted.

Retain until administrative or reference use ceases, then destroy

LEASING

See CONTRACTING-OUT for records relating to the leasing of services or personnel to the organisation through a contracting-out or outsourcing process.

See TECHNOLOGY & TELECOMMUNICATIONS - Acquisition for records relating to the acquisition of technology and telecommunications equipment under a lease agreement.

See TECHNOLOGY & TELECOMMUNICATIONS - Disposal for records relating to the disposal of leased technology and telecommunications equipment.

See TECHNOLOGY & TELECOMMUNICATIONS - Leasing-out for records relating to leasing-out of the organisation’s technology and telecommunications equipment, systems or services to another organisation.

LEASING-OUT 20.15.0

The activities involved in leasing-out equipment to another organisation or person for a specified period and agreed price. Includes the formal documentation setting out conditions, rights, responsibilities etc of both parties. Also includes subleasing.

See TECHNOLOGY & TELECOMMUNICATIONS - Acquisition for records relating to leasing technology and telecommunications equipment from another organisation.

No Description of records Disposal action
20.15.1 Records relating to arrangements for leasing-out the organisation's technology and telecommunications equipment, systems or services to other organisations.

Retain minimum of 7 years after lease expires or is terminated, and equipment is returned, then destroy
20.15.2 Records relating to leasing-out which is not proceeded with.

Retain minimum of 2 years after action completed, then destroy

MAINTENANCE 20.16.0

The activities associated with the upkeep, repair, servicing and preservation of technology and telecommunications equipment and the maintenance of systems.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the development of applications and the ongoing management of systems, including major changes, enhancements, upgrades, customisations or configurations.

No Description of records Disposal action
20.16.1 Records relating to the maintenance of technology and telecommunications equipment. Records include:

  • project management documentation
  • notes of meetings or reports analysing issues and the outcomes of consultation with employees, stakeholders etc
  • correspondence and records of advice from vendors, suppliers, consultants etc
  • records of maintenance inspections
  • records of requests for maintenance
  • documentation of minor maintenance action.

Retain minimum of 5 years after action completed, then destroy

MEETINGS

See the relevant function/activity for records relating to meetings held as part of the management or conduct of those activities or processes, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – APPLICATION DEVELOPMENT & MANAGEMENT for records relating to meetings held in order to discuss application development issues, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – AUDIT for records relating to meetings held in order to discuss audits of technology and telecommunications, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – PLANNING for records relating to meetings held in order to discuss planning for technology and telecommunications.

See COMMITTEES for records relating to the formation, meetings and decisions of committees, task forces, working groups or parties etc.

See GOVERNMENT RELATIONS - Meetings for records relating to meetings between Chief Executives and Ministers, Ministerial employees or senior executives of other government organisations when those meetings are not related to specific functions and activities.

See STRATEGIC MANAGEMENT - Meetings for records relating to general, section or unit meetings of employees.

MODELLING

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the development of business or technical models or prototypes developed as part of application development and management activities.

See TECHNOLOGY & TELECOMMUNICATIONS - Evaluation for records relating to the evaluation of programs, equipment, systems or services, including modelling that occurs as part of developing specifications.

OPERATIONS

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the management of systems, including advice received from consultants, suppliers and vendors, problem solving and the maintenance of system logs.

See TECHNOLOGY & TELECOMMUNICATIONS - Customer service for records relating to help desk operations and services.

See TECHNOLOGY & TELECOMMUNICATIONS - Data administration for records relating to the recovery of data, e.g. data lost during disasters, data corrupted by viruses.

See TECHNOLOGY & TELECOMMUNICATIONS - Implementation for records relating to the implementation of developed applications, including pilot studies, or the configuration or customisation and roll-out of off-the-shelf products.

See TECHNOLOGY & TELECOMMUNICATIONS - Maintenance for records relating to the maintenance of technology and telecommunications equipment.

PLANNING 20.17.0

The process of formulating ways in which objectives can be achieved. Includes determination of services, needs and solutions to those needs.

See STRATEGIC MANAGEMENT - Planning for records relating to planning for technology and telecommunications resources if it forms part of broader strategic, corporate or business planning.

No Description of records Disposal action
20.17.1 Final, approved versions of plans for technology and telecommunications projects, systems and activities within an organisation, e.g. plans for quality control and for acquisition and implementation projects, systems security plans, information system security plans, information management and technology strategic plans, access control plans, telecommunications plans, Year 2000 contingency plans, and associated correspondence indicating who the plans apply to and responsibilities for their implementation.

Retain minimum of 5 years after plan is superseded, then destroy
20.17.2 Records relating to the development and review of the organisation's technology and telecommunications plans, e.g. plans for quality control and for acquisition and implementation projects, systems security plans, information system security plans, information management and technology strategic plans, access control plans, telecommunications plans, Year 2000 contingency plans. Records include:

  • background research
  • draft versions of plans containing significant changes/ alterations or formally circulated for comment
  • notes of meetings or reports analysing issues and the outcomes of consultation with employees, unions, stakeholders etc.

Retain minimum of 3 years after action completed, then destroy

POLICY 20.18.0

The activities associated with developing and establishing decisions, directions and precedents which act as a reference for future decision making, as the basis from which the organisation's operating procedures are determined.

See GOVERNMENT RELATIONS - Policy for records relating to advice or notifications regarding policies that apply to the whole-of-government, e.g. Premier's Memoranda and Circulars, Treasurer's Directions.

See STRATEGIC MANAGEMENT - Policy for records relating to the organisation's policies on cross-functional or organisation-wide matters.

See TECHNOLOGY & TELECOMMUNICATIONS - Customer service for records relating to service charters.

No Description of records Disposal action
20.18.1 Final, approved versions of policies for the use or management of technology and telecommunications systems, e.g. information system security policies, information technology security policies, mobile telephone policies, Year 2000 compliance policies, and associated correspondence indicating who the policies apply to and responsibilities for their implementation.
Note: There may be some policies relating to the acquisition or disposal of technology and telecommunications equipment that need to be kept for longer retention periods than that specified because they may impact on the organisation's accountability with respect to the management of assets.

Retain minimum of 5 years after policy is superseded, then destroy
20.18.2 Records relating to the development and review of policies for the use or management of technology and telecommunications systems, e.g. information system security policies, information technology security policies, mobile telephone policies, Year 2000 compliance policies. Records include:

  • policy proposals
  • background research
  • records of consultations
  • draft versions of policies containing significant changes/alterations or formally circulated for comment
  • reports analysing issues and the outcomes of consultation with employees, unions, stakeholders etc.

Retain minimum of 3 years after action completed, then destroy

PRIVACY

See INFORMATION MANAGEMENT - Cases for records relating to applications for internal review conducted under privacy legislation, and requests for the suppression of information in public registers maintained by the organisation.

See INFORMATION MANAGEMENT - Compliance for records relating to the organisation’s compliance with privacy principles, and to breaches or suspected breaches of privacy in relation to the management of information.

See INFORMATION MANAGEMENT - Planning for records relating to the development and review of Privacy Management Plans.

See INFORMATION MANAGEMENT - Policy for records relating to the development and review of Privacy Codes of Practice.

See STRATEGIC MANAGEMENT - Implementation for records relating to the implementation of government-wide policies by the organisation.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the consideration of privacy when developing and managing applications and systems.

See TECHNOLOGY & TELECOMMUNICATIONS - Audit for records relating to formal audits of privacy protection measures in relation to the management of technology and telecommunications.

See TECHNOLOGY & TELECOMMUNICATIONS - Compliance for records relating to the organisation’s compliance with privacy legislation, standards or regulatory requirements regarding the management of information and data in technology and telecommunications systems.

See TECHNOLOGY & TELECOMMUNICATIONS - Security for records relating to protecting the privacy of information in relation to technology and telecommunications.

PROCEDURES 20.19.0

Standard methods of operating laid down by an organisation according to formulated policies.

See STAFF DEVELOPMENT - Training for records relating to training in procedures.

See STRATEGIC MANAGEMENT - Procedures for records relating to quality assurance procedures.

No Description of records Disposal action
20.19.1 Final, approved versions of manuals, handbooks, directives etc detailing technology and telecommunications procedures, e.g. system usage procedures, and associated correspondence indicating who the procedures apply to and responsibilities for their implementation.
Note: Operating manuals for technology and telecommunications equipment, facilities or software not developed or customised by the organisation can be destroyed under normal administrative practice (NAP).
Note: There may be some procedures relating to the acquisition or disposal of technology and telecommunications equipment that need to be kept for longer retention periods than that specified because they may impact on the organisation's accountability with respect to the management of assets.

Retain minimum of 5 years after procedures are superseded, then destroy
20.19.2 Records relating to the development and review of the organisation's technology and telecommunications procedures, e.g. system usage procedures.
Records include:

  • background research
  • draft versions of procedures containing significant changes/alterations or formally circulated for comment
  • reports analysing issues and the outcomes of consultation with employees, unions, other stakeholders etc.

Retain minimum of 3 years after action completed, then destroy

REPORTING 20.20.0

The processes associated with initiating or providing a formal response to a situation or request (either internal, external or as a requirement of corporate policies), and providing formal statements or findings of the results of the examination or investigation.

See FINANCIAL MANAGEMENT - Accounting for computer generated reports/output produced or used for financial purposes.

See FINANCIAL MANAGEMENT - Financial statements for computer generated reports/outputs produced or used for financial purposes.

No Description of records Disposal action
20.20.1 Records relating to the development and review of formal reports regarding technology and telecommunications programs, services and systems, e.g. reports on systems development and implementation and reports on risk management processes. Records include:

  • background research
  • records relating to the outcomes of consultation with employees, unions, other stakeholders etc
  • draft versions of reports containing significant changes/alterations or formally circulated for comment
  • final, approved versions of reports.

Retain minimum of 7 years after action completed, then destroy
20.20.2 Records relating to internal periodic reports on general administrative matters used to monitor recurring activities to support technology and telecommunications programs, services and systems. Records include:

  • background research
  • draft versions of reports containing significant changes/alterations or formally circulated for comment
  • final, approved versions of reports.

Note: The disposal of some internal reports like batch reports, error reports, transaction reports etc is covered by normal administrative practice (NAP).

Retain minimum of 3 years after action completed, then destroy

RESEARCH

See the organisation’s functional retention and disposal authority for records relating to research if research is a core function of the organisation.

See the relevant function/activity for records relating to background research undertaken when developing particular products or documentation, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – APPLICATION DEVELOPMENT & MANAGEMENT for records relating to the research undertaken as part of application development or management, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – PLANNING, TECHNOLOGY & TELECOMMUNICATIONS – POLICY or TECHNOLOGY & TELECOMMUNICATIONS – PROCEDURES for records relating to background research for the development or review of plans, policies or procedures.

RESTRUCTURING 20.21.0

The activities involved in the reassessment of the activities, goals and structure of an organisation. Includes consideration of the equipment and resources required to meet objectives.

See the relevant function/activity for records relating to specific aspects of arranging for the transfer of systems or information assets, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – APPLICATION DEVELOPMENT & MANAGEMENT for records relating to major changes made to systems, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – IMPLEMENTATION for records relating to implementation of systems.

See INFORMATION MANAGEMENT - Disposal for records relating to arrangements for the transfer of records, data or information to successor organisations as a consequence of changes in administrative arrangements or functions or privatisation.

See STRATEGIC MANAGEMENT - Agreements for records relating to agreements regarding transfer of responsibilities and ownership of assets such as property, information, etc due to administrative change, privatisation or corporatisation.

No Description of records Disposal action
20.21.1 Records relating to arrangements, e.g. project management documentation, for the transfer or integration of technology and telecommunications systems/assets to or from other organisations, e.g. after administrative change.

Retain minimum of 7 years after action completed, then destroy

REVIEWING 20.22.0

The activities involved in re-evaluating or re-examining products, processes, procedures, standards and systems. Includes recommendations and advice resulting from these activities.

See TECHNOLOGY & TELECOMMUNICATIONS - Application development & management for records relating to the development of applications and the ongoing management of systems, including major changes, enhancements, upgrades, customisations or configurations.

See TECHNOLOGY & TELECOMMUNICATIONS - Evaluation for records relating to the evaluation of systems prior to purchase.

See TECHNOLOGY & TELECOMMUNICATIONS - Planning for records relating to the review of plans.

See TECHNOLOGY & TELECOMMUNICATIONS - Policy for records relating to the review of policies.

See TECHNOLOGY & TELECOMMUNICATIONS - Procedures for records relating to the review of procedures.

No Description of records Disposal action
20.22.1 Records relating to the review of technology and telecommunications programs and services, including post implementation reviews. Records include:

  • documents establishing the review
  • records of development of methodologies for review
  • background research
  • records of testing activities undertaken as part of reviews, e.g. user acceptance testing
  • draft versions of review reports containing significant changes/alterations or formally circulated for comment
  • final, approved versions of reports
  • project or action plans
  • certificates of compliance/completion.

Retain minimum of 5 years after action completed, then destroy

RISK MANAGEMENT

See OCCUPATIONAL HEALTH & SAFETY - Risk management for records relating to the assessment and control of occupational health and safety risks arising from the use of technology and telecommunications equipment.

See STRATEGIC MANAGEMENT - Implementation for records relating to the implementation of business continuity or counter disaster plans.

See STRATEGIC MANAGEMENT - Planning for records relating to the development and review of business continuity or counter disaster plans, including Year 2000 compliance risk assessments.

See STRATEGIC MANAGEMENT - Risk management for records relating to the identification and assessment of technology and telecommunications risks as part of broader strategic risk management processes, e.g. the analysis of insurance needs and legal liabilities across the organisation.

See TECHNOLOGY & TELECOMMUNICATIONS /relevant activity for records relating to the management of risks as part of other processes, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – APPLICATION DEVELOPMENT & MANAGEMENT for records relating to the management of risks as part of application development or management processes, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – IMPLEMENTATION for records relating to the management of risks during implementations, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – REVIEWING for records relating to the management of risks as part of reviews.

SECURITY 20.23.0

The activities associated with measures taken to protect technology and telecommunications equipment from theft, accidental or intentional damage or from unauthorised access.

See INFORMATION MANAGEMENT - Security for records relating to physical and intellectual security arrangements for access to records, e.g. security classifications and breaches of security affecting information resources, e.g. where records and information have been unlawfully accessed.

See PERSONNEL - Misconduct for records relating to disciplinary action taken against personnel for security breaches.

See PROPERTY MANAGEMENT - Security for records relating to building security arrangements, e.g. control of access to computer rooms.

See TECHNOLOGY & TELECOMMUNICATIONS - Compliance for records relating to demonstrating compliance with security standards.

No Description of records Disposal action
20.23.1 Records relating to requests and permissions for employees to access or connect to technology and telecommunications systems, e.g. local area networks, Internet, function specific systems etc.
Note: Records are related to system logs (see APPLICATION DEVELOPMENT & MANAGEMENT 20.4.6) as they provide permissions to access systems, and logs show what systems are accessed and by whom. They may be required for accountability, but the length of retention is dependent on the system, the organisation's specific practices and risks. Each organisation will need to conduct risk assessments to determine suitable retention periods for these records.

Retain in accordance with the organisation's requirements, then destroy
20.23.2 Records relating to security arrangements made for the protection of technology and telecommunications systems. Records include:

  • minutes or notes of meetings
  • records of authentication measures
  • records of encryption measures
  • records of advice/approval from other organisations regarding security issues
  • records of maintenance of firewalls
  • records of security testing and audit
  • records of sanitisation of technology equipment prior to disposal, e.g. wiping of hard disks.

Note: Disposal of backups is covered by normal administrative practice (NAP) as they are facilitative records. It is not good practice to rely on backups as official records of business as they are not considered to be reliable recordkeeping systems. There should be established and documented routines for the destruction of backups in accordance with NAP.

Retain minimum of 7 years after action completed, then destroy
20.23.3 Records relating to suspected or proven breaches of security arrangements for technology and telecommunications systems. Records include:

  • reports on security leaks
  • records of investigations into alleged security breaches
  • records of referral of breaches to law enforcement authorities.

Retain minimum of 7 years after action completed, then destroy

STANDARDS

Note: It is recommended that copies of policies, standards and guidelines from standards setting organisations be placed in the organisation’s library.

See GOVERNMENT RELATIONS - Submissions for records relating to submissions by the organisation on the development or review of government wide technology and telecommunications policies developed by central coordinating agencies.

See TECHNOLOGY & TELECOMMUNICATIONS /relevant activity for records relating to following standards when managing that activity, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – APPLICATION DEVELOPMENT & MANAGEMENT for records relating to following standards for the development of custom-built applications, e.g. use TECHNOLOGY & TELECOMMUNICATIONS – IMPLEMENTATION for records relating to following standards for the implementation of systems.

See TECHNOLOGY & TELECOMMUNICATIONS - Compliance for records relating to the organisation’s compliance with standards.

TENDERING

See CONTRACTING-OUT for records relating to the acquisition of services through a contracting-out or outsourcing process.

See TENDERING for records relating to receiving and assessing tenders.

Recordkeeping Rules
Retention & Disposal Authorities