The records and information management policy establishes the governance framework for the creation, capture, control, use, maintenance, and disposal of records and information in your organisation.  The records and information management policy works in conjunction with records and information management strategies developed by your organisation.  The strategies implement and deliver effective records and information management within the organisation and thus help support and facilitate good business.  Further information about records and information management strategies is below.

There are many different styles and templates used for policy within NSW public sector organisations and you should use your organisation’s policy template.  The purpose of this checklist is to assist organisations ensure that they have covered the key components in their records and information policy.

Please note that policy should be supported by business rules or detailed procedures on a range of topics, for example:

  • the creation and capture of records
  • physical storage of records
  • monitoring
  • disposal
  • transfer of archives
  • access to records and information
  • security and protection of records and information, and 
  • business continuity strategies and plans for records and information.

Download the Records and information management policy checklist (PDF, 162kb)

The policy ... Yes No
is adopted at the Senior Executive level e.g. signed by the CEO of the organisation.    
identifies that senior management provide direction and support for records and information management and reflects the Chief Executive's responsibility to ensure compliance with the State Records Act 1998 (section 10).    
assigns responsibilities to the Senior Responsible Officer for the oversight of records and information management.    
assigns responsibilities to the records and information management staff, including the development and implementation of records and information strategies.    
assigns responsibilities to business owners and business units to ensure that records and information management are integrated into work processes, systems and services.    
assigns recordkeeping responsibilities of all staff and contractors, including the requirement to make and keep records.    
identifies that the organisation values records and information as a strategic resource that is integral to good business.    
requires that records and information management is assessed and addressed in all outsourced, cloud and similar service arrangements.    
requires that records and information needed to meet or support business and recordkeeping requirements, including accountability and community expectations, is identified.    
requires that systems which hold high risk and/or high value records and information are identified.    
requires that risks to information are identified, managed or mitigated.    
addresses the importance of managing all records and information across all operating environments, including diverse system environments and physical locations.    
requires that records are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration.    
requires that access to records and information is managed appropriately in accordance with legal and business requirements.    
addresses the safeguarding, management, and preservation of records and information with long term value (digital and physical records).    
addresses the migration of records and information through system and service transitions.    
requires that records and information are kept for as long as they are needed for business, legal requirements (including in accordance with current authorised records retention and disposal authorities), accountability, and community expectations.    
requires that decommissioning of systems takes into account retention and disposal requirements for records and information held in the system.    
requires that records and information are sentenced according to current authorised retention and disposal authorities.    
requires that those records required as State archives are routinely transferred to State Records NSW when no longer in use for official purposes.    
requires that records and information management is monitored and reviewed to ensure that it is implemented, accountable, meets business needs, and that the organisation is complying with the State Records Act and associated standards and codes of best practice.    
requires that the organisation cooperates and liaises with State Records NSW in relation to monitoring compliance.    
requires that systems are tested or audited to ensure that systems are operating routinely and that there are no issues affecting information integrity, useability or accessibility.    
requires that the policy is reviewed on a regular basis and that reviews take into account changes in business activities and priorities.    
includes information on the legislative and external requirements which may affect records and information management in the public office.    
has a revision date and contact for the policy (Senior Responsible Officer).    

Records and information management strategies

Records and information management strategies are at the heart of managing records and information across all operating environments of the organisation.  Robust strategies should be designed to meet organisation’s needs and requirements in order to deliver effective records and information management.  This in turn ensures that records and information supports and facilitates good business.

Records and information management strategies may include:

  • integrating records and information management into work processes, systems and services
  • implementing records and information management to ensure that it is accountable and meets business needs
  • managing email
  • managing risk assessments and use of cloud or similar service arrangements
  • managing the use of removable storage
  • managing and maintaining the corporate records management system or EDRMS or ECM
  • integrating records and information management into business systems and managing and preserving records and information of long term value in these systems
  • managing records and information held in social media applications
  • managing records and information used with mobile devices or BYOD.

Effective records and information management strategies ensure that:

  • information assets are managed responsibly and in accordance with best practice
  • accurate, reliable and relevant information can be provided to the business and clients
  • the organisation’s investment in their information assets is not wasted: information can be reused and repackaged to enhance business opportunities and stimulate innovation
  • records and information are more accessible and useable and available for those with appropriate authority
  • costs are reduced as the organisation does not retain records and information unnecessarily
  • the organisation can provide stakeholders, with transparency around and accountability for government operations, and
  • the organisation is compliant with legislative and audit requirements.

Published May 2015

Downloads

Recordkeeping Resources
Records and Information Management Policy Checklist