Introduction
Records and information are at the core of government business and are core assets.
In NSW public offices, records and information help organisations plan for and achieve short and long term outcomes that are relevant and valuable to the community, business and government. Records and information:
- drive collaboration and communications
- preserve public knowledge for reference and reuse
- provide the foundation for sustainable and effective products and services
- outline responsibilities
- support decision-making
- document rights and entitlements
- make up the corporate memory of an organisation
- provide stakeholders with transparency around and accountability for government operations.
To support the benefits identified above records and information need to be:
- trustworthy and managed accountably
- readily accessible, understandable and useable
- valued as critical to business operations
- governed by appropriate risk management approaches
- maintained to meet business, government and community purposes.
To achieve these outcomes, records and information must be supported by effective records and information management.
1.1 Purpose
This standard establishes the requirements for effective records and information management. It is designed to assist public offices discharge their obligations under Part 2 ‘Records management responsibilities’ and Part 3 ‘Protection of State records’ of the State Records Act 1998.
1.2 Authority of this standard
This standard is issued under section 13(1) of the State Records Act 1998 which enables the State Records Authority of NSW (‘NSW State Records’) to ‘approve standards and codes of best practice for records management by public offices’.
1.3 Who should use this standard
This standard applies to all public offices defined in section 3 of the State Records Act 1998, to which Part 2 of the Act applies.
1.4 Scope of this standard
This standard covers records and information in all formats, including both digital and physical records. It has been designed to support digital recordkeeping as the NSW Government transitions to digital business processes.
Underpinning this standard is the need to ensure that business is supported by sound records and information management practices. Importantly, the standard has been framed and targeted to support good information practices in complex business and information environments.
This standard refers to both records and information and establishes requirements for the holistic management of records and information. Taking this approach to the management of records and information better reflects the way in which most organisations now manage their information resources in an integrated manner.
This standard is the product of a process to consolidate and streamline requirements from the following standards:
- Standard on full and accurate records
- Standard on managing a records management program
- Standard on digital recordkeeping
- Standard on counter disaster strategies for records and recordkeeping systems
- Standard on the appraisal and disposal of State records.
With the issue of this new standard, the above five standards have been revoked and are no longer in use. These older standards can be consulted on www.opengov.nsw.gov.au.
Public offices should consult the Standard on the physical storage of State records for requirements for the storage of non-digital records and counter disaster requirements applicable to non-digital records.
1.5 Benefits of using this standard
Applying this standard will assist public offices to:
- create trustworthy, useful and accountable records and information in evolving business environments
- ensure that meaningful, accurate, reliable and useable records and information are available whenever required for government business needs
- sustain and secure the records and information needed to support short and long term business outcomes
- enable the reliable sharing of relevant records and information
- automate governance, sharing and continuity processes
- minimise records and information volumes, preventing unnecessary digital and physical storage and management costs
- proactively protect and manage the records and information that provide ongoing value to government business and to the community of NSW.
1.6 Structure
This standard sets out three principles for effective records and information management:
- Organisations take responsibility for records and information management
- Records and information management support business
- Records and information are well managed
This standard also identifies the minimum compliance requirements that apply to each principle.
Each minimum compliance requirement is accompanied by a range of examples of how a public office can demonstrate compliance with the requirement. These examples can provide ‘evidence’ of meeting the requirement but may not be the only way that compliance can be demonstrated.
1.7 Further information
To assist NSW public offices implement this standard, NSW State Records has mapped the requirements of the standard to the guidance and training available from NSW State Records. The mapping is available at http://www.records.nsw.gov.au/recordkeeping.
Requirements in this standard build on requirements contained in a number of earlier standards issued by State Records NSW. State Records NSW has mapped the requirements of this standard to those of earlier standards. This mapping is available at www.records.nsw.gov.au/recordkeeping/rules/standards.
For more information on this standard, please contact State Records NSW or see www.records.nsw.gov.au/recordkeeping/rules/standards.
Back to topPrinciples
- Principle 1: Organisations take responsibility for records and information management
- Principle 2: Records and information management support business
- Principle 3: Records and information are well managed
Principle 1: Organisations take responsibility for records and information management
To ensure records and information are able to support all corporate business operations, organisations should establish governance frameworks. These include:
- policy directing how records and information shall be managed
- assigning responsibilities
- establishing provisions for records and information in outsourcing and service delivery arrangements
- monitoring records and information management activities, systems and processes.
Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement | |
---|---|---|
1.1 | Corporate records and information management is directed by policy and strategy. |
|
1.2 | Records and information management is the responsibility of senior management who provide direction and support for records and information management in accordance with business requirements and relevant laws and regulations. |
|
1.3 | Corporate responsibility for the oversight of records and information management is allocated to a designated individual (senior responsible officer). |
|
1.4 | Organisations have skilled records and information management staff or access to appropriate skills. |
|
1.5 | Responsibility for ensuring that records and information management is integrated into work processes, systems, and services is allocated to business owners and business units. |
|
1.6 | Staff and contractors understand the records management responsibilities of their role, the need to make and keep records, and are familiar with the relevant policies and procedures. |
|
1.7 | Records and information management responsibilities are identified and addressed in outsourced, cloud and similar service arrangements. |
|
1.8 | Records and information management is monitored and reviewed to ensure that it is performed, accountable and meets business needs. |
|
Principle 2: Records and information management support business
The core role of records and information management is to ensure the creation, maintenance, useability and sustainability of the records and information needed for short and long term business operations.
By undertaking an assessment of records and information needs, public offices can define their key business information. Public offices should use this assessment to design records and information management into processes and systems. This will ensure that records and information support business operations and accountability requirements, and sustain records and information needed for the short and long term.
Taking a planned approach to records and information management means all operating environments are considered. It also means that the creation and management of records and information needed to support business are considered in all system and service arrangements.
Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement | |
---|---|---|
2.1 | Records and information required to meet short and long term needs are identified. |
|
2.2 | High risk and high value areas of business and the systems, records and information needed to support these business areas are identified. |
|
2.3 | Records and information management is a designed component of all systems and service environments where high risk and/or high value business is undertaken. |
|
2.4 | Records and information are managed across all operating environments. |
|
2.5 | Records and information management is designed to safeguard records and information with long term value. |
|
2.6 | Records and information are sustained through system and service transitions by strategies and processes specifically designed to support business and accountability. |
|
Principle 3: Records and information are well managed
Effective management of records and information underpins trustworthy, useful and accountable records and information which are accessible and retained for as long as they are needed. This management extends to records and information in all formats, in all business environments, and in all types of systems.
Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirements | |
---|---|---|
3.1 | Records and information are routinely created and managed as part of normal business practice. |
|
3.2 | Records and information are reliable and trustworthy. |
|
3.3 | Records and information are identifiable, retrievable and accessible for as long as they are required. |
|
3.4 | Records and information are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration. |
|
3.5 | Access to records and information is managed appropriately in accordance with legal and business requirements. |
|
3.6 | Records and information are kept for as long as they are needed for business, legal and accountability requirements. |
|
3.7 | Records and information are systematically and accountably destroyed when legally appropriate to do so. |
|
Printable version
A (PDF, 155kb) version of the standard is available for printing.
Back to topImplementation guide
State Records NSW has prepared an implementation guide (PDF 387kb) for the Standard. The implementation guide includes detailed explanations for each minimum compliance requirement with a mapping to guidance and training, how the new standard will assist public offices meet their obligations under the State Records Act, and the relationship between the new code of best practice AS ISO 15489.1: 2017 and the Standard on records management.
Back to topTable of Commentary
An account of the comments received during public consultation on this standard is available in the accompanying Table of Commentary (PDF, 111kb).
Back to topCompliance timetable
There is a compliance timetable (PDF, 51kb) for this standard, with requirements phased in during 2015.
Published February 2015/ revised October 2017/ revised June 2018/revised November 2018
Back to top