In the Australian Government context, a record is created when people document their work. A record is evidence of a business transaction or decision.
The key distinction between records and other types of business information is that records provide evidence of business activities. Records can be created in all formats. They can be paper or digital and include reports, minutes, email and spreadsheets. A record does not have to be finalised. Drafts and working papers are records too. Records may relate to critical agency business or they may document routine administrative matters. Information received from other organisations may be evidence of their business activities, but doesn't need to be managed as a record by your agency. If in doubt, treat information as a record and manage it according to your agency’s business needs.
A record is evidence of a business activity from the time it is first created. If it documents your agency’s work it is a record regardless of its format and where and when it is filed. Records are sometimes kept in email folders, shared drives, and on laptop computers or in systems with records management functionality.
The amount of effort invested in managing records should reflect their importance to your agency. By determining what records are required using a work process analysis, you can put more effort into managing the records that your agency needs to maintain and records of your high risk functions.
The National Archives has copies of all of the records authorities that it has issued. Older authorities, which were not based on functions, have not been published on the website. For copies or information on older RDAs please contact the Agency Service Centre.
All of the digital preservation software created by the National Archives is free to download, use, modify and redistribute under the terms of its open source license. The software and extensive documentation on its installation and use, can be found via the Digital Preservation Software Platform web site at: http://dpsp.sourceforge.net
If you have a query that is not addressed by the resources available on the software web pages, please contact our digital preservation team via email@example.com
Keep the Knowledge was developed specifically for Australian Government agencies. If you are an Australian Government organisation, feel free to use the package. While we are aware the training materials are used more widely, for copyright reasons we are unable to make them more freely available.
If you are an Australian Government agency, you are welcome to use the cartoons to assist you in records training within your organisation. However, they should not be used for commercial activities such as providing training for a fee. The cartoons are copyright to the National Archives of Australia and if you wish to use the cartoons for other purposes contact the Agency Service Centre.
Computer system back-up tapes can be disposed of when they are no longer required under Normal Administrative Practice (NAP). NAP provides for the destruction of records which are either:
Computer backup tapes fall into the first and third categories.
If you are planning to destroy computer back-ups under NAP, you need to ensure that you maintain the original record (i.e. you should only destroy redundant copies) and that destruction is undertaken appropriately.
Your organisation is responsible for creating records that are full and accurate reflections of its work, and maintained over time. For ease of accessibility and reuse as well as to gain efficiencies in storage your organisation may decide to digitise its records. The Archives has not released any specific advice in this area, because how you manage digitised records will heavily depend on why you digitised them in the first place.
If your organisation is considering digitising hard copy records, some of the issues you need to consider:Why are you doing this?
How will the digital record be maintained?
While you are considering these issues you may wish to consult the following resources on this area:
The Archives has two companion publications that provide policy and advice on recordkeeping for web-based resources:
Important information about how long you need to keep websites can also be found in the Administrative Functions Disposal Authority (AFDA) – particularly Classes 1935, 1936, 21188 and 21189 - and in AFDA Express classes 20329, 20331 and 20337.
The Australian Government Information Management Office has also published Better Practice Checklist No.7, Archiving Web Resources.
We suggest that your agency to take a risk management approach to deciding how often to take snapshots of public websites.
Things that you should take into account include:
Taking a snapshop of a static websites is relatively simple. However, even if you take regular snapshots you will also need to maintain records of any changes made between snapshots.
You also need to think about the individual pieces of 'static' information provided on a website. Have these been captured into a recordkeeping system, with appropriate metadata that indicates when they were publicly available on the website? If so, there may be less need to take snapshots of the website itself.
But at the very least, it would be useful to snapshot a website prior to major changes being made, and certainly prior to the decommissioning of a website.
Dynamic pages are more difficult to deal with. Web content management systems (WCMS) and many databases have some form of 'rollback' facility, whereby it is possible to replicate a website as it was at any given point in time. If your systems have this functionality, then the ability to replicate and take a 'copy' of the replication could be considered a form of snapshot.
A feature of some dynamic websites is to present the user with specific information from a database relevant to their request. Examples of this type of service include search results and some web 2.0 features. In these instances it may also be important to make a record of what information was presented to your client as well as metadata such as the time and date it was requested, the search terms used and the IP address of the requester.
Whether a website is static or dynamic (or a combination of the two) makes no difference to how long you keep the content. If individual content 'components' (such as advice relating to a particular area of the business) are captured as records into a recordkeeping system, then these will be covered by the relevant classes in your RDA. However, public website snapshots are currently, under AFDA, considered RNA and so must be maintained and eventually transferred to the custody of the Archives.
Folioing a record means to number all of the paper records within a file. The practice of folioing originated from the need to:
Folioing is no longer necessary for records in electronic records management systems. These systems can be configured to apply document numbers to records automatically as they are entered in the system. If your organisation still has some records in paper, and if you need to refer to specific pages within a file, or if the file documents a high risk activity and you need to account for every page, you should folio.
To folio you should annotate each new paper that is added to the file with a consecutive number starting from 1 – note that the first sheet in the file is at the bottom. The folio number should be recorded on the top right-hand corner of each sheet of paper containing information, so for example if you have papers which are double sided, each side should receive a folio number. The folio number should be recorded in ink, not pencil. If pages are removed from a record, a folio removal sheet should indicate why the record was removed, by whom, when and the fate of the record, eg if the record was removed to another file, this should be recorded in the original.
Shared folders – network drives or public folders in some email environments – are used by most government agencies as a part of their overall information management strategy. There are many good reasons for this, including facilitating collaboration, disseminating information and storing documents that are difficult to capture into a records management system.
Records management systems are systems (either electronic or paper) capable of capturing, maintaining and providing access to records. They should ensure that the reliability and integrity of records is protected.
From a records management perspective, shared folders can have the following risks:
Shared folders are a useful tool, but you need to ensure that proper records are also kept. Some ways this can be done are to:
Most of the advice given is also applicable to scenarios where documents are stored in personal folders or on a local drive.
The delivery of shared services, and the sharing of information between government agencies, is becoming more common. These activities may involve the use of shared systems, such as shared databases, shared servers and web portals. This advice provides guidance on how good records management can be performed by government agencies using shared systems.
Shared systems are IT systems in which more than one agency or organisation can:
Shared systems can allow a number of agencies to share information and can span government jurisdictions (federal, state and local). Private organisations or members of the public can also be parties to a shared system.
Some examples of shared systems currently used by Australian Government agencies are:
Shared systems generate two distinct sets of records:
The records management requirements of shared systems need to be considered within the framework of an agency's overall records management policy. Agencies using shared systems should be clear on the boundaries of the system and the resulting records they need to keep in accordance with this framework.
Where two or more parties share information or manage a system the following questions about responsibilities for records management are raised:
The owner of the system should develop a policy for the management of system records, such as audit trails. In this way, the owner is accountable for the operation and reliability of the system.
Because several parties use a shared system, good management of user access and system security is essential to protect information within systems from unauthorised access and modification.
The manager of the system is responsible for managing system records. They need to ensure that sufficient evidence of system operations is generated and captured to ensure accountability. The owner of the system should set a policy for these records.
The manager of the system also needs to consider the retention and disposal of these records.
Agencies use shared systems to carry out business. In conducting business, records are generated that provide evidence of the functions of Australian Government agencies.
In cases where all parties sharing a system are Australian Government agencies, the parties need to decide who has responsibility for the records created in the system. In reaching agreement on this decision, agencies should consider what records they need to keep to meet business needs and ensure accountability.
Agencies also should consider how long they need to retain records created within shared systems, and how they will ensure appropriate disposal of these records as authorised by the National Archives of Australia through a disposal authority. The unauthorised destruction of records is a danger within a shared system when multiple parties can modify or delete information from the system.
Where systems are shared across jurisdictions or with private sector partners, decisions need to be made about what records should be created and kept to fulfil an agency’s business needs, legal requirements and ensure accountability. Records relating to the responsibilities of an agency must be created, managed and disposed of in an accountable manner, even if the records are not directly created, stored or disposed of by the agency.
Where systems are shared with parties outside the Australian Government, responsibility for the records rests, in the first instance, with the Australian Government agency. Please contact the National Archives for advice on resolving cross-jurisdictional issues.
When an Australian Government agency is responsible for the records created in a shared system, relevant legislation needs to be considered. Legislation may include the Archives Act 1983, the Freedom of Information Act 1982, the Privacy Act 1988 and the Electronic Transactions Act 1999.
Agencies using shared systems also need to consider who will manage the business records. The agency responsible for the records is ultimately also responsible for the management of the records.
If the management of business records is shared, agencies should clearly set out who has responsibility for particular records in accordance with each agency's records management requirements.
The management of business records covers:
These records management activities require careful attention within shared systems.
Shared systems allow information to enter a portal or gateway, be processed by the system and then split into constituent parts that go to different agencies. Parties to the system need to decide when this information should be captured and who will be responsible for capturing it.
The creation of metadata must be considered. Agencies should determine what metadata is needed to provide evidence of the transaction and information about the record, together with where this metadata will be captured.
The responsible agency also needs to consider how business records created within shared systems will be captured. Will records be captured within the system itself or stored in another system, such as in an agency's records management system?
If records are to be captured within a shared system, agencies should ensure it has records management functionality.
Shared systems may include the sharing of data across agencies, such as through a shared server or database. Such systems raise issues about the privacy and security of the information.
Together with the managers of the system, those with responsibility for the business records need to ensure inappropriate access is not given to the information. The business and system records also need to be protected from unauthorised modification or deletion. This should be addressed at both the system and records level.
The party with responsibility for managing the records must ensure that business records are disposed of appropriately. Records owned by individual agencies need to be disposed of in accordance with the records management requirements identified by the agency, and in accordance with a disposal authority for that agency’s records.
This checklist is designed to help agencies when planning shared systems. It lists questions that agencies should consider to make sure that records management responsibilities are addressed.
Electronic document management systems (EDMS) are used to:
Electronic records management systems (ERMS) differ from document management systems as they are designed specifically to manage the creation, use, maintenance and disposal of electronic records for the purpose of providing evidence of business activities. To do this they:
ERMS may also incorporate document management functionality. Such systems are generally referred to as electronic document and records management systems (EDRMS).
Before decommissioning an old IT system (a legacy system) you need to assess any ongoing business requirements for the information in the system. The data or records may be needed for further action or reference purposes.
Associated information such as system logs and system documentation and backup tapes should also be assessed.
The business owner of the system, the ICT area and your agency's information and records management staff should all be consulted about which information should be:
Minimum retention periods for data and records are specified in Records Authorities and General Disposal Authorities.
If the information is covered by a records authority, the following tools will help you to assess whether records, in any format, can be kept or destroyed:
An example of a GRA is the Administrative Functions Disposal Authority, which covers common administrative business activities. The Archives prepares and issues these authorities.
If the information does not need to be covered by a Records Authority:
The General Records Authority (31) for source (including original) records that have been copied, converted or migrated (pdf, 111kb) and their associated guidelines (pdf, 209kb) cover these circumstances.
The GRA has two main purposes:
Once all data and records in the system have been:
the system can be destroyed.
Yes! Messages received on mobile or handheld devices that support the business of the agency are records. This is regardless of whether a device is wireless and receives email independently or needs to be connected to a computer. These messages are subject to the same requirements as email messages received on your desktop computer.
Identifying and managing email records – Email records on a mobile device should be saved in the corporate records management system as soon as possible.
An agency's policy on the use of mobile devices should include information on identifying and saving records, as well as ensuring the security and privacy of information on mobile devices. AGIMO and Defence Signals Directorate have more information on security requirements on mobile devices.
Sometimes. Instant messaging (IM) exchanges are records. However, you need to make a decision as to whether they are short-term, facilitative records which can be destroyed according to your agency's Normal Administrative Practice (NAP) guidelines or whether they are important business records.
Currently most IM exchanges are informal, short-term and facilitative. If an agency starts to transact business or receive requests from the public using IM, the exchanges are records that should be saved in the corporate records management system.
There are two options for recording this information – technical and procedural:
Yes! Voicemail messages are records. However, you need to make a decision as to whether they are short-term, facilitative records which can be destroyed according to your agency's normal administrative practice (NAP) guidelines or whether they are important business records.
Some voicemail is facilitative, such as arranging a meeting or asking you to return a call. Other voicemail may be a request from the public or contain information required for business. The information in these voicemail messages should be retained.
If the voicemail message cannot be registered in an electronic document and records management system (EDRMS), you should make a note for file and save it on a corporate file as soon as possible. A note for file should provide details of who sent and received the message, the date and time received and notes on what was requested, directed or decided.
A collaborative workspace is a computer environment where people can work together on a single document or project. Because it is online, teams working together do not have to be in the same physical location. Examples of collaborative workspaces include:
Yes. If you are creating or changing information while carrying out tasks that support the business of your agency then you are creating records.
The first decision you need to make is whether the record needs to be captured into a records management system or whether it is covered by your agency's normal administrative practice (NAP) policy or procedures. For example, if it is a short-term facilitative record, you may be able to destroy it using NAP before it is captured into a records management system. If it is a more important record, then it will need to be captured.
As a general rule, you should capture a record as soon as you can after you have created it. However, in the case of interactive areas it may be more practical to capture threads of conversation rather than each statement individually
If you decide that a record needs to be captured, it needs to be put into an IT system with records management capability. Such a system will:
Some collaborative workspaces may have records management capability. It may be a single system with both collaborative and records functionality, or this functionality can be the result of two or more computer programs working together.
If a workspace has integrated records management, your agency may be able to automate the capture of records. To do this you will need to program into the software at what point in a work process a record should be captured. Establishing such a seamless interface will make records management easier for staff and ensure that the right evidence is available when needed for business and accountability purposes.
If your collaborative workspace does not have integrated records management, you will need detailed policies, procedures and guidelines to guide staff on where, when and how records should be captured as a record. You will also need to implement audit and compliance programs to make sure that records are being managed appropriately.