AFDA Express Version 2 – Technology & Information Management

2019/00257893

Technology & Information Management

2019

This is an accurate reproduction of the authorised records authority content, created for accessibility purposes

Introduction

The National Archives of Australia (National Archives) has developed this records authority to set out the requirements for keeping or destroying records for the general administrative function of Technology & Information Management.

This records authority is based on the identification and analysis of the business of Technology & Information Management. The records authority sets out those records that need to be retained as national archives and specifies the minimum length of time that temporary records need to be kept. This records authority gives agencies permission under the Archives Act 1983 for the destruction of the temporary records described after the minimum retention period has expired. Retention periods for these temporary records are based on: an assessment of business needs; broader organisational accountability requirements; and community expectations.

As changes in circumstances may affect future records management requirements, this records authority may occasionally be amended by the addition of new classes and the variation of existing classes. The National Archives will notify agencies of any such changes.

Application of this Authority

  1. The National Archives is progressively reviewing and retiring the Administrative Functions Disposal Authority (2010) and AFDA Express (March 2010) and will periodically issue revised functions that will ultimately comprise the revised version of AFDA Express Version 2. To aid agencies with implementation of the revised AFDA Express Version 2 functions, the National Archives will generally permit agencies the option of using either the existing AFDA functions or the newly issued revised functions until 1 July 2019 (by which time all revised functions are expected to be have been issued).
  2. This authority supersedes:
    • classes 1470-1488, 1490-1528, 20956, 1530-1556, 2081-2082, 21007, 2084-2096, 2098-2124, and 2126-2170 in the INFORMATION MANAGEMENT and TECHNOLOGY & TELECOMMUNICATIONS functions of the Administrative Functions Disposal Authority (2010); and
    • classes 20444-20448 and 20343-20344 in the INFORMATION MANAGEMENT and TECHNOLOGY & TELECOMMUNICATIONS functions of AFDA Express (March 2010).

    The superseded records classes cannot be used to sentence records after 1 July 2019.

  3. This authority should be used in conjunction with records authorities issued to agencies for their core business and other general records authorities issued by the National Archives.
  4. This records authority is to be used to determine how long records must be kept. Records are matched to the relevant core business and records class in the records authority.
    • Where the minimum retention period has expired and the records are not needed for agency business they should be destroyed as authorised in this records authority.
    • Records that have not reached the minimum retention period must be kept until they do.
    • Records that are identified as Retain as National Archives (RNA) are to be transferred to the National Archives of Australia for preservation.
  5. The Normal Administrative Practice (NAP) provision of the Archives Act 1983 gives agencies permission to destroy certain types of records without formal authorisation. This usually occurs where records are duplicated, facilitative or for short-term use only. NAP does not replace arrangements in this records authority but can be used as a tool to assist in identifying records for destruction together with this records authority and with records authorities specifically issued to an agency. The National Archives recommends that agencies develop and implement a Normal Administrative Practice policy. Advice and guidance on destroying records as a normal administrative practice and on how to develop a NAP policy is available from the National Archives' website at www.naa.gov.au.
  6. Records that are reasonably likely to be needed as evidence in a current or future judicial proceeding or are subject to a request for access under the Archives Act 1983, the Freedom of Information Act 1982 or any other relevant Act must not be destroyed until the action has been completed.
  7. Records subject to a disposal freeze must not be destroyed until the freeze has been lifted. Further information about disposal freezes and whether they affect the application of this authority is available from the National Archives website at www.naa.gov.au.
  8. Where the method of recording information changes (for example from a manual system to an electronic system, or when information is migrated from one system to a new system) this records authority can still be applied, provided the records document the same core business. The information must be accessible for the period of time prescribed in this records authority. There is a need to maintain continuing access to the information, including digital information, for the periods prescribed in this records authority or until the information is transferred into the custody of the National Archives.
  9. In general, retention requirements indicate a minimum period for retention. Agencies may extend minimum retention periods if there is an administrative need to do so, without further reference to the National Archives. Where an agency believes that its accountability will be substantially compromised because a retention period or periods are not adequate, it should contact the National Archives for review of the retention period.
  10. Records coming within 'retain as national archives' classes in this authority have been determined to be part of the archival resources of the Commonwealth under section 3C of the Archives Act 1983. The determination of Commonwealth records as archival resources of the Commonwealth obliges agencies to transfer the records to the National Archives when they cease to be current and, in any event, within 15 years of the records coming into existence, under section 27 of the Archives Act 1983.
  11. Records in the care of agencies should be appropriately stored, managed and preserved. Agencies need to meet this obligation to ensure that the records remain authentic and accessible over time. Under Section 31 of the Archives Act 1983, access arrangements are required for records that become available for public access including those records that remain in agency custody.
  12. Appropriate arrangements should be made with the National Archives when records are to be transferred into custody. The National Archives accepts for transfer only those records designated as national archives.
  13. Advice on how to use this authority is available from your agency's records manager. If there are problems with the application of the authority that cannot be resolved, please contact the National Archives.

Contact Information

For assistance with this authority or for advice on other records management matters, please contact National Archives' Agency Service Centre.

Authorisation

Person to whom notice of authorisation is given:

Heads of Commonwealth institutions under the Archives Act 1983.

Purpose:

Authorises arrangements for the disposal of records in accordance with paragraph 24(2)(b) of the Archives Act 1983.

Determines records classed as ‘Retain as national archives’ in this records authority to be part of the archival resources of the Commonwealth under section 3C of the Archives Act 1983.

Application:

All records relating to the following general administrative business area: Technology and Information Management.

This authority gives permission for the destruction, retention or transfer to the National Archives of Australia of the records described. This authority will apply only if these actions take place with the consent of the agency responsible for the administrative business documented in the records.

Authorised by:

Linda Macfarlane
Assistant Director-General (Acting)
National Archives of Australia

14 June 2019

Classes

Technology and Information Management

The function of managing the organisation's technology and telecommunications and information and knowledge resources. Information management relates to creating, capturing, registering, controlling, storing, retrieving and disposing of information and records, developing systems, frameworks, and strategies to manage records, and operating agency library and reference services. Technology management relates to developing, implementing, maintaining and managing technology solutions to support the business needs of the organisation (such as facilities, hardware and software, business systems and applications, web services, databases, cloud services, communication networks, voice mail and email), including managing technical aspects of the internet, intranet and websites.

Note: Care should be taken when using this function for records relating to developing or commissioning highly specialised technology solutions (eg facilities, business systems, hardware and software) to support the core business of the organisation, as there may be unique requirements for these technology solutions that will necessitate specific coverage within an agency's own records authority. This may be the case where the technology solutions developed are specifically designed to meet unique requirements relating to the core functions of the organisation, and are ground-breaking in nature, relate to whole-of-government or cross-portfolio initiatives, or represent a significant change in the delivery or performance of the agency’ functions. For example, creating software that employs sophisticated machine learning algorithms to make business decisions.

The core information management activities include:

  • establishing, managing and maintaining records and the systems that manage them, including systems that capture, register, classify, index, store, retrieve, transfer, communicate, disseminate and dispose of records of agency business;
  • establishing, managing and maintaining agency library and information services, including managing donations of library materials, creating inventories and distributing information sources;
  • creating, maintaining and implementing information control mechanisms;
  • managing access requests to information under privacy, freedom of information and archives legislation, or other legislation specific to the agency;
  • conserving, maintaining and preserving agency records and information resources;
  • disposing of records and information resources, including transfer, destruction and storage according to National Archives directives and other applicable standards;
  • managing agency mailroom services, including coordinating incoming and outgoing mail, internal mail services, and freight and courier services; and
  • managing agency copying or reproduction services, including administration of payments to collecting societies and managing copyright declaration forms.

The core technology management activities include:

  • designing, developing, building (where applicable) and evaluating technology solutions to support agency business (eg facilities, business systems, hardware and software), including developing and issuing specifications and metadata requirements, and conducting testing, pilots, prototyping and modelling of proposed solutions;
  • developing user and technical manuals for agency developed systems, applications and software;
  • implementing technology solutions, including rolling-out or relocating, installing and configuring technology and telecommunications facilities, systems, hardware and software;
  • managing and maintaining technology solutions, including carrying out inspections, systems analysis, repairs, modification and preservation;
  • data administration, including implementing system backups and recovering from data loss;
  • migrating information and records between systems or from one medium to another;
  • creating, maintaining and implementing data dictionaries and business rules;
  • managing security and privacy arrangements, including information security classifications, authentication, encryption, and investigating security and privacy breaches and, where necessary, referrals to appropriate authorities;
  • disposing of technology and telecommunications assets owned or leased by the agency that are no longer required, including arranging for sanitisation of hardware prior to disposal;
  • transferring or integrating technology and telecommunications assets and systems to or from other agencies (eg after an administrative change);
  • managing licensing, including applications to use the intellectual property of another agency, organisation or individual;
  • hosting websites and web services, including on behalf of third-parties;
  • receiving requests from the public to reproduce portions of agency-developed software; and
  • allocating equipment, services and facilities.

The performance of the function is supported by general activities such as:

  • developing and implementing policies, procedures, strategies, frameworks, standards, plans, programs and projects, including records management policies, cyber security plans and strategies, information governance frameworks and counter-disaster plans;
  • providing and receiving advice;
  • monitoring and evaluating processes, programs, systems, services, equipment and products;
  • supporting users (eg help desk operations), including handling enquiries, complaints and suggestions;
  • investigations into the feasibility of contracting-out activities, including assessing and providing feedback on whole-of-government solutions;
  • arrangements for leasing-out technology and information management facilities, services and assets to other bodies, including shared service arrangements with other agencies;
  • project management;
  • establishing, managing and participating in committees, meetings, forums, panels and workshops;
  • fulfilling compliance requirements, including relevant fiscal, legal, regulatory or quality standards and requirements;
  • negotiating, establishing, managing and reviewing agreements and contracts;
  • managing insurance policies and claims;
  • managing warranties and guarantees;
  • delegating powers and authorising actions;
  • undertaking research and analysis;
  • marketing and promotion;
  • reporting and reviewing, including post-implementation reviews;
  • managing risks; and
  • planning, conducting and facilitating audits.

Cross references to AFDA Express records authority

For the acquisition of goods and services (eg commercial off-the-self software, software-as-a-service, library material and cloud storage services) to support the technology and information management function, including leasing, tendering and contracting-out arrangements, use PROCUREMENT.

For developing and executing contracts under seal or deeds, including signed joint venture contracts under seal, use CONTRACTS UNDER SEAL/DEEDS.

For the production and distribution of agency publications, including agency public websites, use PUBLICATION.

For legal advice supporting technology and information management activities and the establishment and general management of an agency's intellectual property, use LEGAL SERVICES.

For applications made for permission to reproduce the agency’s published material, use PUBLICATION.

For managing financial transactions supporting technology and information management activities, use FINANCIAL MANAGEMENT.

For disciplinary action against staff for security or privacy related breaches, use PERSONNEL MANAGEMENT.

For the installation of cabling for communications networks, such as from a telecommunications provider to a local network hub, or from a local network hub to a user wall socket, use PROPERTY MANAGEMENT.

For the disposal of equipment and goods by tender, use PROCUREMENT.

For training staff in the use of information management systems that manage records, technology and telecommunications equipment, use PERSONNEL MANAGEMENT.

Cross references to other records authorities

For information, data and records contained in agency business systems, use the relevant core function in an agency-specific records authority or an appropriate general records authority that corresponds with the subject matter of the system content.

For the destruction of source records that have been converted between formats or migrated between agency electronic systems, use General Records Authority 31 – Destruction of source or original records after digitisation, conversion or migration.

For the transfer of records to contractors providing services on behalf of or to the Australian Government under outsourcing arrangements, including the transfer of records to shared services providers, use General Records Authority 40 – Transfer of custody of records under Australian Government outsourcing arrangements.

Class no

Description of records

Disposal action

62621

The following significant records documenting:

  • master control records (in any format) for the management of information and records which are required to facilitate access and give meaning and context to the information and records over time. Includes:

    • master control metadata from agency recordkeeping applications and business systems that manage information and records;

    • registers and indexes giving details or control numbers, titles, dates, disposal details (eg case file registers, business system summary information and relevant metadata elements);

    • file movement cards (if they constitute the main control record or have been used to record disposal detail); and

    • lists of records destroyed, if master control records are not annotated.

[For ancillary records documenting the control of agency information and records, use class 62625.]

  • master version of an agency’s file classification scheme and business classification scheme and abbreviations used in paper and electronic systems;

  • development and maintenance of agency record titling thesaurus. Includes master version of thesaurus;

  • business rules, configuration settings, relevant agency metadata, and associated information relating to systems that manage information, data and records that are required to facilitate ongoing access and preservation, including data dictionaries, user requirements, application specific rules, and system specifications. Includes developmental records and requests for changes;

Note: The National Archives can provide guidance in identifying appropriate metadata and associated information to support preservation of agency information, data and records.

  • implementation of vital records plans, counter-disaster plans, cyber security plans, disaster plans and business continuity plans following a disaster, such as fire or flood, major cyberattack or other significant incident, and implementation of emergency destruction plans or recovery plans covering the organisation’s information resources. Includes final reports, copies of current plans implemented for the disaster recovery process, and records covering the protection and re-establishment of data;

  • major security breaches where information, data and records in any format have been (or are suspected to have been) unlawfully accessed, copied or removed from official custody. Includes final incident reports and referral to law enforcement authorities; and

[For disciplinary action against staff for security related breaches involving records and information, use PERSONNEL MANAGEMENT.

For records relating to building security arrangements (eg access to server rooms), use PROPERTY MANAGEMENT.]

  • requests for public access to records and information under privacy, freedom of information or archives legislation, or other legislation specific to the agency, that: set a precedent; lead to a change of policy; relate to issues of national significance; are controversial or of major public interest; or result in appeals to the Administrative Appeals Tribunal, the Federal or High Court. Includes final agency response, correspondence, stakeholder consultation and supporting research.

Retain as national archives

62622

Records documenting the development, configuration, modification and maintenance of specific software based technology solutions to support agency business (eg applications, business systems, databases) that are commissioned, built or significantly customised by the agency. Includes:

  • project proposals, feasibility and pilot studies;

  • developing system specifications;

  • system documentation, user and technical manuals;

  • system specific data dictionaries and business rules

  • establishing user requirements;

  • developing source code;

  • configuration and integration with other systems;

  • identification and rectification of problems;

  • consultation received via collaborative software development forums (eg Github);

  • testing and evaluation;

  • requests for system changes; and

  • final sign-off by all parties.

Excludes commercial off-the-shelf software and software-as-a-service (ie cloud-based applications) acquired by the agency which do not require significant customisation. Also excludes purchase and contractual records, data quality and integrity, control mechanisms and data migrations.

Note: Highly specialised software based technology solutions that are specifically designed to meet unique requirements relating to the agency's core functions, are ground-breaking or innovative in nature (such as employing complex machine learning algorithms to make business decisions), relate to whole-of-government or cross-portfolio initiatives, or otherwise represent a significant change in the delivery or performance of agency functions, should be covered in the relevant function of an agency's own records authority.

[For acquiring software based technology solutions, including purchasing commercial off-the-shelf software and tendering for custom-built software, use PROCUREMENT.

For system analysis, data quality and integrity, and ongoing management of systems and databases, use 62625.

For the destruction of source records of content that is migrated, copied or converted, use General Records Authority 31 – Destruction of source or original records after digitisation, conversion or migration.]

Destroy 7 years after (sub) system is defunct and any data supported is either migrated or destroyed

62623

Records documenting the creation or amendment of the agency’s records authority. Includes records authorities for the transfer and ownership of records under archives legislation following corporatisation and/or privatisation of an agency or part of an agency.

[For agreements supporting transfer of records following privatisation of a function of government, use STRATEGIC MANAGEMENT.]

Destroy 20 years after authority is superseded

62624

Records documenting:

  • allocation of equipment, services, facilities or software to individuals or organisational units, including allocation of telephony services and mobile phones;

  • installation, configuration and relocation of technology and telecommunications equipment and facilities. Includes cabling from wall socket to a device and configuration of network hubs;

  • routine inspection of technology and telecommunications assets and facilities (eg to ensure that unauthorised software or equipment is not being used);

  • help desk operations, including provision of minor maintenance and advice, technical assistance to individuals, requests to reset passwords, and requests to recover data from backup tapes;

  • monitoring and evaluating specific services provided to customers. Includes undertaking market research, customer surveys, and performance and response time monitoring;

  • receipt and dispatch of agency mail. Includes receipts for registered and certified mail;

  • receiving and responding to routine and low-level enquiries. Includes records relating to the National Archives lending service;

  • routine inventories of library materials;

  • internal promotion and marketing of technology and information management services;

  • disposal of leased assets, including written notices and correspondence with leasing companies in relation to return of assets, handover report and notification that the agency or their nominee wishes to purchase assets;

  • arrangements for the sanitisation of technology equipment prior to disposal;

  • requests for approval to connect equipment to agency networks, either on agency premises or externally via online communications links; and

  • suggestions received for improving technology and information management services.

Destroy 3 years after action completed

62639

Periodic backups of information and records, software and configuration settings for business continuity and recovery purposes. Includes daily data backups.

Destroy in accordance with the requirements of the Australian Signals Directorate's Australian Government Information Security Manual

62625

Records documenting:

  • routine operational administrative tasks supporting the function; and

  • technology and information management activities, other than those covered in classes 62621 to 62624 and 62639.

Destroy 7 years after action completed