Records Management Policy (MPF1106)

  • Category: Governance and Management
  • Version: 8
  • Document Type: Policy
  • Document Status: Published
  • Approved On: 23 January, 2024
  • Audience: Staff, Research, Academic, Affiliate
  • Effective Date: 23 January, 2024
  • Review Date: 18 January, 2027
  • Policy Approver: Vice-President Administration & Finance And Chief Operating Officer
  • Policy Steward: Director, Information Governance Services
  • Supporting Process:

    Records Management Processes


1. Objectives

1.1. The objectives of this policy are to:

a) facilitate legislative compliance and effective business practice; and

b) protect University information assets as evidence of current practice and to support future research.

2. Scope

2.1. This policy applies to:

a) all staff and honorary appointees of the University, and to people authorised to undertake University business;

b) all records, including information and data created, received, or maintained by or on behalf of the University, in any format or medium.

3. Authority

3.1. This policy is made under the University of Melbourne Act 2009 (Vic) and the Vice-Chancellor Regulation and supports compliance with the:

a) Public Records Act 1973 (Vic) and standards issued in accordance with this Act

b) Privacy and Data Protection Act 2014 (Vic)

c) Freedom of Information Act 1982 (Vic)

d) Health Records Act 2001 (Vic)

e) Evidence Act 2008 (Vic)

f) Crimes (Document Destruction) Act 2006 (Vic)

4. Policy

4.1. The University creates, captures and maintains full and accurate records of its activities, including outsourced, contracted or cloud-based activities. All areas of University operations must keep records in accordance with this policy, on matters such as research, learning and teaching, engagement, administrative operations and commercial activities.

4.2. Records are used to:

a) underpin efficient and effective operations;

b) support accountability, regulatory compliance and management of risk; and

c) preserve corporate memory.

4.3. All staff, including people authorised to undertake University business and/or activities (e.g., service providers and contractors) are responsible for:

a) creating, capturing, managing and disposing of records of their University duties;

b) being aware of their responsibilities for protecting personal and confidential information when accessing and using University records; and

c) completing the relevant recordkeeping induction and training modules.

5. Procedural principles

5.1. Records must be maintained on University systems, or infrastructure that is capable of meeting records management standards and legislative requirements.

5.2. A system must be assessed for compliance with records standards (e.g., as part of a Privacy Impact Assessment) before it is implemented or before records are migrated to or from the system. A major change to an existing system must also be assessed for such compliance.

5.3. Records must be organised and managed to preserve their context and ease of retrieval.

5.4. Records must be retained and disposed of in accordance with the University Records Retention and Disposal Authority and Normal Administrative Practice.

5.5. Throughout their full retention period, records must be actively managed and organised to preserve context, accessibility and usability.

5.6. Records must be stored in conditions suitable to the:

a) length of time they must be kept;

b) nature of the record content (e.g., personal, confidential or sensitive information); and

c) format of the record or the medium it is kept on.

5.7. Temporary value records must be destroyed as soon as reasonably practicable after the date specified in the University Records Retention and Disposal Authority using secure and permanent methods unless there is:

a) a current business need to regularly continue using the records; or

b) a pending or anticipated legal action (including Freedom of Information request).

5.8. Permanent value records must be transferred to the University of Melbourne Archives for ongoing preservation and access.

5.9. Research records and data must be managed in accordance with this policy and the Research Data Management Policy (MPF1242).

5.10. Records must be made available in accordance with legislation and within the constraints of security, confidentiality, privacy, and archival access conditions.

6. Roles and responsibilities

 

Role/Decision/Action

 

Responsibility

 

Conditions and Limitations

Establish and implement a records management program.

Director, Information Governance Services

In accordance with this policy and s.13 of the Public Records Act 1973 (Vic) describing duties of the office in charge of a public office (the Vice-Chancellor).


Issue guidance on policy implementation.

Director, Information Governance Services

 

 

7. Definitions

Disposal means a range of processes associated with implementing records retention, destruction, or transfer decisions, which are documented in the University Records Retention and Disposal Authority. Refer to Retention and disposal for further information.

Normal Administrative Practice (NAP) means a process that allows the University to destroy certain types of low-value and short-term information in the normal course of business. Refer to Normal Administrative Practice for further information.

Permanent value record means a record defined as permanent in the University Records Retention and Disposal Authority, because it has been appraised to have ongoing historical and/or cultural value.

Privacy Impact Assessment (PIA) means a process for identifying and analysing potential privacy risks and developing risk mitigation strategies to address these privacy impacts before a project or initiative commences. See Privacy Policy (MPF1104) for further information.

Record means information in any format created, received, and maintained as evidence by the University, in pursuant of legal obligations or in the transaction of business. Refer to Introduction to University records for further information.

Retention period means the minimum period that records must be kept before they can be legally destroyed.

Temporary value record means a record defined as temporary in the University Records Retention and Disposal Authority, which is required to be kept for a minimum period of time for legislative or other requirements, before it can be destroyed.

University Records Retention and Disposal Authority (RDA) means an instrument, which sets out the requirements for the retention and destruction of University records and information, in line with legislative and business needs, as well as recordkeeping standards issued under the Public Records Act 1973 (Vic). Refer to Using the University Records Retention and Disposal Authority for further information.

POLICY APPROVER

Vice-President (Administration & Finance) and Chief Operating Officer

POLICY STEWARD

Director, Information Governance Services

REVIEW

This policy is to be reviewed by 18 January 2027.

VERSION HISTORY

Version Approved By Approval Date Effective Date Sections Modified
1 Council 8 October 2012 8 October 2012 New version arising from the Policy Simplification Project. Loaded into MPL as Version 1.
2 General Manager, University Records and PolicyUniversity Secretary's Department 27 November 2013 27 November 2013 Updates to documents listed in 'Relevant Legislation' section.
3 Vice Chancellor 26 February 2016 21 July 2016 New version arising from the Policy Consolidation Project.
4 Associate Director, Records and Compliance 10 April 2017 10 April 2017 Editorial amendment removing erroneous link in section 6.
5 Vice-Chancellor 7 March 2019 30 April 2019 Changed Policy Approver to Vice-President (Administration & Finance) and Chief Operating Officer (previously Vice-Chancellor).
6 Vice-President (Administration & Finance) and Chief Operating Officer 18 April 2019 30 April 2019 Amended Policy Steward title.

Editorial amendments to correct minor errors or align with the University’s policy style guide.

7 Vice-President (Administration & Finance) and Chief Operating Officer 18 January 2024 23 January 2024

Amended Policy Steward title. Expanded Scope and added additional legislation to Authority. Added Definitions.

Editorial amendments to correct minor errors or align with the University’s policy style guide.

Formal review and broad consultation completed and review date updated to 18 Jan 2027 in line with Policy Framework.

8 Policy Officer 23 January 2024 23 January 2024

Amendment to correct Policy Steward title from old title of Associate Director, Information Governance And Engagement to Director, Information Governance Services.