Archives New Zealand Recordkeeping Policy DRAFT

From Archives New Zealand Consultation Wiki

Section 1 : Purpose
Section 2: Policy Statement
Section 3 : Scope
Section 4 : Principles
Section 5 : Roles and Responsibilities
Section 6 : Official Information Environment
Section 7 : Compliance Framework
Section 8 : Monitoring and Enforcement

Section 1 : Purpose

The purpose of this policy is to promote and encourage good business practice through appropriate creation and management of records and the systems they are created or managed within.

Section 2: Policy Statement

Archives New Zealand is committed to its role as the official guardian of New Zealand’s public archives. The Department will ensure support for all employees to achieve its outcomes and in the delivery of services to the government, its stakeholders and the public.

The Department affirms the practice and promotion of good records management as key to meeting these outcomes. A strong and relevant records management framework supports the day-to-day functions and business activities of the Department and ensures evidence of these functions and activities are created and maintained over time.

Through its commitment to records management, the Department acknowledges its accountability to government, its stakeholders and the public.

Archives New Zealand also acknowledges the leadership role it has across government and the additional responsibility this places on the Department in terms of records management practice.

Section 3 : Scope

This policy applies to anyone who conducts business on behalf of Archives New Zealand and covers all the functions and activities performed by them.

People

This includes all staff and managers of Archives New Zealand, whether permanent or temporary, including contractors and volunteers.

Functions and Activities

Included are all business functions and activities performed by or on behalf of Archives New Zealand; in whatever manner they are conducted. This includes all written correspondence, whether paper or electronic, and all spoken transactions, including meetings and telephone calls.

It applies to activities or services that are contracted to third parties and any correspondence with them, both sent and received in the course of normal prudent business practice.

Systems and Media

Equally, it covers all records of these activities regardless of the system or media in which they are captured or managed.

Section 4 : Principles

This section lists the key principles for managing records … what things are most important to us and, if we achieve them, will enable us to have the kind of records management framework we need to make the business successful.

Principle 1 : We know what records exist and what value they have

Knowing what records we hold and their value will enable us to focus our effort and develop appropriate processes for their ongoing management. Analysis of our information to identify records should be built into our design processes and applied when a system or process is developed or reviewed.

Benefits:

-Intellectual Property is protected where required

-Effort can be focussed on records of the greatest value

-Duplication of effort is minimised

-Early intervention for high value, high risk records is possible

To do this we need to:

-Design our systems to recognise records, their value and any associated risk

-Assign values to our records as close to creation as possible

-Save records only in the official departmental systems

Principle 2 : Records are available to all those who need them

Records are available to everyone unless there is a good reason to restrict them. Good reasons may include legislative requirements or records that are embargoed or require controlled release. Guidelines for the Protection of Government Held Information and Privacy Act can provide further direction regarding what records must have additional security applied

Benefits:

-Meet legislative requirements

-A simplified access environment that focuses on areas of need

-Better decision making through access to relevant information

To do this we need to:

-Restrict access only to records that really do need it

-Build security and access decisions into system design

-Implement a roles and rules based framework

Principle 3 : Finding and using records is easy

Creating and maintaining records appropriately will enable them to be found quickly and easily when they are needed.

Benefits:

-Save time and effort

-More informed decision making through access to relevant information

-Reduced risk of embarrassment through provision of inaccurate or incomplete information

-Meet legislative requirements

To do this we need to:

-Understand our business processes, ensuring appropriate records are created

-Consider the use and reuse of records in the design of our systems and processes

-Make creation / capture as simple as possible

-Save records in the appropriate systems

-Ensure the appropriate classification and control mechanisms are in place and are used

-Apply metadata consistently and accurately

Principle 4 : Recordkeeping practices are cost effective'

The cost of managing records effectively is managed and minimised. We achieve this by ensuring that our recordkeeping framework is appropriate, systems have the appropriate amount of recordkeeping built into them at point of creation and ensuring duplication is minimal.

Benefits:

-Achieve good value for money

-Focus efforts on the areas of greatest need

-Proactively manage risk

To do this we need to:

-Understand the true cost of poorly managed records

-Ensure recordkeeping is built into our systems and processes at development

-Find ways to simplify records management compliance

-Understand the risks

Principle 5 : Records are available for as long as they are required

Records must be managed appropriately over time. This means ensuring that records are created and maintained in formats and conditions that are relevant to the media used and disposal is managed as part of a formal process.

Benefits:

-Reduced cost through legal disposal of low value records

-Records of long term value are managed appropriately from creation

-Reduced risk and effort by eliminating poorly managed records

To do this we need to:

-Save records in the official departmental systems

-Include migration planning in the design of systems

-Include retention and disposal management in the design of systems

-Protect records from data loss or compromise

Section 5 : Roles and Responsibilities

This section should identify who is responsible for the various aspects of records management and in what capacity. This will ensure continuity of practice in times of change. These need to be clearly defined to avoid confusion and should be reinforced through position descriptions and the PDS process.

Everyone is required to: Create and maintain appropriate records for all of the activities they are involved in, ensuring that these records are maintained in the appropriate official system(s)

Specifically, you must:

-Comply with this policy

-Follow all established recordkeeping processes

-Save records only in the appropriate official departmental systems

-Protect records from unauthorised access

-Complete appropriate metadata accurately and consistently

-Not dispose of records unless authorised to do so

-File paper records on an official file and register them in Objective

-Raise any recordkeeping issues with your manager and work toward solutions

In addition to the above, the following responsibilities apply to:

Chief Executive

Ensure organisational compliance with recordkeeping requirements of the Public Records Act

Specifically:

-Certify compliance with the mandatory requirements of the Digitisation Standard before any disposal of source records takes place

Chief Information Officer

-Ensure business rules are in place to govern information and records management design and decision making

Specifically:

-Oversee information management governance

-Maintain a list of official departmental information systems

Group Managers

-Ensure business groups have the resources and skills required to fulfil recordkeeping obligations

Specifically:

-Managers within the business group have appropriate recordkeeping knowledge

-Championing records management

Records Manager

Guide the Department towards achieving a suitable and robust records management framework

Specifically:

-Develop appropriate recordkeeping management and control systems

-Monitor the quality of recordkeeping practices

-Ensure appropriate training and advice is available

Records Team

Implement recordkeeping management and control processes

Specifically:

-Facilitate the management of records

-Maintain the business classification and other control systems

-Coordinate retention and disposal processes

Managers, Team Leaders and Project Managers

Ensure that good recordkeeping practices are built into normal business activities for all areas of responsibility

Specifically:

-Understand the business processes you and your team are responsible for and ensure appropriate recordkeeping is applied to them

-Ensure that the recordkeeping implications of any new or significantly reviewed process or system are considered in the design

-Ensure that all records are created and maintained in the appropriate official system(s)

-Promote the Records Management Policy within your team

-Ensure staff receive appropriate training in recordkeeping practices and systems

-Ensure appropriate records are created by service providers and these are managed in the official departmental system(s)

-Identify records vital to the ongoing management of the business

-Ensure unauthorised disposal does not occur

-Identify access restrictions

Application Managers

Ensure the records contained within the application are identified and managed appropriately over time, meeting all legislative requirements

Specifically:

-Achieve the principles outlined in this policy

-Ensure that unauthorised disposal does not occur

-Meet requirements in the mandatory Recordkeeping Standards

Business Analysts and System Designers/Developers

-accurately capturing the recordkeeping functional business requirements as defined by the Records Manager and business owners/application managers.

- Ensuring that the functional business requirements are signed off by the Records Manager and the business owners/application managers.

-Follow any checklists provided by the Records Manager in the process of gathering functional business requirements.

-Raise any concerns with the Records Manager where they feel recordkeeping functional requirements have not been adequately defined by the business.

-Test systems to ensure that functionality defined by the records manager and business owners is delivered as part of the software development life cycle.

-Ensure systems are designed and built that meet the recordkeeping functional business requirements as defined in the functional specification document approved by the Records Manager. (These will include the requirements that systems protect records from loss and corruption.)

-Ensure that data migration is carried out in accordance with the data migration schedule approved by the Records manager which will define the records/data to be migrated.

Section 6 : Official Information Environment

This section provides clarity around the information environment in which records can be managed. Its purpose is to make it clear that individuals should not be creating their own systems to manage records and that they have a responsibility to ensure that the records they create or receive are managed in the appropriate system at all times.''

Archives New Zealand’s information environment is described within the Department’s Information Architecture and includes:

-Communication systems (such as phones, email and txt)

-Business systems (such as ministerial tracking systems)

-Software applications and databases (such as Archway and Objective)

-Websites and the Intranet

-Hard copy filing system

-Storage devices (such as shared drives)

Management of the information contained with these systems is controlled through the use of:

-Metadata models

-Security models

-Classifications and Taxonomies

Records are managed over time through the use of :

-Backup processes

-Migration planning

-Retention and disposal scheduling

-Business Continuity and Disaster Recovery Planning

-Vital records identification

An information system can be used to create and/or manage Departmental records if it:

-features in the Department’s information architecture

-is maintained by the Department over time

-has governance arrangements in place

-is approved by the CIO

Records must only be managed within Archives New Zealand’s official information systems. This is to ensure that records are not lost and that the appropriate controls and management regimes are in place to ensure records can be managed appropriately over time.

A governance framework for key information systems was created in 2008. Application Managers are identified as part of the governance model and have responsibilities for the management of the system and the information contained within it.

The CIO is responsible for keeping an up-to-date register of all information systems used by the Department. This profile describes the nature of the information contained within each system and provides a guide to appropriate use, including what records can be created, stored and / or managed within each system.

To do this, the profile will include at least:

-name of the system

-description of system, including purpose and scope

-business and system owners

-records that are created and / or maintained within it

-value of those records, including any records vital to the ongoing management of the business

Section 7 : Compliance Framework

This section outlines the legislative and policy framework that defines the Department’s recordkeeping obligations. It provides a link between this policy and other legislation, standards and best practice.

Legislation

Archives New Zealand is subject to the following legislation which is relevant to the management of business information and records:

-Public Records Act 2005

-Official Information Act 1982

-Evidence Act 2006

-Electronic Transactions Act 2002

-Privacy Act 1993

-Public Finance Act 1989

-Health and Safety in Employment Act 1992

-Financial Reporting Act 1993

-Tax Administration Act 1994

Section 8 : Monitoring and Enforcement

This section sets out the expectations regarding monitoring of records management practice, both against this policy and other relevant standards and legislation. Note that a monitoring framework is not yet in place, but is planned for this financial year.

The Department will monitor records management practices to ensure that all staff, managers, systems and processes are compliant with this policy. Regular reporting to management will be developed so that issues can be raised and resolved appropriately and to enable progress to be tracked over time.

Material stored using the Department’s information infrastructure and network may be audited at any time and without prior warning. Information gathered during monitoring may be passed on to a line manager and, if necessary, reported to senior managers.

A breach of this policy may be considered grounds for disciplinary action.

Retrieved from "http://wiki.archives.govt.nz/w/Archives_New_Zealand_Recordkeeping_Policy_DRAFT"

Archives New Zealand Recordkeeping Policy DRAFT

Archives New Zealand Recordkeeping Policy DRAFT

From Archives New Zealand Consultation Wiki

Contents

Section 1 : Purpose

Section 2: Policy Statement

Section 3 : Scope

Section 4 : Principles

Section 5 : Roles and Responsibilities

Section 6 : Official Information Environment

Section 7 : Compliance Framework

Section 8 : Monitoring and Enforcement