Frequently asked questions from Australian Government agency staff

What is a record?

In the Australian Government context, a record is created when people document their work. A record is evidence of a business transaction or decision.

The key distinction between records and other types of business information is that records provide evidence of business activities. Records can be created in all formats. They can be paper or digital and include reports, minutes, email and spreadsheets. A record does not have to be finalised. Drafts and working papers are records too. Records may relate to critical agency business or they may document routine administrative matters. Information received from other organisations may be evidence of their business activities, but doesn't need to be managed as a record by your agency. If in doubt, treat information as a record and manage it according to your agency’s business needs.

When does it become a record?

A record is evidence of a business activity from the time it is first created. If it documents your agency’s work it is a record regardless of its format and where and when it is filed. Records are sometimes kept in email folders, shared drives, and on laptop computers or in systems with records management functionality.

Managing your records

The amount of effort invested in managing records should reflect their importance to your agency. By determining what records are required using a work process analysis, you can put more effort into managing the records that your agency needs to maintain and records of your high risk functions.

How do I get a copy of a disposal authority?

Post-2000 records authorities and general records authorities are available for download from this website.

The National Archives has copies of all of the records authorities that it has issued. Older authorities, which were not based on functions, have not been published on the website. For copies or information on older RDAs please contact the Agency Service Centre.

Can I have more information on the National Archives digital preservation software?

All of the digital preservation software created by the National Archives is free to download, use, modify and redistribute under the terms of its open source license. The software and extensive documentation on its installation and use, can be found via the Digital Preservation Software Platform web site at: http://dpsp.sourceforge.net

If you have a query that is not addressed by the resources available on the software web pages, please contact our digital preservation team via recordkeeping@naa.gov.au

Can I use the training package and cartoons from Keep the Knowledge?

Keep the Knowledge was developed specifically for Australian Government agencies. If you are an Australian Government organisation, feel free to use the package. While we are aware the training materials are used more widely, for copyright reasons we are unable to make them more freely available.

If you are an Australian Government agency, you are welcome to use the cartoons to assist you in records training within your organisation. However, they should not be used for commercial activities such as providing training for a fee. The cartoons are copyright to the National Archives of Australia and if you wish to use the cartoons for other purposes contact the Agency Service Centre.

How long do I have to keep back-up tapes?

Computer system back-up tapes can be disposed of when they are no longer required under Normal Administrative Practice (NAP). NAP provides for the destruction of records which are either:

• duplicated
• unimportant or
• only of short term facilitative value.

Computer backup tapes fall into the first and third catagories.

If you are planning to destroy computer back-ups under NAP, you need to ensure that you maintain the original record (i.e. you should only destroy redundant copies) and that destruction is undertaken appropriately.

What advice do you have about digitising hard-copy records?

Your organisation is responsible for creating records that are full and accurate reflections of its work, and maintained over time. For ease of accessibility and reuse as well as to gain efficencies in storage your organisation may decide to digitise its records. The Archives has not released any specific advice in this area, because how you manage digitised records will heavily depend on why you digitised them in the first place.

If your organisation is considering digitising hard copy records, some of the issues you need to consider:

Why are you doing this?

• Is it to make accessing them easier?
• To preserve the originals for longer?
• To free up storage space by destroying original copies?
• This question will impact on the digitisation method and quality of the digital output.

 How will the digital record be maintained?

• Do you have a digital migration plan if these records are likely to be required longer than five years - the life cycle of most digital systems
• Do you have appropriate disaster recovery plans around your digital systems?
• Do you have the money to maintain and upgrade the software and hardware you will be storing the records on?

What metadata (information about the records) will you collect?

• How will you manage this metadata over time?

How will you manage the hard copy records after the digitisation?  

• Is the general records authority for source records applicable?

While you are considering these issues you may wish to consult the following resources on this area:

• AGIMO, Better Practice Checklist 18: Digitisation of Records  
• ISO 12653 – 1: 2000, Electronic imaging – Test Targets for the black and white scanning of office documents, Part 1 – characteristics
• ISO 12653 – 2: 2000, Electronic imaging – Test targets for black and white scanning of office documents, Part 2 – methods of use.
• ISO/TR 15801: 2004, Electronic Imaging – Information Stored Electronically – Recommendations for Trustworthiness and Reliability

Where can I get information on archiving websites?

The Archives has two companion publications that provide policy and advice on recordkeeping for web-based resources:

• Archiving Websites: Advice and Policy Statement (pdf, 58kb)
• Archiving Web Resources: Guidelines for Keeping Records of Web-based Activity in the Commonwealth Government (pdf, 200kb)

Important information about how long you need to keep websites can also be found in the Administrative Functions Disposal Authority (AFDA) – particularly Classes 1935, 1936, 21188 and 21189 - and in AFDA Express classes 20329, 20331 and 20337.

The Australian Government Information Management Office has also published Better Practice Checklist No.7, Archiving Web Resources. 

How often should I take a 'snapshot' of my website?

We suggest that your agency to take a risk management approach to deciding how often to take snapshots of public websites. 

Things that you should take into account include:

• the public profile of the organisation
• the likelihood that you will need to be able to prove that a particular version of some piece of advice was the one accessed by a client at a particular date and time
• the frequency with which information on the site changes

Taking a snapshop of a static websites is relatively simple. However, even if you take regular snapshots you will also need to maintain records of any changes made between snapshots. 

You also need to think about the individual pieces of 'static' information provided on a website. Have these been captured into a recordkeeping system, with appropriate metadata that indicates when they were publicly available on the website? If so, there may be less need to take snapshots of the website itself. 

But at the very least, it would be useful to snapshot a website prior to major changes being made, and certainly prior to the decommissioning of a website.

Dynamic pages are more difficult to deal with. Web content management systems (WCMS) and many databases have some form of 'rollback' facility, whereby it is possible to replicate a website as it was at any given point in time. If your systems have this functionality, then the ability to replicate and take a 'copy' of the replication could be considered a form of snapshot.

A feature of some dynamic websites is to present the user with specific information from a database relevant to their request. Examples of this type of service include search results and some web 2.0 features. In these instances it may also be important to make a record of what information was presented to your client as well as metadata such as the time and date it was requested, the search terms used and the IP address of the requester.

Whether a website is static or dynamic (or a combination of the two) makes no difference to how long you keep the content. If individual content 'components' (such as advice relating to a particular area of the business) are captured as records into a recordkeeping system, then these will be covered by the relevant classes in your RDA. However, public website snapshots are currently, under AFDA, considered RNA and so must be maintained and eventually transferred to the custody of the Archives.

How do I folio a record?

Folioing a record means to number all of the paper records within a file. The practice of folioing originated from the need to:

• reference a specific page within a file
• account for every page – folio numbers can indicate that information has been removed or added inappropriately.

Folioing is no longer necessary for records in electronic records management systems. These systems can be configured to apply document numbers to records automatically as they are entered in the system. If your organisation still has some records in paper, and if you need to refer to specific pages within a file, or if the file documents a high risk activity and you need to account for every page, you should folio.

To folio you should annotate each new paper that is added to the file with a consecutive number starting from 1 – note that the first sheet in the file is at the bottom. The folio number should be recorded on the top right-hand corner of each sheet of paper containing information, so for example if you have papers which are double sided, each side should recieve a folio number. The folio number should be recorded in ink, not pencil. If pages are removed from a record, a folio removal sheet should indicate why the record was removed, by whom, when and the fate of the record, eg if the record was removed to another file, this should be recorded in the original.

Are email archiving solutions suitable for managing emails as records?

Email and other communications technologies are used by agencies to conduct business. To maintain complete, accurate and reliable evidence of business transactions, it is essential to manage all messages as records.

Many email archiving solutions enable email to be transferred from an agency’s primary email server to another storage system. Vendors claim the following advantages for users:

• improved control over email (including audit trails)
• filtering and automated or semi-automated classification
• secure, tamper-proof copies
• compliance with regulatory requirements (usually United States requirements, such as the Sarbanes-Oxley Act, 2002 on accounting standards)
• ease of discovery for litigation or freedom of information purposes
• improved disaster recovery and business continuity
• cost effectiveness
• reduced storage requirements – elimination of copies of the same message (and attachments) in multiple inboxes
• reduced load on servers

Many of these advantages are worthwhile in an agency's overall information technology infrastructure. However, these systems are not always suitable for managing email as records. Problems with these systems include the following:

• It is difficult to differentiate between business critical, informational, personal and unsolicited commercial emails.
• Records communicated via email are separated from related records in other formats and systems.
• Generally only the sender, recipient or an administrator can access the messages, which means that other staff do not know of the existence of messages. If more widespread access is available, there may be problems protecting personal privacy, especially if personal email use is permitted.
• It is difficult to change the title of the message to better reflect the content (making retrieval more difficult). Automated classification of content is not foolproof – messages are not reliably linked to their business context.
• It is difficult to assign different retention periods according to the different activities documented in the messages.

Email archiving solutions may benefit an agency, but they are no substitute for capturing email into a proper records management system. Records management systems provide total frameworks for capturing, maintaining and providing access to evidence of transactions over time – they are not just pieces of storage technology.

Australian Government agencies using email archiving solutions should consider them part of an information storage solution, not an information management solution. To maximise returns on their investment, agencies need to professionally manage their information.

Further information

Systems that create, keep and manage digital records contains more information on creating systems with records management functionality. Managing email contains futher advice on emails.

Can I use shared folders to manage records?

Shared folders – network drives or public folders in some email environments – are used by most government agencies as a part of their overall information management strategy. There are many good reasons for this, including facilitating collaboration, disseminating information and storing documents that are difficult to capture into a records management system.

Records management systems are systems (either electronic or paper) capable of capturing, maintaining and providing access to records. They should ensure that the reliability and integrity of records is protected.

Risks associated with using shared folders

From a records management perspective, shared folders can have the following risks:

• It is easy to develop a confused, uncontrolled hierarchy of folders and document titles, which makes retrieval difficult.
• The lack of records management functionality means that documents are not good records nor reliable evidence.
• It is difficult to collect records management metadata that identifies, authenticates and describes records in a systematic and consistent way.
• Security settings that permit users to save documents to the folder also give users the ability to inadvertently delete a document.
• Ease of alteration (either deliberate or accidental) makes it difficult to ensure that the version in the shared folder is the same as the official version. Audit trails detailing alterations are not usually kept.
• Ease of duplication means that it is difficult to identify where the 'primary' record is located. The overall management of documents is generally ad hoc and not incorporated into the overall information strategy of an organisation.
• It is difficult to identify sequences of documents (either within the shared folder or in other systems) that relate to the one business process.
• Not everyone in an organisation has access to workgroup folders, so they might not be aware of the information contained in those folders.
• Limited capacity of information technology infrastructure may mean that there is pressure to destroy documents while they are still useful.

Managing shared folders

Shared folders are a useful tool, but you need to ensure that proper records are also kept. Some ways this can be done are to:

• incorporate the use of shared folders into your overall information management strategic framework
• provide viable alternatives for staff to use instead of shared folders. These include an easy to use records management system and collaboration tools and the use of an intranet to facilitate dissemination of documents
• ensure that copies of all approved or final versions of documents are placed into your records management system
• ensure that all staff are aware that the 'official' version of the document should be obtained from the records management system
• provide links between the shared folder and the records management system
• change work practices to ensure that draft documents are removed from the shared folder after being placed into the records management system
• remove out-of-date or obsolete documents from the shared folders on a regular basis
• enforce security permissions that limit the ability of most users to create folders and delete or amend documents
• ensure that your records management policy and procedures cover the use of shared folders

Most of the advice given is also applicable to scenarios where documents are stored in personal folders or on a local drive.

How do I manage records that are shared by more than one agency or organisation?

The delivery of shared services, and the sharing of information between government agencies, is becoming more common. These activities may involve the use of shared systems, such as shared databases, shared servers and web portals. This advice provides guidance on how good records management can be performed by government agencies using shared systems.

What are shared systems?

Shared systems are IT systems in which more than one agency or organisation can:

• create or manipulate information (enter, update or edit data)
• maintain the system (manage the technology and records of its operations)

Shared systems can allow a number of agencies to share information and can span government jurisdictions (federal, state and local). Private organisations or members of the public can also be parties to a shared system.

Some examples of shared systems currently used by Australian Government agencies are:

• web portals that provide a single entry point for related services, information and websites
• shared data repositories, such as databases or servers
• email forums or discussion lists hosted by agencies

Shared systems generate two distinct sets of records:

• records of transactions between parties, referred to as 'business records'
• records about the operation and maintenance of the system, referred to as 'system records'

Responsibilities for records management within shared systems

The records management requirements of shared systems need to be considered within the framework of an agency's overall records management policy. Agencies using shared systems should be clear on the boundaries of the system and the resulting records they need to keep in accordance with this framework.

Where two or more parties share information or manage a system the following questions about responsibilities for records management are raised:

• who owns the system?
• who is responsible for managing the system?
• who is responsible for the records produced within the system?
• who is responsible for managing the records produced within the system?
• what responsibilities do users of the system have?
• what records need to be created in the system, and how should they be created?

Ownership of systems

The owner of the system should develop a policy for the management of system records, such as audit trails. In this way, the owner is accountable for the operation and reliability of the system.

Management of systems

Because several parties use a shared system, good management of user access and system security is essential to protect information within systems from unauthorised access and modification.

The manager of the system is responsible for managing system records. They need to ensure that sufficient evidence of system operations is generated and captured to ensure accountability. The owner of the system should set a policy for these records.

The manager of the system also needs to consider the retention and disposal of these records.

Responsibility for business records

Agencies use shared systems to carry out business. In conducting business, records are generated that provide evidence of the functions of Australian Government agencies.

In cases where all parties sharing a system are Australian Government agencies, the parties need to decide who has responsibility for the records created in the system. In reaching agreement on this decision, agencies should consider what records they need to keep to meet business needs and ensure accountability.

Agencies also should consider how long they need to retain records created within shared systems, and how they will ensure appropriate disposal of these records as authorised by the National Archives of Australia through a disposal authority. The unauthorised destruction of records is a danger within a shared system when multiple parties can modify or delete information from the system.

Where systems are shared across jurisdictions or with private sector partners, decisions need to be made about what records should be created and kept to fulfil an agency’s business needs, legal requirements and ensure accountability. Records relating to the responsibilities of an agency must be created, managed and disposed of in an accountable manner, even if the records are not directly created, stored or disposed of by the agency.

Where systems are shared with parties outside the Australian Government, responsibility for the records rests, in the first instance, with the Australian Government agency. Please contact the National Archives for advice on resolving cross-jurisdictional issues.

When an Australian Government agency is responsible for the records created in a shared system, relevant legislation needs to be considered. Legislation may include the Archives Act 1983, the Freedom of Information Act 1982, the Privacy Act 1988 and the Electronic Transactions Act 1999.

Management of business records

Agencies using shared systems also need to consider who will manage the business records. The agency responsible for the records is ultimately also responsible for the management of the records.

If the management of business records is shared, agencies should clearly set out who has responsibility for particular records in accordance with each agency's records management requirements.

The management of business records covers:

• creation
• capture
• storage
• ensuring the ongoing accessibility of records
• maintaining the security of business records
• disposal

These records management activities require careful attention within shared systems.

Capture

Shared systems allow information to enter a portal or gateway, be processed by the system and then split into constituent parts that go to different agencies. Parties to the system need to decide when this information should be captured and who will be responsible for capturing it.

The creation of metadata must be considered. Agencies should determine what metadata is needed to provide evidence of the transaction and information about the record, together with where this metadata will be captured.

The responsible agency also needs to consider how business records created within shared systems will be captured. Will records be captured within the system itself or stored in another system, such as in an agency's records management system?

If records are to be captured within a shared system, agencies should ensure it has records management functionality.

Access and security

Shared systems may include the sharing of data across agencies, such as through a shared server or database. Such systems raise issues about the privacy and security of the information.

Together with the managers of the system, those with responsibility for the business records need to ensure inappropriate access is not given to the information. The business and system records also need to be protected from unauthorised modification or deletion. This should be addressed at both the system and records level.

Disposal

The party with responsibility for managing the records must ensure that business records are disposed of appropriately. Records owned by individual agencies need to be disposed of in accordance with the records management requirements identified by the agency, and in accordance with a disposal authority for that agency’s records.

Checklist for records management in shared systems

This checklist is designed to help agencies when planning shared systems. It lists questions that agencies should consider to make sure that records management responsibilities are addressed.

Initial considerations

• What parties will be using the system and/or its records?
• Are any of the parties sharing the system outside the Australian Government jurisdiction, eg state or local governments, or private sector organisations?

System considerations

• Who is the owner of the system?
• Who will manage the system?
• Has a policy been developed for the management of system records (such as audit logs)?
• Who will have access to the system?
• How will user access be managed?

Records considerations

• What records need to be captured for business, accountability and community requirements?
• Who will capture records and at what stage?
• How will records be captured?
• How will access to the records be managed?
• How will the security and integrity of the records be maintained?
• What are the retention requirements for the business records, and who is responsible for their disposal?
• What records management standards will apply to the records?

Is document management the same as electronic records management?

Electronic document management systems (EDMS) are used to:

• store and index documents for easy search and retrieval
• integrate with office software packages and messaging systems
• enable collaborative work
• provide access and version control over documents

Electronic records management systems (ERMS) differ from document management systems as they are designed specifically to manage the creation, use, maintenance and disposal of electronic records for the purpose of providing evidence of business activities. To do this they:

• capture and maintain contextual information (metadata) about the record to support records management processes (eg classification, registration, search, retrieval, preservation and disposal)
• provide links between records that manage the same business activity
• apply controls to records, such as access and security controls, to preserve their content and secure their integrity

ERMS may also incorporate document management functionality. Such systems are generally referred to as electronic document and records management systems (EDRMS).

What happens to the old records when a new IT system is implemented?

Assessing the information

Before decommissioning an old IT system (a legacy system) you need to assess any ongoing business requirements for the information in the system. The data or records may be needed for further action or reference purposes.

Associated information such as system logs and system documentation and backup tapes should also be assessed.

The business owner of the system, the ICT area and your agency's information and records management staff should all be consulted about which information should be:

• migrated or converted to the new system
• kept until the minimum retention period has expired
• destroyed

Minimum retention periods for data and records are specified in Records Authorities and General Disposal Authorities.

Records that need to be migrated or converted

Once migrated or converted, the information needs to be kept until the business need has finished and the minimum retention period has expired. For more information see our Digital Continuity Principles and Plan

Records that need to be kept

Records that are still needed for reference or because their minimum retention period has not expired will need to be kept in a readable form.

Destroying records that have not been migrated, converted or copied

If the information is covered by a records authority, the following tools will help you to assess whether records, in any format, can be kept or destroyed:

• Records authorities (RA) – issued to individual agencies by the National Archives covering their agency-specific core business 
• General records authorities (GRA) – covering business performed by many agencies

An example of a GRA is the Administrative Functions Disposal Authority, which covers common administrative business activities. The Archives prepares and issues these authorities.

If the information does not need to be covered by a Records Authority:

• Normal administrative practice (NAP) – policies and procedures detailing what records can be routinely destroyed

Destroying source records that have been migrated, converted or copied

The General Records Authority (31) for source (including original) records that have been copied, converted or migrated (pdf, 111kb) and their associated guidelines (pdf, 209kb) cover these circumstances.

The GRA has two main purposes:

• to permit agencies to destroy a wide range of source records once they have been copied, converted or migrated, provided equivalent reproductions are maintained and the source records themselves are not required to be retained
• to set conditions for the proper management of copying, conversion and migration processes, the reproductions that are generated through those processes and the source records themselves

The empty system

Once all data and records in the system have been:

• migrated
• copied
• destroyed or transferred using an appropriate Records Authority

the system can be destroyed.

Are messages received on my mobile device records?

Yes! Messages received on mobile or handheld devices that support the business of the agency are records. This is regardless of whether a device is wireless and receives email independently or needs to be connected to a computer. These messages are subject to the same requirements as email messages received on your desktop computer.

Identifying and managing email records – Email records on a mobile device should be saved in the corporate records management system as soon as possible.

An agency's policy on the use of mobile devices should include information on identifying and saving records, as well as ensuring the security and privacy of information on mobile devices.  AGIMO and Defence Signals Directorate have more information on security requirements on mobile devices.

Should instant messaging (IM) exchanges be saved?

Sometimes.  Instant messaging (IM) exchanges are records. However, you need to make a decision as to whether they are short-term, facilitary records which can be destroyed according to your agency's Normal Administrative Practice (NAP) guidelines or whether they are important business records.

Currently most IM exchanges are informal, short-term and facilitative. If an agency starts to transact business or receive requests from the public using IM, the exchanges are records that should be saved in the corporate records management system.

There are two options for recording this information – technical and procedural:

• technical solutions involve software which can create logs and records of IM conversations
• procedural solutions involve staff creating a note for file and saving it in a records management system as soon as possible. The note for file should include information on the parties involved and any decisions or agreements made

Are voicemail messages records?

Yes!  Voicemail messages are records. However, you need to make a decision as to whether they are short-term, facilitative records which can be destroyed according to your agency's normal administrative practice (NAP) guidelines or whether they are important business records.

Some voicemail is facilitative, such as arranging a meeting or asking you to return a call. Other voicemail may be a request from the public or contain information required for business. The information in these voicemail messages should be retained.

If the voicemail message cannot be registered in an electronic document and records management system (EDRMS), you should make a note for file and save it on a corporate file as soon as possible. A note for file should provide details of who sent and received the message, the date and time received and notes on what was requested, directed or decided.

What is a collaborative workspace?

A collaborative workspace is a computer environment where people can work together on a single document or project. Because it is online, teams working together do not have to be in the same physical location. Examples of collaborative workspaces include:

• extranets
• blogs
• internet noticeboards
• chatrooms
• document management systems

When I work in a collaborative workspace am I creating records?

Yes. If you are creating or changing information while carrying out tasks that support the business of your agency then you are creating records.

What should I do with the records I create in a collaborative workspace?

Do they need to be captured?

The first decision you need to make is whether the record needs to be captured into a records management system or whether it is covered by your agency's normal administrative practice (NAP) policy or procedures. For example, if it is a short-term facilitative record, you may be able to destroy it using NAP before it is captured into a records management system. If it is a more important record, then it will need to be captured.

When should they be captured and who should do it?

As a general rule, you should capture a record as soon as you can after you have created it. However, in the case of interactive areas it may be more practical to capture threads of conversation rather than each statement individually

Where should the records go?

If you decide that a record needs to be captured, it needs to be put into an IT system with records management capability. Such a system will:

• ensure the record's authenticity, usability and accessibility
• keep it secure from unauthorised access, alteration and deletion
• link it to other records detailing the same business activity

Some collaborative workspaces may have records management capability. It may be a single system with both collaborative and records functionality, or this functionality can be the result of two or more computer programs working together.

If a workspace has integrated records management, your agency may be able to automate the capture of records. To do this you will need to program into the software at what point in a work process a record should be captured. Establishing such a seamless interface will make records management easier for staff and ensure that the right evidence is available when needed for business and accountability purposes.

If your collaborative workspace does not have integrated records management, you will need detailed policies, procedures and guidelines to guide staff on where, when and how records should be captured as a record. You will also need to implement audit and compliance programs to make sure that records are being managed appropriately.