(1) This policy sets out Charles Sturt University's (the University) obligations and responsibilities under the State Records Act 1998 (NSW) for the creation, management and disposal of University records. (2) This policy applies to: (3) The University, as a public office, must comply with the State Records Act 1998 (NSW) and the Standard on Records Management (NSW). (4) The University and individual employees, contractors and consultants have records management obligations arising under a range of legal obligations and other external drivers, including legislation, mandated standards and contracts. Some examples of those external drivers include, but are not limited to: (5) The University is also expected to retain complete and transparent records in order to maintain accountability and answer scrutiny from a range of external sources including, but not limited to: (6) The Legislative compliance guide (internal access only) and University policies provide further information about the University's compliance obligations, including requirements for records. (7) All University practices and procedures concerning the management of University records must be in accordance with this policy and its related procedures. (8) For the purpose of s 12(b) of the State Records Act, the University’s records management program is the framework of processes and resources that support conformity with the Standard on Records Management. The elements of the program are defined as follows: (9) Management of University records is based on the following principles: (10) A breach of this policy, supporting procedures and/or the State Records Act should be reported as set out in the Compliance Management Procedure. (11) Where a breach of this policy or supporting procedures results in unauthorised access, disclosure or loss of personal information, this must be reported as set out in the Information Technology Procedure - Personal Data Breach. (12) Delegation schedule A – Governance and Legal and Delegation Schedule D - Facilities and Information Technology set out authorities to approve: (13) In addition to the delegated authorities, this policy sets out the following authorities and responsibilities: (14) The following procedures support this policy: (15) Nil. (16) In this policy:Records Management Policy
Section 1 - Purpose
Scope
Top of PageSection 2 - Policy
Compliance
Records management program
People
Policies, procedures and practices
Records
Monitoring processes
Information and records systems
Records management principles
Breach of policy
Responsibilities
Top of Page
Officer or body
Authorities and responsibilities
Vice-Chancellor
As head of the University, is responsible for ensuring that the University complies with the requirements of the State Records Act and the State Records Regulation 2015.
University Secretary
As the nominated senior responsible officer under the Standard on records management, oversees compliance with and performance against the University’s records management obligations.
Manager, Policy and Records
Chief Information and Digital Officer
Heads of all University organisational units
Band 7 heads of organisational units (or delegate)
For University records, information and systems that the organisational unit has operational responsibility for, approve internal access to and sharing of records and information between systems and organisational units. This authority is subject to any restrictions or higher authorisation requirements under delegations, the Privacy Management Plan and/or the Legal Policy and its procedures.
Committee chairs and presiding officers
Ensure that full and accurate records of business transacted by the committee (or working group, project team, etc.) are captured and retained.
All employees, contractors and consultants
Manager, Charles Sturt University Regional Archives & University Art Collection
Takes custody of University records required as State archives.
Section 3 - Procedures
Section 4 - Guidelines
Section 5 - Glossary
View Current
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.
All University employees and other individuals within the scope of this policy who create and use University records.
Positions and roles with specific responsibilities as stated in this policy.
This policy, its procedures and other supporting resources.
The University’s Legislative Compliance Guide.
Related policy texts such as the Privacy Management Plan, Information Technology Procedure – Information Security, Research Data Management Procedure, Legal Policy, Legal Procedure – Legal Records [in development] and the Collections Policy.
Records and information asset plans and registers, work instructions and operating procedures developed by organisational units to support their records management practices.
The records and information assets that support the University's functions and business requirements.
Processes and practices developed by organisational units to ensure records are being created, retained and disposed of as required.
Internal monitoring and compliance processes under the Compliance Management Procedure, Records Management Procedure, Information Security Guidelines and/or Internal Audit Charter.
Business continuity plans.
External reporting activities as required.
Official University information systems recorded in the Applications Portfolio, including systems of record, records management systems and other general-purpose data storage systems.
Controls and processes to ensure business needs and compliance obligations are met.
As the University Secretary’s delegate, monitors compliance with and performance against the University's records management obligations.
Provides advice and training to University employees and organisational units regarding records management obligations.
Authorises record destruction in accordance with the State Records Act, retention and disposal schedules and the Records Management Procedure.
Provides access to information systems that are capable of compliance with statutory requirements for records, information and data-keeping functionality (e.g. capturing, managing and protecting records).
Ensures that records and information management requirements are assessed in the acquisition, maintenance and decommissioning of information systems.
Ensure that appropriate systems and processes are in place for the creation, management and disposal of University records within their areas of responsibility.
Identify the high risk and high value records they are responsible for and protect these through risk management and business continuity plans and strategies.
Ensure that employees and others performing work on behalf of their unit (including contractors or other external parties) keep full and accurate records of the official University business they transact.
Create and maintain full and accurate records of official University business that they transact.
Ensure University records are only used for proper and authorised purposes.
Protect University records in accordance with this policy and its procedures.