Administration of the corporate records management system
The purpose of this Records Management Advice issued in accordance with s 131A(c) of the Information Act 2002, is to inform NT Government agencies of their obligations to administer the corporate records management system in order to fulfil the compliance requirements of the Records Management Standards for public sector organisations in the NT and to meet the business requirements of the organisation.
The Records Management Standards for public sector organisations in the NT provide policy advice at a whole of jurisdiction level which public sector organisations, as defined in the Information Act 2002, must follow in order to underpin their business activity and comply with good governance principles and the legislative requirements of the Act. (1) The standards are policy documents with which NT public sector organisations are mandated to comply.
Standard 2 deals with the capture of records and states:
- “Records must be captured into the corporate records management system.”
It explains the reason for the efficient capture of records into the system as facilitating:
- Efficiency, by allowing the use, re-use, reference to and central distribution of records thereby making correct and authentic information readily available when needed;
- Sound use of financial resources, by allowing timely disposal of non-current records;
- Accountability, by enabling the creation of a complete and authoritative record of official activities;
- Risk mitigation, by managing the risks associated with illegal loss or destruction of records, and from inappropriate or unauthorised access to records. (2)
In order for these obligations to be correctly fulfilled, it is vital that public sector organisations adequately resource the system administration function of the corporate records management system. This is essential to comply with the Compliance Requirement in Standard 2, obliging an organisation to ensure “Suitably qualified and experienced staff are employed to administer and troubleshoot the organisation's corporate records management system, and to promote its use in the organisation”. (3)
The Information Act 2002 outlines the responsibilities of chief executive officers with regard to the management of their agencies' records as being:
131 Duties of chief executive officers
- The chief executive officer of a public sector organisation has a duty to ensure that the organisation complies with this Part.
- The chief executive officer of a public sector organisation must ensure that the organisation's annual report includes a statement about its compliance with this Part.
There are penalties enforceable under law for the mishandling of records or the information they contain. (4) The NT Public Sector Principles and Code of Conduct also prescribes conditions for the safeguarding and use of official information. (5)
There are a number of risks relating to inadequately resourcing the corporate records management system administrator's role, including the risk that the chief executive officer may be in breach of s 131 of the Information Act.
Other elements of the Records Management Standards are reliant upon this role being performed competently:
Standard 3 - Discovery
Records must be findable and accessible for as long as they are required.
It is crucial that the corporate records management system's dataset is correctly administered in order for data to be accurate and ensure ease of accessibility to appropriate records. The Office of the Information Commissioner when reporting on Freedom of Information applications has commented:
“Some organisations have encountered difficulties in processing an FOI request because of inadequate records management systems. Further, resolution of complaints is often delayed because of a failure of organisations to provide answers to questions or produce documents in a timely manner. It is important that organisations regularly review their file management procedures to ensure that they comply with the relevant Records Management and Archives Standards. The Information Act provides that it is the responsibility of the Chief Executive Officer to ensure that his or her organisation complies with the provisions of the Act.” (6)
Standard 4 - Security
Records must be secure.
The records management system in the NTG manages records according to standards, rules and procedures that are designed to ensure their authenticity, inviolability and security. Security classifications for both records and staff are consistently managed within the system. The system administrator's role is vital in ensuring correct security is maintained over the records in the system. This role is responsible for the consistent application of protective security measures.
It is essential the administrator is able to ensure correct profiles of both records and staff are matched appropriately ensuring records are not only made available to the correct staff, but that records with a higher security classification are only made available to staff with the correct security clearance.
The administrator is able to understand server produced audit logs, which monitor and log access and activity on the system for analysis and possible incident resolution, and have the ability to produce online audit activity logs within the client system when necessary. Penalties may apply if an organisation fails to store information securely and this results in a privacy breach. There are also penalties if a person mishandles information in accordance with the legislation. (7)
Standard 5 - Disposal
Records must be disposed of systematically and accountably
The Standard on Disposal states:
NT public sector organisations must dispose of records in accordance with the provisions of the Information Act and be able to prove such action has been performed with due regard to the business, legal and governance requirements as well as community expectations toward the retention and disposal of records.
The corporate records management system is a vital tool in ensuring that the disposal of NT Government records is performed according to the legislation and published standards. It not only provides information on dates records are due for destruction, it is also used to record information about authorised record destructions for accountability and audit purposes. The system administrator is vital in ensuring disposal information is correctly managed within the system.
Contract agreement with vendor
An agreement exists between the NT Government and the records management system vendor for support and maintenance of the approved records management system. Clause 11, states that the vendor will correct defects of the software by providing defect correction information, a work-around or other remedial services as are necessary to restore the licensed software to appropriate functionality. However the contract does not cover correction of defects caused by:
- Operation of the software in a manner which contravenes the NTG obligations;
- Failure by the customer to operate the software in accordance with specifications;
- Use by the customer of the software in an information technology environment other than that advised by vendor (e.g. use of older versions of software with newer versions of Microsoft Office); and
- Failure by the customer to use the software in conformity with user documentation. (8)
The vendor takes no liability for business interruption or loss of business information arising out of the use of or inability to use the licensed material in a manner not in accordance with specifications or vendor instruction. The vendor will not be liable for performance delays or for non-performance due to causes beyond its reasonable control. (9) The NTG contract demands the provision of personnel with the requisite skills and experience. (10)
Because of the important role the administrator of the corporate records management system plays in ensuring the integrity of the system, it is essential that the position is resourced adequately by the organisation. This involves:
- Making it a mandatory requirement that any staff member performing the function of administrator has received the proper training, ie at a minimum, Accredited Systems Administrator. If the position also has a training aspect the NTG Train the Trainer course needs to be included, and if the position is responsible for disposal, the Archival module.
- Mandatory system training for each new major version is required to maintain a high level of administration skills aimed to meet the NT Government's contract requirements.
This advice has been issued by the NT Records Service, being the NT Records Policy Unit, and the NT Records Systems Section, Department of Corporate and Information Services.
The regulatory basis for records management in the NT Government is the Information Act 2002,
Part 9 - Records and Archives Management.
Other documents consulted in preparing this advice are:
- NTG ICT Policy - ICT Security Framework, December 2011
- NTG ICT Policy - End User ICT Services, June 2012.
For further information please contact:
NTG Records Policy Unit
ICT Policy and Strategy Section
Department of Corporate and Information Services
- Records Management Standards for Public Sector Organisations in the Northern Territory, August 2010, Introduction
- Principles and Functional Requirements for Records in Electronic Office Environments, Module 2 - Guidelines and Functional Requirements for Electronic Records Management Systems, International Council on Archives (2008), 1. Introduction, p 5
- Records Management Standards for Public Sector Organisations in the Northern Territory, August 2010, Standard 2 – Capture
- Information Act 2002, s 145(1)
- NT Public Sector Principles and Code of Conduct, 10 Use of official information, p 11
- Annual Report of the Office of the NT Information Commissioner 2009-2010, 6. Other functions of the Information Commissioner, 6.15 Records Management p. 44
- Information Act 2002, sections 145 to 147
- NT Government Information and Communications Framework Contract Clause 11, 11.6 Exclusions
- Vendor Support Agreement Terms and Conditions
- NT Government Information and Communications Framework Contract Clause 19, 19.1 Provision of Personnel
Last updated: 29 July 2019
Share this page: