Transcription
Records Management, Retention and DisposalPolicy1Purpose1.1This Records Management, Retention and Disposal Policy sets out Western Sydney UniversityInternational College’s (WSUIC) approach relating to the management, retention and disposalof records and data.1.2WSUIC staff are expected to understand how to handle records and documents and tounderstand record retention and disposal guidelines. This Policy has been prepared inaccordance with all relevant legislative requirements, protocols and principles. It thereforesets out how WSUIC complies with relevant legal standards and regulations.2.Scope2.1WSUIC collects, stores, processes, transfers and disposes of a range of personal data. ThisPolicy applies to all data collection across all facets of WSUIC’s operations inclusive of:2.22.1.1Services and support2.1.2Marketing and recruitment operations2.1.3Information Technology (IT)2.1.4Human Resources (HR)2.1.5Finance2.1.6Risk and Compliance2.1.7Learning and teaching process2.1.8Management of relationships with our suppliers2.1.9University partner (i.e. Western Sydney University [WSU])This Policy covers collection of information from students and staff, corporate, financial andworkforce information where one or more of the following conditions prevail:2.2.1Data collection is used to meet strategic business, operational or legislativerequirements2.2.2Government authorities (e.g. immigration and border agencies) have a need for theinformation2.2.3The data collection contains personal information2.2.4The data is collected as part of reporting to government, regulatory authorities orprofessional organisationsWSUIC Records Management PolicyReference: POL 38Page 1 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
3.Definitions“Record”A document or other data that is regarded as complete and unchangeable. It may exist aspaper, as a scanned image or electronically.“Document”This means information stored on paper, as a scanned image, or electronically, that may besubject to revision.“WSUIC record”This means means any recorded information in any format (e.g. electronic, paper,photographic, scanned) created or received by staff of WSUIC in the course of conductingtheir normal daily duties and responsibilities.“ISO 15489 (BS ISO 15489-1:2001)”The international standard on records management.“Records management”This addresses the lifecycle of records, i.e., the period of time that records are in the custodyof the organisation. The lifecycle usually consists of three stages:1.2.3.Creation or receiptMaintenance and use*Disposition*The tools for maintaining and using records include: File plans Indexes Controlled vocabularies Taxonomies Data dictionaries Access and security procedures“Document management”The process whereby an organisation is able to manage their documents in an electronicformat through a system such as a controlled document management system (CDMS).Document Management includes the ability to restrict access to certain documents orgroups of documents to only authorised users. Along with security controls, thesetechnologies enable users to be granted different levels of access.WSUIC Records Management PolicyReference: POL 38Page 2 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
4.Policy Statement4.1WSUIC operates in an environment in which the importance of managing a vast array ofinformation, in an increasingly regulated operating environment, has become a businesscritical priority.4.2The role of regulators such as the Tertiary Education Quality and Standards Agency (TEQSA),in accordance with the Privacy Act 1998, has increased along with the volume of informationbeing managed. As a result, the purpose and primary objectives of this policy are to facilitateand protect effective:4.2.14.2.24.2.34.2.44.2.5Business practiceRegulatory complianceManagement of WSUIC’s information assetsCurrent practice in records managementDecision making support and intelligence4.3WSUIC predominately utilises electronic means for capturing and storing information tosupport its business processes and for transacting its business.4.4WSUIC’s strategy is to utilise, as far as possible, technological solutions for the managementof records, in order to meet record keeping compliance obligations, enhance operationalefficiency, better manage risk, support accountability and maintain corporate memory.4.5WSUIC creates, stores, manages and maintains full and accurate records of its activities.4.6All areas of WSUIC’s operations must keep records in accordance with this policy, on matterssuch as recruitment, admission, learning and teaching, student and staff engagement,administrative operations e.g. finance, IT, health and safety, copyright and all relatedcommercial activities.4.7WSUIC uses records to:4.7.14.7.24.7.34.8Underpin efficient and effective operationsSupport accountability, regulatory compliance and management of riskPreserve its corporate memory to reduce reliance on human memory and managethe risk of staff movementWSUIC takes a whole-of-enterprise approach to the management of information and recordsand therefore all staff are responsible for:4.8.14.8.24.8.3Creating, capturing, managing and disposing of records as part of their work relateddutiesBeing aware of their responsibilities for protecting personal and confidentialinformation when creating, sharing, accessing, storing and disposing of recordsCompleting the relevant record-keeping induction and training modulesWSUIC Records Management PolicyReference: POL 38Page 3 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
5.Underlying Principles5.1The processes involved in gathering, managing and using information underpin successfulbusiness operations.5.2Managing records efficiently supports compliance and accountability.5.3Each record has a lifecycle that needs to be monitored and audited regularly.5.4An efficient records management process ensures that decisions are supported withrelevant information.5.5Comprehensive records are required for business transparency, legislative compliance,accountability and cultural purposes.5.6Efficient records management and comprehensive records are important in effectivegovernance.5.7Effective and efficient records management is critical in order to assure all stakeholders thattheir privacy is secure and protected (see Australian Privacy Principle 11 ‘security of personalinformation’).5.8Records are different from documents.5.9Records cannot be modified or deleted except in controlled circumstances, they haveretention controls and they are arranged in a structure.5.10Document management applies specifically to the management of discreet documents andimages throughout their lifecycle; typical functionality includes acquisition, organisation,versioning, access control, and archiving.5.11Content management focuses on the management of the data within a document, typicallya web document.6.Records Management Lifecycle (see Figure 1)6.1WSUIC has implemented the Information Lifecycle Management (ILM) approach to themanagement of information in storage systems that include electronic devices and systems.6.2Managing information through the ILM approach enables WSUIC to monitor and effectivelymanage its strategic and operational resources and its regulatory compliance obligations.6.3WSUIC regards the data collection phase as the most critical phase because in managing thisphase appropriately, the potential to collect inadequate and/or excessive data that is not fitfor purpose intended is reduced.6.4Data is collected and used (step 1: secure creation and step 2: secure use) in an ethicalmanner taking into consideration the rights and privacy of individual data subjects (e.g.students).WSUIC Records Management PolicyReference: POL 38Page 4 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
6.5Consent is obtained from individual data subjects when collecting their personalinformation.6.6The integrity of the data collected is preserved, protected, stored and disposed in a physicaland/or secure environment (step 3: maintain securely, step 4: secure retention and step 5:secure disposition).Step 1SecureCreationStep 5SecureDispositionStep 4SecureRetentionStep 2SecureUseRecordLifeCyleStep 3MaintainSecurelyFigure 1: Five Steps to Managing Records and Information LifecycleWSUIC Records Management PolicyReference: POL 38Page 5 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
7.Retention, Maintenance, Access and Disposal7.1WSUIC adheres to the Navitas Retention and Disposal Schedule (Appendix A), which wasformulated to align with the Australian Privacy Act 1988 (Registered 25 October 2016).7.2The Retention and Disposal Schedule outlines many different types of records, which spanthe entire operations of WSUIC. The schedule further itemises the length of time that therecord(s) will be stored before disposal.7.3Records must be organised and managed to preserve their context and ease of retrieval.7.4Records must be maintained on WSUIC, Navitas and/or Western Sydney University systemsor infrastructure that is capable of meeting records management standards and legislativerequirements, particularly those related to privacy and security. The storage of records isdetailed in Section 8 below.7.5Records must be retained in accordance with the approved Retention and Disposal Schedule(Appendix A).7.6All records must be disposed of in a manner that protects the security and preserves theintegrity of Personal Information contained in the document/s.7.7Records must be destroyed at the date specified in the Retention and Disposal Schedule(Appendix A) using secure and permanent methods unless there is a:7.7.17.7.2Pending or anticipated legal action or business useCurrent hold or freeze on destruction issued by the WSUIC Quality and ComplianceManager7.8Permanent value records are managed in accordance with the Retention and DisposalSchedule (Appendix A) and security requirements for preservation and access.7.9Records are made available in accordance with legislation and regulatory complianceobligations and within the constraints of security, confidentiality, privacy and archival accessconditions as set out in the Retention and Disposal Schedule (Appendix A).8.Storage8.1Records must be stored in conditions suitable to the:8.1.18.1.28.1.3Longevity of the record in accord with legislation and WSUIC policyNature of the record content (e.g. personal, confidential or sensitive information)Format of the record or the medium it is retained/stored onWSUIC Records Management PolicyReference: POL 38Page 6 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
8.2On-site Records8.2.1WSUIC maintains a range of physical records 8.2.28.38.4Active student files for all students who are currently enrolledInactive student files for the previous termActive and inactive student files for future termsCurrent HR and staff personnel files (note that some of these are maintainedby Navitas HR)Current administrative recordsFinancial records (note that some of these are maintained by NavitasFinance Share Services)Internal Audit and Compliance records (note that some of these aremaintained by Navitas Finance Shared Services and Group Internal Audit andRisk Management)Regulatory reportsOnce records are deemed to be finalised, they may be moved to a secure off-sitestorage facility.Off-site Records (Hard Copy)8.3.1When deciding to move records off-site, the responsible operational area willconsider issues such as security, cost, space and level of accessibility required. Someoperational areas will systematically move records to secure off-site storagefacilities, e.g. Student Services moving graduate student files.8.3.2The transfer of paper documents to electronic documents through secure scanningprocesses is also an option for storage.Electronic Records8.4.1WSUIC currently stores all electronic copies of documents on appropriate hardware.The primary drive is generally categorised by operational area. Files that aredeemed to have been superseded or temporary are either archived in accordancewith the Retention and Disposal Schedule (Appendix A) or disposed of under secureconditions.8.4.2WSUIC in collaboration with Navitas IT, stores all data in accordance with thespecifications as set out in the Information Classification Policy.8.4.3A system must be assessed by Navitas IT for compliance with records standardsbefore it is implemented or before records are migrated to or from the system. Amajor change to an existing system must also be assessed by Navitas IT for suchcompliance through a defined procedure.WSUIC Records Management PolicyReference: POL 38Page 7 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
9.Security9.1WSUIC via Navitas IT, focuses security of data and its storage around the stringency ofprevailing data protection legislation and regulation.9.2Storage security includes the security of devices and media, the security of managementactivities related to the devices and media, the security of applications and services andsecurity relevant to end-users during the lifetime of devices and media and after the end ofuse. (Ref. ISO/IEC 27040:2015(E))9.3Electronic data is backed-up daily by Navitas IT.10.PrivacyWSUIC’s Privacy Policy is reflective of the regulatory requirements as stipulated in the TEQSAAct 2011, Higher Education Standards Framework (HESF) 2015, ESOS Act 2000, ESOSNational Code 2018 and the Privacy Act 1988.For more detail, refer to the WSUIC Privacy Policy.11.Continuous Improvement11.1This Policy and its implementation is predicated upon the plan-do-check-act (PDCA)continuous improvement strategy that has been adopted by WSUIC. The improvement cycleof PDCA (see Figure 2) is what drives the continuous improvement process in themanagement of information in WSUIC.11.2Continuous improvement in the management of information and information managementsystems is fundamental to WSUIC’s ability to remain compliant with its regulatoryobligations particularly with respect to the security of personal information and corporatereporting requirements.11.3The use of a continuous improvement approach facilitates effective decision making,particularly with respect to decisions that impact the effective management and control ofpersonal information and commercial-in-confidence data.11.4WSUIC is able to continue to enhance its ability to better manage information collection,use, storage, transfer and disposition through the collation of data (PLAN), comparativeanalysis (DO), regular self-evaluation (CHECK) and reflective practices (ACT).WSUIC Records Management PolicyReference: POL 38Page 8 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
Figure 2: PDCA Continuous Improvement Cycle12.Responsibilities12.1Each WSUIC operational unit (i.e. Academic Team, Student Services, Marketing andAdmissions) must:12.1.1 Comply with relevant guidelines on records management12.1.2 Ensure full and accurate records are made for activities where records are requiredto be kept12.1.3 Determine appropriate retention periods and restrictions in accordance withRetention and Disposal Schedule (Appendix A).12.1.4 Maintain security for records stored in office areas and electronically.WSUIC Records Management PolicyReference: POL 38Page 9 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
12.2All staff must:12.2.1 Create full and accurate records of all WSUIC activities for which they areresponsible and of all substantive or formal decisions they take in the service ofWSUIC12.2.2 Store records in the designated location and/or system as approved by WSUICmanagement12.2.3 Protect sensitive records in their custody from unauthorised access12.2.4 Not destroy records without authorisation from their manager12.2.5 Not maintain individual or separate files or recordkeeping systems or unmanagedelectronic records except as otherwise authorised by WSUIC management13.Quality and Compliance13.1This policy is reviewed periodically (at a minimum every two years) to ensure regulatorycompliance, operational currency, the identification of continuous improvementopportunities and risk identification and mitigation. This review is reflected in WSUIC’sQuality Management Framework and Risk Management Framework.13.2This policy will be available on the WSUIC website for students and the WSUIC SharePointsite for staff access.13.3Emails will be issued to all staff to inform and update them on any changes to the policyand/or procedures and guidelines.13.4New staff will receive policy information during the induction process where it relates totheir position.14.Related Forms and DocumentsN/A15.Related Policies, Procedures, Guidelines and Legislation POL 37 WSUIC Privacy Policy POL 21 WSUIC Staff Code of Conduct Navitas Records Management, Retention and Disposal Policy Western Sydney Records and Archives Management PolicyWSUIC Records Management PolicyReference: POL 38Page 10 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
State Records Act 1998 (NSW), Government Information (Public Access) Act 2009 (NSW), Privacy and Personal Information Protection Act 1998 (NSW). GA 47 General retention and disposal authority: higher and further education records Higher Education Standards Framework 2015 Domain 1 Student Participation andAttainment clause 1.5 Qualifications and Certification and Domain 7 Representation,information and information management clause7 Information Management National Code 2018 Standard 3 Formalisation of enrolment and written agreementsclause 3.6, Standard 5 Younger overseas students clause 5.3.5, Standard 7 Overseasstudent transfers clause 7.7 National Standards for Foundation Programs Explanatory Guide clause 2.5 and clause 6.3 ESOS Act 2000 Section 21Approval and Amendment HistoryApproval Authority:Western Sydney University International College Board of DirectorsPolicy Owners:ExecutiveApproval Date:22 March 2019Date for Next Review:22 March 2021AmendmentsRevision Date21/10/201621/12/2016Version11.1Summary of changesNew policy developedRemoval of Legislative references from the beginning of the document and placement asAppendix A at the rear of the document; addition of Clause 3 (Definitions ) and Clause 11(Related forms and Documents) for consistency of format to match other Policy documentsand renumbering of clauses to address these additions; addition of clause 1.2 to adddirection to purpose statement; added legislation links to Clause 10.WSUIC Records Management PolicyReference: POL 38Page 11 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
AmendmentsRevision Date22/03/2019Version2.0Summary of changesRemoved reference to GDA 23 – this has been superseded by GA 47Remove reference to MAZE and Callista (?)Formatting changes throughout the documentReworded Policy StatementUpdated Retention & Disposal to refer to GA 47 not GDA 23; included adherence toNational Code 2018, HESF 2015, National Standards for FPRestructured Electronic Records to enumerate electronic records that are collected andstored by WSUICAdded Responsibilities based on WSU Records Management PolicyReplaced Quality and Compliance with the new generic statementReplaced Approval and Amendment History with current formatUpdated related guidelines and regulationsReplaced Appendix A with list of key records that must be collected and retained by WSUICas per National Code 2018, HESF 2015, National Standards for FPWSUIC Records Management PolicyReference: POL 38Page 12 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
APPENDIX ARecords Retention and Disposal ScheduleThis Retention and Disposal schedule has been developed by Navitas in accordance with the followingActs relating to records management inclusive of retention and disposition: Student Assistance Act 1973 (Registered 03 January 00005 Student Identifiers Act 2014 (Registered 06 January 00038 Student Loans (Overseas Debtors Repayment Levy) Act 0155 Tertiary Education Quality and Standards Agency Act 2011 (Registered 25 July 00888Tertiary Education Quality and Standards Agency (Consequential Amendments andTransitional Provisions) Act 0074 Education Services for Overseas Students (Registration Charges) Act 0773 Education Services for Overseas Students Act 2000 (registered 21 October 00935 Education Services for Overseas Students (TPS Levies) Act 2012 (Registered 11 July 00779 Competition and Consumer Act 2010 (Registered 03 March 00062Retention & Disposal Schedule by Record TypeDescription of RecordsStatusDisposal ActionPermanentRetain permanentlyExternal RelationsAlumniAlumni records including register of alumni andmember detailsLiaisonAgreements to establish relationships with externalorganisations (dated)WSUIC Records Management PolicyReference: POL 38Temporary Retain for seven (7) years afterexpiry or cancellation (not signedunder seal)Page 13 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
Description of RecordsStatusDisposal Action Retain for 12 years after expiry orcancellation (signed under seal)Agreements to establish relationships with externalorganisations (undated)TemporaryRetain for 25 years from dateregisteredTemporaryRetain for seven (7) years afterappointment ceases or agreementlapsesRecords relating to visits from external entities tothe Company premisesTemporaryRetain for one (1) year after lastactionDescription of RecordsStatusDisposal ActionEstablishment of perpetual Trusts and TrustsPermanentRetain permanentlyEstablishment – other Trusts including legaldocuments defining the terms of the Trust andrecords relating to finalisation of the TrustTemporaryRetain for 20 years after cessationof Trust and disbursement of allassetsTemporaryRetain for 10 years after lastactionStudent RecruitmentRecords relating to appointment of externaladvertising and/or recruitment agencies orrepresentatives and the agreements relating toagents or representativesExternal VisitsFinancial ManagementTrust Fund ManagementTrust Fund MaintenanceTrust fund maintenance and transaction reports,including: Periodic reportsBatching recordsIncorrect calculations reportsProcessing/reporting request formProcessing/updates or file maintenance run listsTrial balancesStores and materials daily/trail/current balancesand balance comparisonWSUIC Records Management PolicyReference: POL 38Page 14 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
Description of RecordsStatusDisposal ActionTemporaryRetain for five (5) years afteraward is no longer offeredPermanentRetain permanentlyTemporaryRetain for 70 years after date ofbirth AND seven (7) years afterdate of separationPermanentRetain permanentlyTemporaryRetain for one (1) year afterappeal period expiresTemporaryRetain for two (2) years afterarrangement expiresTemporaryRetain for seven (7) years afterlast actionTemporary Retain for two (2)years after last actionHuman Resource ManagementAwards and RecognitionEstablishment of performance excellence awardsPersonnel FilesSenior staff or significant staff (e.g. method ofearning dismissal extraordinary, significant notorietyin their discipline/industry or media)Non-senior staffSelection and RecruitmentSenior Staff Positions – recruitment processdocumentation, unsuccessful candidates andsuccessful candidates that do not commenceOther Staff Positions – recruitment processdocumentation, unsuccessful candidates andsuccessful candidates that do not commenceStaff Exchanges/SecondmentsRecords relating to arrangements for staffexchanges with other entitiesStudy or Professional Development LeaveApplications for study or professional developmentleave – successfulApplications for study or professional developmentleave – unsuccessfulWSUIC Records Management PolicyReference: POL 38TemporaryPage 15 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
Description of RecordsStatusDisposal ActionPermanentTemporaryRetain permanentlyRetain until Policy is supersededTemporaryRetain for five (5) years after lastactionTemporaryRetain for 10 years after lastactionPublishingPolicyFinal version of a policyPolicy – working papers and draftsIntellectual PropertyAdministration of intellectual property. Includesinternal and external correspondence related tointellectual property management.Intellectual PropertyRecords relating to disputes and/or infringementsconcerning intellectual propertyWSUIC Records Management PolicyReference: POL 38Page 16 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
Description of RecordsStatusDisposal ActionTemporaryRetain for seven (7) years afterlast actionApplicant with no enrolment record on the StudentManagement SystemTemporaryUnsuccessful applications for admissionTemporaryExternal Admission Centres e.g. Universities andColleges Admission Service (UCAS) in the UK,Universities Admission Centre (UAC) electronic fileincluding academic results and all student/coursepreferencesRecords relating to the number of places offered inprogrammes or courses, based on data from theexternal admission agencyTemporaryRetain for 6 months after thecensus date of the semester thatstudent was due to commenceRetain for six (6) months after theapplicant notified of outcomeand/or conclusion of any appealsprocessRetain for two (2) years afterrelevant GovernmentDepartment, e.g. DET in Australia,census dateStudent AdministrationAdmissionSuccessful applications for admission – includes: Offer lettersApplicationsSupporting documentsImmigration clearances (Confirmation of Enrolment)AcceptancesAny other relevant supporting documentationTemporaryRetain for three (3) years afterrelevant census dateTemporaryRetain until reference ceasesPermanentRetain permanently(electronically)TemporaryRetain until course completionand for seven (7) years after lastactionCalendars and HandbooksDuplicate sets of calendar and handbookpublicationsMaster set of calendar and handbook publicationsEnrolmentRecords of individual students relating to academicprogress, course progression and unit participation: Exclusions, academic progress, academicstandingWarnings regarding poor course progressionWithdrawal without academic penaltyCertificates/prerequisites for unit participationVisa approvalsImmigration notifications relating to enrolmentstatusCredit transferWSUIC Records Management PolicyReference: POL 38Where course was abandoned,retain until maximum period forcourse completion elapses plusone (1) year.Page 17 of 33V2.0 March 2019Any hardcopy (printed) version of this document is to be regarded as uncontrolled. The current revision can only be verified by directreferences to the Amendment History of the document on SharePoint
Description of RecordsStatusDisposal ActionTemporaryRetain for four (4) years after lastactionRecords related to protocols for Academic Dress (ifappropriate)Conferral Proceedings including records rela
references to the Amendment History of the document on SharePoint 3. Definitions "Record" A document or other data that is regarded as complete and unchangeable. It may exist as paper, as a scanned image or electronically. "Document" This means information stored on paper, as a scanned image, or electronically, that may be
