Information Sheet 4: Digital Recordkeeping

Purpose

This information sheet is to guide best practice recordkeeping for designated agencies and to assess the extent to which the agency’s systems operate as a recordkeeping system. The following advice is based on the State Archives and Records Authority of NSW (SARA) checklist for assessing existing business systems for recordkeeping functionality. The SARA checklist can be viewed on the website.

This information sheet provides a guide only and should not be seen as a comprehensive list of system requirements for a client business system and does not address requirements such as information security.

Assessing the system’s existing recordkeeping functionality

Agencies should assess their systems against the items in the table below to identify any recordkeeping gaps. Options for bridging those gaps may derive from technology, policy and procedures, user training and other strategies.

Item

Explanation

1 – The system should capture read only versions of the digital records you have defined.

The system should:

  • be able to keep a fixed and complete version of each record that is   defined, whether in documentary form or a collection of data representing a   transaction.
  • be able to maintain relationships between all components. Where the   record is made up of more than one component, the system should have the   capacity to capture externally generated records in addition to those created   within the system if these have been defined as required records of the   business.
  • business systems need to be migratable in order to maintain the   accuracy of the records and access to the records over time
  • for systems that cannot be migrated, then options of exporting records   to external recordkeeping systems need to be identified.

2 – The system should retrieve and present the defined digital records in human readable form.

The system should be able to store and retrieve the defined records along with their associated metadata, including all components of the records e.g. - attachments to messages along with messages.

3 – The system should restrict or permit access to the defined records by specified individuals or groups.

Based on defined access rules and user identification the system should be able to permit or limit access to records or groups of records.

4 – There should be minimum required recordkeeping metadata.

The system should be capable of capturing and managing core recordkeeping metadata.

This may mean the ability to:

  • automatically capture metadata acquired directly from an authoring   application or operating system where the record is received by the business   system rather than created by the business system, and/or
  • automatically capture metadata acquired from an EDRMS or IAMS system,   where records are retained in the business system but managed by an IAMS,   and/or
  • automatically capture metadata generated by the business system   itself, such as a date, reference number or user ID, and/or permit the manual   entry of metadata by an operator.

Metadata may be applied to individual records or aggregations of records up to whole systems.

4.1 – There should be point of capture metadata.

The system should be capable of generating / capturing / recording certain metadata with the creation / capture of each record (see 4.1.1 to 4.1.7)

4.1.1 – There is to be a unique identifier.

The system should be capable of uniquely identifying each record as defined e.g. - with a system generated reference, a document number or other identifier. Each client record created in the client management system has an automatically generated reference number.

4.1.2 – There is to be a meaningful title.

The system should be capable of capturing and retaining information indicating what each record is e.g. - a subject line from an email or a manually entered document title.

4.1.3 – There is to be a date of creation.

The system should be capable of capturing and retaining the date of each record’s creation.

4.1.4 – There should be a process to record who / what created the record.

The system should be capable of capturing and retaining information on whom or what created the record, for example a name, a user ID or a system ID. In some cases, this metadata might be captured from an external identity management system.

4.1.5 – There should be a business function / process it relates to.

The system should be capable of capturing and retaining information on the business function or process the record related to. This may be met by information which is also used as the ‘Title’, or it may be met at a higher level of aggregation e.g. - at the level of a group of records or all records in the system e.g. - all records generated by the Finance system are tagged accordingly

4.1.6 – There should be a process to record the creating application

The system should be capable of capturing and retaining information indicating the application used to create the record. In many business systems this information will be automatically generated and will apply across aggregates of records. It may be found in audit trail information.

4.1.7 – There should be a record type – e.g. letter / memo / report / contract / fax.

The system should be capable of capturing and retaining metadata which indicates the record’s type or form.

In business systems there may only be a limited number of types, for example reports and transactional records. It is possible to apply this metadata via another element such as Title and/or at an aggregate level e.g. – across the entire system

4.2 – There should be process metadata.

The system should be capable of capturing and retaining metadata which records certain actions performed on the records (see 4.2.1 to 4.2.4)

4.2.1 – There should be registration into a recordkeeping system.

The system should be capable of capturing and retaining metadata which records the date the record was registered (may be the same date as the date of its creation particularly if the record is being retained within the business system), and an identification of who/what registered the record may be found in audit trail information.

4.2.2 – There should be a process for changed access rules.

The system should be capable of capturing and retaining metadata which records the date the access rule was changed, what the new rule is and an identification of who/what made the change. May be found in audit trail information for aggregates of records

4.2.3 – There should be a process for transfer of control – for example records being transferred to a different agency.

The system should be capable of capturing and retaining metadata which records the date the record was transferred, an identification of who/what undertook the transfer and the name of the receiving organisation.

5 – There should be a process to support persistence of metadata.

The system should be able to maintain a metadata profile over time including maintaining links to the record and accumulating process metadata for the records as events occur. The metadata should remain linked to the record even if the records are migrated out of the system.

6 – There is to be no disposal of metadata

The system should not permit the removal or deletion of the metadata specified in section 4.

7 – There should be an export function.

The system should be able to export the digital records and their associated metadata to another system or to an external medium e.g. – a disk or hard drive.

The export process should not degrade core characteristics such as records relationships, data quality or metadata. Some changes to look and feel of the records may be permitted (see SARA’s policy on digital records preservation).

Further information can be located in this link on managing metadata

Key records resources

Other related Information Sheets for Designated Agencies

  • Statutory out-of-home care - Designated Agency, Recordkeeping Information Sheet No: 1
  • Statutory out-of-home care - Designated Agency, Hard Copy Records Transfer to DCJ Information Sheet No: 2
  • Statutory out-of-home care - Designated Agency, Digital Records Transfer to DCJ Information Sheet No: 3
  • Statutory out-of-home care - Designated Agency, Recordkeeping FAQs Information Sheet No: 5

Further advice

DCJ will work collaboratively with designated agencies to help them meeting their legislative obligations under s.170 with the management and transfer of OOHC records for children and young people.

There is a dedicated Records Management Team within DCJ who are subject matter experts and can assist with your specific agency queries.

Discussions on recordkeeping will occur in consultation with your agency’s DCJ Contract Manager and the DCJ Records Management Team.

For specific information about the record transfer or retrieval process or technical and logistical support, please contact our Records Management via E-mail: NGORecordsManagement@FACS.nsw.gov.au

Last updated:

30 Jan 2023

We will use your rating to help improve the site.
This field is required
Please don't include personal or financial information here
This field is required
Please don't include personal or financial information here

We acknowledge Aboriginal people as the First Nations Peoples of NSW and pay our respects to Elders past, present, and future. 

Informed by lessons of the past, Department of Communities and Justice is improving how we work with Aboriginal people and communities. We listen and learn from the knowledge, strength and resilience of Stolen Generations Survivors, Aboriginal Elders and Aboriginal communities.

You can access our apology to the Stolen Generations.

Top Return to top of page Top