Principle 1: Records are stored in appropriate storage areas and facilities and located away from known and unacceptable risk.
Records should be stored in dedicated records storage areas and facilities in NSW that are not located near known natural or man-made hazards.
Records storage areas and facilities should:
- be assessed for possible risks and any risks identified should be mitigated to an acceptable level
- be approved for use by the public office’s senior responsible officer (SRO) or delegate
- be regularly inspected to confirm that requirements are being met
- have appropriate and comprehensive fire detection and protection systems and equipment, and
- have current counter disaster reaction and recovery plans.
Under section 15 of the State Records Act, State Records NSW has the authority to inspect storage areas and facilities being used by the public office for the storage of State records.
| Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement |
|---|
| 1.1 The location of each records storage area and facility has been subject to risk assessment to identify and mitigate possible risks to records. | - Risk assessment and mitigation documentation.
- Risk issues are addressed in the public office’s risk register and business continuity plan.
- Documentation and approvals to use storage facilities located outside of NSW identify that the facilities/records stored outside of NSW meet the requirements of GA35 (Transferring records out of NSW for storage with and maintenance by service providers based outside of the State).
- Risk assessment reports identify that the locations of commercial storage facilities and storage areas used for storing records conform with requirements of the standard.
|
| 1.2 The senior responsible officer (SRO) or delegated representative has approved all records storage areas and facilities. | - Records management policy identifies that the SRO or delegate is responsible for ensuring that all records storage areas and facilities have been inspected and approved for use.
- Records management policy identifies that records should only be stored in approved and appropriate storage areas and facilities.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 1.3 The storage facilities have been assessed as being suitable for the storage of records. | - Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
- A storage plan which details measures and safeguards implemented in storage areas and facilities to protect records from fire and water influx (from above, below or through walls or openings), pest infestations and pollution.
- Structural engineer’s report identifying that storage area/facility has sufficient floor loading capacity to support records and equipment when at full capacity.
- Shelving contractor’s report that installed shelving does not exceed agreed floor loading limits.
- Risk assessment reports of commercial storage facility used for storing records identifying conformity with requirements of the standard.
|
| 1.4 Storage areas and facilities are weatherproof and have good drainage. | - Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
- A storage plan which details design measures and safeguards implemented in storage areas and facilities which protect records from fire and water influx (from above, below or through walls or openings).
|
| 1.5 Storage areas and facilities are primarily used for records or records/library materials storage, are not used to store hazardous materials and do not pose risks to records. | - Documentation on establishment and maintenance of an area/facility for storing records (i.e. storage outside of the office environment).
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 1.6 Storage areas and facilities have appropriate and comprehensive fire detection and protection systems and equipment. | - Certificates of occupancy.
- Risk assessment reports which demonstrate that the facility has appropriate fire detection and protection systems and equipment.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 1.7 Each storage area and facility used by the public office has a current disaster reaction and recovery plan which is regularly revised and equipment/supplies to assist in the recovery of records after a disaster. | - A documented and up-to-date disaster reaction and recovery plan along with records of tests, results and evidence that it is reviewed.
- Reports of staff training sessions on the disaster reaction and recovery plan.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 1.8 Insurance is in place for the recovery and restoration of State records in the event of a disaster. | - Public office has appropriate insurance coverage for the recovery (i.e. salvage) and restoration (e.g. digitisation or conservation treatment) of records in the event of a disaster.
|
| 1.9 State Records NSW is notified if physical records are damaged, impaired, or destroyed due to flood, fire or disaster, or have been deemed officially lost by the public office. This official notification should be made as soon as practically possible after the event has occurred. | - Procedures for responding to disasters affecting records include process for contacting State Records NSW.
- Assessment/inspection reports of affected records.
- Formal notifications to State Records NSW of records that have been damaged or impaired or destroyed due to flood, fire or disaster.
- Formal notifications to State Records NSW of records that have been deemed lost by the public office.
|
Minimum compliance requirements 1.1 The location of each records storage area and facility has been subject to risk assessment to identify and mitigate possible risks to records. Examples of how a public office can demonstrate compliance with the requirement - Risk assessment and mitigation documentation.
- Risk issues are addressed in the public office’s risk register and business continuity plan.
- Documentation and approvals to use storage facilities located outside of NSW identify that the facilities/records stored outside of NSW meet the requirements of GA35 (Transferring records out of NSW for storage with and maintenance by service providers based outside of the State).
- Risk assessment reports identify that the locations of commercial storage facilities and storage areas used for storing records conform with requirements of the standard.
|
Minimum compliance requirements 1.2 The senior responsible officer (SRO) or delegated representative has approved all records storage areas and facilities. Examples of how a public office can demonstrate compliance with the requirement - Records management policy identifies that the SRO or delegate is responsible for ensuring that all records storage areas and facilities have been inspected and approved for use.
- Records management policy identifies that records should only be stored in approved and appropriate storage areas and facilities.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 1.3 The storage facilities have been assessed as being suitable for the storage of records. Examples of how a public office can demonstrate compliance with the requirement - Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
- A storage plan which details measures and safeguards implemented in storage areas and facilities to protect records from fire and water influx (from above, below or through walls or openings), pest infestations and pollution.
- Structural engineer’s report identifying that storage area/facility has sufficient floor loading capacity to support records and equipment when at full capacity.
- Shelving contractor’s report that installed shelving does not exceed agreed floor loading limits.
- Risk assessment reports of commercial storage facility used for storing records identifying conformity with requirements of the standard.
|
Minimum compliance requirements 1.4 Storage areas and facilities are weatherproof and have good drainage. Examples of how a public office can demonstrate compliance with the requirement - Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
- A storage plan which details design measures and safeguards implemented in storage areas and facilities which protect records from fire and water influx (from above, below or through walls or openings).
|
Minimum compliance requirements 1.5 Storage areas and facilities are primarily used for records or records/library materials storage, are not used to store hazardous materials and do not pose risks to records. Examples of how a public office can demonstrate compliance with the requirement - Documentation on establishment and maintenance of an area/facility for storing records (i.e. storage outside of the office environment).
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 1.6 Storage areas and facilities have appropriate and comprehensive fire detection and protection systems and equipment. Examples of how a public office can demonstrate compliance with the requirement - Certificates of occupancy.
- Risk assessment reports which demonstrate that the facility has appropriate fire detection and protection systems and equipment.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 1.7 Each storage area and facility used by the public office has a current disaster reaction and recovery plan which is regularly revised and equipment/supplies to assist in the recovery of records after a disaster. Examples of how a public office can demonstrate compliance with the requirement - A documented and up-to-date disaster reaction and recovery plan along with records of tests, results and evidence that it is reviewed.
- Reports of staff training sessions on the disaster reaction and recovery plan.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 1.8 Insurance is in place for the recovery and restoration of State records in the event of a disaster. Examples of how a public office can demonstrate compliance with the requirement - Public office has appropriate insurance coverage for the recovery (i.e. salvage) and restoration (e.g. digitisation or conservation treatment) of records in the event of a disaster.
|
Minimum compliance requirements 1.9 State Records NSW is notified if physical records are damaged, impaired, or destroyed due to flood, fire or disaster, or have been deemed officially lost by the public office. This official notification should be made as soon as practically possible after the event has occurred. Examples of how a public office can demonstrate compliance with the requirement - Procedures for responding to disasters affecting records include process for contacting State Records NSW.
- Assessment/inspection reports of affected records.
- Formal notifications to State Records NSW of records that have been damaged or impaired or destroyed due to flood, fire or disaster.
- Formal notifications to State Records NSW of records that have been deemed lost by the public office.
|
Records should be stored in environmental conditions appropriate to the format and retention period of the record. Environmental conditions should be stable in the storage area, with no major fluctuations in temperature or relative humidity. Temperature and relative humidity should be monitored.
Sustainable and stable storage environments can be achieved through a combination of:
- building design and construction
- insulation from the external climate
- selection of a suitable location for the storage area/facility
- air conditioning.
All records should be sentenced for disposal before being transferred to a storage area or facility.
Understanding the retention period of the record enables the public office to:
- identify which records are short term (to be retained for up to 30 years) and those that are long term (retain 30 years or longer)
- store records in the storage conditions which are appropriate for the retention period of the record, and
- identify those records which are to be transferred to Museums of History NSW.
Short term records: semi-active records (i.e. no longer required for current business) that have minimum retention periods of 30 years or less and can then be disposed of, should be stored according to the requirements in Table A. Conditions for short term records are not as exacting as the conditions for long term records or records required as State archives. All records should be sentenced before any transfer occurs to storage that is appropriate only for short term records. This will help public offices to meet their obligations to protect State records from damage.
Long term records: semi-active records that have a minimum retention period of 30 years or longer, or have been identified as State archives and are awaiting transfer to the State Archives Collection, or are subject to still in use determinations (as per section 28 of the State Records Act) should be stored according to the requirements in Table B. Timely transfer of records required as State archives to Museums of History NSW will reduce the burden on a public office to ensure appropriate storage environments.
| Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement |
|---|
| 2.1 Short term records (semi-active records retained for up to 30 years) are stored in conditions identified in Table A which ensure preservation until the records are no longer required. | - Semi-active records are sentenced using authorised retention and disposal authorities before transfer to storage.
- Temperature and relative humidity logs for storage areas.
- Assessment reports which confirm that short term records have been placed in appropriate storage conditions for their retention periods.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 2.2 Long term records (semi-active records to be retained for 30 years or longer and those required as State archives) are stored in conditions identified in Table B which will ensure their preservation. | - Semi-active records are sentenced using authorised retention and disposal authorities before transfer to storage.
- Assessment reports which confirm that long term records have been placed in appropriate storage conditions for their retention periods.
- Assessment reports which confirm that records identified as State archives are in appropriate storage conditions.
- Temperature and humidity logs for storage areas.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 2.3 Temperature and humidity levels within storage areas and facilities are monitored for stability and action taken to minimise any significant fluctuations. | - Assessment reports which identify appropriate storage conditions for records in storage areas and facilities.
- Temperature and humidity logs for storage areas/facilities.
- Reports on monitoring of temperature and humidity in each storage area/facility
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 2.4 Records are stored away from direct light, including sunlight. | - Risk assessment reports which detail how the impact of sunlight and UV light on records has been minimised in storage areas/facilities.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 2.5 The air in records storage areas circulates freely and there is an intake of fresh air. | - Documentation of maintenance for any air circulation system in use.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 2.6 Magnetic media is protected from magnetic fields. | - Use of special packaging for magnetic media.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
| 2.7 Records storage areas and facilities have an integrated pest management system. | - Pest management logs.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.1 Short term records (semi-active records retained for up to 30 years) are stored in conditions identified in Table A which ensure preservation until the records are no longer required. Examples of how a public office can demonstrate compliance with the requirement - Semi-active records are sentenced using authorised retention and disposal authorities before transfer to storage.
- Temperature and relative humidity logs for storage areas.
- Assessment reports which confirm that short term records have been placed in appropriate storage conditions for their retention periods.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.2 Long term records (semi-active records to be retained for 30 years or longer and those required as State archives) are stored in conditions identified in Table B which will ensure their preservation. Examples of how a public office can demonstrate compliance with the requirement - Semi-active records are sentenced using authorised retention and disposal authorities before transfer to storage.
- Assessment reports which confirm that long term records have been placed in appropriate storage conditions for their retention periods.
- Assessment reports which confirm that records identified as State archives are in appropriate storage conditions.
- Temperature and humidity logs for storage areas.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.3 Temperature and humidity levels within storage areas and facilities are monitored for stability and action taken to minimise any significant fluctuations. Examples of how a public office can demonstrate compliance with the requirement - Assessment reports which identify appropriate storage conditions for records in storage areas and facilities.
- Temperature and humidity logs for storage areas/facilities.
- Reports on monitoring of temperature and humidity in each storage area/facility
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.4 Records are stored away from direct light, including sunlight. Examples of how a public office can demonstrate compliance with the requirement - Risk assessment reports which detail how the impact of sunlight and UV light on records has been minimised in storage areas/facilities.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.5 The air in records storage areas circulates freely and there is an intake of fresh air. Examples of how a public office can demonstrate compliance with the requirement - Documentation of maintenance for any air circulation system in use.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.6 Magnetic media is protected from magnetic fields. Examples of how a public office can demonstrate compliance with the requirement - Use of special packaging for magnetic media.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 2.7 Records storage areas and facilities have an integrated pest management system. Examples of how a public office can demonstrate compliance with the requirement - Pest management logs.
- Inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
|
Principle 3: Shelving, equipment and containers used for storing records are secure, accessible and protected from deterioration
Using appropriate shelving and equipment ensures that records are secure, accessible, and protected.
Records storage areas, facilities, shelving, containers and equipment should comply with workplace health and safety requirements.
For storage of classified material see Policy 8 of the Protective Security Policy Framework at https://www.protectivesecurity.gov.au.
| Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement |
|---|
| 3.1 Shelving, handling equipment, and containers are clean, in good condition and appropriate to the format and security requirements of the records. | - Plans for the storage area/facility identify appropriate shelving and handling equipment for records of different types of formats (e.g. non-magnetisable shelving), appropriate containers for records of different formats and retention periods, and security requirements.
- Inspection logs/documentation confirm that appropriate shelving and handling equipment and containers are used, clean and in good condition.
- Assessment reports identify that security classified records are stored in appropriate containers.
- Records storage procedures cover the selection and appropriate use of containers.
|
| 3.2 Records storage facilities, shelving, equipment, and containers meet workplace health and safety requirements. | - WHS risk assessment reports.
- Safe working practice assessments.
|
Minimum compliance requirements 3.1 Shelving, handling equipment, and containers are clean, in good condition and appropriate to the format and security requirements of the records. Examples of how a public office can demonstrate compliance with the requirement - Plans for the storage area/facility identify appropriate shelving and handling equipment for records of different types of formats (e.g. non-magnetisable shelving), appropriate containers for records of different formats and retention periods, and security requirements.
- Inspection logs/documentation confirm that appropriate shelving and handling equipment and containers are used, clean and in good condition.
- Assessment reports identify that security classified records are stored in appropriate containers.
- Records storage procedures cover the selection and appropriate use of containers.
|
Minimum compliance requirements 3.2 Records storage facilities, shelving, equipment, and containers meet workplace health and safety requirements. Examples of how a public office can demonstrate compliance with the requirement - WHS risk assessment reports.
- Safe working practice assessments.
|
Principle 4: A regular maintenance and monitoring program for records storage areas has been implemented.
Records storage areas and facilities should be regularly monitored and well maintained to ensure that they continue to provide a stable and suitable environment for records.
Regular monitoring of records, records storage areas and facilities ensures that any new risks are identified and mitigated. Monitoring records involves regular checking of a sample of records and containers across the storage area and facility for mould or pest infestation and any visible signs of deterioration. Monitoring of the storage areas and facilities also ensures that any security issues are promptly identified. See Principle 6 for further information about security measures for records storage.
If mould or pest infestation is identified, State Records NSW should be promptly notified and the problem treated quickly. Repairs to records should be undertaken where necessary and if they are not likely to damage the records further. Repairs to records required as State archives should be carried out with the assistance of a conservator.
| Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement |
|---|
| 4.1 Records storage areas and facilities are clean and maintained. | - Building maintenance and pest inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
- Documentation of maintenance undertaken to mitigate risks.
- Maintenance reports which detail corrective work undertaken.
|
| 4.2 Regular monitoring of records, containers, and shelving in the storage facility to identify any signs of pest infestation, mould, or other deterioration. | - Schedule of monitoring/inspections of storage areas/facilities.
- Building maintenance and pest inspection reports of regular monitoring of storage areas/facilities used by the public office, including commercial storage facilities.
- Pest management documentation.
- Assessment reports identify any records or containers which have signs of pest infestation, mould, or other deterioration.
- Procedures identify how to check storage areas/facilities for risks to records, mould, and pest infestations.
|
| 4.3 Mould or pest infestation is treated promptly and appropriately. | - Building maintenance and pest inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
- Pest management documentation, including information on treatments undertaken to remove pest infestation.
- Procedures for responding to mould or pest infestations include notification process for contacting State Records NSW.
- Assessment/inspection reports of affected records.
- Conservation reports.
- Formal notification to State Records NSW of damage to records.
|
| 4.4 Appropriate conservation action is undertaken as required and repairs to records do not damage the records further. | - Formal notification to State Records NSW of damage to records.
- Agreement with service provider for assessment of records and treatments/repairs to records.
- Conservation reports.
|
Minimum compliance requirements 4.1 Records storage areas and facilities are clean and maintained. Examples of how a public office can demonstrate compliance with the requirement - Building maintenance and pest inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
- Documentation of maintenance undertaken to mitigate risks.
- Maintenance reports which detail corrective work undertaken.
|
Minimum compliance requirements 4.2 Regular monitoring of records, containers, and shelving in the storage facility to identify any signs of pest infestation, mould, or other deterioration. Examples of how a public office can demonstrate compliance with the requirement - Schedule of monitoring/inspections of storage areas/facilities.
- Building maintenance and pest inspection reports of regular monitoring of storage areas/facilities used by the public office, including commercial storage facilities.
- Pest management documentation.
- Assessment reports identify any records or containers which have signs of pest infestation, mould, or other deterioration.
- Procedures identify how to check storage areas/facilities for risks to records, mould, and pest infestations.
|
Minimum compliance requirements 4.3 Mould or pest infestation is treated promptly and appropriately. Examples of how a public office can demonstrate compliance with the requirement - Building maintenance and pest inspection reports of storage areas/facilities used by the public office, including commercial storage facilities.
- Pest management documentation, including information on treatments undertaken to remove pest infestation.
- Procedures for responding to mould or pest infestations include notification process for contacting State Records NSW.
- Assessment/inspection reports of affected records.
- Conservation reports.
- Formal notification to State Records NSW of damage to records.
|
Minimum compliance requirements 4.4 Appropriate conservation action is undertaken as required and repairs to records do not damage the records further. Examples of how a public office can demonstrate compliance with the requirement - Formal notification to State Records NSW of damage to records.
- Agreement with service provider for assessment of records and treatments/repairs to records.
- Conservation reports.
|
Principle 5: Records are controlled in a system so that they can be identified, located and retrieved.
Records need to be sufficiently identified and described in a system so that they can be easily identified and located, and promptly retrieved from storage, when required.
Mechanisms for improving accessibility to records in storage facilities should be balanced with the need to safeguard and protect records against unauthorised access or theft.
Individual record items and containers of records should be registered into the public office’s recordkeeping systems, and the public office should be able to track the movement and location of all its records, regardless of location, and identify for how long they need to be stored prior to destruction or transfer as archives.
Machinery of government changes, or other business transformation models such as outsourcing or privatisation, may result in changes to which public office has control of records located in a storage facility (see sections 6 and 7 of the State Records Act 1998). If a function of a public office is no longer undertaken by the public office, then it is important that control and access of these records in storage is addressed as part of the transfer of functions to the public office that now controls the records. Storage providers should also be informed of any changes to the control of records, so that storage costs, decisions about records and access to records can be correctly administered.
Handling of records
When records are retrieved from storage areas or facilities, they should be handled appropriately for their format and protected from damage or deterioration. When records are transported, they should be secured and protected against the weather, light, pollution, unauthorised access, theft and other dangers.
Records with security classifications or containing sensitive information should be handled in accordance with NSW Government requirements and the Australian Government’s Protective Security Policy Framework, see Policy 8 at https://www.protectivesecurity.gov.au.
Records of long term or archival value
If long term records or records required as State archives are to be digitised, then the public office should contact Agency Services at Museums of History NSW to confirm digitisation processes to be undertaken. Arrangements can then be made to transfer the source records or a digital version of the records to the State Archives Collection in line with the conditions under the General Retention and Disposal Authority: Original or source records that have been copied (GA45).
| Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement |
|---|
| 5.1 Records are controlled in a system which allows them to be identified, located, retrieved, and returned to storage after use. | - The plan for the storage area/facility includes information on the physical and intellectual control of records.
- Documented and implemented systems and metadata for the physical and intellectual control of records in storage areas/facilities which allows for the effective identification, retrieval and tracking of records.
- Recordkeeping system includes information on the location of records within storage areas and the tracking of the movement of records.
- Contracts with service providers include clauses requiring the capture of appropriate metadata about the records and containers, and the tracking of movement and location of records.
- Procedures for identification and tracking of record locations.
|
| 5.2 Policies and procedures are implemented for the appropriate handling and use of records, including those records that are long term or required as State archives. | - Policies and procedures include the retrieval, handling, safe transport of records, and the return of records to storage.
- Inspection logs/documentation confirm that all records (including long term records and records required as State archives) are being retrieved from storage and handled correctly.
|
| 5.3 If a public office chooses to convert or digitise records, then records are converted or digitised according to recognised standards. | - Digitisation is undertaken in accordance with requirements in section 2 of the General retention and disposal authority: Original or source records that have been copied (GA45).
- Documentation for digitisation processes and metadata schema.
|
Minimum compliance requirements 5.1 Records are controlled in a system which allows them to be identified, located, retrieved, and returned to storage after use. Examples of how a public office can demonstrate compliance with the requirement - The plan for the storage area/facility includes information on the physical and intellectual control of records.
- Documented and implemented systems and metadata for the physical and intellectual control of records in storage areas/facilities which allows for the effective identification, retrieval and tracking of records.
- Recordkeeping system includes information on the location of records within storage areas and the tracking of the movement of records.
- Contracts with service providers include clauses requiring the capture of appropriate metadata about the records and containers, and the tracking of movement and location of records.
- Procedures for identification and tracking of record locations.
|
Minimum compliance requirements 5.2 Policies and procedures are implemented for the appropriate handling and use of records, including those records that are long term or required as State archives. Examples of how a public office can demonstrate compliance with the requirement - Policies and procedures include the retrieval, handling, safe transport of records, and the return of records to storage.
- Inspection logs/documentation confirm that all records (including long term records and records required as State archives) are being retrieved from storage and handled correctly.
|
Minimum compliance requirements 5.3 If a public office chooses to convert or digitise records, then records are converted or digitised according to recognised standards. Examples of how a public office can demonstrate compliance with the requirement - Digitisation is undertaken in accordance with requirements in section 2 of the General retention and disposal authority: Original or source records that have been copied (GA45).
- Documentation for digitisation processes and metadata schema.
|
Principle 6: Records are protected against theft, misuse, unauthorised access or modification
All records in all formats require a basic level of security to prevent misuse and unauthorised access and ensure their authenticity and integrity.
Records with security classifications (e.g. protected, secret, top secret) should be handled, protected, stored according to the Australian Government’s Protective Security Policy Framework, see Policy 8 at https://www.protectivesecurity.gov.au . Destruction processes for records with security classifications should also be in accordance with the requirements of the Protective Security Policy Framework.
Records containing sensitive information, including health information, should be labelled, handled, protected, and stored according to the NSW Government’s Information Classification, Labelling and Handling Guidelines, see https://data.nsw.gov.au/nsw-government-information-classification-labelling-and-handling-guidelines/handling-sensitive-information . Secure destruction processes should be used when destroying sensitive information. Local government councils and universities are not required to use the NSW Government’s Information Classification, Labelling and Handling Guidelines.
Serious security breaches (including those that may relate to personal information) should be reported to the Senior Responsible Officer for records management, and assessed to ensure rectification action is taken.
| Minimum compliance requirements | Examples of how a public office can demonstrate compliance with the requirement |
|---|
| 6.1 Storage areas and facilities are secure, access controlled, restricted to authorised staff, intruder resistant, and monitored. | - Plans of the storage area/facility and assessment reports include details of security measures implemented to protect records (e.g. locks, keying systems, alarms, CCTV, motion detection, perimeter access control systems, intruder detection devices, back-to-base monitoring, appropriate containers, lockable shelving or strongrooms).
- Plans of the storage area/facility include details of access monitoring and reporting.
- Access logs which record all entry to storage areas and facilities.
- Documentation confirming that all staff have appropriate security clearances.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities, confirm that security measures are working correctly.
- Contracts with storage providers include specific security, confidentiality, and authorised access requirements.
- Incident reports regarding any unauthorised access to any storage areas or facilities used by the public office, including commercial storage facilities.
|
| 6.2 Security classified records are stored in appropriate containers and storage zones within the storage area as per the Protective Security Policy Framework. | - Assessment reports of storage areas and facilities used by the public office, including commercial storage facilities, identify that security classified records are stored in appropriate containers and security storage zones within the facility or storage area.
- Plans of storage areas/facilities, including commercial storage facilities used by the public office, include details of appropriate containers, and the handling and storage of security classified, sensitive, and confidential records.
- Procedures which detail how to store and handle information with different security classifications.
|
| 6.3 Records in transit are protected. | - Procedures for the safe transport of records include information on secure transport options, and appropriate handling of records.
- Security classified records are transported in appropriate containers and encryption is used if transporting digital records on physical carriers.
- Incident reports regarding any unauthorised access or theft of records in transit.
|
Minimum compliance requirements 6.1 Storage areas and facilities are secure, access controlled, restricted to authorised staff, intruder resistant, and monitored. Examples of how a public office can demonstrate compliance with the requirement - Plans of the storage area/facility and assessment reports include details of security measures implemented to protect records (e.g. locks, keying systems, alarms, CCTV, motion detection, perimeter access control systems, intruder detection devices, back-to-base monitoring, appropriate containers, lockable shelving or strongrooms).
- Plans of the storage area/facility include details of access monitoring and reporting.
- Access logs which record all entry to storage areas and facilities.
- Documentation confirming that all staff have appropriate security clearances.
- Assessment/inspection reports/documentation of storage areas/facilities used by the public office, including commercial storage facilities, confirm that security measures are working correctly.
- Contracts with storage providers include specific security, confidentiality, and authorised access requirements.
- Incident reports regarding any unauthorised access to any storage areas or facilities used by the public office, including commercial storage facilities.
|
Minimum compliance requirements 6.2 Security classified records are stored in appropriate containers and storage zones within the storage area as per the Protective Security Policy Framework. Examples of how a public office can demonstrate compliance with the requirement - Assessment reports of storage areas and facilities used by the public office, including commercial storage facilities, identify that security classified records are stored in appropriate containers and security storage zones within the facility or storage area.
- Plans of storage areas/facilities, including commercial storage facilities used by the public office, include details of appropriate containers, and the handling and storage of security classified, sensitive, and confidential records.
- Procedures which detail how to store and handle information with different security classifications.
|
Minimum compliance requirements 6.3 Records in transit are protected. Examples of how a public office can demonstrate compliance with the requirement - Procedures for the safe transport of records include information on secure transport options, and appropriate handling of records.
- Security classified records are transported in appropriate containers and encryption is used if transporting digital records on physical carriers.
- Incident reports regarding any unauthorised access or theft of records in transit.
|
