Precis | History | Print Friendly
Adding Bookmark..........
This procedure applies to all University Data, Information and Records, whether received, created, maintained, copied, disseminated or disposed of by the University in the course of its operations.

Responsible Officer: Pro Vice-Chancellor (Planning and Integrity)
Implementation Officer: Manager, Records Unit

First approved by:
Vice-Chancellor on 4 June 2010

Amendments approved by:
Vice-Chancellor on 15 April 2011
(Responsible Officer changed from Executive Director,
Office of the Vice-Chancellor, to Director, Corporate
Governance, Risk and Compliance Services, and
Implementation Officer changed from Head, University
Governance Unit, to Director, Corporate Governance,
Risk and Compliance Services);

Vice-Chancellor on 15 November 2011
(amendments to Chief Operating Officer responsibilities);

PVC (P&I) on 27 October 2014
(RO to PVC (P&I / IO to Manager RU)




Information and Records Management Procedure


This procedure was approved by the Vice-Chancellor on 4 June 2010 and incorporates all amendments to 27 October 2014.
This document is pursuant to the Information and Records Management Policy.
DEFINITIONS

Data: as defined in the Information and Records Management Policy.

Information: as defined in the Information and Records Management Policy.

Information Owner: as defined in the Information and Records Management Policy.

Portable Storage Device: any device that is small, lightweight and capable of storing data and information; including but not limited to CDs, DVDs, floppy discs, removable hard drives, USB flash drives and memory sticks, laptops, tablet computers, PDAs, mobile phones, iPods and MP3 players, and other devices.

Primary Storage Device: any device which is capable of storing data and information and which is a fixed storage device owned and administered by the University.

Record: as defined in the Information and Records Management Policy

SCOPE

This procedure applies to all University Data, Information and Records, whether received, created, maintained, copied, disseminated or disposed of by the University in the course of its operations.

PROCEDURE

Information Classification

1The Records Unit, in collaboration with other organisational areas of the University as required, will facilitate awareness and training activities for staff members in relation to information and records management, including information classification and recordkeeping requirements.
2Information owners will implement information and records management practices for their organisational area, including determining appropriate information classification.
3Managers will ensure that their staff members, including consultants and contractors, are aware of and educated about information and records management, including the information classification and recordkeeping requirements appropriate to their role.
4Staff members will undertake the information classification and recordkeeping requirements required by their role, to preserve the confidentiality, integrity and availability of information, and will not damage, conceal or give unauthorised access to information.
5If classification of information is unclear, the information must be protected in a manner consistent with the more secure of the possible classification levels until the information owner can apply the correct classification, which must be done within 20 working days of creation or receipt.
6Unless otherwise stated, all externally provided information that is not clearly in the public domain should be restricted to access by staff members only.
Information Storage
7All confidential, personal and proprietary Information will be stored, in the first instance, in primary storage devices.
8Where there is a clear business requirement, copies of confidential, personal and proprietary information may be temporarily stored on portable storage devices administered by the University, but only where the storage device is physically secured to prevent unauthorised access and, if electronic, the files containing the Information are password protected.
9Where there is a clear business requirement to have copies of confidential, personal or proprietary Information on devices provided by an external service provider, staff members will submit requests to the Chief Operating Officer or nominee, who will determine whether to approve the request.
10All data and information held electronically will be stored and secured according to technology standards defined by the Executive Director, Information Technology Services Division.
Access
11The head of the organisational area that is responsible for devices or applications in which information is managed or stored, will ensure that access to those devices or applications is given on a needs basis and that access rights are reviewed at least annually.
Disposal
12Staff members of the University will not dispose of a record except:
  • in accordance with the retention schedule, and
  • with the prior approval of the Records Unit.
13Staff members of the University will not destroy information where the information:
  • is, or is reasonably likely to be, required in evidence in a legal proceeding, or
  • is the subject of a request for access received by the University under the Freedom of Information Act 1982 (Vic).
Archives
14The Records Unit will assess and manage records judged to be of archival value or requiring long-term storage and preservation.
Breaches
15All members of the University should immediately report any suspected or perceived breach of the Information and Records Management Policy, Procedure or Guidelines, or associated legislation, to the head of the relevant organisational area in the first instance, or as appropriate under other legislative and policy provisions.
16Breaches will be investigated, and disciplinary action will be taken as appropriate.
ASSOCIATED INFORMATION

Freedom of Information Act 1982 (Vic)
Information and Recordkeeping Standards and Guidelines
Information and Records Management Policy
Information Technology Service Provision Policy

RESPONSIBLE OFFICER

The Pro Vice-Chancellor (Planning and Integrity) is responsible for the development, compliance monitoring and review of this procedure.

IMPLEMENTATION OFFICER

The Manager, Records Unit is responsible for the promulgation and implementation of this procedure throughout the University.



Printed copies of this document may not be current. Please refer to The Guide for the most recent version.
Deakin University 2015