2019/00257893

2022/00314524

Change history

Each entry in this table has been authorised under the Archives Act 1983.

This document is a compilation of the original records authority and subsequent amendment records authority. For the original versions of these records authorities (as issued), including introduction, application notes and authorisations, please contact the National Archives’ Agency Service Centre.

Technology & Information Management

2019

This is an accurate reproduction of the authorised records authority content, created for accessibility purposes

Introduction

The National Archives of Australia (National Archives) has developed this records authority to set out the requirements for keeping or destroying records for the general administrative function of Technology & Information Management.

This records authority is based on the identification and analysis of the business of Technology & Information Management. The records authority sets out those records that need to be retained as national archives and specifies the minimum length of time that temporary records need to be kept. This records authority gives agencies permission under the Archives Act 1983 for the destruction of the temporary records described after the minimum retention period has expired. Retention periods for these temporary records are based on: an assessment of business needs; broader organisational accountability requirements; and community expectations.

As changes in circumstances may affect future records management requirements, this records authority may occasionally be amended by the addition of new classes and the variation of existing classes. The National Archives will notify agencies of any such changes.

Application of this Authority

1. The National Archives is progressively reviewing and retiring the Administrative Functions Disposal Authority (2010) and AFDA Express (March 2010) and will periodically issue revised functions that will ultimately comprise the revised version of AFDA Express Version 2. To aid agencies with implementation of the revised AFDA Express Version 2 functions, the National Archives will generally permit agencies the option of using either the existing AFDA functions or the newly issued revised functions until 1 July 2019 (by which time all revised functions are expected to have been issued).
2. This authority supersedes:
   • classes 1470-1488, 1490-1528, 20956, 1530-1556, 2081-2082, 21007, 2084-2096, 2098-2124, and 2126-2170 in the INFORMATION MANAGEMENT and TECHNOLOGY & TELECOMMUNICATIONS functions of the Administrative Functions Disposal Authority (2010); and
   • classes 20444-20448 and 20343-20344 in the INFORMATION MANAGEMENT and TECHNOLOGY & TELECOMMUNICATIONS functions of AFDA Express (March 2010).

   The superseded records classes cannot be used to sentence records after 1 July 2019.

3. This authority should be used in conjunction with records authorities issued to agencies for their core business and other general records authorities issued by the National Archives.
4. This records authority is to be used to determine how long records must be kept. Records are matched to the relevant core business and records class in the records authority.
   • Where the minimum retention period has expired and the records are not needed for agency business they should be destroyed as authorised in this records authority.
   • Records that have not reached the minimum retention period must be kept until they do.
   • Records that are identified as Retain as National Archives (RNA) are to be transferred to the National Archives of Australia for preservation.
5. Retention periods for event logs are based on the minimum requirements set by the Australian Signals Directorate in its Information Security Manual (published 16 June 2022). The Information Security Manual notes that as event logs are integral to event monitoring activities they should be retained for the life of systems, or potentially longer, where it is practical for an agency to do so and appropriate to the agency’s risk management framework for information systems.
6. The Normal Administrative Practice (NAP) provision of the Archives Act 1983 gives agencies permission to destroy certain types of records without formal authorisation. This usually occurs where records are duplicated, facilitative or for short-term use only. NAP does not replace arrangements in this records authority but can be used as a tool to assist in identifying records for destruction together with this records authority and with records authorities specifically issued to an agency. The National Archives recommends that agencies develop and implement a Normal Administrative Practice policy. Advice and guidance on destroying records as a normal administrative practice and on how to develop a NAP policy is available from the National Archives' website at www.naa.gov.au.
7. Records that are reasonably likely to be needed as evidence in a current or future judicial proceeding or are subject to a request for access under the Archives Act 1983, the Freedom of Information Act 1982 or any other relevant Act must not be destroyed until the action has been completed.
8. Records subject to a disposal freeze must not be destroyed until the freeze has been lifted. Further information about disposal freezes and whether they affect the application of this authority is available from the National Archives website at www.naa.gov.au.
9. Where the method of recording information changes (for example from a manual system to an electronic system, or when information is migrated from one system to a new system) this records authority can still be applied, provided the records document the same core business. The information must be accessible for the period of time prescribed in this records authority. There is a need to maintain continuing access to the information, including digital information, for the periods prescribed in this records authority or until the information is transferred into the custody of the National Archives.
10. In general, retention requirements indicate a minimum period for retention. Agencies may extend minimum retention periods if there is an administrative need to do so, without further reference to the National Archives. Where an agency believes that its accountability will be substantially compromised because a retention period or periods are not adequate, it should contact the National Archives for review of the retention period.
11. Records coming within 'retain as national archives' classes in this authority have been determined to be part of the archival resources of the Commonwealth under section 3C of the Archives Act 1983. The determination of Commonwealth records as archival resources of the Commonwealth obliges agencies to transfer the records to the National Archives when they cease to be current and, in any event, within 15 years of the records coming into existence, under section 27 of the Archives Act 1983.
12. Records in the care of agencies should be appropriately stored, managed and preserved. Agencies need to meet this obligation to ensure that the records remain authentic and accessible over time. Under Section 31 of the Archives Act 1983, access arrangements are required for records that become available for public access including those records that remain in agency custody.
13. Appropriate arrangements should be made with the National Archives when records are to be transferred into custody. The National Archives accepts for transfer only those records designated as national archives.
14. Advice on how to use this authority is available from your agency’s records manager. If there are problems with the application of the authority that cannot be resolved, please contact the National Archives.

Contact Information

For assistance with this authority or for advice on other records management matters, please contact National Archives' Agency Service Centre.

Authorisation

Records Authority 2019/00257893

Person to whom notice of authorisation is given:

Heads of Commonwealth institutions under the Archives Act 1983.

Purpose

Authorises arrangements for the disposal of records in accordance with paragraph 24(2)(b) of the Archives Act 1983.

Determines records classed as 'Retain as national archives' in this records authority to be part of the archival resources of the Commonwealth under section 3C of the Archives Act 1983.

Application

All records relating to the following general administrative business area: Technology and Information Management.

This authority gives permission for the destruction, retention or transfer to the National Archives of Australia of the records described. This authority will apply only if these actions take place with the consent of the agency responsible for the administrative business documented in the records.

Authorised by:

Linda Macfarlane

Assistant Director-General (Acting)

National Archives of Australia

14 June 2019

Authorisation

Records Authority 2022/00314524

Notice of authorisation

Person to whom notice of authorisation is given:

Heads of Commonwealth institutions under the Archives Act 1983.

Purpose

Authorises arrangements for the disposal of records in accordance with Section 24(2)(b) of the Archives Act 1983.

Application

Amendments relating to specific records under the following general administrative business area: Technology and Information Management.

Authority

This authority gives permission for the retention, alteration or destruction of the records described. This authority will apply only if these actions take place with the consent of the agency responsible for the administrative business documented in the records.

This document has been authorised through a digital workflow (R657802022).

Authorising officer

Yaso Arumugram

Assistant Director-General Data and Digital

National Archives of Australia

30 June 2022

Classes

Technology and Information Management

The function of managing the organisation’s technology and telecommunications and information and knowledge resources. Information management relates to creating, capturing, registering, controlling, storing, retrieving and disposing of information and records, developing systems, frameworks, and strategies to manage records, and operating agency library and reference services. Technology management relates to developing, implementing, maintaining and managing technology solutions to support the business needs of the organisation (such as facilities, hardware and software, business systems and applications, web services, databases, cloud services, communication networks, voice mail and email), including managing technical aspects of the internet, intranet and websites.

Note: Care should be taken when using this function for records relating to developing or commissioning highly specialised technology solutions (eg facilities, business systems, hardware and software) to support the core business of the organisation, as there may be unique requirements for these technology solutions that will necessitate specific coverage within an agency's own records authority. This may be the case where the technology solutions developed are specifically designed to meet unique requirements relating to the core functions of the organisation, and are ground-breaking in nature, relate to whole-of-government or cross-portfolio initiatives, or represent a significant change in the delivery or performance of the agency’ functions. For example, creating software that employs sophisticated machine learning algorithms to make business decisions.

The core information management activities include:

• establishing, managing and maintaining records and the systems that manage them, including systems that capture, register, classify, index, store, retrieve, transfer, communicate, disseminate and dispose of records of agency business;
• establishing, managing and maintaining agency library and information services, including managing donations of library materials, creating inventories and distributing information sources;
• creating, maintaining and implementing information control mechanisms;
• managing access requests to information under privacy, freedom of information and archives legislation, or other legislation specific to the agency;
• conserving, maintaining and preserving agency records and information resources;
• disposing of records and information resources, including transfer, destruction and storage according to National Archives directives and other applicable standards;
• managing agency mailroom services, including coordinating incoming and outgoing mail, internal mail services, and freight and courier services; and
• managing agency copying or reproduction services, including administration of payments to collecting societies and managing copyright declaration forms.

The core technology management activities include:

• designing, developing, building (where applicable) and evaluating technology solutions to support agency business (eg facilities, business systems, hardware and software), including developing and issuing specifications and metadata requirements, and conducting testing, pilots, prototyping and modelling of proposed solutions;
• developing user and technical manuals for agency developed systems, applications and software;
• implementing technology solutions, including rolling-out or relocating, installing and configuring technology and telecommunications facilities, systems, hardware and software;
• managing and maintaining technology solutions, including carrying out inspections, systems analysis, repairs, modification and preservation;
• data administration, including implementing system backups and recovering from data loss;
• migrating information and records between systems or from one medium to another;
• creating, maintaining and implementing data dictionaries and business rules;
• managing security and privacy arrangements, including information security classifications, authentication, encryption, and investigating security and privacy breaches and, where necessary, referrals to appropriate authorities;
• disposing of technology and telecommunications assets owned or leased by the agency that are no longer required, including arranging for sanitisation of hardware prior to disposal;
• transferring or integrating technology and telecommunications assets and systems to or from other agencies (eg after an administrative change);
• managing licensing, including applications to use the intellectual property of another agency, organisation or individual;
• hosting websites and web services, including on behalf of third-parties;
• receiving requests from the public to reproduce portions of agency-developed software; and
• allocating equipment, services and facilities.

The performance of the function is supported by general activities such as:

• developing and implementing policies, procedures, strategies, frameworks, standards, plans, programs and projects, including records management policies, cyber security plans and strategies, information governance frameworks and counter-disaster plans;
• providing and receiving advice;
• monitoring and evaluating processes, programs, systems, services, equipment and products;
• supporting users (eg help desk operations), including handling enquiries, complaints and suggestions;
• investigations into the feasibility of contracting-out activities, including assessing and providing feedback on whole-of-government solutions;
• arrangements for leasing-out technology and information management facilities, services and assets to other bodies, including shared service arrangements with other agencies;
• project management;
• establishing, managing and participating in committees, meetings, forums, panels and workshops;
• fulfilling compliance requirements, including relevant fiscal, legal, regulatory or quality standards and requirements;
• negotiating, establishing, managing and reviewing agreements and contracts;
• managing insurance policies and claims;
• managing warranties and guarantees;
• delegating powers and authorising actions;
• undertaking research and analysis;
• marketing and promotion;
• reporting and reviewing, including post-implementation reviews;
• managing risks; and
• planning, conducting and facilitating audits.

Cross references to AFDA Express records authority

For the acquisition of goods and services (eg commercial off-the-self software, software-as-a-service, library material and cloud storage services) to support the technology and information management function, including leasing, tendering and contracting-out arrangements, use PROCUREMENT.

For developing and executing contracts under seal or deeds, including signed joint venture contracts under seal, use CONTRACTS UNDER SEAL/DEEDS.

For the production and distribution of agency publications, including agency public websites, use PUBLICATION.

For legal advice supporting technology and information management activities and the establishment and general management of an agency's intellectual property, use LEGAL SERVICES.

For applications made for permission to reproduce the agency’s published material, use PUBLICATION.

For managing financial transactions supporting technology and information management activities, use FINANCIAL MANAGEMENT.

For disciplinary action against staff for security or privacy related breaches, use PERSONNEL MANAGEMENT.

For the installation of cabling for communications networks, such as from a telecommunications provider to a local network hub, or from a local network hub to a user wall socket, use PROPERTY MANAGEMENT.

For the disposal of equipment and goods by tender, use PROCUREMENT.

For training staff in the use of information management systems that manage records, technology and telecommunications equipment, use PERSONNEL MANAGEMENT.

Cross references to other records authorities

For information, data and records contained in agency business systems, use the relevant core function in an agency-specific records authority or an appropriate general records authority that corresponds with the subject matter of the system content.

For the destruction of source records that have been converted between formats or migrated between agency electronic systems, use General Records Authority 31 – Destruction of source or original records after digitisation, conversion or migration.

For the transfer of records to contractors providing services on behalf of or to the Australian Government under outsourcing arrangements, including the transfer of records to shared services providers, use General Records Authority 40 – Transfer of custody of records under Australian Government outsourcing arrangements.