View current

Records Management Procedure

This is the current version of the approved document. You can provide feedback on this document to the Enquiries Contact - refer to the Status and Details tab from the menu bar above.

Section 1 - Purpose and Scope

(1) This Procedure supports the Information Management Policy and outlines records management requirements at The University of Queensland (UQ). This Procedure applies to UQ staff (and contractors, if required under their contract) that create, receive or otherwise deal with UQ records in the course of their work at UQ (referred to as UQ staff).

(2) A record is information recorded on, in or by using any medium that is made, received or kept by UQ in the course of carrying out its activities and that evidences UQ’s activities, affairs or business. See the Appendix for the complete definition.

(3) The requirements and controls outlined in this Procedure aim to ensure that:

  1. UQ manages its records in compliance with the Public Records Act 2023 (Qld).
  2. UQ’s records are stored securely in approved information systems and can be accessed by those with appropriate authorisation.
  3. UQ transfers records with enduring or intrinsic value to the University Archives once business use has ceased.
  4. UQ’s records are only disposed of with the appropriate authorisation.

(4) This Procedure should be read in conjunction with the:

  1. Information Governance and Management Framework
  2. Information Management Policy
  3. Data Handling Procedure and
  4. Archives Policy.
Top of Page

Section 2 - Process and Key Controls

Digital records management

(5) TRIM (Content Manager) is UQ’s enterprise records management system.

(6) High-risk, high-value (HRHV) records must be stored in TRIM (either directly or via data integration) or another approved records management system:

  1. A list of high-risk, high value record types is available via UQ’s records retention schedule on the Retention and Destruction of Records website.
  2. A list of UQ’s approved records management systems and TRIM-integrated applications is available via the UQ’s Records Management Systems website.

(7) All other records should be managed in TRIM or an approved records management system where possible, but records can be managed in-place (for example, in another UQ-approved storage location or application):

  1. If it is not feasible or practicable to manage in TRIM or an approved records management system and
  2. If all records management requirements can be met through other means. This should consider any technical limitations like automated archiving.

(8) Exceptions to clauses 6 and 7 must be approved by the Chief Information Officer (CIO) and will be recorded by Data Strategy and Governance.

(9) New records management systems must be approved for use by the CIO and must meet UQ’s requirements on the UQ’s Records Management Systems website. Submit a Records Management Support Request to discuss with Data Strategy and Governance.

(10) Staff can store transitory records (defined in clauses 33 and 34) in any UQ-approved storage location (such as email, Microsoft Teams, OneDrive). If stored in TRIM the records must follow the formal destruction process.

(11) Email and Microsoft 365 services are not approved records management systems and should only be used to manage transitory records (which do not require formal records management).

  1. Email and Microsoft 365 services may be used to manage other records temporarily; however, staff should move all records (other than transitory records) that still require retention to TRIM or another approved records management system for ongoing management once the business activity (e.g. finalising committee minutes) has been completed; or as part of their staff handover if changing roles or leaving UQ.

Records retention

(12) Staff must retain records in accordance with the relevant retention and disposal schedule (as a minimum retention) and any business, legal or contractual requirements that may apply. For a list of record types and their retention period and other retention requirements, visit UQ’s Retention and Destruction of Records website.

(13) Where a record has more than one retention period that applies (for example, if a staff timesheet was also a record associated with a legal matter) the longest retention period will apply. Note that new retention periods may apply as time passes – for example, if an existing record becomes subject to a right to information application or legal proceedings. For advice, submit a Records Management Support Request.

(14) Staff must communicate additional retention requirements (for example, where staff wish to retain certain types of records for longer than the period defined in a retention and disposal schedule) to Data Strategy and Governance (datagovernance@uq.edu.au) to ensure these are included in TRIM’s classification scheme and considered during appraisal for destruction.

Disposal of records

(15) These provisions apply to all records except transitory records (see clauses 33 to 37).

(16) To request disposal of records, staff must complete the Records Disposal Application Form and submit via a Records Disposal Support Request. Data Strategy and Governance will appraise and facilitate approvals.

(17) A record can only be disposed of if all the following conditions are met:

  1. The record is no longer required for business use and is not ineligible for disposal (see Appendix).
  2. The record has met its retention period (in line with clauses 13 to 15), based on an appraisal by the Data Strategy and Governance team; or disposal is required under another legal authority (for example, a court order).
  3. The required approval has been obtained in line with clauses 18 and documented.

(18) The disposal of records must be endorsed by the relevant Information Domain Custodian (or delegate) and approved by the Senior Manager, Data Strategy and Governance or the relevant delegate as instructed by the Senior Manager, Data Strategy and Governance.

  1. Endorsements and approvals for the disposal of a specific set, or group of records, during a specified time period may be contained in standing endorsements from UQ’s relevant delegate. Data Strategy and Governance will maintain a register of any standing endorsements.

(19) Post-approval, if disposal takes place outside of TRIM, staff must provide confirmation of destruction to the Data Strategy and Governance team via email (datagovernance@uq.edu.au) or secure destruction certificate (if destruction undertaken by a third party provider). Data Strategy and Governance archive destruction documentation in TRIM. Read more about disposal of records on the Retention and Destruction of Records website.

Physical records

(20) Staff must store physical records securely, either:

  1. within the relevant organisational unit (for example, office filing cabinet)
  2. at UQ’s Records Warehouse, which is managed by Data Strategy and Governance or
  3. offsite with UQ’s approved records storage provider.

(21) Physical records must also be logged in TRIM.

(22) For physical records stored offsite with UQ’s approved records storage provider:

  1. The organisational unit that stores records offsite is responsible for bearing the account costs (including access and retrieval requests) and identifying a staff member as the Account Holder.
  2. The Account Holder must ensure that records within their account are managed in compliance with this Procedure. This includes logging each box in TRIM before they are sent offsite to ensure that an appropriate classification has been applied. Read more about How to Manage Records Offsite.
  3. Data Strategy and Governance maintains oversight of records stored offsite to support access and retrieval requests and ensure disposals meet UQ’s requirements.
Top of Page

Section 3 - Key Requirements

New IT services

(23) When implementing a new IT service or substantively changing or uplifting an existing IT service, staff must consult Data Strategy and Governance to ensure that records management requirements are met. This must be considered as part of the project scope and before entering into (or changing) any agreement to procure a third-party IT service which will be used to create, use, store or otherwise process UQ records.

Capturing records in TRIM

(24) Staff can manually archive, edit and view records in TRIM. Staff can complete the Request TRIM Access or Changes web form to request a TRIM licence, which requires approval from their supervisor. For guidance on how to use TRIM, visit the TRIM (Content Manager) Systems Training Hub website.

(25) All records stored in TRIM (including physical records logged in TRIM) must be assigned a classification which corresponds to a specific retention period, and relevant access controls (based on organisational unit, job positions, or access control groups).

(26) The Data Strategy and Governance team audit TRIM access control groups annually and deactivate staff TRIM access when staff leave. If staff need to request a change to their TRIM access (for example, to support project work) they can submit a Request TRIM Access or Changes web form.

Access to records

(27) Staff access to records in TRIM are provisioned in line with the access control (role-based access) assigned to the record. Access can be provisioned based on organisational unit or access control groups.

  1. Access control groups are approved by the relevant Information Steward or Head of Organisational Unit (for example, faculty-specific administrative records) and maintained by the Data Strategy and Governance team.

(28) Access to digital records held in other IT services is based on the access controls applied to the relevant IT service.

(29) Applications to access records under the Right to Information Act 2009 or the Information Privacy Act 2009 must be submitted and managed in accordance with the Access to and Amendment of UQ Documents Procedure.

(30) Access to physical records:

  1. Staff manage access to physical records they keep onsite (for example, in their office).
  2. The Data Strategy and Governance team manages access to records stored in UQ’s Records Warehouse. Access is provisioned based on equivalent access to digital records with the same classification.
  3. Account Holders are responsible for managing access to records stored offsite in their accounts (although staff can also submit a File Retrieval and Search Support Request to Data Strategy and Governance). Access is provisioned based on equivalent access to digital records with the same classification.

(31) Staff requesting access to records (for example, physical records stored in UQ’s Records Warehouse) must submit a File Retrieval and Search Support Request to Data Strategy and Governance, noting that depending on the access restrictions, additional approval from Information Stewards may be required.

Transitory and short-term records

(32) Transitory and short-term records (transitory records) are created as part of routine transactional business practices which are not required to support UQ’s ongoing business functions. They have little or no value to UQ and have no intrinsic or enduring value. They are only required to be kept for a short period of time.

(33) Categories of transitory records are defined in the General Retention and Disposal Schedule, and some examples are listed below (with more detail on UQ’s Transitory Records, Copies and Digital Source Records website), noting these are subject to exclusions:

  1. drafts
  2. routine communications
  3. routine CCTV footage
  4. copies of records (see clause 38)
  5. run sheets and checklists and
  6. meeting arrangements.

(34) Each category of transitory records is subject to exclusions defined in the General Retention and Disposal Schedule. If a record falls within any of those exclusions, or if it falls into another records retention category (such as committee records) then the record is not a transitory record and must be retained in accordance with the longest retention period.

  1. For examples of records that might have been transitory but are listed under the exclusions, visit the Transitory Records, Copies and Digital Source Records website.

(35) Staff can store transitory records in TRIM or another application (such as OneDrive, Teams), noting that if stored in TRIM the records must follow the formal destruction process.

(36) Transitory records must be retained until the business action is completed (with an exception for sensitive authentication data). Transitory records do not require formal destruction documentation (clauses 17-19 do not apply); however, staff must ensure that there aren’t any additional retention requirements that apply such as cultural or historical value, or evidence for an investigation or legal proceedings.

(37) Staff should consult the Queensland Government’s guidance on transitory and short term records or submit a Records Management Support Request to Data Strategy and Governance.

Managing copies and source records

Copies

(38) Copies of a record are considered transitory records and do not require formal destruction documentation when:

  1. The copy is unchanged, with nothing added, changed, annotated or deleted
  2. The copy has been created, distributed and used only for reference purposes and
  3. The copy does not fall within the exclusions defined in the General Retention and Disposal Schedule.

(39) Copies created during the migration of records from one format to another must be managed according to the source records guidance below. This includes:

  1. migration from physical to digital format (where the digital copy becomes the official record) and
  2. migration of digital records from one hardware/software configuration to another (where the migrated record becomes the official record).

Physical source records (post-digitising records)

(40) Physical source records cannot be disposed of if they:

  1. have intrinsic value or a permanent retention classification or
  2. are ineligible for disposal under clause 62.

(41) Physical source records can only be disposed of (per UQ’s process) if:

  1. records do not fall within exclusions above
  2. digitised reproductions provide a complete, accurate and fit for purpose copy
  3. digitised reproductions are accessible and held in TRIM or other UQ-approved records management system and
  4. digitisation followed UQ’s defensible digitisation process (see the Managing Physical Records website) in line with QSA guidance on digitising records.

Digital source records (data migrations)

(42) These provisions do not apply to digital records that are routinely migrated (for example, transferring an email to TRIM as part of routine practice, or records archived in TRIM automatically via integration).

(43) Digital source records that have been successfully migrated as part of a planned and documented migration (moving from one hardware/software configuration or system to another) can only be disposed of if all the following applies:

  1. The migrated version of the record is a complete, clear and accurate version of the source record and is fit for purpose.
  2. The migration process involved quality assurance processes and checks to ensure records were migrated successfully. This process must include migration documentation in line with QSA guidance on migrating digital records and approval from the relevant Information Steward(s).
  3. The migrated version of the record is managed and retained for its full retention period under the applicable retention and disposal schedule.
  4. Disposal of digital source records must follow the destruction process, defined in Section 2; however, Information Domain Custodian approval is not required because the migrated records still exist.

University Archives

(44) Data Strategy and Governance will transfer physical and digital records with enduring or intrinsic value to the University Archives once business use has ceased.

(45) The University Archivist must approve the transfer of records to the University Archives. Once approved, Data Strategy and Governance will transfer records and update the location of the records in TRIM.

(46) Staff can email the University Archivist on archives@uq.edu.au regarding access to the University Archives.

(47) Records may be transferred to the Queensland State Archives in compliance with the Public Records Act 2023 (Qld) and guidance on transferring records to QSA. This process can only be undertaken by the University Archivist and Data Strategy and Governance teams after approval from the relevant Information Domain Custodian(s).

Secure destruction practices

(48) Once approved for destruction:

  1. Data Strategy and Governance facilitates the destruction of records stored in TRIM and the UQ Records Warehouse (including documentation).
  2. Staff can dispose of physical records using UQ’s confidential materials disposal bins (see Recycling and Waste website), or offsite via UQ’s approved records storage provider (for large quantities).
  3. Staff must dispose of digital records securely, including all copies, backups and devices (if required). Submit an ITS Support Request if assistance is required.
Top of Page

Section 4 - Roles, Responsibilities and Accountabilities

UQ staff

(49) UQ staff are responsible for complying with this Procedure to manage records throughout their lifecycle in the appropriate location. This includes:

  1. Retaining records in accordance with the Public Records Act 2023 (Qld) and any business or contractual requirements that may apply
  2. Seeking approval for the disposal of records and
  3. Securely disposing of records that are approved for disposal and providing disposal confirmation to Data Strategy and Governance.

Senior Manager, Data Strategy and Governance

(50) The Senior Manager, Data Strategy and Governance is responsible for:

  1. approving records disposal requests
  2. reporting on compliance with the Procedure and the Procedure’s efficacy
  3. promoting records management best-practice across UQ
  4. maintaining, reviewing and implementing this Procedure and
  5. escalating high-rated risks to UQ committees or UQ authorities as required.

Data Strategy and Governance Team

(51) The Data Strategy and Governance team supports the Senior Manager, Data Strategy and Governance to maintain and implement this Procedure. The team is also responsible for:

  1. Maintaining the UQ Records Warehouse, including maintaining accurate metadata (in TRIM) about records stored in the warehouse
  2. Reviewing and appraising records disposal requests and administering the disposal process (including facilitating approvals and archiving disposal documentation)
  3. Maintaining the TRIM business classification scheme and access control groups, including an annual audit of access control groups
  4. Providing TRIM user support (including provisioning TRIM licences), training and records management advice
  5. Providing records management advice to project teams regarding implementation of new IT services
  6. Overseeing the management of physical records stored offsite
  7. Maintaining a list of UQ-approved records management systems and
  8. Recommending records for transfer to the University Archives.

University Archivist

(52) The University Archivist is responsible for:

  1. managing records transferred to the University Archives, including access requests and
  2. approving the transfer of records into the University Archives.

Heads of Organisational Units

(53) Heads of Organisational Units are responsible for:

  1. bearing the costs of offsite physical records storage (for their account/s)
  2. ensuring records stored offsite are managed in compliance with this Procedure and
  3. ensuring an Account Holder is nominated.

Account Holders (offsite records storage)

(54) Staff who are nominated as the Account Holder for offsite records storage are responsible for the following (for the records in their assigned account):

  1. Ensuring records held offsite are managed in compliance with this Procedure
  2. Creating complete and accurate entries in TRIM for records held offsite and
  3. Responding to access and retrieval requests or referring them to Data Strategy and Governance via a Records Management Support Request.

Information Stewards

(55) Information Stewards are responsible for the following (for their assigned information entities)

  1. approving access control groups (as relevant) and
  2. ensuring records are managed in line with this Procedure.

Information Domain Custodians

(56) Information Domain Custodians are responsible for the following (for their assigned information domain):

  1. ensuring records are managed in line with this Procedure and
  2. endorsing the disposal of records or identifying suitable delegate(s).

Chief Information Officer (CIO)

(57) The CIO is responsible for:

  1. Approving this Procedure and any changes
  2. Approving new records management systems
  3. Approving exceptions to compliance with clauses 7 and 8 and
  4. Ensuring the Data Strategy and Governance team is adequately resourced to provide support and enable compliance with UQ’s records management obligations.
Top of Page

Section 5 - Monitoring, Review and Assurance

(58) The Senior Manager, Data Strategy and Governance is responsible for maintaining, reviewing and implementing this Procedure, and ensuring it remains up to date.

(59) The Data Strategy and Governance team will monitor and assess compliance at the level of records classifications, based on engagement across UQ and TRIM data.

(60) The Data Strategy and Governance team will report quarterly to the IT Policy, Risk and Assurance Committee on compliance with this Procedure and associated implementation activities. This may include:

  1. compliance assessments for records classifications and information domains
  2. progress regarding literacy and compliance uplift initiatives
  3. engagement with culture change and training programs and
  4. outcomes of reviews (for example, compliance reviews or legislative changes).
Top of Page

Section 6 - Recording and Reporting

(61) Data Strategy and Governance maintain:

  1. the business classification scheme and supporting data which includes the classifications, compliance information, retention triggers, and any disposal delegations
  2. disposal records in TRIM (approvals, delegations, confirmation of destruction)
  3. a register of UQ-approved records management systems, TRIM-integrated applications, and approved exceptions (i.e. applications approved to manage in-place) and
  4. a register of standing records disposal endorsements.
  5. a register of access control groups in TRIM and develop reports regarding these groups annually as part of the access control group audit.
Top of Page

Section 7 - Appendix

Records that are ineligible for disposal

(62) Records that are ineligible for disposal include:

  1. Records that have not yet met their minimum retention period (as defined under a retention and disposal schedule). This includes records that carry a permanent retention classification.
  2. Records that may foreseeably be needed as evidence in a judicial proceeding, including any legal action or a Commission of Inquiry. Read the QSA’s guidance on public records required for legal proceedings and Right to Information requests.
  3. Records which are subject to a request for access under the Right to Information Act 2009, the Information Privacy Act 2009 or any other relevant Act. These records must not be destroyed until the action, and any applicable appeal period, has been completed.
  4. Records that are subject to a disposal freeze (such as a protection notice) under the authority of the QSA.
  5. Records with enduring or intrinsic value. These must be transferred to the University Archives once business use ceases.

Legislative context

(63) Key regulatory instruments include:

  1. Public Records Act 2023 (Qld)
  2. Queensland Records Governance Policy
  3. General Retention and Disposal Schedule (GRDS)
  4. University Sector Retention and Disposal Schedule (USRDS) and
  5. General Retention and Disposal Schedule for Digital Source Records.

Definitions and acronyms

Term Definition
Access control group role-based access groups defined in TRIM that are used to manage access to TRIM folders.
Account Holder individual who is responsible for managing an offsite records storage account (e.g. an institute has an account to store legacy physical research data).
Business classification scheme a catalogue of UQ’s records classifications (for example, assessment administration) based on the QSA retention and disposal schedules, and any business decisions that may extend the retention period. It contains (at a minimum) the record type, classification code under the relevant schedule, and the retention period.
Data Strategy and Governance the team within UQ’s Information Technology Services division that is responsible for managing governance of UQ’s data, information and records.
Disposal authorisation an authorisation given by the QSA under the Public Records Act 2023 (Qld) to dispose of a record, or class of record. Generally, these authorisations are captured in retention and disposal schedules.
Enduring value the ongoing usefulness or significance of records, based on the evidential, administrative, financial, legal, informational and historical values that justify the permanent retention of records. Records that have enduring value to the state of Queensland, UQ, the community, and/or Australia as a whole need to be kept indefinitely. Under QSA disposal authorisations, records of enduring value have the status of permanent.
High-risk high-value (HRHV) record records that if misplaced, lost, breached or altered would lead to major or critical impacts for the University (see the Enterprise Risk Management Framework Policy). Typically, these records will have a permanent or long-term retention under the retention and disposal schedules.
Intrinsic value the special qualities and characteristics of the original medium that contribute to the record’s significance. The intrinsic value of a record may be separate from its information value and includes records with special qualities or characteristics that may be lost or diminished if the physical source record is destroyed, digitised or converted to another format and replaced by a copy. Examples include records of significant aesthetic or artistic value (such as a hand-written letter from previous centuries), personal significance, historical significance, and surviving records of a significant disaster/event.
IT service a resource that utilises one or more IT components and related services to collect, display, process, transmit or store information and facilitate business process workflows or technical capabilities. An IT service may consist of a combination of hardware, software, cloud services, hosting services and support services. IT services include business services and technology services.
Manage in-place management of records in an application or storage platform that is not an approved records management system. Manage in-place requires manual processes and monitoring to manage records compliantly.
QSA the Queensland State Archivist (including the archivist’s delegates) under the Public Records Act 2023 (Qld).
Record means any of the following:

a. Data and information recorded on, in or by using any medium
    i. that is made, received or kept by UQ in the course of carrying out activities for a purpose of UQ including the exercise of its statutory, administrative or other public responsibilities and
    ii. that evidences UQ’s activities affairs or business
b. any information connected to a record to identify or contextualise the record (e.g., logs, metadata)
c. a copy of a record and
d. a part of a record or a copy of a part of a record.
Records disposal The disposal of a record includes destroying or deleting it or altering or damaging it in a way that changes how accurately an action or decision is shown or otherwise affects the integrity of the record or giving it away, whether by sale, donation or other transfer or abandoning it.
Retention and disposal schedule schedules published by the Queensland State Archives which define categories of records, their retention requirements and disposal authorisations. UQ is predominantly bound by the University Sector and General retention and disposal schedules.
Staff For this Procedure, means members of the UQ Senate, all employees of UQ (including continuing, fixed term and casual employees) and any of the following of UQ: academic title holders, visiting academics, emeritus professors, adjunct and honorary title holders, industry fellows and conjoint appointment holders.
Transitory record records created as part of routine transactional business practices and are only required to be kept for a short period of time.
University Archives as defined in the Archives Policy.
University Archivist as defined in the Archives Policy.