Print this document (PDF, 1.56MB) Uncontrolled if printed
1.1 the purpose of this Manual is to outline the principles that everyone working for Defence needs to know about managing Commonwealth records. The Manual has been updated and structured to be consistent with or otherwise adopt the Commonwealth records management processes detailed on the National Archives of Australia (NAA) website http://www.naa.gov.au/ and the Australian Standard International Organisation for Standardisation (AS ISO) 15489.1—Records management (2002).
1.2 AS ISO 15489.1 has been relied on by the NAA, which is responsible for defining all Commonwealth Government recordkeeping policies, determining standards, and providing advice. Defence records management policy meets AS ISO 15489.1 and NAA record management requirements.
1.3 There is a clear business need for agencies to encourage and support good recordkeeping of their work. Records are valuable assets and good recordkeeping supports improved productivity because it enables easy access to all relevant and available information needed to make informed decisions.
1.4 Effective recordkeeping assists all personnel to quickly and accurately respond to requests from ministers, the Parliament and the public.
1.5 Retaining the corporate memory of Government, in the form of records, helps all Defence personnel, make consistent decisions and or will set out in detail the rationale for a particular decision.
1.6 The policy in this Manual applies to all persons undertaking relevant functions for or on behalf of Defence. This obligation extends to:
1.7 Deputy Secretary Strategy is the sponsor and Enterprise Process Owner for records management policy.
2.1 The National Archives of Australia (NAA) is responsible for managing the Commonwealth records, and has adopted Australian Standard International Organisation for Standardisation (AS ISO) 15489.1 —Records management (2002) ch2 note 1. This standard applies to all Commonwealth records produced and used in Defence, regardless of format. Defence uses the definitions of Commonwealth record and record as provided for in the Archives Act 1983 and the AS ISO 15489.1.
2.2 This Manual is consistent with and complies with the AS ISO 15489.1. The AS ISO 15489.1 defines records as the ‘field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records’.
2.3 In accordance with the AS ISO 15489.1 standard, the policy principles are:
2.4 For policy on the life cycle or continuum management of records see the following chapters:
2.5 By way of overview the NAA is of the view all information you create, send and receive in the course of carrying out your job is potentially a record. Whether something is a record or not depends on the information and the context. Basically if it is related to the business of Defence then it is a record.
2.6 The Freedom of Information Act 1982 (FOI Act) does not contain an exhaustive definition of what constitutes a ‘document’. However, section 4 states that ‘document’ includes any of, or any part of any of, the following things:
2.7 Library material maintained for reference purposes and Cabinet notebooks are not ‘documents’ for the purposes of the FOI Act.
2.8 Plainly speaking, records come in paper, electronic and other formats and include documents and information objects (eg emails, maps, plans, databases, datasets, website pages and photographs, film, video and DVD) created, received and maintained as evidence of business communications, decisions and actions.
2.9 The value of a record is not dictated by its format, but its content (ie it’s business-related and whether it is trivial or important), its scarcity (eg whether it is unique, or one of many copies), and its context (eg the considerations that prompted its creation). Some records are considered vital to Defence being able to achieve its goals and continue conducting its business (for vital records see chapter 5). Not every piece of paper or email written or received has to be kept, and the legislation governing recordkeeping is not prescriptive. A decision must be made to create Commonwealth records and where to store them (for creation see chapter 3).
2.10 A document of an agency (such as Defence) is a document in the possession of the agency, whether it was created in the agency or received by the agency from another agency or from a source outside the Government.
2.11 Documents recorded electronically, such as on a computer server, a hard drive or on a disk, are included in the definition of ‘document’ for the purposes of the FOI Act. Each extant version of a document that provides context to a decision is a separate document for the purposes of the FOI Act and each may be the subject of a request under the FOI Act.
2.12 Defence’s records are created and captured in a range of formats or objects, and may be electronic or physical.
2.13 Records are created when people perform processes, transactions and/or activities and document the facts about the action or event. Defence generates a diverse range of record types for administrative, functional and operational reasons which need to be captured as records for the Commonwealth. The range of record types used in Defence includes, but is not limited to:
2.14 Files are collections of business records and/or objects on the same topic or business activity and should be stored together and be retrievable at a single point of search to ensure context and the chain of evidence is preserved. Documents and objects that are useful or important business information should be registered as a record on electronic or physical files. Until that occurs, even important business documents and objects remain unmanaged Defence information.
2.15 All objects in any format, including email messages ch2 note 2 , created using Australian Government systems in the course of your work and that relate to the business of the Agency must be managed in accordance with the Archives Act 1983 (ie these Commonwealth records are subject to legislation and legal processes). However, personal items (eg job resumes, and private correspondence) are not required to be captured in a Records Management System.
2.16 In accordance with Defence workplace agreements, personal or other documents that are not business-related may be stored in the personal workspace on the Defence Restricted or Secret Networks. These items are not intended to be placed on Agency files as they do not provide evidence of business activity, and are not a Defence record, irrespective of where they were created. These items are not subject to any recordkeeping controls and may be moved or deleted from Defence networks under the normal administrative practice (NAP) process (See chapter 4, annex A).
2.17 Defence allows its personnel to use corporate email services for limited personal email traffic. Personal or social emails can be destroyed under NAP but while retained on the agency’s electronic messaging system they are subject to legislation and legal processes, such as discovery orders.
2.18 In some cases personal email may constitute business records; for example, if they relate to or provide evidence of harassment or breach of Human Rights legislation. Any such personal emails should be retained as records.
2.19 All Defence personnel are accountable for the actions and decisions they make for Defence during the course of business.
2.20 Defence is required to keep full and accurate records ch2 note 3 as evidence of the decisions and activities undertaken. To facilitate this governance mechanisms are to be in place to ensure that it is possible to scrutinise the business or operations of Defence. Defence has or will:
2.22 Important legislation that Defence must comply with includes but is not limited to:
2.23 The Minister for Defence. The Minister for Defence holds authority and delegation responsibilities in accordance with the provisions of the Archives Act 1983 and its regulations.
2.24 Secretary and Chief of the Defence Force (CDF). In Defence, the Secretary and CDF are jointly accountable to the Minister and Parliament for Defence records management.
2.25 The Secretary and CDF are responsible for ensuring that Defence records management policy and procedures are implemented and compliant with NAA requirements.
2.26 Defence Corporate Information Management Improvement Committee (DCIMIC). The DCIMIC, which is chaired by First Assistant Secretary Ministerial Support and Public Affairs (FASMSPA) is the forum responsible for oversight of the implementation of the Defence Records Management Strategy.
2.27 The objective of the DCIMIC is to monitor and report on progress achieved in implementing the Defence Records Management Strategy Action Plan. The DCIMIC:
2.28 FASMSPA. FASMSPA is the senior adviser to the Secretary on all policy and administrative aspects of FOI within Defence. FASMSPA is assisted in this by the Assistant Secretary, Freedom of Information and Information Management and by the Director FOI. FASMSPA also has powers, conferred by the Secretary, to make decisions on FOI requests and may review decisions made by subordinate staff in relation to FOI application fees and processing charges. FASMSPA also ensures that classified records requested under the Archives Act 1983 are appropriate for public release.
2.29 Directorate of Records Management Policy (DRMP). The DRMP in Ministerial Support and Public Affairs Division is responsible for both electronic and physical records policy. This Directorate has the following responsibilities:
2.30 Defence Legal. Defence Legal provides legal advice regarding Defence records management.
2.31 Defence Support Group (DSG). DSG is accountable to the Secretary for the provision and maintenance of infrastructure and support services for the management of physical records where it has assumed that responsibility. DSG is responsible for the creation of physical records and the management of physical records stored in DSG repositories.
2.32 Within DSG, the product manager for physical records managed by DSG is the Directorate of Records Archive and Mail Services (DRAMS). The DRAMS is responsible for the design and standardisation of DSG support services for physical records owned and archived by DSG.
2.33 DSG regions are responsible for:
2.34 Defence Groups and the single-Services. Defence Groups and the single-Services are accountable to the Secretary and CDF for the provision of infrastructure and support services for the management of physical records (including the maintenance of repositories) where they have assumed that responsibility.
2.35 Defence Groups and the single-Services are responsible for implementing electronic recordkeeping strategies, including compliance with scanning and copying policy.
2.36 Defence Groups and Services should consider conducting internal audits to satisfy their own governance requirements. Auditors should where reasonably practicable, having regard to all the circumstances, be independent from the Group, however, audits may be conducted by any appropriately qualified business unit (eg the Inspector-General’s Office).
2.37 Business units. Business units are responsible for monitoring, managing and allowing access to the physical and electronic records in the custody of their section, including the processes of sentencing and disposal and ensuring appropriate training is available and undertaken by staff to achieve this.
2.38 Further, business units are responsible for:
2.39 Chief Information Officer Group (CIOG). The CIOG ensures an integrated information environment to support Defence business and provides the authorised technological solution for document and records management. The Directorate of Document and Records Management Systems (DDRMS) is the records management application support area responsible for the operational support, including training, of DRMS on the Restricted network and EDMS on the Secret network.
2.40 Contractors. Contractors ch2 note 5 are responsible for Commonwealth records management forcontracted functions and activities. These responsibilities should be clearly specified in the contract between the provider and Defence. All Commonwealth records created and/or stored as a result of services provided by a contractor on behalf of the Commonwealth are owned by the Commonwealth. Regardless of the contractor used, Defence remains responsible and accountable for the standard of the work performed and the supervision of any project.
2.41 Contractors are responsible for ensuring that their recordkeeping activities and their own systems comply with this policy.
2.42 Defence business owners who are managers of the contract must:
2.43 Defence personnel. All Defence personnel must comply with the mandatory principles and practices governing records management. Their mandatory responsibilities include:
2.44 Intelligence and Security Group (I&S Group). The Defence I&S Group records and related Special Compartmented Information (SCI) records are managed within the Group.
2.45 The Defence Intelligence Agencies within the I&S Group, including the Defence Imagery and Geospatial Organisation (DIGO), the Defence Intelligence Organisation (DIO) and the Defence Signals Directorate (DSD), are responsible for the life cycle of the records including creation, registration, maintenance, access, disposal and storage, as well as designing recordkeeping systems.
2.46 DSD has overall responsibility for the management of Defence records referred to as Special Series Files or SCI codeword following the disbandment of the Special Compartmented Information Management Office.
2.47 Section 29 of the Archives Act 1983 allows Defence to determine that certain Defence records should not be transferred to or be accessed by the NAA. The concurrence of the Director-General NAA is not required for making a determination for DIGO, DIO or DSD records.
2.48 Section 7 of the FOI Act establishes DIGO, DIO and DSD as exempt agencies from the operation of the Act. Furthermore, an agency is exempt from the operation of the Act in relation to a document that has originated with, or has been received from DIGO, DIO or DSD.
2.49 All recordkeeping enquiries should be directed to the individual Defence Intelligence agencies or to DSD if it relates to SCI records.
2.50 Defence may share information systems with other government agencies, private organisations or international bodies. ch2 note 6 Defence may be responsible for creating or manipulating the information within the system or maintaining the system as a whole.
2.51 Where more than one party shares an information system, a formal agreement between the parties should be reached, defining:
2.52 The party with the responsibility for managing the records must also ensure that these records are disposed of in accordance with correct disposal authorities.
2.53 Outsourced recordkeeping means that the storage, management and retrieval of records are contracted out to a service provider.
2.54 Outsourced function means the management and delivery of a Defence activity and associated recordkeeping are contracted out to a service provider. The staff of contractors who create, manage and dispose of Defence records under an outsourcing agreement are expected to have express contractual obligations to comply with the policies and procedures set out in this Manual. In addition the contract should provide that their employees will be subject to similar obligations within their individual employment/service contracts.
2.55 Contracts defining the arrangements for outsourced records must include the maintenance of proper recordkeeping controls and practices in accordance with this policy Manual, NAA directives, and the electronic Defence Security Manual . Copies of these documents should be made available to the contractor and its staff or copies should be annexed to the contract.
2.56 Outsourced storage facilities must comply with NAA requirements and the AS ISO 15489.1 —Records Management storage criteria ch2 note 7 and offer a service-level agreement.
2.57 Mandatory requirements for the management and storage of Defence records by service providers are that:
2.58 Outsourced records must be reviewed by the owning business area to determine if any information needs to be expunged due to its sensitive nature and to comply with eDSM policy before it is issued to a service provider (for more information see Expunging and exempting records and Information from public access).
2.59 The Directorate of Mail and Records Management on behalf of DSG is required to be advised of all arrangements that require service providers to store Defence records.
2.60 Service provider (contractor) systems may be used to manage tasks, documents and outputs related to the contract where it is inappropriate or inefficient to use a Defence system, as determined by reference to the published NAA outsourcing provisions and records management. ch2 note 8
2.61 Contractors managing Defence business off site on their own systems are required under the terms of their contract to retain custody of Defence records until end of contract or by arrangement or when otherwise called upon by Defence to deliver up the records.
2.62 Contractors undertaking Defence business, other than outsourced recordkeeping or functions, are obliged by the terms of their contract to keep records when undertaking Defence business. Contractors should where practical and as provided in the contract use the Defence Records Management System. However, if this is not possible and where Parties agree in advance, they should use a commercially available Industry Standard Contractor System. (See Information and recordkeeping systems.)
2.63 Contractors undertaking outsourced Defence records management are required by the terms of their head and individual contracts to comply with the systems policy and outsourcing conditions in this Manual.
2.64 Defence records in existence at the start of a contract and that are reasonably required to be accessed or held by the contractor may be transferred into the custody of the contractor.
2.65 Copies of Commonwealth and Defence manuals, procedures, guidelines, publications and handbooks required under the terms of the contract may be transferred to the contactor for the express use of the contractor on their system and all copies must be returned or properly disposed of by the contractor in a manner and to standards agreed by Defence at the end of the contract.
2.66 Short-term working papers, draft reference copies and transitory records (further described in chapter 4, annex A ) managed on the contractor system may be destroyed under normal administrative practice, as notified to the contractor, as required.
2.67 Records management functions should be expressly agreed and set out in detail within the terms of the contract where a contractor, who is not an outsourced records management contractor, undertakes Defence business.
2.68 When functions that include recordkeeping responsibilities have been outsourced to a service provider, the contractor’s staff must have and at all times throughout the term of the contract retain appropriate skills, proficiencies, and resource levels. This requirement will need to be included within the terms of the contract.
2.69 Defence personnel developing and managing outsourced functions for Defence are to refer to and comply with the mandatory requirements of NAA, Defence and Australian National Audit Office (ANAO) documentation on outsourcing. These include, but are not limited to:
2.70 Monitoring includes reviews of recordkeeping activities undertaken at organisational, business unit or group levels, and implementing results as recordkeeping policy and procedures.
2.71 Audits include investigations to reinforce the importance of effective management of records in public administration and highlight areas for improvement. ch2 note 9
2.72 The above activities establish benchmarks for quantitative and qualitative reporting arrangements which are intended to assist in the measuring of successful systems, and provide evidence of follow-up action based on the findings.
2.73 Recordkeeping is undertaken within the legislative and policy framework and must be examined periodically to ensure that the recordkeeping processes are compliant, and to identify areas for improvement.
2.74 Recordkeeping monitoring, auditing and compliance activities should be undertaken in a planned and systematic fashion to ensure that all policies, procedures and guidelines are implemented uniformly across Defence.
2.75 Across Defence, monitoring should include:
2.76 The Australian Public Service Commission, the Management Advisory Committee and the ANAO are authorised to conduct a series of audits across Commonwealth Agencies to assess the extent to which Government entities meet their recordkeeping responsibilities. ch2 note 11
2.77 Defence records management policy is required to be reviewed regularly by DRMP to ensure that changes and updates to legislation and industry standards (including NAA policy and AS ISO 15489.1 ) are incorporated.
2.78 Proposals and requirements for policy improvement, and input to policy development, should be submitted to DRMP. These will be reviewed and, where appropriate, incorporated in regular updates.
2.79 Records management education and training is the provision of simple and clear information that may be relied upon by Defence personnel in order to gain a consistent level or record management skills and proficiencies.
2.80 Appropriate training is required to be undertaken to enable all Defence personnel to develop the skills and proficiencies necessary to perform records management functions successfully.
2.81 Records management training is a part of all Defence personnel induction and ongoing training and development. Where appropriate undertaking records management training should be integrated into job descriptions and performance assessment processes.
2.82 Records management training should:
2.83 To accommodate different responsibilities and skill levels, records management training should be offered in the following categories:
2.84 ‘Responsible Recordkeeping’ is an online course available through CAMPUS . This is a basic recordkeeping awareness program which outlines core recordkeeping requirements and can be completed within 45 minutes. All Defence personnel should participate in this training course to increase their records management understanding. Please note, this course does not cover any specific archiving, sentencing and disposal or using the Document Records Management System application.
2.85 All Defence personnel are responsible for completing the online records management awareness course ‘Responsible Recordkeeping’.
2.86 ‘Keep the knowledge—make a record’ was developed by the NAA and explains the recordkeeping responsibilities of Commonwealth employees. It includes instruction on when and how to make and keep records and is available by contacting DRMP.
2.87 There is currently no internal face-to-face records management training within Defence. The NAA does offer a number of short half to one-day courses at a small cost in the areas of:
2.88 Further records management qualifications can be gained from various education and professional training facilities.
Contact DRMP.email@example.com for further details.
2.89 Users will only be granted access to DRMS when they have completed the required training for the system. DRMS training is provided by the DDRMS in the Chief Information Officer Group. For more information on DRMS training please see the following link .
2.90 Records management advice and support ensures Defence personnel are able to get on with business and comply with recordkeeping obligations.
2.91 Records management process advice should not be requested from NAA directly. In all instances, due to individual implementation of records management policy in agencies, NAA will return advice requests to Defence.
2.92 Advice to enable Defence personnel to perform records management functions successfully is provided:
2.93 Records management advice should:
2.94 Information and recordkeeping or Information and Communication Technology (ICT) systems include:
2.95 All systems are to comply with Defence ICT policy and procedures.
2.96 A Business Information System is an information reporting and transaction system used within Defence. Business Information System are not automatically records management compliant. Corporate information and transaction systems contain structured data that is potentially part of the Commonwealth record but does not contain the contextual information which ensures reliability, authenticity and usability.
2.97 A Business Information System can store and manage records in situations where:
2.98 An integral part of ensuring compliant records management of the data in these systems is to implement records management capability and practices to ensure that Defence has access to full and accurate records of all its business or operational activities, transactions and decisions.
2.99 DRMP on receipt of notification from the business area will analyse the system to determine the records management implementation required to make the system records management compliant.
2.100 Defence uses an Objective application as the basis for its electronic DRMS on both the DRN and DSN. While DRMS is the sole Defence approved system, there are several other records management systems in use within Defence that may still be required and need to be assessed by DRMP for Commonwealth and Defence records management compliance in order to manage Defence records.
2.101 Because DRMS is only endorsed to SECRET there is also the requirement to assess records management systems on TOP SECRET networks for Defence records management compliance. DRMP will work with the DSD when assessing records management systems for compliance.
2.102 Defence records management compliance approval will be given by DRMP when DRMP is satisfied of the following criteria:
2.103 It should be noted that having system assessed as compliant does not eliminate the requirement to interoperate with or move to DRMS in the future. Any compliant system may be required to have records migrated to DRMS.
2.104 A contractor system is a transaction, reporting or records management system used by a contractor to Defence to manage tasks, documents and outputs related to the contract (See Contractors for further information). Contractor systems may be used for:
2.105 Contractor systems must comply with the following criteria:
3.1 Creating electronic and physical records, capturing them in a recognised system, describing their contents and controlling their history preserves information about business activities and transactions. Electronic recordkeeping is (adopted by Defence as) best practice and includes digital creation and capture and scanning, copying, converting or migrating records into digital form. To enable records to be found and managed over time, their content and context, and the processes that manage and maintain them, must be described. This description is called recordkeeping metadata (or structured data about other data). Metadata ensures records can be found, read and understood. Controlling ownership, custody and versions and tracking changes facilitates the authentication of records as evidence. Functionally classifying files from the Defence Business Classification Scheme (DBCS) (and Thesaurus) links records to the relevant business they are documenting and enables disposal of records in compliance with legislative obligations. Control tools (metadata, DBCS, and disposal authorities) are maintained and governed to ensure consistent records management over time.
3.2 Creating records is the process of creating or receiving information concerning a business-related item or in pursuance of legal obligations, in any format or media, and making it a Commonwealth record.
3.3 Creating records:
3.4 Capturing records means registering a business-related item as a record ch3 note 1 by filing it eitherelectronically in a virtual file on the Document Record Management System (DRMS) or in a physical file. Registered records:
3.5 All Defence personnel are required to create and/or register their own records and manage their business information. As soon as practical after creation or receipt of business related information, Defence personnel must capture (register) a record in a Registered File—either as an electronic record in a file in the DRMS or place the record on a physical file registered on the DRMS. There are several triggers that indicate the need to create records. These trigger events can include:
3.6 Record capture includes:
3.7 Physical items which cannot be placed in a file (such as a book or chart) must have a marker placed in the appropriate file with details of the item, such as description and physical location.
3.8 Registered Files should be functionally classified at creation or disposal by selecting the appropriate function and activity from the DBCS or disposal schedule. Records associated with the file automatically inherit the functional classification and disposal schedule. (For functional classification see Functionally classifying.)
3.9 All Defence records must be captured in a file in DRMS (or Defence complaint records management system, including a physical file). (See chapter 2, paragraph 2.100.)
3.10 Where Defence personnel have no direct access to the DRMS or Defence records management compliant system, and therefore need to maintain physical files, the following policy applies to ensure records are accessible, retrievable, and to minimise the opportunity for records to be lost or misplaced.
3.11 In maintaining physical files, Defence personnel are responsible for:
3.12 There are two overarching categories of files used by Defence:
3.13 Corporate files contain a range of material (eg policy, project, fiscal, administrative and operational information). They should be limited to a set time frame to enable disposal. Time frames should:
3.14 Corporate files created without a specified time frame should be set as a default to one-year from the date of creation.
3.15 Case files are a particular type of corporate file created to contain case history and management information for a specific action (eg incident, accident), event, person (eg client, patient), place; project; organisation; or other subject (eg pay, legal, and welfare, medical or environmental issues).
3.16 Case files should be managed in the DRMS. Access and security controls should be implemented to as far as practicable ensure only the relevant business units can see the files (including sensitive titles).
3.17 Personnel files cover the management and history of all Defence personnel. They contain service records, civilian employment history, reviews of actions, overtime, salaries, superannuation and working hours.
3.18 Personnel files for individuals should be managed in the DRMS. PMKeyS Self Service is a personnel transaction-only system and not a compliant records management system.
3.19 Unit or ship personnel files should be regarded as records for the purpose of recordkeeping compliance and normal recordkeeping practices and procedures should apply. These files can contain both originals and copies of members’ service records. On discharge, original or master service records must be forwarded to the central repository.
3.20 All Defence files must be managed in the DRMS. There are three file formats:
3.21 Folios (ie individual items on a file) can be added to or removed from an open (active) file. Folios cannot be added to or removed from an inactive (closed) file, irrespective of whether the file is physical, electronic or mixed mode.
3.22 Physical folios. Folios which have been placed on a physical file in error can be transferred to the correct file if the folios have not been numbered. Numbering folios creates an audit trail of the folios’ addition to the file and must not be altered if used. Folio numbering sheets or folio transfer sheets are not legally required for the creation of new files.
3.23 A numbered physical folio cannot be removed from a classified file unless it was placed there erroneously. In that case, the erroneous folio must be removed and placed on the correct file, and a note must be put in place of the incorrectly attached folio.
3.24 Form AR 083 ch3 note 2—Folio Removal Advice can be used as a precedent for a folio removal note.
3.25 Electronic folios. Folios can be moved between any open files. The DRMS keeps a compliant metadata audit trail of folio movement between files.
3.26 Registered and closed records over 25 years old should not have their file numbers replaced (top numbered), be added to, amended, altered, or have their custody changed without reference to Directorate of Records Management Policy (DRMP). Personnel records and control records are special case records and are active for service or employment life. Disposal authorities allow alteration to these records after 25 years.
3.27 Section 26 of the Archives Act 1983 states that records over 25 years old may not be altered or added to unless such action is:
3.28 This is generally known as the 25-year rule. Unauthorised addition or alteration of a Commonwealth record is an offence.
3.29 Files should contain records that are related contextually. The file title is required to indicate the nature and purpose of the business, activity, transaction or decision that the file collates. The careful and appropriate selection of a file title greatly aids the intelligent collection and future retrieval of records.
3.30 If there is no file with an appropriate title available, then a new file must be created.
3.31 Each file’s title should as far as practicable enable the users to identify the file’s content and be associated with DBCS function/activity pair to enable disposal.
3.32 The file must have the same title and number (except part number in the case of physical files) as the file parts grouped under it and the records contained within must all relate to the same function, activity and a single subject matter. If, over time, the function, activity or subject of the file changes, additional files must be created and linked to the original. A new file part must never be created as a way of contextually or functionally dividing a file. A new file part can however, be created if the physical file becomes too big, meaning the content exceeds the capacity of the file cover.
3.33 The file title should be used to identify the time frame of corporate files. For example, it is inappropriate to create a file relating to ongoing administrative or business activities and simply continue to add parts to the file year after year. Rather, a new file should be created each year (eg ‘The Defence Legal Service Budget—FY2009–2010’).
3.34 While all acronyms should be spelled out when titling files, this is not always possible due to size limitations with the recordkeeping system. It is therefore acceptable to use acronyms when titling files provided these acronyms are listed in the Australian Defence Glossary (see ).
3.35 Where possible, file titles should be unclassified in accordance with the electronic Defence Security Manual (eDSM). Where this is not possible, appropriate title grading markings should be used in accordance with the eDSM.
3.36 Personnel files. When titling a personnel file, the following conventions and order should be observed:
3.37 Case files. Defence has numerous legal obligations to be able to identify records. The unrestricted use of case file titling may in the absence of compliance with detailed protocols operate to prejudice or otherwise restrict the Department’s ability to meet its legal obligations to identify records and should therefore only occur in exceptional circumstances with DRMP approval. Business units without access to the DRMS or who consider they cannot properly title their files due to privacy or other considerations should contact DRMP for advice. In these situations DRMP will consult with Defence Legal in considering whether case file titling is appropriate in all the circumstances and whether approval should be granted for that specific business unit to create a case file or series of case files.
3.38 Like all files, case files should be managed in the DRMS. Access and security controls must be implemented to only the relevant business units and approved user access profiles (such as administrators) can access information as appropriate.
3.39 The following case file titling convention shall be used:
3.40 Corporate files. The title of a corporate file provides the opportunity to limit the range of records collated by the file. The more specific the file title and range of records collated, the quicker and easier future retrieval and file management actions will be. Accordingly, it is recommended that limitation to the active life span be included in the title.
3.41 Defence personnel should select the relevant functional classification (ie identifying the appropriate DBCS function/activity pair) for that file when creating a new file. As each DBCS function/activity pair is associated with specific disposal authority retention classes/entries, this will link the appropriate sentence and disposal authority to the file.
3.42 The retention classes/entries in the DBCS provide the tools to limit the naming, scope and date range of records collated on a file. This ensures that Defence personnel can create files with records of the same value for efficient disposal.
3.43 File title sensitive marking. Policy and administrative files created in Canberra are subject to the Senate Standing Order for an indexed list of departmental or agency files (the Harradine Report). This report requires, that every six months, a listing of all file titles that are not sensitive be placed on the Defence internet site. Business units must vet file titles for sensitivity, national security classified information, and appropriateness for publication under the Harradine Report. A file title is sensitive if it includes the ability to identify a person (but not an officials position), commercially confidential information, or national security information. This includes file titles that use title classification grading as prescribed by the eDSM.
3.44 When a new file is created, it must be assigned a file number and a registered series number. Two file number systems are in use in Defence, one for corporate files (including case files) and one for personnel files. Business units may choose to use an additional local identifier system, provided it is not used as the primary file numbering system.
3.45 File numbers should not be changed from the assigned number as this can disrupt the corporate and personnel primary numbering systems.
3.46 Corporate and case files. Corporate and case files are numbered in compliance with the Commonwealth Record Series (CRS) approved by the NAA. For corporate and case files, Defence personnel must use a primary file number comprising the calendar year, a single file number, and usually the file part number. This primary file number should be captured in the format 2006/123456/1.
3.47 Personnel files. For personnel files, Defence personnel must use a primary file number comprising an alphabetic character (representing the file type), the person’s PMKeyS number, an abbreviated file category, and for physical files, the file part number. The file type can be an ‘A’ for Army Personnel File, ‘C’ for Civilian Personnel File, ‘N’ for Navy Personnel File or ‘R’ for Air Force Personnel File (see Glossary). These sets of characters are separated by a slash and the file number should be captured in the format A/123456/PRP/1.
3.48 Assigning file numbers. The DRMS automatically assigns a file number when a new file is created. Defence personnel unable to access the DRMS must request a block of file numbers from DRMP when creating corporate and case files.
3.49 Defence files use NAA registered file series called CRS to comply with NAA policy for the identification of Commonwealth records and for transfer of Retain National Archives records into NAA custody. The CRS system ch3 note 3 is the archival control system the NAA uses to link records with the agencies that recorded them and the agencies that control them. When creating new files, Defence personnel must assign a CRS number in addition to a file number. The CRS number serves a different role to the file number.
3.50 Defence has a number of series registered with the NAA (eg Defence Corporate File series, Defence Personnel File series) and special series files (eg some Defence Science and Technology Organisation reports).
3.51 The DRMS automatically assigns the CRS series.
3.52 Special series. For policy on Defence Special Compartmented Information (SCI) Special series (Codeworded) files which manage SCI codeword records, refer to Departmental Security Instruction 2/2004 —Defence Special Compartmented Information—codeword recordkeeping.
3.53 For records generated in the deployed environment, it is the responsibility of deployed units to capture and store records as follows:
3.54 Deployed business units must ensure that every file has an appointed custodian to ensure security during operations and exercises.
3.55 In compliance with the Australian Government Information Management Office (AGIMO) guidelines for Government e-business and best practice principles, electronic recordkeeping is best practice for new business. Creating digital images of current paper or physical records (scanning, copying, converting or migrating records into digital form) is also an efficient way to:
3.56 Scanning and copying applies to any records that are transferred to another medium (ie scanning or copying between formats) for business reasons. Scanned or copied records are electronic images of physical documents or records (including paper and microform) captured into an electronic file in the DRMS:
3.57 In compliance with electronic recordkeeping principles, replacing physical or other media source records with a new digitised record is good business practice where it is cost-effective to do so.
3.58 Where practical, all incoming paper documents are to be scanned and registered on the DRMS, and the resulting copied images distributed instead of the original paper. This is subject to:
3.59 Any source record can be legally reproduced electronically as a working copy for business purposes.
3.60 The source physical record can only be copied and destroyed in accordance with the exclusions and destruction classes identified in the ‘General Disposal Authority (GDA) for source records which have been copied, converted or migrated’ if:
3.61 Requests for exceptions are to be directed to the DRMP for submission to the NAA.
3.62 All scanning should be carried out in compliance with the scanning standards (see Scanning standards). The principal exception will be scanning for the purpose of re-using artwork or similar (eg scanning a logo or a photo for inclusion in a newsletter). In cases such as this, there is no need to comply with scanning standards or to index the resulting images; the eventual record is subject to this policy.
3.63 Business units must implement business or operational processes and procedures to authenticate the resulting images which registers acceptance of them as true reproductions of the original physical documents or records, and must place them in a file. ch3 note 4
3.64 Recommended digital formats are:
3.65 Recommended document output formats are:
3.66 The business decision to scan physical records and retain both formats is made on a case-by-case basis (eg where the Minister has manually annotated a business document and the annotations are important enough for the annotated document to be kept as a record).
3.67 Business units can scan and copy Retain as National Archives (RNA) records created prior to 2002 for ease of business use only. Converting original records into digital form for RNA records can help improve the longevity and aid rapid search and retrieval of those records. The source records created prior to 2002 must not be destroyed and should be transferred to the NAA at the completion of the conversion project.
3.68 Classified records may be copied or scanned to electronic media in accordance with the eDSM.
3.69 Business units must retain the source originals until the image is authenticated as a true reproduction (see Scanning standards). The images are admissible as source records for evidence purposes; however, the weight placed on them as evidence by a court may depend on the business unit being able to prove that the transfer to an image format is a routine business or operational process supported by policy and procedures. The resulting image becomes an electronic record and is managed according to the policies presented in this framework.
3.70 It is important to note that the scanned images must be placed in a file in the DRMS, before any of the source records can be destroyed. Storing the scanned copies on shared or local drives, or even within the DRMS but not on a file, will leave the images uncontrolled and not compliant with this policy.
3.71 The following items can be scanned for ease of business use, however, due to legal and business requirements the source document can not be destroyed and must be retained in its original format:
3.72 All paper and microform records, once they have been scanned to the standards stipulated by the relevant legislation, should be destroyed in accordance with the GDA for source records that have been copied, converted or migrated. There may be exceptions to this guideline, including:
3.73 If source records are not destroyed, arrangements must be made to ensure that physical records are stored in a compliant repository.
3.74 Where whole registered files are scanned, the original file may be destroyed as a single unit and a control record must be created for the file in the DRMS. Where single documents are scanned, the original may be destroyed in accordance with conditions and exceptions and when scanning process is authenticated.
3.75 Individual destruction certificates are not required for individual classified source documents copied, provided the copied documents and scanning or copying action is recorded in the Classified Document Register List and stored in the DRMS. This policy must comply with the eDSM.
3.76 To ensure the legality and acceptable evidential weight of images and their ongoing reliability over time, Defence business units using scanning should implement the following measures as part of their normal operation:
3.77 If an image is converted into textual format through an optical character recognition (OCR) process, the original image must be retained as the original version of the record. The subsequent OCR version must become a unique record in its own right (in many cases, the textual version will be produced for temporary use, typically to copy a section of text for re-use, and so the textual version will be an ephemeral document that is not retained).
3.78 In accordance with the Evidence Act 1995 and Electronic Transactions Act 1999, copied records are admissible as evidence regardless of age, provided that originals have been destroyed under the GDA for copied records. Advice from the NAA and the Australian Government Solicitor to date indicates there is low risk of fraud in copies in an approved recordkeeping system.
3.79 Under the Evidence Act 1995, copies are admissible provided it can be proven that they were produced under digital imaging standards.
3.80 Under the Electronic Transactions Act 1999, electronic signatures are legally defensible and can be used as evidence when the following four conditions are met:
3.81 There are various types of electronic signatures:
3.82 Relevant and important business-related emails and Defence formal messages must be managed in the DRMS. Printing to physical form and filing the hard copy should be an exception arising only when there is no access to the DRMS:
3.83 In some cases, the key information is contained in the body of the email or message. In others, the email or Defence formal message serves only as a ‘cover’ for one or more attachments (such as office documents or scanned images) that contain the information that truly constitutes the Defence record. It is suggested that the coversheet may provide the context to the importance of the other documents.
3.84 Where the email or Defence formal message body contains information which qualifies it as a record separately to its attachments, then the email or Defence formal message must be captured as a linked record. The associated metadata of the email or message must also be captured to assist with retaining the context of the information.
3.85 Storing related emails or messages on the same file also provides the business context.
3.86 When replying to or forwarding an email or message, the threads (or history trail) must be left intact in the body of the new email or message. Do not delete or modify any previous email or messages in the sequence (or their dates, senders or recipient lists). This is necessary to preserve the full, sequential audit trail of the discussion engendered by the original email or message.
3.87 When incorporating a portion of another person’s email or Defence formal message, ensure the text is modified to demonstrate a different meaning to that of the original author.
3.88 The storage of.PST Outlook personal files for email management in shared, public or personal drives is not records management compliant. Outlook does not comply with the Defence and Commonwealth records management standard. Emails as business transactions should be registered on files in the DRMS as soon as possible after creation. Where DRMS is in use, emails should be dragged and dropped onto relevant files or printed and registered.
3.89 Using Archived.PST files in email systems as the only business source, the mixed subjects in.PST files and inability to search for emails in.PST files increases the risk of poor accountability, retrieval and loss of business context and continuity. Storing.PST files in DRMS should occur only where full search and retrieval features are implemented.
3.90 Defence Information Management Policy Instruction (DIMPI) 4/2005 —Standard Defence Email Markings and Handling outlines two occasions when emails are not to be used:
3.91 Defence Communications Facility (DCF) provides formal messaging services to Defence. These services include Command and Control military messaging (ACP127/128) and international messaging via the Department of Foreign Affairs and Trade (DFAT). The DCF provides a range of services, which include:
3.92 The DCF also provides and controls Communications Security equipment, publications and material on behalf of many Australian Defence organisations worldwide.
3.93 DCF determines how the Defence messaging systems comply, interface or are interoperable with the DRMS and implement the Defence recordkeeping metadata requirements.
3.94 Where there is no automated transaction capture, messaging technologies, eg mobile telephones, Blackberrys and personal digital assistant, used to conduct Defence business must be analysed for business content and notes of conversation or transactions recorded in the DRMS. ch3 note 5
3.95 Where there is automated transaction capture, messaging technologies used to conduct Defence business must be assessed to evaluate any recordkeeping requirements and solutions for input on recordkeeping policy when assessing technical solutions.
3.96 In accordance with NAA advice, ch3 note 6 decisions need to be made as to whether messages and dataare short-term, low-value records which can be destroyed according Normal Administrative Practice or whether they are important business records.
3.97 Currently most messaging exchanges are informal, short-term and facilitative. If Defence transacts business or receive requests from the public using these technologies, the exchanges are records that should be managed in the DRMS.
3.98 There are two options for recording this information—technical and procedural:
3.99 Discarded mobile devices must be cleared of personal data and records where possible before destruction or change of owner. Data on mobile devices is subject to Defence security and privacy provisions. For security requirements for information on mobile devices see advice from AGIMO. Defence complies with Blackberry use policy from the Defence Signals Directorate (DSD). ch3 note 7
3.100 Custodians of Defence mobile devices are responsible for removing personal data and transferring records to the DRMS, where possible.
3.101 Metadata is ‘data about data’ and describes the context, content and structure of records, and their management through time. ch3 note 8 Metadata includes information such as the origin and usage of the item, and usually a unique identifier assigned and used by the DRMS in which the record is held.
3.102 The Defence Recordkeeping Metadata Standard (DRKMS) is compliant with the NAA Australian Government Recordkeeping Metadata Standard (AGRKMS). The AGRKMS is compliant with AS ISO 23081.1 —Information and documentation—Records management processes—Metadata for records.
3.103 All recordkeeping systems in Defence must comply with the mandatory elements in the DRKMS. The optional and conditional elements may be applied to records depending on requirements.
3.104 Where a Defence Business Information System is designated as a recordkeeping compliant system, it must be compliant with the DRKMS.
3.105 Defence Business Information System owners whose systems are not designated as recordkeeping compliant must develop policy addressing the use of recordkeeping metadata and define the relationship, ie interface or interoperability with the DRMS.
3.106 The DRKMS must be applied to all records at capture or creation in the DRMS, depending on level of aggregation (ie business document/object or corporate or personnel file level).
3.107 Most recordkeeping metadata in the DRMS is captured automatically at the creation of electronic documents, electronic files, and physical files. The metadata is kept permanently and is classed Retain as National Records.
3.108 When creating a record external to the DRMS (eg in a Defence Business Information System) Defence metadata elements should be applied where possible. This can be in the form of files and document registers, indexes, file movement logs and file content descriptions on the file cover.
3.109 The following table sets out the mandatory and other metadata elements of the DRKMS. Some elements are required for all records while others are only required at the file level and are inherited by the records within that file.
3.110 Some elements are designed to hold values with differing meanings. For example, the element ‘Agent’ stores not just one Agent identifier, but can store the values of several ‘sub-elements’ such as ‘Organisation’, ‘Author’, ‘Addressee’ etc. This is a common convention for metadata definition.
|Mandatory at all levels||A corporate entity, organisational element or system, or individual responsible for the performance of some business activity, and action on records. Includes: category, identifier, name (corporate, person, section), position, contact, email, digital signature or authentication of signature.
Organisation: an organisational element at the Director/O–6 level or lower;
Author, originator, or individual using or actioning the object: resource discovery point for users;
Signed by: the person who has signed the document (especially in the case of correspondence);
Sender: if the object has been received from elsewhere, the person from the other area who created or sent it;
Custodian #1–n: the person who currently has responsibility for the object; there may be several custodians over time, eg in tracking the movement of documents such as correspondence (#1 is the original custodian);
Addressee: the person to whom correspondence is addressed;
Information Addressee: any person to whom correspondence is addressed ‘for information’.
Nationality (for AUSTEO use)
|Mandatory at all levels||Policies, legislation, caveats and/or classifications governing access to or use of objects. Relevant national security classifications, code words and caveats should be recorded. Includes: security classifications, caveats (mandatory on secret network) and clearances, access rights, usage conditions, encryption details, code words and releasability indicators.|
|Mandatory at all levels||Name given to an object to assist identification, discovery and description of the functions documented in the object. If the document has been received from elsewhere, a title reflecting the same principles as mentioned in creation. Usually the subject line on incoming correspondence. Includes; title words, alternative name and classification scheme name and type if included in title.|
|Mandatory at file levels||The content characteristics of the boundaries of jurisdiction, location, and time. Coverage should be recorded as the ‘content from’ and ‘content to’ dates of an object. Includes: jurisdiction, place and period names.|
|Mandatory at file levels||The general or agency-specific business or operational functions and activities documented by the object (based on the DBCS and Thesaurus). Includes: keyword, function, activity, transaction if used.|
|Mandatory at all levels||Dates and times when fundamental records management actions of creation, transaction and registration occur.
Includes: registration date/time: when the object was registered;
publication date/time: when the object was published;
creation date/time: when the object was created; signature date/time: when the object was approved/signed off;
date/time transferred out: when the object was transferred out to another custodian and/or location (for use in tracking);
date/time returned: when the object was returned (for tracking);
date/time effective: when the object comes into effect (for version control);
date/time received: when the object was received;
date/time published: when the object was published (for version control);
date/time reviewed: when the object was reviewed (for version control);
date/time of expiry: when the relevance of the object expires (for version control);
date/time issued: when the object was issued (for distribution control), or the correspondence sent;
date/time transferred in: the date the object was transferred in.
|Format||Record||Conditional—recommended for record levels||Mandatory for long-term preservation records. Includes: document form and name, media, data, medium and extent of format.|
|7||Type (Defence)||Record||Mandatory at record levels||The form an object takes which governs its internal structure and relates to its transactional purpose. Helps users to interpret information by identifying the object’s internal structure. Examples of type are agenda, guideline, instruction, letter, message, minute, memorandum, presentation, procedure, report.|
|Mandatory at file levels||The level at which the object or objects are described and controlled. Can be: item (document); file (grouped documents); series (grouped files (corporate etc)/items with similar characteristics). See ‘Relation’ for non-records management specific applications.|
|Mandatory at file levels||Mandatory in Defence Business Information System designated as records systems or non-records management specific applications. To establish contextual relationships between records, agents, business and mandates for chain of evidence purposes; eg relating a record series to an organisation such as Defence. Includes related entity, category, name, change history.|
|Subject||Record||Optional—if implemented||Includes ‘subject’ keyword scheme type.|
|Mandatory at all levels||Unique identifier (often a number) for the object. Acts as an access point to more information. If the object has been received from elsewhere, the point at which an identifier is allocated. The version number (for versioning see ‘Version and Distribution Control’) will also form part of this field.|
|10||Management and use history||Relationship
|Mandatory at file levels||Dates and descriptions of all records management actions on an object from initial registration to disposal; in particular this may include:
Reason for change: why a new version was created;
Approval #1–n: details of the particular approval of the document (with #1 being the first);
Event and use change time, date, type and history.
|Recommended at file levels||Event history, eg for long-term digital preservation. Excludes original creation event. Includes action dates (and next action due), time, type and description.|
|Mandatory at file levels||Current (physical or system) and home location of the object. Objects should have a home location and a current location (if the object is located elsewhere temporarily). NB not custodian (if the object is the custody of a person), as custodian is stored as agent. May include the file number of the file where a physical object (such as correspondence) is stored. Includes storage details.|
|12||Disposal||Record||Mandatory at file levels||Information about policies and conditions which pertain to, or control, the authorised disposal the object. Includes disposal authorisation, sentence, trigger, disposal authority, class identifier (ID), disposal action due and status.|
3.114 Web page metadata must comply with the Australian Government Locator Service (AGLS) standard, and NAA policy on archiving web resources.
3.115 To provide sustainable legal proof of web-based services and transactions, full and accurate records of these transactions must be captured in the DRMS that can guarantee the authenticity, reliability and accessibility of the records.
3.116 Web pages, which include original records or published documents and their contents, need to be kept to meet any legal obligations and community expectations for evidence of present and past positions, advice, guidance, transactions or instructions on particular matters delivered over its public website.
3.117 Information that sets out the processes, planning, designing and content of the web page must also be captured as records.
3.118 Web portal sites, which are mainly composed of links to other online resources which hold little content, need only be retained while the site remains active and continues to be referenced. When reference ceases they can be disposed of under normal administrative practice.
3.119 For sites requiring user interaction, business units must determine within the parameters of full and accurate recordkeeping whether:
3.120 Internet web page snapshots must be captured over time, so that it is possible to reliably establish the content of the website at any particular point in time from the past. They should be captured when a major change occurs or a new page is added and retained as high-value records for transfer as national archives.
3.121 A web page snapshot includes capturing:
3.122 Internet web pages that meet the Government online description of a resource must be compliant with AGLS requirements and have AGLS metadata elements assigned in the Hypertext Mark-up Language header as tags. The capture of quality AGLS metadata will ensure that Defence meets its Online Information Services Obligations (OISO) with respect to visibility of its internet sites for the Government online program. Refer to ‘Metadata’ section for the AGLS metadata elements to be applied.
3.123 The following categories contain a minimum set of resources for which it is essential to create AGLS metadata in order to comply with OISO:
3.124 Listed below are the AGLS elements for Defence web pages compliant with NAA Australian Government Implementation Manual : AGLS Metadata (May 2006) updated by the AGRKMS metadata standard set. ch3 note 9
|AGLS elements||AGRKMS property||Obligation||Qualifiers (sub-elements)|
|Title||Name||Mandatory||alternative: when the resource is also known under a different title, or has recently changed and is still known by its previous title.|
|Type||Category||Mandatory||Aggregation level qualifier
|Function or Subject||Keyword||Conditional||Subject or function schemes, eg AGIFT9 for internet sites, and DBCS for internet and intranet sites.|
|Format (extent qualifier)||Extent||Mandatory||Provides specific level of granularity.|
|–||Disposal||Mandatory||Mandatory for web-based records as prime records.|
|Availability or Identifier||Identifier||Mandatory||Identifier scheme.|
|Audience (when the audience of the resource is not ‘All’)||None|
|Coverage (when coverage is not all of Australia)||Coverage||Optional||
3.125 Intranet web page snapshots may be captured over time, so that it is possible to reliably establish the content of the website at any particular point, as required. Snapshots should be captured when a major change occurs or a new page is added and retained as long as business requires. ch3 note 10
3.126 If virtual private networks and extranet sites are used as a means of conducting official business or operations between Defence and other Commonwealth organisations, or between Defence and its business or operational partners, suppliers or vendors, then accurate records of transactions must be created and kept, including records related to site security.
3.127 Intranet web pages recording business transactions, activities, decisions or publications must comply with the Defence AGLS standard and be captured and stored in the DRMS, or an approved records management system.
3.128 Wherever the posted record is maintained, it should include the following metadata:ch3 note 11
3.129 Incoming paper correspondence should be scanned and managed electronically where possible. If incoming paper correspondence is registered, the following mandatory information items must be collected:
|Signed by or digital signature if record scanned||details (name and role) of the person who has signed the document.|
|Originator||details (name and role) of the author of the document.|
|Addressee(s)||details (name(s) and role(s)) of the person(s) to whom the correspondence is addressed.|
|Information addressee(s)||details (name(s) and role(s)) of any person(s) to whom the correspondence is addressed ‘for information’.|
|Date received||the date the correspondence was received.|
|Subject/title||the main subject covered by the content of the correspondence, usually identified by the subject line on incoming correspondence.|
|Type||the type of correspondence.|
|Custodian||details (name and role) of the person responsible for the correspondence once it is received.|
|Classification and caveats||details the classification of the correspondence and any caveats applied.|
3.130 Outgoing paper correspondence should be created electronically or be scanned and managed electronically. When registering outgoing paper correspondence the following mandatory information items must be collected:
|Signed by or digital signature if record scanned||details (name and role) of the person who has signed the document.|
|Author||details (name and role) of the person who wrote the document.|
|Addressee(s)||details (name(s) and role(s)) of the person(s) to whom the correspondence is addressed.|
|Information addressee(s)||details (name(s) and role(s)) of any person(s) to whom the correspondence is addressed ‘for information’.|
|Date issued||the date the correspondence was sent.|
|Subject/title||the main subject covered by the content of the correspondence.|
|File Number (mandatory at file level)||the file number of the file where the correspondence is stored.|
|Type||the type of correspondence (eg letter, facsimile).|
|Custodian||details (name and role) of the person responsible for the correspondence once it is received.|
|Classification and caveats||details the classification of the correspondence and any caveats applied.|
3.131 The email metadata set for Defence is based on NAA, Australian Government Email Metadata Standard (December 2005) (AGEMS), DIMPI 4/2005 —Standard Defence email markings and handling (10 November 2005) and the eDSM.
3.132 Defence Formal Message systems should comply with standard email metadata.
3.133 SMS and voicemail records if captured must comply with metadata standards.
3.134 Email metadata standards include:
|Email metadata element||Sub-element and description||Sub-element obligation for Defence|
|Originator||From: message creator or author—person(s) or system(s) responsible for writing the message.||Mandatory|
|Sender: message sender—agent responsible for the actual transmission of the message.||Mandatory|
|Drafter: name and contact details of drafting officer. (a)||Conditional—record if appropriate and is different from the message creator or author|
|Destination Addressee||To: primary or action addressee—person(s) or system(s) responsible for performing actions in response to the message.||One destination addressee sub-element is mandatory|
|Cc: Information addressee—others who are to receive the message, although the content of the message might not be directed at them for action.|
|Bcc: blind copy addressee.|
|Codeword||Conditional—record if the sub-elements are applied to the email|
|Encryption details, including:
||Conditional—record if the email is encrypted and is being stored in its encrypted form (for un-encryption and transfer see chapter 4—‘Keep, destroy or transfer’)|
|Use condition||Disclaimer clause: text stating the email is property of the Department of Defence. (a)||Mandatory|
|Message ID||None. A unique ID for the email message, by which it can be referred and tracked within and across domains.||Mandatory|
|Subject||None. A descriptive title for the email message, indicating its topic or content. Words are entered by the email creator, usually as free text.||Mandatory|
|History (Date/Time)||Sent date/time: date/time creator or sender ‘sends’ the message.||Mandatory|
|Received date/time: date/time the message received at destination server gateway.||Mandatory|
|Reply by date/time: date/time by which a reply is required.||Conditional—record if reply by date/time is applied to the email|
request for acknowledgement that the email has been read and understood by the recipient.
|Conditional—record if acknowledgement is of the email requested|
|Acknowledged reply date/time: date/time action addressee(s) reply to an email requesting acknowledgement. (a)||Conditional—record if email is in reply to an acknowledgement request|
|Relationship||In reply to: message being replied to.||Conditional—record if in reply to is applied to the email|
|In reference to: previous messages/items to which this one relates.||Conditional—record if in reference to is applied to the email|
|Attachment: message attachment.||Conditional—record if email has attachments|
|My file reference: a business file or container into which a message sender places or links a copy of the email.||Desirable|
|Your file reference: a business file or container reference given in an email message to which a reply is being sent.||Desirable|
|Precedence||None. The time sensitiveness of a message is flagged. It may be used as the basis of internal organisational approaches to dealing with messages that require urgent attention and action.||Conditional—record if email precedence is not ‘routine’|
|Importance||None. The importance of the content of a message is flagged.||Conditional|
(a) These elements are in addition to those outlined in the NAA AGEMS and are set out for Defence use in DIMPI 4/2005.
3.135 The following tracking metadata is required for all records irrespective of form or location. It is required for records imported to the DRMS and records managed external to the DRMS.
3.136 The following metadata is automatically applied at capture into the DRMS, where available:
3.137 Business correspondence exchanged with external entities are records. The following must be collected for the tracking of incoming correspondence:
3.138 The DRMS provides a tracking facility for records to provide location and process monitoring.
3.139 If required, business units may need additional metadata fields included in the standard set of metadata elements for specific local business uses. All such additions must also be in accordance with the AGRKMS, and are referred to as ‘local metadata’.
3.140 In addition to recordkeeping metadata compliance, Defence also complies with domain-specific metadata requirements; eg imagery metadata and metadata required for interoperability purposes and security purposes. The metadata and data elements should also be compatible with the following instructions and standards required by Defence:
3.141 The Archives Act 1983 states that records created by Commonwealth agencies are the property of the Commonwealth. When changes are made to the machinery of Government through Administrative Arrangements Orders, responsibility for managing the records relating to affected business moves to the agency. (See chapter 4 after an administrative change.)
3.142 Ownership of records that will be created and/or maintained by contractors will be determined by the contract under which the contractor is engaged.
3.143 A transfer of ownership pertains to records being acquired by or leave the Commonwealth legal ownership. With a transfer of ownership, the Commonwealth relinquishes all its legal, physical and intellectual property rights over the records, after which the records are no longer subject to the Archives Act 1983.
3.144 If a decision is made to privatise or corporatise some business previously undertaken by the Australian Government, any transfer of ownership of the associated records must be authorised by the National Archives.
3.145 Custody is an aspect of the physical management of documents or records, and refers to where the documents or records are stored, and who is responsible for them.
3.146 Tracking refers to creating, capturing and maintaining information about the movement, use and handling of records. ch3 note 12 Capturing information regarding the use and movement of a record permits the generation of an audit trail. In the DRMS, the audit trail records any access to the record within the system and may be used to identify unauthorised actions in relation to the records (eg modification, deletion, or addition).
3.147 Version and distribution control is the prevention of duplication and unregistered versions or copies of documents proliferating across Defence in an uncontrolled manner:
3.148 File musters are conducted by the business owner, and includes an inspection of a business unit’s work area and its storage area to produce a catalogue of the files held. File musters are used for:
3.149 File musters should be conducted when there has been a significant change to the organisation or business unit. This could include physical change of location or closure of the business unit.
3.150 Reasonable attempts are required to be made to recover lost or missing files and all of the steps taken to locate the records, as well as the results must be recorded in detail in the DRMS. (See also File musters of classified records in chapter 5—‘Secure, store and preserve’.)
3.151 Version control covers the correct approach to creating new versions of records. Distribution control covers copying existing registered records, and how those records may be distributed and/or published.
3.152 Version control is the process which ensures that business documents evolve as records in compliance with records management policy. Version control allows all users of a document (typically, members of a business unit) to be clear about its status and content, and minimise unintentionally working with a superseded version.
3.153 Distribution control is the process of registering and monitoring the distribution of drafts of documents to ensure that:
3.154 Version control must be applied when business documents are authored and reviewed collaboratively.
3.155 Record versions must be numbered manually if not on the system drive; eg a major release number, and a minor draft number, conventionally separated by a dash: version 4–2, representing draft 2 of release 4.
3.156 Version numbers should apply to:
3.157 Version and distribution metadata elements in the DRMS are controlled at the system level.
3.158 Business units must ensure adequate manual management controls are also in place to avoid duplication and ensure tracking of restricted documents.
3.159 Final versions of business documents, and significant drafts, need to be placed on file to ensure they are managed and controlled for recordkeeping compliance.
3.160 Physical items which cannot be placed in a file (such as a book or chart) must have a marker placed in the appropriate file with details of the item, such as description and physical location (for metadata see paragraph 3.101).
3.161 Personal items and storage in Defence networks are not subject to version control.
3.162 DRMS and network administrators must manage the limit on the storage quota for personal usage in Defence systems (eg personal space in email and records management systems).
3.163 All Defence personnel must ensure that:
3.164 In accordance with NAA requirements, Defence has adopted functional classification as the basis by which Defence files are sentenced and disposed.
3.165 Functional classification is implemented in Defence as the DBCS. It is applicable across Defence, and provides the prime classification for all records. It is incorporated into the current DRMS as Primary Keywords.
3.166 The DBCS is developed as a product of the NAA Designing and Implementing Recordkeeping Systems (DIRKS) ch3 note 13 and the Records Authority Process (RAP).
3.167 The DBCS:
3.168 The DBCS also satisfies the NAA ‘function’ recordkeeping metadata element. It is used for all Defence records created (for metadata see paragraph 3.101 ):
3.169 The DBCS is a hierarchical model of Defence business activities. This methodology examines the functions and activities that the agency performs and groups records according to transactions within that framework, rather than according to the internal agency structures. It is based on Defence functions and activities. The DBCS is also a controlled language with specific terms used to identify and manage records in Defence consistently. The thesaurus format identifies ‘broader’, ‘narrower’, ‘related. and ‘see’ references.
3.170 The DBCS is a product of, and a necessary step in, developing and maintaining disposal authorities in accordance with the NAA e-permanence policy and framework (ie it contains the functions and activities control language for the disposal authorities). This allows simple and/or automatic identification of records which are ready for disposal or retention action.
3.171 In compliance with the NAA DIRKS methodology, business classification is the process of analysing an organisation’s core business processes, categorising them, and identifying the sub-components. In Defence, this analysis has identified two hierarchical category levels which are referred to as ‘functions’ and ‘activities’ and defined as:
3.172 Core business functions are mutually exclusive to other functions, are consistent, and cover all the main business processes of Defence. Similarly, activities are mutually exclusive to other activities.
3.173 Tools or controls associated with Defence records management include:
3.174 The NAA is authorised to approve changes to the DBCS, metadata and RAPs under section 24 of the Archives Act 1983. The NAA will authorise changes to the Records Authorities and DBCS based on changes submitted in accordance with DIRKS:
Annex A to
4.1 Disposing of records by keeping, destroying or transferring records out of Defence or Commonwealth custody or ownership is regulated by section 24 of the Archives Act 1983.
4.2 Records disposal by sentencing is the process of using authorised disposal authorities and normal administrative practice to retain, destroy or transfer a record.
4.3 Records disposal implementation is the process of carrying out sentences. The National Archives of Australia (NAA) may place a freeze or Defence may place an embargo on the destruction or unauthorised alteration of records for a particular reason.
4.4 Transfer of records is the process of internal and external change of custody of the records. This can include the transferring of records to:
4.5 Commonwealth records can only be disposed of in accordance with the Archives Act 1983 and the associated regulations.
4.6 The NAA has the power to permit the disposal of Commonwealth records in accordance with approved practices and procedures known as disposal authorities.
4.7 The unlawful destruction or other disposal of Commonwealth records is an offence under the Archives Act 1983, and a breach of the Australian Public Services Code of Conduct. Anyone who misapplies, improperly disposes of, or improperly uses Commonwealth records may also be in breach of the Financial Management and Accountability Act 1997.
4.8 Sentencing is the process of associating a disposal action to corporate or personnel file-level records with a valid disposal authority. The disposal authority’s entry or class descriptions describe the transactions covered and the retention period for a file:
4.9 Disposal authorities will be implemented in Document Records Management System (DRMS) as disposal schedules. Disposal authorities enable disposal classes to be selected at record creation or at record closure.
4.10 Disposal authorities in Defence are based on the Defence Business Classification Scheme (DBCS), which documents the functional analysis of Defence and is Defence’s approved tool for classifying Defence files for disposal.
4.11 Assigning functional classification is the process of selecting and applying the appropriate function and activity in the DBCS to a file in the records management system.
4.12 Identifying disposal is determining the disposal status of a record (ie sentencing) in compliance with the implementation within Defence of NAA-approved disposal authorities. It is the range of procedures associated with implementing records retention, destruction or transfer decisions which are documented in disposal authorities or other instruments. ch4 note 2
4.13 Archiving and disposal actions are to be applied at the file level, and scheduled subject to appropriate review of sentencing on execution.
4.14 Wherever possible, applying the disposal class number and disposal date should be done when the file is first created, irrespective of whether the file is electronic, physical or mixed mode.
4.15 In accordance with NAA requirements, records must be reviewed before disposal. This is the responsibility of the business unit with custody of the records. A file must be reviewed when its retention period has elapsed. There may be three possible outcomes from the review. It may be decided that:
4.16 In the case of physical records, the file and all of its parts should usually be sentenced together. If individual parts have differing sentence periods, the longest sentence applies to the file in its entirety.
4.17 All sentencing decisions must be separately documented by creating a Control Record, if not implemented in the DRMS. Defence must be able to prove that any records that have been disposed of have been done so in accordance with the correct disposal authority.
4.18 Records may be sentenced using a RDA if routine and administrative records are of non-permanent value. Permanent value Defence core records covering procurement, combat, peacekeeping, operations, strategy, policy and technical matters should not be sentenced under legacy RDAs. They will require re-sentencing under current valid Records Authorities.
4.19 If records have already been sentenced for destruction before the issue of the AFDA in 2000, or new Defence Records Authorities, the sentences may remain and the records do not need to be re-sentenced. However, all records held by Defence which were sentenced for RNA and records required to be kept for more than 30 years (eg civilian personnel history files, and compensation case files) must be re-sentenced using functional Records Authorities.
4.20 Normal administrative practice allows for the destruction of certain types of records in the course of normal business. It allows Defence staff to dispose of low-value records as soon as they are no longer useful. This leads to better efficiency in the areas of storage. (For normal administrative practice guidelines see chapter 4, annex A.)
4.21 All business-related documents in any format, including email messages ch4 note 3 created using Australian Government systems must be managed in accordance with the Archives Act 1983. However, low-value business-related items are not captured in the DRMS or filed in physical files. These may be stored on Defence networks temporarily and deleted under normal administrative practice when they are no longer needed.
4.22 Normal administrative practice can also be used to destroy an entire file registered in the DRMS if the file:
4.23 For these files, a control record is required for the disposal process.
4.24 The NAA has formally advised Defence that national security classified records that have been registered on a Classified Document Register and/or incorporated into a file cannot be disposed of under the normal administrative practice provisions of the Archives Act 1983 (AA A92/0297 dated 21 July 1995).
4.25 Document and records categories eligible for destruction under normal administrative practice are listed in chapter 4, annex A.
4.26 All files which are created and have had records placed on them must be disposed of under the appropriate RDA. Files which have been created in error and have never had records placed on them can be cancelled and are eligible for destruction under normal administrative practice.
4.27 A disposal freeze is a ban on disposal action, which applies to certain groups of records as designated by the NAA.
4.28 A freeze may be imposed when a particular topic or event gains prominence or becomes controversial. After assessing the situation, the NAA may amend the relevant disposal authorities to prevent agencies from destroying significant records. Disposal freezes in force are published on the Directorate of Records Management Policy (DRMP) website .
4.29 Records that are subject to a disposal freeze can be sentenced but cannot be changed, destroyed or transferred until the NAA:
4.30 An embargo is an order prohibiting a particular activity.
4.31 Defence places an embargo on access to and/or disposal of particular subject matter due to impending policy changes, litigation (including court-issued discovery orders), public controversy or community interest. Embargos are an entirely internal matter and are subordinate to instructions from the NAA. An embargo may be implemented by a particular business unit or division, or may be Defence-wide. Embargos, like freezes, halt any disposal action that may be due until the embargo is lifted.
4.32 Any business unit that wishes to apply an embargo should notify the DRMP which will assess the request and may as part of its decision authorise the imposition of an embargo. Embargos in force are published on the DRMP website. A comprehensive procedure is being developed to identify and safeguard records covered by embargos and will be promulgated in the first revision of this Manual. All inquiries in the interim should be directed to DRMP.
4.33 The AWM is empowered by the Australian War Memorial Act 1980 to develop a collection of historical material relating to Australian service in wars and warlike operations. ‘Warlike operations’ includes all peacekeeping operations conducted by the Australian Defence Force (ADF) or its predecessors.
4.34 In discharging this function, the AWM has always been recognised as the custodian of certain records created by agencies of the ADF and its predecessors.
4.35 Defence records classed as RNA in this category must be transferred to the AWM, not the NAA, in accordance with procedures in the agreement guidelines published on the DRMP website.
4.36 Disposal is the implementation of the records sentence. Disposal can happen in three ways:
4.37 Transfers include removal of records from the custody of Defence—such as transfer to an external agency for long-term retention (ie the NAA or the AWM)—and change of custody within Defence. ch4 note 4 (For transfer policy see chapter 4—‘Keep, destroy or transfer’.)
4.38 Disposal of records can only be undertaken on records owned by Defence, in accordance with:
4.39 Non-Defence records in the custody of or on loan to Defence must not be destroyed without the authorisation of the owner. Records on loan must be returned to the owner:
4.40 Records must only be destroyed when the following requirements have been met:
4.41 Defence records, identified as ‘to be destroyed’, must always be destroyed in accordance with the electronic Defence Security Manual (eDSM). Destruction or transfer must always be authorised by the custodian. ch4 note 5
4.42 The control record for all destroyed records must indicate when, how, where and under what disposal authority/authorities the records were destroyed. Control records should be created by the business unit carrying out the disposal process, registered in the DRMS and a copy sent to DRMP for review before destruction (unless other arrangements have been made with DRMP). DRMP will keep a copy of the control record as RNA on behalf of the NAA. Control records should not be forwarded directly to the NAA.
4.43 Records relevant to a criminal investigation, pending or actual litigation, or the subject of discovery orders made by a court must not be destroyed for the duration of the legal process.
4.44 Records must not be destroyed if they are subject to a disposal freeze or an embargo.
4.45 Great care should be taken before undertaking large-scale destruction proposals where there is potential community sensitivity, in particular military personnel records, including unit history and case files. If in doubt, business units should consult DRMP.
4.46 Special considerations apply to the destruction of national security classified records (see paragraph 5.33 —Disposal, transfer and destruction of classified records).
4.47 For destruction of encrypted records created in online security processes, refer to the general disposal authority for encrypted records.
4.48 For destruction of mixed mode records, ensure the physical part is confirmed as destroyed prior to the electronic. Destroyed electronic records should include the entire contents, alternative renditions, markers, shortcuts and aliases, unless the destruction results in change to another record.
4.49 Business units are responsible for assessing destruction of their time-expired records in NAA custody. DRMP will notify business units and other stakeholders (eg the Directorate of Classified Archival Records Review, history units, Legal Service) of notification by the NAA of destruction of Defence records in their custody.
4.50 Destruction process must be authorised by custodian of records prior to destruction, in accordance with NAA guidelines.
4.51 The method of destruction of classified records must comply with the eDSM.
4.52 For altering records and moving documents between files see chapter 3—‘Create, capture and describe’.
4.53 Australian overseas posts and deployed units may have to increase retention periods of some of the disposal requirements to meet any statute of limitation periods in their host country. Similarly, normal operating instructions and procedures may have to be waived at times of hostile assault or potential security breach. At such times, personnel safety and security is paramount and records may have to be disposed of without recourse to disposal authorities. In summary, the records of the highest sensitivity should be destroyed first. Ideally, a record should be kept of what has been destroyed, although it is recognised that this may not be feasible in an emergency. The eDSM provides guidelines regarding the procedure to follow when an overseas post is under threat. Hardship posts or war zones should digitise their records if practicable as a security measure in case the post has to be evacuated.
4.54 Under normal operating environments, records may be sentenced and destroyed on site in compliance with Records Management policy and in-country requirements, if applicable. At overseas diplomatic posts, records disposal may be undertaken by the Department of Foreign Affairs and Trade.
4.55 In the AFDA, under some functions (equipment and stores, fleet management, information management, property management, publication and technology and telecommunications) the transfer of custody and ownership of Commonwealth records is directed in the disposal action. The AFDA authorises transfer of the records under section 24(2)(b) of the Archives Act 1983. Such transfers are subject to the record no longer being required for further Defence or Commonwealth purposes. If there are any doubts in relation to this requirement, copies should be made of the records before they are transferred.
4.56 Records regarding advice given to ministers should be closed after a change of Government, and should not be made available to incoming ministers if they are from a different political party.
4.57 Cabinet memoranda, discussion papers, minutes and related documents provided by Defence should be handled in accordance with Cabinet Handbook (http://www.pmc.gov.au/guidelines/ docs/cabinet_handbook.pdf ) and instructions from the Department of Prime Minister and Cabinet. The creation, retention and disposal of these records must comply with AFDA function, Government Relations Class 1345.
4.58 This includes the internal or external transfer of records in any format by transferring custody or ownership.
4.59 When records are transferred, the transfer must be reflected in and recorded by the DRMS or in compliance with recordkeeping metadata.
4.60 When a record is to be transferred, it is the custodian’s responsibility to verify that:
4.61 The system copies of electronic records transferred to another agency under a disposal class must only be destroyed after confirmation of successful transfer.
4.62 Control metadata must be retained in the DRMS for all records transferred as electronic exports, imports or physical transfer. For mixed mode (combined physical and electronic) records transfer, metadata for both formats must be confirmed and the links between the files checked prior to transfer.
4.63 Electronic records may be bulk or singly imported and exported from the DRMS using native format, common interface formats (eg XML and CSV) or in digital preservation formats (eg PDF or equivalent, or open or XENA formats).
4.64 Transfer of records to another Commonwealth agency. Transfer of custody of Defence records to another Commonwealth agency can occur through:
4.65 During a business unit’s day-to-day activities, it may be necessary to access records that are in the custody of another business unit. When these records are electronic, this can be accomplished without transfer of records using the search and retrieval facilities of the DRMS. However, sometimes it may involve an internal transfer of custody of those records, especially when the records are available in only hard copy form. Common examples of the need to make internal transfers of records include:
4.66 On occasions, the transfer may be of a more temporary nature when specific areas of Defence may need access to records to assess a particular case; for example:
4.67 When records are transferred internally, the location details must be changed on the DRMS to reflect the new internal custodian.
4.68 Internal transfer on return of overseas posting or deployment —home units should negotiate the transfer of records from the deployed location to the appropriate Defence records storage repository.
4.69 When records are to be transferred internally on a temporary basis:
4.70 When records are to transfer internally on a permanent basis, the losing business unit is required to:
4.71 The gaining business unit is required to:
4.72 Where the internal transfer of records utilises the DRMS, the losing business unit must change the location details to reflect the new internal custodian. If the transfer involves a different records management system, the losing business unit will need to coordinate the transfer ensuring that the appropriate custodian information is changed.
4.73 When units transfer to different geographic locations, the business owner of the record should undertake the following before relocating to another region:
4.74 Records sentenced as RNA under functional disposal authorities (Records Authorities) are transferred to the NAA as soon as administrative use has ceased, by arrangement with the NAA. Records sentenced as RNA under non-functional legacy RDAs cannot be transferred to the NAA. Records that are to be retained as national archives will only be accepted for transfer to the NAA if they are no longer encrypted. ch4 note 6
4.75 Transfers of physical records to the NAA are organised through the local Defence Support Group (DSG) repository. If DSG is unable to facilitate the transfer contact DRMP.
4.76 If a business unit has electronic RNA records that can be transferred, they must notify DRMP.
4.77 Because of their content, some Defence records are considered exempt from transfer to the NAA under section 29 of the Archives Act 1983. Business units that are required to house RNA records that are not to be transferred to the NAA because of their exemption status should refer to the NAA document that details storage facility criteria, and to the Archive Advices regarding the protection of particular record media.
4.78 The AWM is a legitimate custodian of Defence records, which are identified as historical material as defined in the Australian War Memorial Act 1980. Such records are usually of an operational nature. Under an administrative arrangement between the NAA, the AWM and Defence, records that relate to ‘warlike operations’ include:
4.79 These records should be transferred to the AWM rather than the NAA for longer term storage.
4.80 The transfer of Defence records to the AWM is currently subject to negotiation between the AWM, NAA and Defence case-by-case. All records transfer applications should be referred to DRMP.
4.81 When a business or operational function is transferred from Defence to another agency, the records associated with that function must also be transferred. Such a transfer constitutes a transfer in custody of the Commonwealth records. If a change in custody is appropriate, the usual protocol is for the custody of the records (current and RNA) to be transferred to the gaining organisation. If Defence then requires access to records held by the NAA, Defence, like all other Commonwealth agencies, must apply for official access through normal administrative processes provided by the Archives Act 1983.
4.82 Records that are transferred because of changes to Government administrative functions may have a continuing value to Defence. Defence can therefore seek special arrangements with the gaining organisation for continued access to RNA records held by the NAA. If this is necessary, Defence and the gaining organisation must negotiate these arrangements and provide a copy to the NAA. Such negotiations should be conducted through DRMP.
4.83 The losing agency must provide a list of all records supplied, and Defence staff must check all records received against these lists. All records must be recorded into the DRMS, retaining (where possible) the original record series for all records to ensure that the original context of the records will not be changed. The losing agency must provide all details of any records that may be held by the NAA or other service providers, including information about charges, contracts and outstanding debts for which Defence may become responsible.
4.84 The transfer of records outside the Commonwealth can occur through:
4.85 When records are transferred, the transfer must be reflected in and recorded by the DRMS. Any of these forms of transfer requires the authorisation of the NAA.
4.86 A transfer of custody is about records moving from the possession and responsibility of the Commonwealth to another organisation. In such a case, the Commonwealth retains intellectual and other property rights over the records, but an organisation outside the Commonwealth holds the physical records and is responsible for their security and integrity. A transfer of custody does not change the Commonwealth’s legal ownership of a record, it is still subject to Commonwealth law, such as the access and disposal provisions of the Archives Act 1983.
4.87 A transfer of ownership is about records leaving Commonwealth legal ownership. With a transfer of ownership, the Commonwealth relinquishes all its legal, physical and intellectual property rights over the records. The records are no longer subject to the Archives Act 1983 and other related legislation that protects the use of Commonwealth records. This may be appropriate when the Commonwealth and the Australian community as a whole have no further need for the records.
4.88 Where the Commonwealth makes an outright sale of property or plant, the resulting contract should include clauses dealing with the transfer of ownership of Commonwealth records pertaining to that property or plant.
4.89 Personal Security Files (PSFs) of Australian Public Service employees or contractors engaged by State, Territory or police services may be transferred to the employing body on request. Transfer includes custody and ownership in compliance with general record authority 2008/00174731—Transfer of Custody and ownership.
4.90 PSFs of Defence military personnel are not transferred.
4.91 When functions are outsourced, the ownership of the records that exist or that arise from the outsourcing activity and their continued control and management is not transferred from the Commonwealth. Refer to Records Issues for Outsourcing—General Disposal Authority 25 for more information on outsourcing disposal issues.
4.92 From March 2000, the NAA no longer accepted the transfer of ‘long-term temporary’ records. Those long-term temporary records that are currently stored with the NAA can remain in its custody. Business units may regain custody of long-term temporary records previously held by NAA if they choose to do so. If a business unit wishes to have these long-term temporary records transferred back to it, then it should contact DRMP in the first instance.
Annex A to
The following are examples of typical items that may be disposed of as soon as they are no longer needed under normal administrative practice.
5.1 Defence is obliged to keep records safe and accessible over time. Securing records includes assigning national security classifications, need-to-know and caveats, protecting records from unauthorised access and interference, putting plans in place to ensure business continuity and disaster recovery. Physical storage and preservation is about keeping physical records in accessible, controlled environmental conditions. Electronic storage and preservation is about ensuring accessibility and retrieval of records in compliant record management systems for their lifetime.
5.2 Securing Defence records involves applying national security classifications and caveats. Caveats are additions to the security classification of a document warning that special handling is required for security purposes. They provide a record with safeguards that ensure the confidentiality, integrity and availability of Defence information, regardless of format. This is in compliance with the electronic Defence Security Manual (eDSM) guidelines for classification.
5.3 Classified records are documents or objects assigned classification and caveat markings and managed in appropriately classified records management systems and registered in a Classified Document Register (CDR) in compliance with the eDSM.
5.4 Defence personnel must not attempt to access records for which they do not have an appropriate clearance.
5.5 Defence personnel have a duty to share information where and when required within security guidelines.
5.6 Aggregation can cause a security risk. Certain compilations of security classified information may require a higher classification than its component parts because the combination of the information creates a greater value and risk of compromise. This is known as an aggregation. The responsibility for an aggregation’s security classification rests with its business owner.
5.7 Business units must ensure national security classification is assigned to records as follows:
5.8 Internally generated records may have a National Security Classification (NSC) assigned.
5.9 Items that are received from external entities may include:
5.10 The NSC applicable to a record must be recorded during capture.
5.11 If a record collated on a file requires a change to the assigned NSC (upgrade or downgrade), then the business unit should arrange for the NSC of the file to be changed also.
5.12 NSC material should be regularly reviewed to ensure that the material maintains an appropriate NSC.
5.13 Business owners of TOP SECRET material should review the material every six months including that material transferred to Defence Support Group repositories. SECRET material should be reviewed annually.
5.14 Records and files originating from another Commonwealth agency cannot be reclassified without the approval of that agency.
5.15 Sometimes records and files received by Defence from an organisation other than another Commonwealth agency may have been given a security classification by that organisation. An example would be a job application or tender which has been marked CONFIDENTIAL. These records must be given a security classification in keeping with Defence security guidelines.
5.16 When an open period record is examined and determined not to be an exempt record in accordance with the Archives Act 1983, the security classification ceases to have effect for any purpose. However, the security classification on the original document must not be altered in any way. Wherever possible, all Retain as National Records (RNA) records should be declassified before being transferred to the National Archives of Australia (NAA) or Australian War Memorial (AWM), even if they are still in the closed-access period.
5.17 The declassification of records is to be recorded (in the metadata of a record in the Document Records Management System (DRMS), or on Form XC 21 —Downgrading or Declassification of Classified Documents for a physical record).
5.18 All records must be stored according to their security classifications in the DRMS (noting that DRMS is only endorsed to manage records up to RESTRICTED and Electronic Document Management System only endorsed to manage records up to SECRET). This applies to both electronic and physical records.
5.19 Defence personnel access to security classified records must be matched to their level of security clearance equivalent at the highest level of classified information to which they have access.
5.20 Appropriate authority is required for access where caveats, code words or special handling indicators apply, and have a justifiable need to access both the information and the system in which it is held.
5.21 When physical security classified records are not in use, they must be stored in the appropriate Security Construction and Equipment endorsed security container in compliance with the eDSM.
5.22 Removal of any classified record from a Defence premises, whether to another Defence location or a private residence, requires a signed authorisation (on a Form XC 19 —Permit to Remove Classified Matter ) from the business unit head, in order to provide an audit and accountability trail for the movement of classified records in compliance with the eDSM.
5.23 At the close of business each day, staff should take precautions to ensure that security classified records are protected from unauthorised access. A clear desk policy also ensures protection of classified records.
5.24 Lost or missing classified records must be registered in an investigation report and permission obtained to write them off.
5.25 Handling of classified physical records must be controlled. Security classified physical records should not be circulated uncovered or loose, and should be placed in an appropriate file cover that is clearly marked with the protective marking of the highest level of security classified information it holds. Under no circumstances is national security classified information to be placed on a non-national security file.
5.26 Documents classified CONFIDENTIAL or above must be registered in a CDR. TOP SECRET information sources are recorded in a separate CDR used only for TOP SECRET material. The CDR is classified according to actual content. The CDR, as a master control record of classified destruction is classed as RNA (Administrative Functions Disposal Authority (AFDA) entry 1490). Business units must ensure that the CDR is stored on an appropriate long-term (permanent) medium, and is captured as a unique record in its own right. Form XC 40 —Classified Document Register must be used to create a manual CDR.
5.27 The use of an electronic CDR is not consistent with security policy. In order to use an electronic CDR a dispensation from the Defence Security Authority (DSA) is required. Information on dispensations can be found at the following link: .
5.28 Musters and checks of classified records should be conducted by the business owner when there has been a significant change to the organisation or business unit and in accordance with requirements in the eDSM. This could include physical change of location or closure of the business unit. File muster ensure that:
5.29 Records captured in the DRMS must match classifications as shown in the following table.
|Record/File classification||Metadata classification|
|Up to and including RESTRICTED||UNCLASSIFIED|
|Up to and including SECRET||UNCLASSIFIED|
|Up to and including TOP SECRET||UNCLASSIFIED|
5.30 A file must inherit the classification level for the highest level of classification it contains.
5.31 The metadata relating to a record or file should always be UNCLASSIFIED regardless of the files contents.This enables searching across the system.
5.32 When managing classified documents during operations (including deployment), exercises and trials, custodians must ensure:
5.33 Disposal of records with a classification higher than CONFIDENTIAL must be registered on a CDR.
5.34 Classified documents should always be registered in classified files. These files must be disposed of under disposal authorities or normal administrative practice and in compliance with security provisions in the eDSM.
5.35 Where possible, deployed units should take classified information to an Australian controlled area, such as an Australian Embassy or High Commission, for destruction.
5.36 If there is a need to destroy information due to the risk of uninvited entry of unfriendly forces, the unit’s Unit Security Officer is responsible for preparing a plan for emergency destruction of classified documents in accordance with the eDSM. This plan must:
5.37 If the records are to be destroyed:
5.38 Care must be taken during the processes of transfer and destruction of classified files and records that the classified material is only dealt with by those who hold the appropriate security clearance.
5.39 Where possible, records should be declassified before transfer. However, when classified records need to be transferred to the NAA, other agencies, service providers, or from one business or operational unit to another, they must be transported in accordance with the eDSM.
5.40 Security classified material must only be reproduced when it is strictly necessary to do so to meet operational requirements, and permission from the business owner must be sought.
5.41 Each copy made of a document classified CONFIDENTIAL and above must be recorded in the CDR, cross-referenced to the original record’s registration, and marked with the relevant serial number and notations.
5.42 Copying of classified records is permissible under the following conditions:
5.43 Loss of records disrupts business, as information about decisions and outcomes is no longer available. The responsibility for the safe guardianship of Defence records falls on the custodian of the record. Business continuity plans list the actions to be taken in the event of a disaster.
5.44 In accordance with NAA policy and Australian Standards International Organisation for Standardisation (AS ISO) 15489.2 —Record Management—Guidelines, business units must comply with disaster preparedness plans for the records held, either as a distinct set of guidelines or as part of the business unit’s business or agency level disaster recovery plan.
5.45 From the broadest perspective Defence has determined that the risk associated with not having full and accurate records is high and warrants the cost associated with storing and administering those records.
5.46 Defence business units should put in place group or agency planning and contingency measures to ensure that records which are vital to the continued functioning of Defence are identified as part of the risk analysis, protected, and made accessible when needed. The assessment should be repeated periodically and the risk management plan reviewed accordingly. ch5 note 1
5.47 Defence recordkeeping risk management must be conducted in accordance with the Defence Risk Management Policy and Procedures. The most important risks to assess are those that threaten to interrupt business continuity; compromise Defence capability; and/or expose Defence to litigation or cause Defence to be in breach of records management regulations.
5.48 There is a high risk that poor records management will lead to compromised records and increase the likelihood that:
5.49 Defence Legal Division can provide guidance on these risks.
5.50 These are records critical to continuing business operations. Business continuity actions should refer explicitly to any vital documents and records that are essential to enable business operations to continue effectively. This plan should identify a range of vital Defence records and plans for how they will be protected, and should include a plan of action for recovering any lost information.
5.51 The plan of action must enable vital records to be identified, maintained, retrievable and managed in the DRMS. Vital records are usually also retained as national archives; that is, they are to be kept indefinitely. Vital records include significant policy documents; records of significant decisions (including Cabinet decisions, documents on major events or public issues) and items of research value (such as historical or public interest). All operational and wartime records created by Defence are RNA and kept at the NAA or the AWM.
5.52 Categories of vital records are defined as RNA records in the AFDA and Defence-specific Records Authorities.
5.53 The decision to capture a record implies an intention to store it (whether electronically or physically). Appropriate storage conditions ensure that records are protected, accessible and managed in a cost-effective manner. The purpose served by the record, its form, its use and its value will dictate the nature of the storage facility and services required to manage the record for as long as the record needs to be preserved. ch5 note 2
5.54 All Defence records must be stored in a manner that ensures their retrieval and accessibility, and provides national security classification, need-to-know and appropriate environmental protection (as indicated by NAA storage standards and guidelines ch5 note 3 ).
5.55 To ensure ongoing accessibility, stored records should:
5.56 Business units must consider the following when deciding on storage options:
5.57 The determining factors when deciding storage solutions are frequency of access and immediacy of access. For physical files (corporate etc), the size of a file or file part is limited by physical restrictions. For electronic files (corporate etc), size is limited only by electronic storage constraints and access.
5.58 Because of their content, some Defence records are considered exempt from transfer to the NAA under section 29 of the Archives Act 1983. Business units that are required to store RNA records that are not to be transferred to the NAA because of their exemption status must comply with the NAA storage standard.
5.59 Information and Communication Technology (ICT) system administrators must ensure that any records management system repository (and its audit trails, metadata etc) or storage device is appropriately protected and backed up.
5.60 Electronic records must be stored in the DRMS. In the electronic environment, the processes of ‘capture’ and ‘registration’ are integrated in the process of storing records in the records management system. ch5 note 4
5.61 Defence active (current business) electronic records originally created (not scanned copies) in the DRMS, may be managed in propriety formats (eg Microsoft Word and Microsoft Excel) until they become inactive, are closed and converted to a format for long-term preservation.
5.62 Defence records (irrespective of format) stored in shared drives, personal drives, email folders, local applications, cabinets, workstations and on backup disks or drives are not compliant with Defence’s recordkeeping obligations. This business information remains non-compliant until it is registered as a record, ie placed on a file.
5.63 These drives and locations do not capture sufficient metadata to meet the legal recordkeeping retention and disposal requirements, and do not allow records to be widely searchable or accessible. They are not accessible to all who need them, are not authenticated and are not secure from alteration or deletion.
5.64 Electronic records are to remain accessible and retrievable until they are appropriately disposed of. Records that are not yet due for disposal must be maintained either online or near-line (including a put away volume of media) depending on the storage requirements of the DRMS.
5.65 Electronic records should be regularly backed up to avoid data loss and the storage location for backup copies should be physically separate from that of the original records. Defence Business Information Systems not currently approved as records management compliant that house records (such as PMKeyS, ROMAN, Electronic Warfare systems, email, SharePoint instances and combat/control systems) should ensure that appropriate system backup regimes are in place to ensure the day-to-day accessibility, retrieval and integrity of records.
5.66 A digital media muster may be held by a business unit to determine the amount of unused and excess digital media. These musters are usually run Defence-wide. It is crucial that each record on the located media is reviewed and sentenced for disposal either under Normal administrative practice or the relevant Records Disposal Authorities.
5.67 Records organised in folders in the DRMS must also be registered against a file. Folders of records may also be migrated to or converted into registered files.
5.68 Folders of documents not in a corporate file are not compliant with Defence’s recordkeeping obligations. This business information remains non-compliant until it is registered as a record, ie placed on a registered file.
5.69 Folder of records must be converted to registered files as soon as practical. All folders of registered files, eg temporary transition repositories, files for destruction etc must be assigned to a business owner, workgroup, or system administrator. Folders do not capture sufficient metadata to meet the legal recordkeeping requirements.
5.70 Defence manages encrypted data in information and Defence formal messaging systems that must be stored as records.
5.71 In compliance with records management principles and NAA requirements, records must be unencrypted for storage and continuing access and retrieval. ch5 note 5
5.72 Records that are to be retained as national archives will only be accepted by the NAA in an unencrypted state.
5.73 To store and manage encrypted records in the DRMS, the records must be converted to an unencrypted state. If it is necessary that records remain encrypted, business units must develop a business case and submit it to Directorate of Records Management Policy.
5.74 Records should be captured or created in unencrypted form where possible.
5.75 Encrypted records created in online security processes which are not retained do not require decryption.
5.76 The NAA does not endorse the use of technologies that place restrictions on electronic messages that impede corporate recordkeeping practices. Digital Rights Management is an information protection technology that allows users to place additional restrictions on who can view, print, forward or copy emails or messages.
5.77 These restrictions can include the automated self-deletion of email, ie the sender of an email can stipulate the lifespan of a message and force the deletion of the message from the system at a predetermined time. Automatic deletion of messages in this manner may constitute unauthorised disposal.
5.78 Records that contain embedded digital rights management protections should have all rights protections controls removed from them before they are stored as records in the DRMS.
5.79 Data migration or bulk capture can result from:
5.80 When a business unit is introducing a new, changed or upgraded system, the migration of records should form part of the system implementation plans.
5.81 Migration in this context means the transfer of the authentic and full record, including contextual information (metadata) between access/recording systems. Migration must be done in a regulated and planned manner to ensure authenticity, accessibility and retrieval of the records. Bulk imports include:
5.82 It is best practice to sentence records before they are moved.
5.83 To accommodate legislative requirements for longevity of Defence records, it is advised that system owners ensure that they can implement backward compatibility for at least two versions.
5.84 When the DRMS is implemented, the following should be migrated to the new system from any existing system(s):
5.85 In all cases, it is essential that the information be migrated in a way that preserves the integrity and authenticity of the above, and also their organisation into files (corporate etc) and other aggregations.
5.86 Legacy records exist in manual and computer systems applications which have become obsolete. These legacy records must be migrated to or captured into the DRMS to ensure the records are reliable and accessible in the future.
5.87 Physical records must be:
5.88 Storage of Defence physical records falls into four groups:
5.89 Records should be stored in controlled environmental conditions according to NAA guidelines and conserved to ensure their survival for the time period over which they are expected to be retained.
5.90 Records that are critical for business continuity (ie vital records) may require additional methods of protection, conservation and duplication to ensure accessibility in the event of a disaster. ch5 note 6
5.91 In accordance with NAA advices, media storage and preservation should comply with the following storage principles and minimum standards: ch5 note 7
5.92 Any record not required in physical form for legal or business reasons can be scanned into the form of a digital image and managed in compliance with electronic storage as an electronic record and the original destroyed under the appropriate disposal authority. ch5 note 8
5.93 At times it may be more cost-effective to use an external storage provider. Any such facility (like those owned by Defence) must comply with NAA policy and AS ISO 15489.1 storage criteria and offer a service-level agreement. (For more information see chapter 4—‘Keep, destroy or transfer’.)
5.94 Storage in Defence repositories should be undertaken in compliance with NAA policy and AS ISO 15489.1 ch5 note 9 storage criteria. The records must be closed and registered in the DRMS.
5.95 To ensure that media format remain reliable and accessible for long periods, records must be stored:
5.96 Strategies to guard against format obsolescence in Defence must be promulgated and monitored throughout Defence. ch5 note 12 This must include ch5 note 13 the development and maintenance of adequate business continuity plans for digital records to prevent, prepare for, and recover from a disaster, in compliance with Defence ICT policy.
5.97 Digital storage devices on which records are stored online, offline, or near-line should be maintained and stored in suitable physical surroundings. Records should be periodically transferred from obsolete or ageing storage devices to suitable replacements.
5.98 Procedures must be introduced at all electronic repositories to periodically inspect media storage conditions and the reliability of digital storage devices.
5.99 Some large-scale storage systems are able to check media automatically and continuously for errors caused by media degradation, using either bespoke application software or system software features. If the risk of loss of data in a collection of records is totally unacceptable, application of one of these techniques should be considered.
5.100 Long-term preservation of magnetic and optical media for continuous accessibility and readability requires regular copying or data migration, eg magnetic to CD–ROM, and optical to write-once-read-many or new formats as developed.
5.101 Military operational records may be electronic or physical.
5.102 Where possible, records should be stored with the same methods as used by home units.
5.103 All records should be managed in the DRMS where possible. Records should not be stored on separate DVDs or shared drives.
5.104 Digital or electronic record preservation ensures long-term accessibility and readability of active (open) and inactive (closed) electronic records. It addresses both ongoing access to electronic records that are kept online, and long-term preservation of offline records (physical media and electronic).
5.105 All business units must ensure long-term accessibility and readability of their electronic records in any Defence Business Information Systems. Electronic records should be migrated to and managed in the DRMS.
5.106 The management of long-term electronic records in non-Records Management (RM) compliant Defence Business Information System must comply with Defence ICT policy and address the following risks:
5.107 For storage requirements for magnetic, optical, digital and physical records (see chapter 5)
5.108 Defence active (current business) electronic record documents created by scanning or copying from hard copy documents should be converted to or created in searchable PDF or equivalent eXtensible Mark-up Language (XML) open preservation format such as ‘docx’ and have the appropriate metadata attached. This specifically applies to records for long-term active use (eg personnel record documents). These records should be managed in the DRMS.
5.109 Defence inactive (closed and sentenced for long-term preservation) electronic records managed in the DRMS, may be converted to searchable PDF or equivalent XML open preservation format using the XML Electronic Normalising for Archives (XENA) tool. XENA is a piece of software developed by the NAA to aid in the long-term preservation of digital records. It performs two tasks, detecting the file formats of digital objects and converting digital objects into the open fully documented formats used for archival preservation by the NAA.
5.110 The open format standard complies with Defence ICT policies where it includes a portfolio-level policy on long-term accessibility and readability of electronic records.
Annex A to
Portable Document Format/Archive (PDF/A) Standard: The Australian Standard, International Organisation for Standardisation 19005–1— Document management—Electronic document file format for long-term preservation—part 1: Use of PDF (PDF/A–1), October 2005.
PDF/A is an electronic file format for long-term preservation. The primary purpose of the standard is to define a format based on PDF that provides a mechanism for representing electronic documents in a manner that preserves their visual appearance over time, independent of the tools and systems used for creating, storing or rendering the files. A secondary purpose of the standard is to provide a framework for representing the logical structure and other semantic information of electronic documents within conforming files.
PDF/A is a constrained form of Adobe PDF version 1.4 specifically for long-term preservation of page-oriented documents for which PDF is already being used in practice. The standard was developed by an International Organisation for Standardisation (ISO) working group with representatives from Government, industry and academia, and active support from Adobe Systems Incorporated.
PDF/A attempts to maximise device independence, self-containment and self-documentation.
Constraints include the following:
Although further versions of PDF/A are under development (version 2, pr PDF/A–2), ISO agrees that this first version of PDF/A will never be withdrawn as an international standard, thus increasing confidence in its long-term durability.
PDF storage format is recommended for text, graphics or colour documents, as when scanning it is a requirement to create an exact image. TIFF storage format is recommended for black and white images (invoices, forms etc). It also requires less storage than PDF. PDF and TIFF are included in the main supported formats by the National Archives of Australia for long-term digital preservation.
Open converted files with
||Retain in original format||Ensure file extension is correct.||Should be viewable in basic Windows environment:
|PCX (.pcx)||Convert to TIFF (.tif)||
||Should be viewable in basic Windows environment, as above.|
|MacPaint image (.mac)||Convert to TIFF (.tif)||
||Should be viewable in basic Windows environment, as above.|
|Encapsulated PostScript (.eps)||Adobe Portable Document Format (.pdf)||
||Adobe Acrobat Reader.|
||Should be viewable in basic Windows environment, as above.|
|Other vector formats
||Adobe Portable Document Format (.pdf)||
||Adobe Acrobat Reader.|
||Should be viewable in basic Windows environment, as above.|
The following TIFF image with annotation is records management compliant in Document Records Management Systems, provided the operator makes a file note about the change and manually saves it, or the associated metadata is automatically updated.
6.1 Access is the right of public access to Defence records. Access control provisions refers to the policy by which Defence will enable access by Defence personnel, contractors, the public, and State, Territory or Commonwealth Government agencies or authorities. The policy on access to Defence records will allow the public under certain conditions access to:
6.3 The following Commonwealth legislation provides specific rights of access to Commonwealth records.
6.4 Members of the public are entitled to access to a document of an agency or an official document of a Minister, subject only to the exemptions and exceptions provided for in the FOI Act, and to the settlement of any application fees and charges. A person who claims that a document of an agency or an official document of a Minister to which the person has had lawful access contains personal information about that person that is incomplete, incorrect, out of date or misleading and that has been used, is being used or is available for use by the agency or by the Minister for an administrative purpose, may apply under the FOI Act to have the record of such information amended or annotated.
6.5 The Archives Act 1983 imposes an obligation on the NAA to make available public access to the Commonwealth record which is in the care of the Archives or in the custody of a Commonwealth institution in the ‘open access period’ unless the record is exempt from such release by a provision in the Act.
6.6 Subsection 3(7) of the Archives Act 1983 provides that a record is in the open access period if 30 years have elapsed since 31 December in the year in which the record came into existence.
6.7 The Archives Act 1983 and associated regulations also provide for:
6.8 Several other legislative instruments allow other agencies access to records held by Defence. Access through these statutory means is normally effected through the administrative functioning of a Commonwealth, State or Territory agency and is consistent with the provisions in the Archives Act 1983 and the FOI Act that provide for disclosure of records otherwise than as required by those Acts. However, there are other laws relating to the disclosure or publication of information. Secrecy provisions in other legislation may also apply. (For more information on relevant legislation, see Legislative obligations.)
6.9 Defence will assess and make a decision to grant or refuse all requests for access to its records which are properly lodged in accordance with the relevant governing legislation. Applicants shall be notified of decisions made in relation to requests for access to Defence records:
6.10 Where a request by a member of the public is made to the NAA for an open period personnel record (30 years old) that is still in Defence custody, the record is to be transferred to the NAA by the recordkeeper for the NAA to make the access decision. If the request is made direct to Defence and a decision to refuse access is made, the applicant should be advised that they can apply for the record under the Archives Act 1983 through the NAA.
6.11 Personnel records may be disclosed through the FOI Act, sections 15A. Section 15A defines ‘Personnel records’ as ‘documents containing personal information about an employee or former employee of an agency that are, or have been, kept by the agency for personnel management purposes’. In Defence, the terms ‘employee’ and ‘former employee’ include current and former civilian and Australian Defence Force (ADF) personnel.
6.12 Section 15A of the FOI Act provides that requests for personnel records of employees or former employees should first be made through procedures which have been established within the agency for this purpose. FOI should not be used for the first request in this case.
6.13 If the applicant is not satisfied with the outcome of the request, or is not notified of the outcome within 30-calendar days of making the request, they can apply for them through the FOI Act.
6.14 Serving and ex-serving members of the ADF and current and former civilian employees of Defence wishing to have access to their personnel records should apply directly to the office that has custody of the records. If such a request is made through the FOI Act it will be referred to the relevant office for consideration outside the FOI Act unless the conditions for having the request dealt with have been satisfied.
6.15 The Directorate of Freedom of Information (DFOI) is responsible for administering requests made by members of the public for access to Defence documents under the provisions of the FOI Act. DFOI is also responsible for developing policy and procedures regarding FOI matters within Defence. For detailed information regarding policy and procedure for FOI requests, refer to DFOI.
6.16 The public may apply to the NAA to obtain access to Commonwealth records (other than exempt records), where 30 years have elapsed since the record was created. In accordance with the Archives Act 1983 sections 33 and 40, and on behalf of Defence, DCARR is responsible for reviewing all Defence and Defence-related archival records that may have continuing sensitivity.
6.17 For details regarding the administration and processing procedures for requests administered by DCARR, refer to Defence Instruction (General) (DI(G)) ADMIN 27–2 —Access to Defence and Defence-related archival records under the Archives Act 1983.
6.18 DCARR is responsible for reviewing all requested records that contain any of the above material, and providing advice to the NAA as to whether or not the record should be disclosed.
6.19 DRMP should be notified for all requests for access to Defence records that are made under the provisions of the Archives Act 1983 but that do not meet the conditions for administration by DCARR.
6.20 Accelerated access (Archives Act 1983 section 56) occurs when a class of records are examined to determine if they can be released to the public within the 30-year period since the record was created.
6.21 The NAA should be consulted if there is a requirement to conduct an accelerated access program for a class of Defence records.
6.22 DCARR is responsible for facilitating Ministerial authorisation of public access to Commonwealth records not in the open access period in accordance with arrangements approved by the Prime Minister under the Archives Act 1983.
6.23 Disclosure of a record in response to a request under section 40 of the Archives Act 1983 is disclosure to the public at large. The identity of the person requesting access is not a relevant consideration in deciding whether or not to disclose a record. However, a person can opt to use the Archives Act 1983 if the record has come into the open period.
6.24 Third-party access to records in the custody of the NAA containing information about individuals is treated in the same manner as all other records (Archives Act 1983 sections 33(1)(g) and 58) and the applicant should be directed to apply using the FOI Act for records not yet in the open access period and the Archives Act 1983 for open access period records.
6.25 Defence advice will be sought by the NAA for public access requests received by the NAA for closed period records held in its custody. A Service Chief or Defence Group Head with functional responsibility for a class of records can authorise release of records outside the provisions of the FOI Act and Archives Act 1983 see paragraph 6.54.
6.26 This is where a member of the public accesses records under official directive. The FOI Act and other legislation allow external access to Defence records in records management systems.
6.27 The Department of Veterans’ Affairs (DVA) request access to health and/or particulars of service information pertaining to serving and discharged members of the ADF from Defence to determine claims for compensation and entitlements by these members. A Service Level Agreement (SLA) was signed in December 2007 by Defence and in January 2008 by DVA defining the responsibilities and performance standards for Defence and DVA relating to the provision of ADF serving and ex-serving member information to DVA.
6.28 The release of this information from Defence to DVA is governed by:
6.29 The type of information disclosed to DVA is determined by what Act the member has made the claim under:
6.30 The establishment of the DVA Single Access Mechanism (SAM) and the Defence SAM was one of the deliverables of the SLA for the Provision of Health Records and/or Particulars of Service of Serving and Ex-serving Members; and provides a single point of access for the transfer of records between the departments. DVA requires these records under legislation to enable them to determine if a member is entitled to make a claim for compensation.
6.31 All requests to Defence from DVA must come through the DVA SAM. The DVA SAM submits requests for information on an official PDF DocTracker form. This form quotes the relevant legislation that binds Defence to respond to the request. Defence personnel who receive this request must ensure they are entitled to respond to the request:
6.32 If they are not the business owner of the record or can not locate the record, they must inform DVA as soon as practical.
6.33 The Defence SAM sits within the Directorate of Mail and Records Management and performs the following services:
6.34 DRMP, in consultation with the relevant Defence work group with the functional responsibility for the information within the record, will grant and authorise the Defence repository to allow the researcher access to specific material.
6.35 DRMP will authorise the NAA/AWM official access forms for individual researchers for each DVA request.
6.36 If the DVA contracted researcher requires access to information through an interview process with a current Defence employee, the information required will need to be:
6.37 DRMP will advise the Defence employee and DVA (through the Defence SAM) if approval is granted for the DVA contracted researcher to approach the Defence employee for an interview.
6.38 DRMP is responsible for approving access to contracted researchers and sponsoring applications for security clearances through the Defence Security Authority.
6.39 Expunging is removing (blacking out) exempt information from a copy of a record in order to make the remainder of the record available for public access. The expunged data is quarantined and has a caveat added. It should not be destroyed. Normally, exemption is applied by the NAA for Retain as National Archives (RNA) records (permanent records in their custody), but is also applied by agencies for long-term records in their custody.
6.40 Expunged or exempt information includes:
6.41 After 30 years, the file or envelope will be reassessed by the NAA.
6.42 Under the Archives Act 1983, all records are available for public access after 30 years unless they contain information in exemption categories under section 33 of the Act. The NAA applies the policy that most personal information has lost sensitivity after 30 years, but some may require exemption for at least the lifetime of the individual (eg medical histories or details of personal relationships).
6.43 Exempt information is sensitive information which may be withheld from public access beyond 30 years.
6.44 Access to records in the closed period (under 30 years of age) is subject to internal Defence ‘need-to-know’ provisions, in accordance with the eDSM and privacy provisions.
6.45 For digital records, including audio and video, the creation of an extract must be noted in the metadata of the original digital record, indicating the date, time, creator and reason for creation of the extract, and registered as a linked record in its own right, in accordance with NAA Electronic Records Management System guidelines.
6.46 For hard copy records, the creation of the extract may be managed electronically and copied physically to the hard copy record if required.
6.47 Official access (Archives Act 1983 section 30) authorises a person to have access to records of a Commonwealth agency for a purpose supported by an agency. This might be access to facilitate the needs of day-to-day business, internal investigations into past events, discovery exercises in relation to litigation, research projects, or to assist agency inquiries (See also paragraph 6.68).
6.48 DCARR manages requests for access to Defence records held at the NAA or AWM. See DI(G) ADMIN 27–2.
6.49 Forms for official access to records held by the NAA or the AWM are available from DCARR (firstname.lastname@example.org).
6.50 Requests for official access to records still held in the ADF or the department is the responsibility of the workgroup who manages the records or DRMP.
6.51 Requests for access to Defence records that are made under the provisions of the Archives Act 1983 but that do not meet the conditions for administration by DCARR are to be notified to DRMP. These requests can apply to open and closed period records.
6.52 RNA records held by the NAA but required by a member of Defence for official purposes may be accessible in the following circumstances:
6.53 Defence Support Group coordinates the borrowing of Defence RNA records from the NAA.
6.54 Section 58 of the Archives Act 1983 and FOI Act section 14 provide that nothing in the Archives Act 1983 prevents a person from publishing or otherwise giving access to records (including exempt records) otherwise than in pursuance of the Archives Act 1983 where they can properly do so or is required by law to do so. This would allow any person, including ministers and agencies to release records otherwise than as required by the Act, where they may properly do so or are required by law to do so.
6.55 This form of access is granted through normal administrative channels and may be subject to conditions and attract charges. However, where access to records is given otherwise than in pursuance of the Archives Act 1983, the specific immunities in section 57 of the Archives Act 1983 against legal action for defamation, breach of confidence or infringement of copyright and criminal prosecution will not apply.
6.56 Decisions on discretionary access can not be appealed under the review process provided for in the Archives Act 1983.
6.57 Service Chiefs and Group Heads with functional responsibility for the records are responsible for approving discretionary access.
6.58 The NAA in limited circumstances, may approve discretionary access, without consulting Defence, where the record is in the open period and the information is personal information that relates directly to the applicant.
6.59 DRMP is responsible for approving requests for access for the performance of a normal business or operational function of another Commonwealth agency.
6.60 Access (other than through the NAA) is normally managed through the administrative functioning of a Commonwealth or State agency and is enabled through section 58 of the Archives Act 1983.
6.61 If Defence requires access to records originated by Defence but now in the custody of another agency because of a change in functional responsibilities, there are two access options:
6.62 Section 28 of the Archives Act 1983 entitles the NAA to full and free access, at all reasonable times, to all Commonwealth records in the custody of Defence, not just to RNA records.
6.63 Section 29 of the Archives Act 1983 allows Defence to determine that certain Defence records should not be transferred to, or be accessed by, the NAA. The concurrence of the Director General National Archives of Australia is required unless the Minister or the head of an intelligence agency has made the determination.
6.64 When the record is in the open period, NAA staff with appropriate security clearances will be entitled to access on Defence premises.
6.65 A determination under section 29 that the record should not be transferred to the NAA does not prevent the public from requesting access to an open period record. If access is subsequently denied, the applicant will be entitled to appeal the access decision.
6.66 The Directorate of Litigation (DLIT) is the access authority if a discovery order or subpoena is received. Access to records is managed by DLIT in consultation with DRMP and DRMS. Business units must notify DRMP and DLIT on receipt or notification of discovery orders or subpoenas.
6.67 Discovery orders or subpoenas can apply to all information in a Government system, including personal data, documents and records.
6.68 The Prime Minister has set in place arrangements for special access to closed period records to be granted to a limited group of people. Those eligible to apply for special access are:
6.69 DCARR manages special access requests for Defence records. The Minister, the Secretary or Deputy Secretary Strategy approves special access for Defence records. The heads of Defence statutory authorities approve special access to records of their agencies.
6.70 Access to Defence records in the closed period is provided for all Defence business units, subject to the provisions of ‘need-to-know’, security requirements and the Privacy Act 1988 (refer to the eDSM for detailed security access requirements).
6.71 Access privileges applicable to a record must be identified when it is created. One of the key access privileges must be the national security classification of the file. Custodians will be responsible for ensuring that the appropriate access controls are applied to allow all Defence personnel with appropriate security clearances to see them.
6.72 DRMS provide timely and efficient access to, and retrieval of, records needed in the continuing conduct of business. This is strictly in accordance with the access privileges of the record and satisfies related accountability requirements.
6.73 Access controls and audit trails must be provided and maintained to monitor all authorised access and any unauthorised access to, alteration or destruction of records or their metadata.
6.74 Access to physical records may require the physical transfer of records between the two business units, in which case an internal transfer of custody will occur. These transfers must be recorded in the DRMS.
|Requestor||Record age||Record type||Access authority||Legislation|
|Public||From 01 December 1977||Any— document of agency or ‘official document of Minister’||DFOI registers FOI request; the relevant business unit determines access||FOI Act|
|Public||Less than 30 years||Any||The relevant business unit determines access||Privacy Act 1988|
|Defence||Any||Any||Relevant business unit if the records are still with Defence||Discretionary Archives Act 1983 (section 30) and other relevant legislation|
|More than 30 years||Any||NAA||Archives Act 1983
Public Access (section 40)
Official Access (section 58)
Records available to Commonwealth institutions (section 30)
|Department of Veterans’ Affairs (DVA)||All records||Any||Relevant business unit, Defence repositories, DRMP depending on the type of record requested DRMP assists the relevant business unit to negotiate access arrangements where the record is held in Defence, and can provide advice regarding records management policy. Defence Legal can provide advice on access to Defence records||Archives Act 1983, Veterans’ Entitlements Act 1986, MRC Act and SRC Act and other Acts in DVA/Defence SLA|
|All records||Any||DLIT if a discovery order or subpoena is received||Not applicable|
|Current or ex-employee||Less than 30 years||Personnel||Relevant business unit for current or ex-employee||FOI Act and Privacy Act 1988|