CSU RECORDS MANAGEMENT PROGRAM

helplessweedElectronics - Devices

Nov 15, 2013 (3 years and 9 months ago)

62 views




Records Management Compliance Unit

2011

Page
1

of
19

Division of Information Technology


Enterprise Architecture & Liaison

CSU RECORDS MANAGEMENT PROGRAM

RECORDS MANAGEMENT SELF
-
ASSESSMENT TOOL
1


INTRODUCTION

Purpose
:

The purpose of
self
-
assessment

i
s to measure how well
your business unit is
managing
its

records
and t
o identify areas for improvement

which can feed into
your
Records Management Plan.
Additionally, it assists
the
University Records
Manager
to identifying
common areas for improvement
which can be used to develop
strategies
to
help improve rec
ords management practices

on a University
-
wide basis.

Responsibility
:
B
usiness
u
nits are
r
equired to complete
this
self
-
assessment
in line with the
s
elf
-
a
ssessment
s
chedule
, and incorporate any identified areas for improvement into their Records
Managemen
t Plan.


INSTRUCTIONS

Step 1
:

Complete this coversheet.

Step 2
:

Respond to the questions in the following sections. Answers must accurately reflect the situation
in
you
r

business unit. This will help identify

what is being done well and
areas for
improvement.

Complete all questions.
N/A

options are only available for some questions
.

Step 3
:

Your response to a question may indicate that action is required.
Remedial
action
should be fed
into your Records Management Plan
.
Proposed r
emedial actions are

listed

as part of each
question and
further
advice on suitable
actions can also be sought from
the
University Records

Manager
.

Step 4
:

A copy of the completed assessment is to be emailed to
the
University Records
Manager
for
their information

(
smcmenamin@csu.edu.au
).


BUSINESS UNIT DETAIL
S

Date

of s
elf
-
as
sessment


Name of business u
nit


Name of Faculty (if applicable)


In completing
and lodging
this assessment, the business unit acknowledges that
the assessment
is an accurate reflection of the records management practices in their business unit

Head of Area

Name:


Ext:


Details of person completing
the self
-
assessment

Name:


Ext:


Email:


Position:






1

Reproduced and adapted f or CSU with permission of University of Technology, Sydney


Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
2

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

1

Responsibilities and Delegations

1.1

All staff must be aware of their
responsibilities to manage
records, your recordkeeping
system and recordkeeping
procedures, including how to
create and manage files, and
retention and destruction
responsibilities.

Are ALL staff within your
business unit
aware of their
recordkeeping
responsibilities, your
recordkeeping system, and
records procedures?


Yes


No

(
a
ction required)

-

Brief staff in local staff meetings and remind
them of their responsibilities.

-

Ensure all new staff
are advised of their
records management responsibilities
.

-

Include records management requirements in
local procedures.

-

Requirements for staff awareness needs to
be included in the Communication Plan
component of your business unit’s Re
cords
Management Plan (see section 2).

1.2

Records management
responsibilities need to be formally
assigned

to
staff

to ensure records
activities are undertaken.

Have your
staff

been formally
delegated records
responsibilities?


Yes


No (action required)

-

Include delegations in the Work Plans or
PD’s of
staff
.

1.3

Business units
are required to
review
staff

responsibilities

and
provide details of training
as part
of this self
-
assessment.

Complete Section A of Attachment One.





Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
3

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

2.

Planning

2.1

All business units must
develop a
Records Management Plan (or be
covered by a broader Plan at a
Faculty or Unit level). This plan
includes:

-

areas for improvement
identified in self
-
assessments
and risk assessments.

-

regular

actions such as
archiving, destruction, training,
and self
-
assessment.

-

new records management
projects
.

Does your business unit
have a
CURRENT

Records
Management Plan?


Yes


No (action required)

-

Create a Records Management Plan by
completing this Self
-
assessment Tool and the
Records Storage Risk Assessment Tool (see
also section 6).

-

Remedial actions

included in these tools and
the
Records Management Plan template

can
assist in the development of your Records
Management Plan.

2.2

To ensure staff awareness of their
recordkeeping responsibilities,
business units must include a
Communication Plan as part of
their business unit’s Records
Management Plan. This will detail
strategies for communicating
requirements to staff and
maintainin
g their awareness.

Does your business unit
have a
CURRENT

Communication Plan for
records management, either
separate or as part of your
Records Management Plan?


Yes


No (action required)

-

Include a Communications Plan as part
o
f
your Records Management Plan (see section
2.1).

-

The
University’s
Records Management Plan
template

can assist in the development of
your Records Management Plan.

2.3

Business units
are required to
identify records that relate to their
business processes and provide a
summary as part of this self
-
assessment.

C
omplete Section B of Attachment One.




Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
4

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

3

Creation of

Corporate

Files


**
Note: network / shared drives and email accounts are NOT compliant recordkeeping systems.


Please enter name of
system/s used by your business unit:

________________________________
________________________________
__


3.1

Corporate
files must be created to
document the business activities:

-

of your
business unit,

-

you u
ndertake on behalf of
another business unit, and/or

-

you u
ndertake on behalf of

the
University as a whole.

Note:
Corporate

files may not
need to be kept by your business
unit if they are already created
and kept officially by another
business unit.

Are
corporate

files created to
hold the documents relating
to the activities of your
business unit?


Yes


No (action required)


N/A*

-

Identify
any records held by your business
unit and assess whether they should be
corporate

files.

-

Ensure staff are aware of their
responsibilities regarding file creation and
that the
y are
trained to facilitate file creation
(see section 1).

-

Include the requireme
nt for
corporate

file
creation in local procedures as appropriate..

3.2

Files must be created as close to
the commencement of an activity
as practicable. It is not appropriate
to leave file creation until the end
of an activity .This prevents the
ability to manage and locate
records and can result in
forgetting to put records
into the
system.



Are ALL
corporate

files
created at, or closely
following, the
commencement of a new
issue or business activity?


Yes


No (action required)


N/A*

-

Ensure st
aff are aware of their
responsibilities regarding file

creation and
that the
y are

t
rained to facilitate file creation
(see section 1).

-

Include the requirement for

corporate

file
creation in local procedures as appropriate.


Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
5

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

3.
3

To create a

corporate

file it must
be registered in
an approved
digital recordkeeping system
accurately and in a consistent
manner. This facilitates file
management and retrieval. It
assists in identifying a file’s
location, who can access it, and
future archiving and records
destruction activities.

Are ALL
corporate

files (and
individual file parts,

where
required) registered
consistently and accurately?


Yes


No (action required)


N/A*

-

Ensure staff are aware of their
responsibilities for file creation and th
at they
are
trained to facilitate file creation (see
section 1).

-

Ensure
staff

are trained in
the use of
the
digital re
cordkeeping system.

-

Include the requirement for corporate

file
creation in local procedures as appropriate.

-

Register any un
-
registered
corporate

files






Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
6

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

4.

Filing Documents


*
*
Note: network

/ shared drives and email accounts are NOT compliant digital recordkeeping systems.


4.1

Documents that relate to business
activities and are required to
explain what happened, or provide
evidence of decisions, advice, etc,
must be filed onto
corporate

file
s
,
and not kept loose in desks, draws
or on unofficial files.

Are all relevant
corporate

documents in your business
unit filed onto official file in a
consistent and timely
manner?


Yes


No (action required)


N/A*

-

Ensure staff are aware of their
responsibilities for filing documents on
corporate
file
s
(see section 1).

-

Include the requirement for capture of
documents onto
corporate
file
s

in local
proced
ures as appropriate (this may detail
what documents are required to be created
and captured).

-

Ensure
corporate
files are created in a timely
manner (see section 2).

4.2

Not all
corporate

records are hard
-
copy/paper documents. Some are
“born digital” such as emails,
Word and Excel documents etc.

Email folders, hard drives, and
shared network drives are
NOT

recordkeeping systems. Any
emails and other electronic
documents relating to activit
ies
and explain what happened, or
provide evidence of decisions,
advice, etc. must be filed
into a
compliant recordkeeping system.


Are all relevant official
electronic documents,
including email,
must be
captured into a compliant
recordkeeping system
?


Yes


No (action required)


N/A*

-

Ensure staff are aware of their
responsibilities for
capturing
relevant
electronic documents and email
into
compliant recordkeeping systems

(see
section 1).

-

Establish protocols for the use and
management of local hard drives and
network drives to better manage locally
stored information and recordkeeping
requirements.


Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
7

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

4.3

Areas should be maintaining full
and accurate records of their
business activities. Sometimes
this necessitates the creation of
records to document verbal advice
and decision making processes.

Verbal decisions may be
documented through minutes and
file no
tes (hand
-
written or typed),
or via email confirmations

Does your business unit
capture all relevant decisions
and advice provided or
received verbally for
capture
into a compliant
recordkeeping system
?


Yes


No (action required)


N/A*

-

Ensure staff are aware of their
responsibilities for documenting verbal

decision
-
making activities

(see section 1).

-


Include the requirement for capture of verbal
decisions relating to specif
ic business
activities and processes in local procedures
as appropriate (this may detail what
decisions need to be documented).

-

Provide staff with file note templates to
encourage capture of verbal decisions.





Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
8

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

5.

Managing Physical Files


* A
N/A

response to the questions in section 5 can only apply if your business unit uses a compliant digital recordkeeping system to
capture and
manage ALL official records in a digital environment. If some physical / hard
-
copy records exist, a
Yes

or
No

response

is required.

Note: network / shared drives and email accounts are NOT compliant digital recordkeeping systems.

5.1

It is important that business units
know where their official records
are located to ensure:

-

files can be accessed quickly,

-

files are
accessed by the
appropriate people, and

-

files are not lost.


Are the locations of your
files recorded appropriately
when they move between
staff or storage areas?


Yes


No (action required)


N/A*

-

Put in pl
ace a local procedure for tracking file
locations.

-

Ensure file locations are accurate and up
-
to
-
date.


5.2

Even where file locations are
tracked, care needs to be taken to
ensure files are not lost in the
process of their use and that they
are returned
when no longer
required.

Are records regularly being
lost or misplaced when
borrowed by staff?


Yes


No (action required)


N/A*

-

See remedial actions section under 5.1.

-

Follow up with staff who have borrowed files
and no
t returned them within an agreed
timeframe.

-

Check on the location of files on a yearly
basis to ensure locations are up
-
to
-
date.

-

Mark any file tha
t can’t be located as
“missing”
.

-

Where staff are leaving the employment of
your business unit, ensure all file
s are
returned before they leave.


Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
9

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

5.3

Your records should be
considered in relation to any
relocation plans. This includes:

-

file storage in your new
location,

-

preliminary archive work,

-

managing the transfer during
the move, and

-

updating

of file locations in
the
recordkeeping system

where
required.

Are parts of, or your entire
business unit
,

moving before
your next scheduled self
-
assessment?


Yes (action required)


No


-

Plan the management of your records during
the move.

-

Ensure official records are not thrown

out as
part of the pre
-
move cleanup without the
appropriate records destruction authorisation.

-

Keep a record of which boxes contain official
files and check immediately upon relocation
that boxes have not been lost.

-

Update file location details in
the
rec
ordkeeping system

after a move.





Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
10

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

6

Storage of Records

6.1

It is important that locations used
for records storage are
appropriate for that purpose.

As part of the University’s
Risk
Management

and Disaster
Recovery Plan for Records and
Recordkeeping Systems
, business
units are required to
complete

the
Records Storage Risk
Assessment Tool
.


Risks can change over time. It is
necessary to undertake your risk
assessment in line with your
self
-
assessments.

Has your business unit
completed a risk assessment
on the location used to store
your current records in line
with your business unit’s
self
-
assessment schedule?

Note: this refers to those
records which are still in use by
your area and w
hich may be
kept in your office. A separate
question will cover local
archival storage.


Yes


No (acti
on required)

-

Complete the
Records Storage Risk
Assessment Tool

for the area you store your
current records (one assessment can be
completed to cover your whole office area
where files are stored in one larger business
unit location).

6.2

Where a business
unit uses a
local or other storage location for
storage of closed / archived files:

-

a risk assessment of the
location must be completed
using the
Records Storage
Risk Assessment Tool
;

and

-

the location must be approved
by
the
University Records

Manager
.

Has your business unit
completed a

records storage

risk assessment on each
separate local or remote
location used to store your
archived records?

*If you have no such locations,
select N/A.

Note: this does not include the
use of University
Archive
s

Centre
.


Yes


No (action required)


N/A*

-

Complete the
Records Storage Risk
Assessment Tool

f
or each separate storage
location.

6.3

Business units
are required to
identify the storage areas used to
store their records.

If yes to
Q.6.3, c
omplete Section C in Attachment One.





Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
11

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

7.

Security


Access and Confidentiality

7.1

Records held by your business
unit must be secure from
unauthorised access. This applies
to
official and unofficial records.

Are all physical / hard
-
copy
records secure from
unauthorised access?

Note: this applies to
corporate
records and duplicates/copies
.


Yes


No (action required)

-

If your business unit is open to the public,
ensure adequate measures are in place to
protect

files from unauthorised access or
theft. This may be through limiting public
access to your office areas or securing files
within the areas.

7.2

Confidential records have a higher
level of security tha
n

standard files
and should be stored in locked
cabinets when not in use.
Confidential records include, but
are not limited to, records which
are legal or commercial in
confidence, or records containing
personal information.

Are all physical / hard
-
copy
con
fidential records stored
in a locked drawer / room
when not in use?

*If you have no confidential
records, select N/A.

Note: this applies to
corporate
records and duplicates/copies
.


Yes


No (action required)


N/A*

-

Keep conf
idential files in locked and secure
areas. Ensure they can

only

be accessed by
authorised staff.

7.3

TRIM is the control system for
your business unit’s records.
Individual TRIM users are
responsible for ensuring
unauthorised staff do not access
TRIM via

their login.

Is access to TRIM in your
area limited to authorised
TRIM users?

*If you have no TRIM users in
your area, select N/A.



Yes


No (action required)


N/A*

-

Ensure TR
IM users are appropriately trained.

-

Users of TRIM should be required to lock
their workstations when not at their desks.
This is essential if working in an open office
or publicly accessible business unit.


Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
12

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

7.4

To comply with privacy and
confidentiality requirements,
confidential documents, including
any document containing personal
information, must be disposed of
securely. Locked security bins or
shredders must be used, not
garbage bins or recycling bins.

Are
all confidential records,
whether official or unofficial,
physical / hard
-
copy or
digital, disposed of in a
confidential manner?

*If you have no confidential
records, select N/A.


Yes


No (action required)


N/A*

-

Ensure staff are aware of their obligations
relating to destruction of confidential
documen
ts, such as use of shredders or
locked security bins.

-

If your business unit does not have access to
a secure method of destruction, contact
the
University Records

Manager
regarding a
locked security bin.

-

Ensure any electronic media, such as
computers, US
B, or other digital devices are
adequately wiped

-

Consult with
the
University Records
Manager
regarding the confidential destruction of any
other media, such as CDs, video tapes etc.

7.5

Some university staff have

access
to personal information relating to
students and / or other individuals.
Staff must be aware of their
obligations in relation to privacy
and general confidentiality to
ensure they manage these
records appropriately. All business
units will hold som
e personal
information, even if they are not
involved in the management of
students, such as local staff files,
recruitment information etc.

Are staff within your
business unit aware of their
obligations in relation to
privacy and confidentiality of
infor
mation?


Yes


No (action required)

-

Include privacy and confidentiality
responsibilities in local procedures.

-

Ensure staff are re
minded regularly of their
obligations
.





Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
13

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

8

Digital Recordkeeping Systems

8.1

Any database or digital system
that creates and/or stores official
records must be an approved
digital recordkeeping system.
Such systems have certain
requirements for data, security,
longevity of the information
contained within, and migration
practices.

Does your business unit
capture records using a
digital system in lieu of
putting those records
into
TRIM
?


Yes (continue at Q8.2)


No (go to Q.9)



8.2

Business units who are
responsible for digital systems
used to store
official records are
responsible for ensuring they are
compliant systems. Systems need
to be assessed to identify if they
hold official records, and if they
do, whether they are compliant.

Note: network / shared drives
and email accounts are NOT
compliant
digital recordkeeping
systems.

Is your business unit
responsible for managing the
digital system in question
(i.e. the system
owner/process owner)?

*If you responded
No

to Q.8.1,
select N/a.


Yes (continue at Q.8.3)


No (go to Q.9)


N/A* (go to Q.9
)


8.3

Business units are required to
identify digital systems where they
are responsible for the content.

If yes to Q.8.2, c
omplete Section D in Attachment One.





Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
14

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE REMEDIAL AC
TIONS

9.

Archiving

and Destruction

9.1

It is important that business units
have control of all their records,
whether official or unofficial, or
whether created by them or
inherited from predecessor
business units or staff.

Areas need to know what records
they hold and
those records need
to be appropriately managed and
not dumped in local storage areas.

Does your business unit
have any records where:

1)

the type of records and
their contents are a
mystery as they were
inherited; AND/OR

2)

no
-
one is responsible for
maintaining
them, inc.
access, archiving,
destruction etc.


Yes (action required)


No


-

A project will need to be established by your
business unit to resource the cleanup work.
This will involve identifying the records, and
identifying whether they are still required and
organi
sing their appropriate management, or
identifying whether they can be destroyed
and organising the appropriate approvals and
destruction.

The
University Records
Manager
can provide advice on each
particular case.

-

Include a cleanup project in your business

unit’s Records Management Plan.

9.2

When destroying
corporate

records, there are certain retention
requirements that need to be
satisfied. As such, destruction of
ALL

corporate

records, whether
hard
-
copy or digital, MUST be
authorised through the completion
of a
Records Destruction
Authorisation Form
.

Has your business unit
destroyed official records in
the past?


Yes


No (action required)

-

Newer areas may not be ready to destroy
records. However, if you are simply storing
them inde
finitely this can be an issue, in
particular in relation to space and
responsibilities in relation to privacy of
personal information. Action may be required
to assess how long the records should be
retained and organising the appropriate
destruction.

9.3

Destruction of
corporate

records
should be an ongoing process.
However it must be appropriate
ly

authorised to ensure retention
requirements, and
CSU

s

administrative, legal, financial
needs are satisfied.

Does your business unit
appropriately authorise the
destruction of all official
records by completing a
Records Destruction
Authorisation form
?

*If your response to Q.9.2 was
No
, select N/A.


Yes


No (action required)


N/A

-

Ensure staff

are aware of their
responsibilities in relation to the appropriate
destruction of records.

-

Include the requirement for records
destruction and appropriate authorisation in
local procedures as appropriate.




Records Management Self
-
Assessment Tool



Records Management Compliance Unit 2011

Page
15

of
19

Division of Information Technology


Enterprise Architecture & Liaison

NO.

REQUIREMENT

QUESTION

RESPONSE

POSSIBLE
REMEDIAL ACTIONS

10

Risk Management and Disaster Prevention

10.
1

Business units are required to
create and maintain a “Records
Recovery Priority List” for their
business unit to assist in
prioritising the recovering of
records in the event of a disaster.

This is part of the University’s
Risk
Management and Disaster
Recovery Plan for Records and
Recordkeeping Systems
.

Does your business unit
have a Records Recovery
Priority List?


Yes


No (action required)

-

Assess the types of records your business
unit holds, where they are located, and
create a brief priority list. It is best this list be
retained off
-
site with key personnel and kept
up to date (these details were requested
under Q.2.2).


End of the asses
sment. Please complete the sections in Attachment One where directed in the above assessment.


Records Management Self
-
Assessment Tool



Attachment One



Records Management Compliance Unit 2011

Page
16

of
19

Division of Information Technology


Enterprise Architecture & Liaison


A.
Records Contact Details (referred to in
section 1.3)


Attachment One

Please specify your
business unit’s
Records Contacts

and the level of
records
training
undertaken
.

Records Contact role

Contact Details

Mandatory Training *

Additional Training

Secondary Records
Delegate

Definition: The
senior
staff member in your
business unit
responsible overall for
records management.

1.

Name:


Records Awareness Session


Records
Delegate

training session
or refresher training session within
the past 3 years.


Archiving and Disposal Workshop


TRIM Training

Position:

Phone:

Email address:

Local Records
Delegate
/s

Definition: The staff in
your business unit
delegated responsibility
for file creation,
registration, archiving, &
destruction activities.
[List all Local Records
Contacts. Add more
rows if required].

1.

Name:


Records Awareness Session


Records
Delegate
training session
or refresher training session within
the past 3 years.


TRIM Training


Archiving and Disposal Workshop

Position:

Phone:

Email address:

2.

Name:


Records Awareness Session


Records
Delegate

training session
or refresher training session with
in
the past 3 years.


TRIM Training


Archiving and Disposal Workshop

Position:

Phone:

Email address:


*
R
emedial Actions Where Mandatory Training Has Not Been Undertaken

If
Records
Delegates

have NOT completed the required mandatory training
required
for th
eir
role
, liaise with
the
Records

Management

Compliance Unit
to
book the required training.





Records Management Self
-
Assessment Tool



Attachment One



Records Management Compliance Unit 2011

Page
17

of
19

Division of Information Technology


Enterprise Architecture & Liaison

B. Activities of your business unit and records generated (referred to in section 2.3)

Attac
hment One

Please specify the type of activities your area undertake, and provide information relating to the records generated and reco
very priorities
*.

Add additional rows
if required.


Activity

Summary of Records Generated

Where is the Official Record
Kept?

Only For Records Held By
Your Business Unit

Priority For Disaster Recovery

Specify On A Scale From
1=High to 3=Low

1





1


2


3

2





1


2


3

3





1


2


3

4





1


2


3

5





1


2


3

6





1


2


3

7





1


2


3

8





1


2


3

9





1


2


3

10





1


2


3


* A
Records Recovery Priority List

is a list prioritising records from the most important to less important, and where they are kept. This list will assist in p
lanning
an effective and efficient response to a disaster situation.
A Records Recovery Priority list can be developed separately
from this self
-
assessment. This may be
required by business units with complex records, or where business units store records on the behalf of others.




Records Management Self
-
Assessment Tool



Attachment One



Records Management Compliance Unit 2011

Page
18

of
19

Division of Information Technology


Enterprise Architecture & Liaison

C. Archival Storage Locations (Complete only if you
answered
Yes

to question 6.2
)

Attachment One

Provide details of storage locations
used
by your business unit
to store records
. Add additional rows if required.



Campus / Building /
Room Number

Owner / Responsible Area For The Location

Question

Response

1.



Has the location been approved for
records storage?


Yes


No*

2.



Has the location been approved for
records storage?


Yes


No*

3.



Has the location been approved for
records storage?


Yes


No*


*
Remedial Actions f
or

a

No

Responses

If your records storage areas have not been approved:

-

Include remedial actions arising from the
Records Storage Risk Assessment Tool

in your business unit’s Records Management Plan.

-

Contact
the
Records

Management

Compliance Unit

to discuss records storage issues and alternate storage options.




Records Management Self
-
Assessment Tool



Attachment One



Records Management Compliance Unit 2011

Page
19

of
19

Division of Information Technology


Enterprise Architecture & Liaison

D
. Digital Recordkeeping Systems (Complete only if you
answered
Yes

to question 8.2
)

Attachm
ent One

Provide details for all information systems used to store official records that are the responsibility of / owner by your bus
iness unit. Add additional rows if
required.


System Name

Summary of Purpose of the System
/
Records Held

Question

Response

1.



Has the system been assessed for
digital recordkeeping compliance?


Yes


No*

Has the system been approved as a
compliant digital recordkeeping
system?


Yes


No*

2.



Has the system been assessed for
digital recordkeeping compliance?


Yes


No*

Has the system been approved as a
compliant digital recordkeeping
system?


Yes


No*


*
Remedial Actions for a
No

Responses

If your system has not been assessed for digital recordkeeping compliance:

-

Complete the
Digital Recordkeeping
Identification Tool
.


If your system is
not a compliant digital recordkeeping system:

-

Undertake action to comply with the digital recordkeeping system requirements specified in the
Digital Recordkeeping
Identification

Tool
.