Skip to content | Change text size
Records & Archives

Records Management

Resources

Archives

 
 

Recordkeeping compliant business systems

Business systems used to manage University records must comply with Public Record Office Victoria recordkeeping standards and system requirements. Use this questionnaire to assess a business system's recordkeeping compliance. If certain requirements are unmet, risks, and actions to address them are identified.

Is your business system recordkeeping compliant?

Information risk rating matrix

This table allows a business owner to assess the risk if a recordkeeping requirement is either not met or is unknown.

  Consequences
No reputational or financial risk. University still able to comply with relevant audit requirements and undertake normal business activities No reputational or financial risk. University still able to comply with relevant audit requirements with some minor disruptions to normal business activities No reputational or financial risk. University still able to comply with relevant audit requirements, with major disruptions to normal business activities Some reputational and financial risk. University may be unable to comply with relevant audit requirements, with major disruptions to normal business activities Major reputational and financial risk. University unable to comply with relevant audit requirements, with normal business activities unable to be performed
Insignificant Minor Moderate Major Catastrophic
L
i
k
e
l
i
h
o
o
d
Almost certain Medium High High Extreme Extreme
Likely Medium Medium High High Extreme
Possible Low Medium Medium High High
Unlikely Low Low Medium Medium High
Rare Low Low Low Medium Medium

Metadata properties

The following table outlines the key metadata that should be captured in business systems.

Property Name Use obligation Description
0. Entity type Mandatory The value of this property in regards to recordkeeping systems (or business systems containing records) will usually default to ‘record’. In other words, the systems metadata should be able to identify data that contains records. As an example, within HP RM/TRIM this is often identified by the various ‘record’ item types.
1. Category Mandatory Will describe how the records are grouped together. Are they contained within ‘files’ or are they arranged/grouped together in some other way? As an example, within HP RM/TRIM this is often identified by the various ‘file’ item types.

2. Identifier

Mandatory A unique identifier for the entity, such as an identifier automatically assigned to a record registered into an electronic document and records management system (EDRMS).
3. Name Mandatory The title or name given to the entity. Can assist in identifying the entity. To act as a resource discovery access point for users. To describe the functions and subjects documented in records. To enable searching for a name in its entirety. To provide contextual information about the standard, method or convention used to name entities.
4. Date Range Mandatory Start and end dates and times associated with an entity.
5. Description Optional A free text description of the entity.
6. Related Entity Mandatory A means of identifying other entities in a relationship.
7. Security Classification Mandatory To facilitate or restrict access to records, or to a particular business functions, activities or transactions by University staff, students or the public. To enable records to be appropriately identified and managed. To alert users to security restrictions on access to records. To prevent unauthorised access to records.
8. Disposal Mandatory Information about current records authorities and the disposal/retention action that relates to the record
9. Extent Mandatory The physical dimensions or logical size or duration of the record. To enable the informed selection of a storage medium for large of small numbers of records, records with large file sizes, or records that are frequently accessed.

(Source from AS/NZS 5478:2015 p.17)