This policy has been
developed to provide a set of principles to CAARA members concerning records
management issues inherent in the privatisation of government
functions or the performance of government functions by external
organisations, consultants or other entities on behalf of government.
Circumstances in which
government functions may be performed outside of government may include
outsourcing arrangements such as joint ventures, public
private partnerships and the engaging of non-government organisations.
Such arrangements may cover the performing of government functions by an
external service provider under contract or functions performed by a
non-government organisation where government retains some input. Government
functions may also be delivered under privatisation arrangements where
functions are transferred to a privatised entity.
This policy contains
examples of compliance specific to either a privatisation or outsourcing
exercise. The compliance examples may be used by members as basis for
ensuring that agencies in their jurisdictions adhere to the principles
defined in the policy.
The
purpose of this document is to provide a best-practice guide to CAARA
members which can be used as a minimum standard when determining
recordkeeping requirements for government functions performed outside of
government.
Specifically, the
following requirements must be met:
-
Ownership of
records is agreed upon both during the performance, and following
completion of, the outsourcing or privatisation arrangement (refer to
Principle 2);
-
The
responsibilities for creation and management of records are agreed upon
during the planning stage of performing government functions (refer to
Principle 3);
-
Records are
controlled in accordance with the requirements of the controlling agency
as defined in the contracts or agreements covering the outsourcing or
privatisation process (refer to Principle 3);
-
Records are
disposed of in accordance with the relevant
legislation or other instrument in force in the relevant jurisdiction
(refer to Principle 4);
-
Access to
records is regulated and controlled in accordance with the relevant
standards and legislation (refer to Principle 5); and
-
Storage of
records during any agreement is agreed upon and implemented in
accordance with specific storage standards (refer to Principle 6).
The principles and related examples are suitable
for adoption by all ‘agencies’ and for all ‘records’ as defined by CAARA
members’ archival legislation or other standards and instruments.
These principles DO NOT
override any provisions in existing legislation or standards relating to the
management of government records by non-government entities.
CAARA promotes the
principles discussed in this document as comprising a guiding concept that
ensures agency recordkeeping requirements are satisfied when government
functions are performed outside of government.
CAARA members shall adopt the following guiding concept when providing
advice to agencies in relation to the performance of government
functions outside of direct government control:
-
Recordkeeping
requirements are to be promoted clearly to, and understood by, all
parties involved in the process, and must comply with the current
applicable legislation, and industry and jurisdictional standards.
This concept will be
addressed in detail by the provision of advice consistent with the
principles outlined in this policy.
Exercises involving the performance of government functions outside of
government may be authorised by various means. They may happen through the
use of a legislative or administrative instrument or through a contract with
a third party entity.
CAARA members should
advise any agency participating in outsourced records management to
establish whether it is taking place as a result of specific legislation. If
so, the participating agency should be advised to check the legislation, as
it may contain specific provisions relating to records. Such provisions may
specifically exclude or include certain categories of records as part of the
exercise. These provisions must be considered when developing the contract
or agreement.
Similarly, CAARA members
should advise any agency participating in such an exercise to examine the
terms and definitions in a contract closely. Records may not be mentioned
specifically in the contract, but be intended by those drafting the contract
to be included within the scope of the term ’assets’. Without precise
clarification of what constitutes assets, the opportunity could arise for
ambiguity in the treatment of records. In the absence of consideration of
records as ‘assets’, the agency should be advised to ensure that the
contract specifically clarifies the rights and responsibilities of all
parties with respect to records.
For the purposes of this policy the following
definitions are used:
-
agency-
An agency, or more than one agency, as defined by the archival
legislation or instrument of the relevant CAARA member.
-
authorised
disposal - The process by which the custody or ownership of records
is transferred; or by which records are destroyed, abandoned, sold or
delivered through the use of a retention and disposal schedule as
required by archival legislation, or other instrument.
-
external
service provider - An entity that performs a function on behalf of a
government agency, including ‘public private partnerships’, ‘shared
services’, ‘joint ventures’ or organisations in the not-for-profit
sector. An external service provider can be either a government or
non-government entity.
-
joint venture
- A joint venture is a legal entity that has been created for the
purpose of undertaking business activity. Two or more parties may
establish a business relationship to undertake a joint venture.
-
non-government organisation - A service provider receiving recurrent
or once-off funding from the government to provide a service.
-
outsourcing -
The engagement of external service providers, by
-
regulation of a
contract or agreement, to perform government functions and activities.
-
public
private partnerships - A partnership formed between the public and
private sectors for the purpose of delivering a service formerly
provided by government. A public private partnership may involve
government and one or more private sector entities.
-
privatisation
- The transfer of entire functions and activities of an agency, or a
part thereof, to the private sector.
-
privatised
entity - An organisation or individual that performs a function
(previously carried out by a government entity) which has been
privatised.
-
record -
A record as defined by the archival legislation or other instrument of
the relevant COFSTA member.
-
record
retention and disposal Schedule - A legal document issued by a
government/archival authority to authorise the disposal of government
records. It specifies classes of records and defines the retention
periods and consequent disposal actions. Also known as a records
disposal authority.
The Council of
Australasian Archives and Records Authorities (CAARA) recognises the
following agencies for participating in the CAARA Working Group on
Contractor Records for the purpose of reviewing Policy Statement 13 –
Recordkeeping Issues Associated with Outsourcing and Privatisation of
Government Functions:
-
Archives New
Zealand;
-
Archives Office
of Tasmania;
-
Northern
Territory Archives Service;
-
Public Record
Office Victoria;
-
Queensland State
Archives;
-
State Records of
South Australia; and
-
State Records
Office of Western Australia.
Statement of principle:
Outsourcing and privatisation activities include provisions for making,
maintaining and disposing of records to limit government/agency exposure to
risk.
Careful planning in
relation to records when outsourcing or privatising is necessary to ensure
the safe keeping and proper preservation and use of records. To ensure
adequate planning does occur the following seven principles of planning,
ownership, control, disposal, access, storage and contract completion should
all be considered prior to the finalising of any contractual or
privatisation arrangements.
It is necessary to
undertake complex and legal processes to outsource or privatise an agency
(or an activity or function of an agency). However, with both outsourcing
and privatisation the basis of the relationship between the parties to any
such arrangement is the official documentation of the agreement between
them. How the records of these functions and activities are managed is
crucial to the successful management of the finalisation of any contractual
or privatisation agreement.
When planning such an
activity, consideration should be given to any legislation or policies
produced by the relevant archives authority in relation to records
management. Any other records management requirements in other relevant
legislation should also be taken into consideration. In the event there is a
legislative conflict, appropriate legal advice should be sought.
When undertaking any
planning for a contracting or privatisation exercise agencies must also be
careful to not make the requirements of the contract too restrictive, as
this may unduly limit the field of potential contractors or purchasers.
The following outcomes
apply to outsourcing activities:
-
Any applicable principles
outlined in any recordkeeping documentation and requirements specific to the
agency’s jurisdiction must be considered. The relevant archive authorities
should be consulted.
-
All relevant bodies, and all
other appropriate stakeholders, must be consulted, including but not limited
to, the jurisdictional procurement body or purchasing unit, the Crown
Solicitor, and relevant procurement staff.
-
A comprehensive risk assessment
should be undertaken with specific consideration given to the type and
complexity of the contract and the sensitivity of the information. Expert
advice should be sought if required.
-
Discovery or identification of
any documents and corporate experience that may assist agencies in drafting
the contract, including but not limited to, the Crown Solicitor or other
appropriately qualified legal representatives and jurisdictional procurement
or purchasing units.
-
Ensuring adequate consideration
is given to the implications of trans-border dataflows when contracting with
companies which may result in the offshore transfer of personal information,
intellectual property or copyright material, including the risk of
information sent to regimes where the protection for the information may be
less rigorous. Agencies should also consider the development of procedures
to handle any issues arising from this kind of information transfer with
reference given to any jurisdictional model terms and conditions. Note: In
some jurisdictions there is a requirement for special consideration for
trans-border dataflow of personal information. Legal advice should be sought
for contracts requiring clauses of this kind.
-
Ensuring transition plans are in
place to manage the following occurrences:
-
Agencies should also make any
arrangements necessary to manage any intellectual property issues that may
arise during the term of the contract.
-
In the event a sub-contractor is
employed by the contractor during the term of the contract, the contract
should include terms and conditions which ensure the sub-contractor is bound
by the same requirements as the initial contractor.
-
Roles and responsibilities for
records management within the agency should be assigned to appropriately
skilled staff members in order to manage any ongoing records management
issues that may arise as a result of or during the term of the contract.
The following outcomes
apply to privatisation activities:
-
Any applicable principles
outlined in any recordkeeping documentation and requirements specific to the
agency’s jurisdiction must be considered. (Relevant archive authorities
should be consulted).
-
The participating agency should
check the legislation for specific provisions relating to records. Such a
set of provisions may specifically exclude or include certain categories of
records as part of the privatisation.
-
Records management requirements
are included in the event of privatisation via a contract of sale.
Alternatively, if records are not specifically mentioned their inclusion may
have been intended under the scope of the term ‘assets’.
-
All relevant bodies and all
other appropriate stakeholders must be consulted, including the Crown
Solicitor.
-
A comprehensive risk assessment
should be undertaken, with specific consideration given to the type and
complexity of the privatisation exercise and the sensitivity of the
information to be transferred to the new owner. Expert advice should be
sought if required.
-
Discovery or identification of
any documents and corporate experience that may assist agencies in drafting
the contract of sale where the privatisation exercise is not occurring as a
result of legislation. (Advice from other jurisdictions who have undertaken
like exercises could also be sought).
-
Ensuring adequate consideration
is given to the implications of trans-border dataflows when selling
information as part of the sale of an asset to a company which may result in
the offshore transfer of personal information, intellectual property or
copyright material. Note: In some jurisdictions there is a requirement for
special consideration for trans-border dataflow of personal information.
-
Ensuring transition plans are in
place to manage the following occurrences:
-
Roles and responsibilities for
records management within the agency should be assigned to appropriately
skilled staff members in order to manage any ongoing records management
issues that may arise as a result of, or during, the privatisation
arrangement.
Statement of principle:
Ownership of records that result from an activity performed by an
external service provider is addressed and resolved through legislation or
contract/agreement.
In contractual or other
agreements involving the performance of a government function by an external
service provider or privatised entity, it is important to clarify issues
surrounding the ownership of records and the information they contain.
Failure to do so can severely restrict the business capabilities of the
parties involved and expose the government/agency to considerable risks.
The issue of ownership
extends not only to records of the agency that may be transferred to the
external service provider or privatised entity, but also to records created
by the external service provider or privatised entity during the life of the
agreement or contract.
For records generated
as a result of such activity, agencies may have obligations to manage them
as if the agency was performing the work itself, and to manage these records
for the life of the agreement and beyond. For this reason it is important
that agencies ensure contractual arrangements define ownership and
management of records.
Agencies should ensure
that no existing record of permanent value is transferred to the ownership
of an external service provider or privatised entity. Temporary custody may
be allowed provided that the agreement or contract contains specific
guarantees for the proper management, and eventual return of the permanent
value records to the custody of the relevant archival authority.
Agencies should be made
aware that their ability to remove records from storage with their archival
authority or to transfer their own records to an external service provider
or privatised entity may be limited by archival legislation, or other
instruments.
The following outcomes
apply to outsourcing activities:
-
The agreement or contract
specifies existing records that will be copied or loaned to the external
service provider. The agreement or contract specifies when and how these
arrangements are to take place, and includes specific guarantees for the
proper management and eventual custody of the records.
-
The agreement or contract
specifies which records remain the property of the agency, and when. For
example, which records remain the property of the agency at the time of
completion or termination of the agreement or contract.
-
The agreement or contract
specifies which records become the property of the external service
provider, and when. For example, which records become the property of the
provider at the time of completion or termination of the agreement or
contract.
-
The agreement or contract
specifies the mechanism for transfer of records between the agency and the
external service provider. For example, a schedule of transfers to occur on
or at particular dates or milestones.
-
The agreement or contract
ensures that no existing record of permanent value is transferred to the
ownership of the external service provider.
-
The agreement or contract
specifies who owns the intellectual property in the records.
-
The agreement or contract
defines any limitation on the external service provider on the use of
records and disclosure of information contained therein, consistent with
relevant statutory obligations (e.g. Freedom of Information (FoI), Privacy).
-
The agreement or contract
defines any rights of the agency for the use of records created by the
external service provider during the life of the contract or agreement,
consistent with relevant statutory obligations (e.g. FoI, Privacy).
The following outcomes
apply to privatisation activities:
-
The agreement or contract
specifies which records remain the property of the agency, and when. For
example, which records remain the property of the agency at the time of
completion or termination of the agreement or contract.
-
The agreement or contract
specifies which records become the property of the privatised entity, and
when. For example, which records become the property of the privatised
entity at the time of completion or termination of the agreement or
contract.
-
The agreement or contract
specifies the mechanism for transfer of records between the agency and the
privatised entity. For example, a schedule of transfers to occur on or at
particular dates or milestones.
-
The agreement or contract
ensures that no existing record of permanent value is transferred to the
ownership of the privatised entity.
-
The assigning of records as
property takes place using such disposal schedules or authorities that may
be required under archival legislation, or other instrument.
-
The agreement or contract
specifies who owns the intellectual property in the records.
Statement of principle:
Third party entities comply with the records management controls
determined by the controlling agency.
Regardless of whether
an agency, function or activity has been outsourced, privatised, or shared
in a public private partnership it is likely that a controlling agency will
retain some degree of responsibility for oversight and control over the
function(s) performed by the external service provider or privatised entity.
This control will be best supported by the controlling agency, ensuring full
and accurate records management practices are observed by the external
party.
To make this possible
the agency should require the external party to create or manage records in
a manner specified by the agency. The agency may also require that the
external party comply with legislation, policies and standards that were
binding upon the agency prior to, or after, the re-assignment of that
particular function or activity.
There are a number of
issues that must be addressed in contracts or agreements to ensure that the
agency has a full and accurate record of the activities that relate to the
delivery of the service. The agreement should specify the records the
external service provider or privatised entity is expected to create,
capture and maintain during the performance of the agreed work, and how
those records are to be managed.
The following outcomes
apply to outsourcing activities:
-
The agreement or contract
stipulates any recordkeeping requirements that must be followed to enable
the agency and the service provider to fulfil their statutory and service
obligations. This could include requirements around content, creation,
capture, management, description, control, disposal, or format of records.
For example, a prescribed records classification system or metadata
standard.
-
The agreement or contract binds
the service provider to comply with relevant records management legislation
and standards.
-
The agreement or contract binds
the service provider to comply with relevant statutory obligations (e.g.
FoI, Privacy).
-
The agreement or contract
specifies any technical standards needed to ensure interoperability between
documents, records and/or information management systems used by the service
provider and by the agency. For example, specifications about formats for
electronic records.
-
Agencies establish mechanisms
for monitoring the service provider’s compliance with contractual
arrangements, including compliance with records management standards,
procedures and guidelines.
-
The agreement or contract
defines the processes to be followed if the service provider fails to comply
with records management provisions in the contract.
-
The agreement or contract
establishes a mechanism to ensure that all required records are transferred
between the service provider and the agency, in a prescribed manner and at
defined intervals. This mechanism should include the details of the classes
of records to be transferred, triggers for transfer, acceptable formats and
timelines.
The following outcomes
apply to privatisation activities:
-
The agreement or contract
stipulates any recordkeeping requirements that must be followed to enable
the agency and the privatised entity to fulfil their statutory and service
obligations. This could include requirements around content, creation,
capture, management, description, control, disposal, or format of records.
For example, a prescribed records classification system or metadata
standard.
-
The agreement or contract binds
the privatised entity to comply with relevant records management legislation
and standards.
-
The agreement or contract binds
the privatised entity to comply with relevant statutory obligations (e.g.
FoI, Privacy).
-
The agreement or contract
specifies any technical standards needed to ensure interoperability between
document, records and/or information management systems used by the
privatised entity and systems specified by the agency. For example,
specifications about formats for electronic records.
-
The agreement or contract
stipulates that at the point of privatisation, no records of permanent value
are transferred to the ownership of the privatised entity, and if necessary,
copies are made of required records to meet the needs of the privatised
entity.
-
The agreement or contract
stipulates that arrangements are made by the agency prior to privatisation
to transfer all records of permanent value to the appropriate archival
authority.
Statement of Principle: Records that provide
evidence of government functions and activities held by external service
providers or transferred to a privatised entity must be disposed of in
accordance with relevant archival legislation, or other instrument.
The concept and
definition of ‘disposal’ is not limited to the physical or electronic
destruction of records, (i.e. by shredding, pulping, electronic
over-writing, or other means). This expanded or functional definition of
disposal may include, but is not restricted to, the transfer of ownership,
custody or sale of records; damaging or abandoning of records; donating or
giving away (discharging) of records, and may refer to a part of a record or
where electronic records are not migrated forward or maintained over time.
This expanded concept
of disposal is particularly relevant where a function or activity of a
government agency is being carried out by an external service provider. The
physical custody may be transferred to an external service provider ,
however the legislative disposal requirements remain with the originating or
controlling government agency unless specific provision has been made and
agreed otherwise. It is equally applicable where a function or activity is
transferred to a privatised entity and public records may move outside their
originating or controlling government agency or legislative jurisdiction. An
agreement must specify the responsibilities binding upon an external service
provider or privatised entity before any disposal function or authority is
conferred upon that entity or provider.
Dependent on
jurisdiction, the creating or controlling government agency and/or the
external service provider or privatised entity may need to be made aware
that transfer of ownership, custody, or sale of public records is considered
to be a disposal action and that they must exercise equal control over such
disposal activities as those that involve the physical destruction of
records (see the expanded definition of ‘disposal’ above).
Any disposal action
carried out interstate, overseas, or at a remote site or location, must meet
the compliance requirements of the legislation, or other instrument, of the
jurisdiction of the originating government agency, not the jurisdiction of
the external location. This circumstance may require that any disposal
action be carried out in the record’s originating jurisdiction. Agencies
should ensure that any disposal function undertaken can be legally carried
out interstate or overseas; these considerations are especially significant
where records are stored in electronic format (and more easily moved across
jurisdictions), or where there may be a national security or other security
issues (e.g. Privacy, FoI).
Risk management
considerations should determine whether any disposal action is undertaken
without the originating government agency. Any conferral of disposal
function or responsibilities must be fully recorded, and be made compliant
with any relevant legislation, or other instrument, and embedded within any
contract or agreement before any disposal processes are considered.
Provision must be made for the disposal and retention of public records held
by an external service provider or privatised entity. The contract or
agreement with an external service provider or privatised entity must state
that public records should be returned to the originating or controlling
government agency if the contract or agreement is terminated for any reason.
The following outcomes
apply to outsourcing activities:
-
Arrangements for the disposal of
records are made during the planning process and these processes are
recorded in the enabling contract, or agreement, before any disposal
processes are undertaken and carried out.
-
The transfer of custody of
records to an external service provider occurs in accordance with an
approved records retention and disposal schedule or other instrument, as
required by the relevant archival legislation, or other instrument.
-
Records held by the external
service provider are only disposed of in accordance with an approved records
retention and disposal schedule and with the approval, or authorisation, of
the responsible originating or controlling government agency, as required by
the relevant archival legislation, or other instrument. The relevant
disposal schedule should be referred to, or cited as the source of approval
for the disposal of records, in the contract or agreement governing the
outsourcing arrangement with an external service provider. The contract or
agreement should also include provision for:
-
any transfer of ownership of
records;
-
any transfer of custody of
records to the external service provider for a specified period of time; and
-
the return of public records to
the government agency or relevant archival authority at the conclusion of
any specified period of time of external custody.
-
The enabling contract, or agreement, has
provision for the retention and disposal (or secondary review process)
for records upon completion of the contract or agreement, or if the
contract is terminated for any reason, or the external service provider
ceases to be able to fulfil the disposal function for any reason.
Disposal can take the form of:
-
destruction;
-
transfer to
another external service provider;
-
transfer
back to the originating government agency; and
-
transfer to
the relevant archival authority.
-
The contract or agreement binds
the external service provider to complete any notifications of intention to
destroy records as required by the government agency and/or the relevant
archival authority, including any process of public comment or exposure.
The government agency and/or the relevant
archival authority should have final sign-off for ultimate disposal or
permanent archival retention of public records.:
-
Government agencies ensure that
no existing record of permanent value is transferred to the ownership of an
external service provider. Custody on a temporary basis may be included in a
contract or other agreement, provided that it contains specific assurances
and guarantees for the management of and eventual return of any records of
permanent value to the originating or controlling government agency.
-
All instances of disposal action
are undertaken to an appropriate level of security and are compliant with
the requirements of any relevant legislation, or other instrument (e.g.
Privacy, FoI).
The following outcomes
apply to privatisation activities:
-
Arrangements for the disposal of
public records, or ultimate archival custody of public records of permanent
value, are incorporated into the contract of sale, or other transfer
mechanism, and these processes are explicit in the conditions of sale or
transfer.
-
The contract of sale or other
transfer mechanism of public records occurs in accordance with an approved
records retention and disposal schedule, or other instrument, as required by
the relevant archival legislation. This disposal arrangement is incorporated
into the conditions of transfer, or the contract of sale or other mechanism,
when authorising the transferral of the disposal function to a privatised
entity.
-
Public records transferred to a
privatised entity are only destroyed in accordance with an approved records
retention and disposal schedule and according to the legislative
requirements of the originating jurisdiction. The relevant disposal schedule
should be referred to, or cited, as the source of authorisation or approval
for the disposal of records as agreed in the contract of sale or other
transfer mechanism. Disposal includes:
-
destruction of records;
-
transfer of ownership of
records;
-
transfer of records to the
relevant archival authority;
-
return to the originating
government agency; and
-
the re-sale of records.
-
The contract of sale or other
transfer mechanism states that, if for any reason (including insolvency,
winding up, liquidation, receivership, etc.) the privatised entity ceases to
be able to fulfil the disposal function, public records should be returned
to the relevant archival authority, or to the originating government agency.
-
The contract of sale or other
transfer mechanism binds the privatised entity to complete any notifications
of intention to destroy public records as required by the relevant archival
authority, including any process of public comment or exposure.
-
All instances of disposal action
are undertaken to an appropriate level of security and are compliant with
the requirements of any relevant legislation, or other instrument (e.g.
Privacy, FoI).
Statement of principle: Responsibility for
ensuring the same level of access to public records is available to the
public regardless of who is delivering the service.
Official records owned by an agency contain
information that may be accessed for the current operational needs of the
agency, for research by the agency and members of the public. Some records
may include sensitive information which needs to be appropriately managed,
especially in terms of who can access the information. It is therefore
important that consideration be given to how access to public records will
occur both during and after the life of an outsourcing or privatisation
arrangement. Questions of ownership and custody of records may also arise
during a reversal of privatised entities back to the control of the public
sector.
When contemplating
outsourcing or privatisation arrangements, an agreement needs to be reached
between the parties involved that ensures compliance with the provisions of
relevant legislation, including FoI and Privacy, that require or restrict
access. Access conditions established under the contract should then be
applied consistently and equitably.
The accessibility of
public records in terms of having a useable format or system for record
preservation is discussed in Principle 6 (storage).
Although public records access may be given to
the external service provider or privatised entity, ownership of those
records in many cases will remain with the agency (see Principle 3 –
control). To manage risk, access to public records of an agency must be
managed as if the records were in the custody of the agency.
The risk of being
unable to provide appropriate public access to public records is minimised
for agencies when access to public records is carefully considered and
documented in a contract between an agency and an external service provider
or privatised entity.
The following outcomes
apply to outsourcing activities:
-
Outsourcing requirements
relating to access of public records by all parties have been included in a
written contract or agreement.
-
Full and accurate records of an
outsourced function or a project being conducted under public private
partnership arrangements are made, kept and held accessible as required
under legislation and as per a written agreement between the public
authority and the external service provider.
-
The agency clarifies in a
written agreement which records (created by a non-government organisation
(NGO)) are considered public records, and also that the NGO will be required
to provide the agency with access to the records as required.
-
Restrictions on how an agency’s
records are accessed by an external service provider may need to be
considered. Such restrictions may be necessary for the preservation of a
record, for administrative purposes, or for FoI or Privacy purposes.
-
Provision is made in the
contract so that records generated by an external service provider which
contain sensitive, personal or confidential information, are securely stored
to control access.
-
Where an agency might hold a
record that an external service provider requires access to and the record
contains sensitive information (e.g. information about national or state
security), the agency may wish to make arrangements for the external service
provider to receive a copy of the record with the sensitive information
expunged.
-
Procedures relating to FoI and
Privacy matters should be detailed in contracts and agreements so that the
recordkeeping requirements that support FoI and Privacy legislation
principles are met by the external service provider.
-
The agency and the external
service provider should negotiate whether a fee will be charged by each
party when it accesses the other party’s records. This needs to be included
in any contract between the parties.
-
If an agency engages an external
service provider to index, organise, store, preserve, secure, destroy or
carry out other records management activities on behalf of the agency that
may affect the accessibility of records, the provision to manage these
activities needs to be included in the contract between the parties.
-
Access by an agency to undertake
inspections to assess compliance with the recordkeeping requirements of the
contract is documented in the contract.
-
Contracts should include details
of how the agency can access records for the purposes of arranging the
return of the records once a contract terminates.
The following outcomes
apply to privatisation activities:
Where a public sector
entity has been privatised, a contract between the agency and the privatised
entity includes provisions for the privatised entity to access public
records in the custody of the agency for business continuity purposes and,
if the records are borrowed by the privatised entity, the return of the
records once the contract expires.
Statement of principle:
Appropriate records storage requirements are addressed in contractual
arrangements.
Archival authorities
have spent much time establishing arrangements for the storage of records of
government agencies. These arrangements have been designed to meet the needs
of agencies and to fulfil the requirements of existing archival legislation,
or other instruments. It is important that these gains are preserved
where an agency is privatised or a function or activity is being carried out
by an external service provider.
Inadequate decisions
over the storage arrangements for records, particularly electronic records,
may result in the loss of records of evidential value. Agency staff and
members of the public may lose confidence in the integrity of the records,
and the agency could expose itself to unacceptable levels of risk and
potentially costly consequences. This may also lead to unnecessary
duplication of effort. Agencies must therefore ensure that storage
arrangements are included in any relevant contractual agreements. If the
records are held overseas or interstate, storage must meet the requirements
of the legislation, or other instrument, of the jurisdiction of the
originating agency, not the jurisdiction of the remote site or location.
It is also vital to
include arrangements for the appropriate storage of records at the expiry or
termination of the agreement. Failure to do so may result in records being
destroyed through the perception that they are no longer the concern of the
external service provider or privatised entity, or material being misplaced
in the changed circumstances or inappropriately stored at the conclusion of
the agreement.
The following outcomes
apply to outsourcing activities:
-
Record storage agreements are
reached between the agency and the external service provider for records in
the custody of the external service provider regardless of their
format or storage location.
-
Record storage agreements are
reached with the external service provider where permanent and
temporary value records, that remain the property of the agency, are in the
temporary custody of the external entity. Agencies should ensure records are
returned in a timely manner at the end of the contract.
-
The agency ensures that record
storage agreements are reached between the relevant public authority and the
external service provider covering permanent value records in the temporary
custody of the entity.
-
Records storage requirements
should be authorised through an approved records disposal authorisation or
other instrument (such as a contract) as required by the relevant archival
authority to ensure that the parties to the arrangement comply with
appropriate standards.
-
Record storage agreements should
ensure the following:
-
environmental controls are
appropriate to record formats and retention periods;
-
sites for record storage are
located away from known hazards, and reasonable steps are taken to identify
unknown hazards proximate to storage sites;
-
record shelving, equipment and
packaging are appropriate;
storage areas for magnetic media
are protected from magnetic fields and electrical grounding problems;
-
security measures are in place
to protect the areas or systems in which the records are stored;
-
the condition of the records is
regularly monitored and maintained; including migration or conversion and
continued accessibility of equipment/technology dependent records;
-
management and monitoring of
records storage services should be undertaken by staff with the relevant
skills, knowledge and level of authority;
-
appropriate documentation of
records held in the records storage area or systems is maintained; and
-
current disaster prevention and
disaster recovery management are in place including the timely
reporting back to agency of any incidents that may affect the integrity or longevity
of the records.
-
Agencies specify that the
external service provider provides periodic reports concerning the location
of records, if required by the relevant archival authority.
The following outcomes
apply to privatisation activities:
-
Where a function of government
is privatised there is an agreement at the time of privatisation about the
ownership of the records. Any records of the agency before it was privatised
remain public records.
-
The contractual arrangements
must specify appropriate standards of storage for any public records, either
temporary or permanent, which are in the temporary custody of the privatised
entity.
-
The contractual arrangements
must ensure the agency has continuing rights to access public records held
by the privatised entity.
Statement of principle:
Recordkeeping issues are addressed upon completion of contracts or
agreements.
It is unlikely that the
external service provider will want to devote time and effort to records of
an activity that it is no longer performing, unless there is a contractual
requirement to do so.
Agencies must ensure
that the completion and post-completion stages of the contract are well
regulated, monitored, and specified in the contract. Failure to do so could
result in lost information and increased risk of exposure to legal
liabilities.
Records returned by an
external service provider to an agency at the completion of a contract need
to be accessible and useable. This means that records in electronic format
will need to be transferred/migrated to an agency-compliant system.
Transfer of permanent
value records to the jurisdictional archive authority must be done in
accordance with the requirements of that jurisdiction.
A well-planned end to
the contract or agreement will result in substantial reduction in the
likelihood of exposure to risk for both the agency and external service
provider.
The following outcomes
apply to outsourcing activities:
-
Agencies should consider the
issue of records storage upon expiration or termination of the contract or
agreement until the records are returned to the agency.
-
Agencies should determine when
the records will be returned; either at the completion of the contract or
periodically over the course of the contract.
-
Agencies should determine the
process for returning the records, including issues of boxing, listing,
sentencing and disposal, and transportation.
-
Agencies should determine the
process for the safe return and migration of all equipment/technology
dependent records, including electronic copies of agency records on
networks, disks and tapes.
-
The agreement or contract
includes provisions for transfer or disposal of records between entities
when a third party entity is replaced by another to perform the same
function.
The contract or agreement
includes any restrictions on the external service provider using information
from records for commercial profit or other purposes, during, and at
termination or
