State Records Home
Personal tools
You are here :: Home Recordkeeping in the NSW public sector Government Recordkeeping Manual Guidance Guidelines Guideline 16 - Accountable outsourcing: Recordkeeping considerations of outsourcing NSW Government business

Guideline 16 - Accountable outsourcing: Recordkeeping considerations of outsourcing NSW Government business

Filed under: ,
Summary: The purpose of these guidelines is to assist NSW public offices to identify and address recordkeeping issues associated with the outsourcing of Government business. They can be used as a reference tool at all stages of the outsourcing process.

1 Introduction

Purpose of these guidelines

The purpose of these guidelines is to assist NSW public offices to make adequate provisions in outsourcing contracts so that contractors make, keep and manage properly records of the Government business that is outsourced.

They can be used as a reference tool at all stages of the outsourcing process. The guidelines are not, however, a comprehensive guide to outsourcing for NSW public sector organisations. They are designed to provide advice on the recordkeeping issues associated with this process.

Who should read these guidelines?

The advice in these guidelines is relevant for public offices in all parts of the NSW public sector, including local government, the public health sector, state owned corporations and universities.

The information in the guidelines may be useful for records managers, legal practitioners, senior managers and other stakeholders involved in outsourcing projects.

Definitions

For definitions of recordkeeping terms used in this publication, see State Records' Glossary of Recordkeeping Terms.

Disclaimer

These guidelines are intended as general guidance and are not intended to constitute legal advice. Public offices are advised to seek legal advice when entering into contractual arrangements.

For more information

Sources containing more information relevant to the recordkeeping issues associated with outsourcing have been listed in the Bibliography (below). For advice and guidance on recordkeeping issues associated with outsourcing, contact State Records.

2 Outsourcing at a glance

Overview: This section describes the key points to bear in mind when addressing the recordkeeping aspects of outsourcing government business.

Public offices engage in outsourcing

NSW Government public offices engage in a range of types of outsourcing, all of which have recordkeeping implications.

Public offices are accountable

Outsourcing a business activity does not diminish a public office's responsibility to ensure that it is carried out properly and that all requirements for records are met.

Public offices' key responsibilities

Public offices are responsible for ensuring that:

  • full and accurate records of the outsourced business are made and kept (State Records Act 1998, s.12(2))
  • records of the outsourced business are kept in safe custody and properly preserved both during and after the period of the outsourcing contract (s.11), and
  • records of the outsourced business are disposed of lawfully (s. 21).

Importance of the contract

The primary means by which a public office can meet its recordkeeping obligations is by building requirements into the outsourcing contract.

Chief executive is responsible

A failure by a public office to meet its recordkeeping obligations would signal a failure by its chief executive to comply with the State Records Act (s.10).

Outsourcing arrangements must be monitored

Public offices have a responsibility to follow up with monitoring of contractors and other checks to ensure that contractual arrangements are being met.

3 Outsourcing in NSW Government

Overview: Outsourcing of Government business can occur in many forms. In this section, some of the commonest forms of Government outsourcing are described.

What is outsourcing?

Outsourcing, sometimes referred to as contracting out, has been defined as:

  • the process by which a person, corporation or service provider is contracted to supply or arrange the supply of goods or the performance of services. (Department of Public Works and Services, Implementation Guidelines: NSW Government Procurement, 1999), or
  • the activities involved in arranging, procuring and managing the performance of work or the provision of services by an external contractor or consultant, or by using external bureau services (State Records NSW, Keyword AAA: A Thesaurus of General Terms, 1998).

Outsourcing administrative activities

Many NSW public offices outsource common administrative or 'support' activities, such as printing, cleaning, payroll or the storage of semi-current records. Arrangements may be made with other parts of NSW Government (for example, the Central Corporate Services Unit manages many agencies' payroll), or with private contractors.

Outsourcing core business

Some public offices outsource core business functions. For example, the Roads and Traffic Authority may outsource the building of bridges and roads, or a Council may outsource its pest and weed control function. This type of outsourcing is most commonly done by Government with private sector organisations.

Shared service arrangements

In 2002, the Corporate Shared Services Strategy was launched for NSW Government agencies by the Premiers Department. In an effort to save resources, three options for sharing common administrative functions such as human resources, information technology and finance are outlined in the strategy:

  • organising sharing arrangements with other agencies
  • setting up an internal shared services unit within an agency, or
  • using the Central Corporate Services Unit, of the Department of Public Works and Services.

This type of outsourcing is always done within Government.

4 Public offices' responsibilities

Overview: The regulatory framework that governs information and records management in NSW will establish the boundaries for your recordkeeping obligations as a NSW public office, and impact on any outsourcing arrangements your public office enters into.

State Records Act, 1998

Public offices must ensure that the Government business they outsource is supported by sound recordkeeping. This can be achieved through the communication of the following sections of the State Records Act in arrangements with contractors:

  • obligation to keep full and accurate records: full and accurate records should be kept of all a public office's activities, including those that are outsourced (section 12 (1))
  • protection of records held by other persons or organisations: all public offices must ensure the 'safe custody and proper preservation' and 'due return' of all the records under their control, including those that are in the custody of a contractor (section 11)
  • the Chief Executive's responsibility: the Chief Executive of a public office that outsources its business is ultimately responsible for ensuring that the records of the contracted out business are created, maintained and disposed of in accordance with the State Records Act (section 10), and other regulatory instruments noted in these guidelines, and
  • lawful disposal of State records: State records, including records of Government business generated or kept by contractors, may not be destroyed unless in accordance with the State Records Act (section 21).

Records management standards

Outsourcing initiatives must be managed within the framework of whole of government standards and codes of best practice for records management in the NSW public sector.

Recordkeeping arrangements for outsourcing should be managed as part of a public office's records management program, as defined in State Records' Standard on Managing a Records Management Program (1998). This means that the Corporate Records Manager has the responsibility for ensuring the proper management and protection of records of outsourced business along with records kept by the public office itself.

The requirements of other whole of government standards such as the Standard on the Physical Storage of State Records  (2012) or the Standard on Full and Accurate Records (2004) provide benchmarks for the management of records of outsourced business of a public office. These are referenced throughout these guidelines.

Government Information (Public Access) Act 2009

The Government Information (Public Access) Act, 2009 (NSW) applies to the records of government business that are created, generated, received or kept by contractors. When an agency enters into a contract with a contractor to provide services to the public on its behalf, the agency must have a contractual right to immediately access certain information in the contractor's records. The Office of the Information Commissioner provides two templates for contractual clauses.

Privacy and Personal Information Protection Act, 1998

The Privacy and Personal Information Protection (PPIP) Act, 1989 (NSW) notes that 'personal information' includes information that is 'in the possession or control of a person employed or engaged by the agency in the course of such employment or engagement' (section 4 (4)). The obligations and principles of the PPIP Act should therefore be conveyed to any contractors engaged by the public office, via contractual arrangements.

Audit and probity requirements

The Audit Office of NSW and other investigative agencies such as the Independent Commission Against Corruption (ICAC) and the NSW Ombudsman use records to determine organisational performance, financial accountability, legislative compliance or to identify and investigate wrong doing. Ensuring contractors create and manage records that adequately document NSW Government business is necessary to ensure that public offices can represent themselves and their activities for audits or other forms of investigations.

5 The outsourcing contract

5.1 The role of the contract in outsourcing arrangements

Overview: The basis of the relationship between a public office and a contractor is the official documentation of the agreement between the parties. Both the initial tender and the contract are important means for the communication of recordkeeping and other requirements.

Tendering

The NSW Department of Public Works and Services, in its Service Contracting Guidelines (2000) recommends that tenders clearly specify all performance requirements for the service to be provided. This should include both requirements relating to the service/s to be provided and requirements relating to the recordkeeping responsibilities of the service provider.

Selection of a contractor

In making a decision for a tender, the responsible public office must be confident that the successful bidder can meet 'all legislative and policy requirements' (State Contracts Control Board, Service Contracting Guidelines, 2000), including requirements for the proper management of records.

The contract

The contract is the keystone of the relationship between the public office and the contractor. It is the main means for communicating the public office's requirements, including its requirements for records.

The contract should include clauses relating to:

  • the recordkeeping requirements of the business being outsourced
  • compliance with the State Records Act and standards on records management
  • records disposal
  • return of records at the termination/expiration of the contract
  • records security and storage
  • rights of and arrangements for access to records
  • monitoring and inspection arrangements
  • access to records under GIPA legislation, and
  • privacy and protection of personal information, and
  • processes and penalties for failing to comply with records provisions in the contract.

InformationTip: Sample records clauses for outsourcing contracts
Sample records clauses for outsourcing contracts are provided in Appendix B.

5.2 Specifying the recordkeeping requirements of the outsourced business

Overview: Requirements for records to be made or kept, managed, restricted from certain groups or disposed of in certain ways are all recordkeeping requirements. Recordkeeping requirements for business that is to be outsourced must be identified so that they may be included in the outsourcing contract, and monitored over time. This will not only ensure that your public office is meeting its legislative obligations, but also it will be valuable information to assist the contractor to manage the business more efficiently.

Sources of recordkeeping requirements

Recordkeeping requirements derive from:

  • legal requirements
  • business needs, and
  • community expectations that Government will make and keep records.

Types of recordkeeping requirements

Recordkeeping requirements can define any aspect of a record's management over time, including:

  • in what format a record should be created
  • who should have access to it
  • how it should be stored, or
  • its retention period and ultimate disposal action.
  • New NSW Government guidelines encourage Government agencies to use standard descriptors to label records and other forms of information that contain sensitive or confidential information, and to manage those records appropriately.
  • This is an example of a recordkeeping requirement affecting both how a record should be accessed and stored.
  • Source: NSW Government Chief Information Office, Guide to Labelling Sensitive Information, October 2002. Available online: URL of Web site: http://www.gcio.nsw.gov.au/external-link

QuestionsExample: Requirement to label records
NSW Government guidelines encourage Government agencies to use standard descriptors to label records and other forms of information that contain sensitive or confidential information, and to manage those records appropriately.
This is an example of a recordkeeping requirement affecting both how a record should be accessed and stored.
Source: NSW Government Chief Information Office, Guide to Labelling Sensitive Information, October 2002. Available online: URL of Web site: http://www.gcio.nsw.gov.au/

Legal requirements relating to records

The need to create and keep records is often based on statements in legal instruments such as Acts or regulations.

A broad recordkeeping requirement that applies to all NSW public offices can be found in the State Records Act 1998, section 12 (1), which states: 'Each public office must make and keep full and accurate records of the activities of the office.' This requirement would apply to any government business that was outsourced.

Sometimes, a legal requirement can relate to the way in which a record is destroyed. For example, the State Records Act specifies that no State record should be destroyed unless it is done so in accordance with the provisions of the Act (s.21).

Business needs for records

Some recordkeeping requirements are based on business needs, rather than a legislative requirement. For example, it makes good business sense to keep records of past dealings with a customer, for ready reference if required. In an outsourcing contract, you may wish to specify to a contractor that records must be maintained of all contact with clients.

Community expectations for records to be kept

Another type of recordkeeping requirement is based on community expectations that government organisations will keep records of their operations, policies and interactions with the community over time. A contractor to the Government would not be aware of this broad responsibility to keep evidence of government business, so it is up to the public office to communicate these requirements to contractors.

Recordkeeping requirements and electronic business systems

Much of the business that is conducted on public offices' behalf under outsourcing arrangements is done using electronic business systems, such as electronic messaging, databases or web technology. Regardless of the means by which the business is transacted, requirements for evidence apply.

Public offices should ensure that contractors are aware that records of the outsourced business that are created, generated or received using these technologies are subject to all the usual requirements of the State Records Act and the recordkeeping standards.

The whole of Government standard that is particularly relevant to the management of records of transactions performed using e-mail and other electronic business systems is the Standard on digital recordkeeping.

All appropriate recordkeeping requirement should be communicated to contractors

Any of these different types of recordkeeping requirements should be communicated to contractors as part of their recordkeeping responsibilities. They should be described in such a way as to be format independent.

Questions Example: Expressing recordkeeping requirements in format-independent terms
An example of a requirement for records that is communicated to contractor might be: 'records must be kept of all customer complaints received, including the complaint itself, the date the complaint was received and any follow up action taken', rather than 'all customer complaints letters received'.

The main way in which recordkeeping requirements are communicated to contractors is through the outsourcing contract. The requirements listed in the contract can then be used as a benchmark for monitoring the contractor's performance.

How to identify recordkeeping requirements

Recordkeeping requirements are identified by analysing documentary sources including legislation, by researching the business requirements of your public office and by conducting interviews with relevant staff.

Information Tip: 'DIRKS' Manual a key source for information on identifying recordkeeping requirements
Step C: 'Identification of recordkeeping requirements' from State Records' Strategies for Documenting Government Business: The 'DIRKS' Manual (2003) provides practical detail on identifying recordkeeping requirements.

Standards to be referenced

The key recordkeeping standards that public offices are required to follow in ensuring that contractors keep adequate records of the outsourced business are the Standard on Full and Accurate Records (1998) and the Standard on digital recordkeeping.

5.3 Specifying access rights and restrictions

Overview: Contractual arrangements should state that the public office retains an immediate right of access to all State records held by a contractor, and should address privacy, confidentiality and public access considerations.

Who can have access

A public office must ensure that it has access to the State records in the possession of a contractor. Access to records will be needed in order to undertake inspections to assess compliance with the requirements of the contract and meet other legal obligations such as dealing with applications under the Government Information (Public Access) Act 2009 and ensuring compliance with the Privacy and Personal Information Protection Act, 1998.

In addition, section 15 of the State Records Act states that State Records also has a right to access records in the control of a public office for monitoring purposes, whether the records are in the custody of the public office or a contractor.

Protection of personal, sensitive or commercially valuable records

Public offices should communicate to contractors their obligation to abide by the information protection principles in the Privacy and Personal Information Protection Act, 1998, unless they are subject to a separate privacy code of practice as allowed for under the Act.

Records generated in the course of Government business may be confidential because they relate to individuals, or have significant commercial value, particularly if it is used, linked or analysed in conjunction with other information or databases.

Contracts struck with service providers should therefore include provisions to protect private or sensitive information, that should point to the relevant policy statements of the public office, such as their Privacy Management Plan or equivalent.

Information Tip: Best practice information security
Public offices seeking to implement best practice in information security measures when making arrangements with contractors should refer to:
AS/NZS ISO/IEC 17799: 2001, Information Technology: Code of practice for information security management, 4.2.2 Security requirements in third party contracts (includes examples of terms to be included in an outsourcing contract relating to information security), and NSW Government Chief Information Office, Information Security Guideline. Available online: URL of Web site: http://www.gcio.nsw.gov.au

Public access to records 30 years of age and older

Where contractors have custody of records over long periods of time, the public office must ensure that the public access provisions of the State Records Act relating to records that are 30 years of age and older are met. This will involve making an 'access direction' (open or closed to public access) under section 51 of the State Records Act for any records of 30 years of age or more that are in the custody of the contractor. In such cases, the contractor may have to assume the role of access provider according to the provisions of the State Records Act.

Procedures for making access directions are available from State Records' web site.

Information Tip: Examples of access clauses for contracts
Suggestions for access rights and restrictions clauses for contracts are included in Appendix B.

5.4 Specifying records storage and handling arrangements

Overview: The safe custody and proper preservation of State records is required under section 11(1) of the State Records Act. Section 11 also requires the safe return of State records that go out of a public office's custody. Storage arrangements are therefore vital ingredients of any records management program, and should be addressed in outsourcing arrangements.

Requirements under the State Records Act

Under section 11 (2) of the State Records Act, a public office is required to

..ensure that arrangements under which a State record that it has control of but that is in the possession or custody of some other person include arrangements for the safe keeping, proper preservation and due return of the record.

This section essentially means that public offices need to ensure that contractors:

  • store the records securely
  • protect the records from deterioration and disaster
  • handle and transport the records in a safe and secure manner, and
  • return specified records at the end of the contract.

Standards to be referenced

In defining storage, transport and handling requirements for contractors, public offices should refer to the whole of government standards:

Standard on the Physical Storage of State Records (2012), and
Standard on Counter Disaster Strategies for Records and Recordkeeping Systems (2002).

Both standards are supported by guidelines for further information.

InformationTip: Examples of records storage and handling clauses for contracts
Some suggestions for records custody clauses for contracts are included in Appendix B.

5.5 Specifying authorised records disposal processes

Overview: Public offices have a responsibility to ensure that State records are disposed of in accordance with the State Records Act. The best way for a public office to achieve this in outsourcing arrangements is to specify to contractors in contracts those records disposal processes that are permitted, and those that are not. For long term outsourcing arrangements, public offices may wish to make contractual arrangements for the periodic destruction or transfer of certain classes of records.

Authorised disposal of State records

Public offices must prevent the unlawful disposal of any State records that are in the possession of contractors in outsourcing arrangements. This could include:

  • unauthorised destruction
  • transfer to a third party
  • transfer out of the State
  • neglect
  • damage, or
  • alteration.

Public offices can do this by:

  • communicating to contractors via the contract the authorised disposal processes that they (the contractors) are allowed to perform, and also those disposal processes that are prohibited.

Forms of disposal that could be authorised in an outsourcing contract

Some outsourcing arrangements last over long periods of time. In these cases, it may be practical to require the contractor to carry out destruction of records periodically. Similarly, the contractor might be required to periodically transfer records to semi-current storage or back to the public office.

QuestionsExample: Records disposal provisions in a contract
A Council may outsource the security operations for parks and reserves to one company on an ongoing basis, with built in reviews of service.
In this case, it would be sensible for the Council to specify in the contract that while the records of property access controls such as keys registers and security data logs are required to be retained for seven years, they (the contractor) are permitted to destroy records relating to property guarding such as rosters and daily and weekly security reports for 2 years after action completed. (Source: State Records, General disposal authority: local government records, s. 5.9.0 'Security'(2011)).

Forms of disposal that should be prohibited in an outsourcing contract

Records disposal that should be prohibited by a public office in an outsourcing contract should include disposal of State records that is carried out:

  • contrary to the records disposal provisions in the outsourcing contract
  • corruptly or fraudulently
  • for the purpose of concealing evidence of wrongdoing, or
  • for any other improper purpose.

InformationTip: Penalties for unlawful disposal of State records
It may be necessary in some cases to advise contractors that penalties exist for the unlawful disposal (including destruction or transfer to an unauthorised party) of State records. Under section 21 of the State Records Act, this penalty is 50 penalty units for each breach (in March 2003, this represented $5500 for each instance).

5.6 Specifying the return of records at the completion of the contract

Overview: Certain records that are created, received or generated in course of outsourced business are essential to the ongoing conduct of that business. Failure to ensure that these records are transferred back to a public office at the completion of an outsourcing contract can have serious consequences later in terms of business continuity and accountability. It would also constitute a breach of the State Records Act (s.21). It is therefore very important that the outsourcing contract makes clear which records should be returned to the public office at the end of the contract.

Records return provisions in the outsourcing contract

It is crucial that records records return arrangements are included in the contract with the service provider. Provisions should include:

  • restrictions on the contractor using the information contained in the records for commercial profit, unless otherwise allowed in the contract
  • arrangements regarding the manner in which the records are returned (for example, using secure transport), and
  • agreed timeframes for the return of the records.

Which records to require to be returned?

Ongoing needs for records at the end of a contract could include:

  • referral by the public office (or another contractor) for any reason
  • protection of sensitive or confidential information
  • use of the records to establish or protect the rights, entitlements or obligations of the State or an individual
  • records required to properly manage facilities or capital works owned by Government
  • records that document the expenditure of Government funds, such as the purchase of equipment or other assets, or
  • use for future research by the State or an individual.

QuestionsExample: Records may be required for ongoing maintenance of capital works
An engineering firm that was hired to build a bridge for a Council would be required to provide the Council with records relating to the bridge's design and construction, to facilitate the ongoing maintenance and safety monitoring of the bridge.

Return of equipment/technology dependent records

Arrangements must be made for the safe return of of all equipment / technology dependent records held by the contractor, including electronic copies on networks, disks and tapes. Receiving electronic records from a service provider on the completion of a contract that cannot be read by the public office's systems is not acceptable. Contractual arrangements should specify formats for electronic records that will be compatible with your public office's systems.

Return of control records

It is vital that your public office receives control system information along with any returned records, to enable the records to be accessed. Where records have been kept using records or document management software, information from the database of files / documents should be transferred. It may be, however, that more simple systems such as Excel spreadsheets or manual listings of records have been used. Regardless of their form, control records such as these should be specified to be returned along with the records themselves.

Returned records subject to normal disposal processes

Once they have been returned, the records of the outsourced business will become part of your public office's recordkeeping systems and therefore subject to normal disposal processes, such as destruction or transfer to semi-current storage or to State Records as archives. Guidance on disposing of State records is available from State Records' website.

6 Monitoring contractors' performance

Overview: Public offices are responsible for ensuring that all requirements specified in the outsourcing contract are met, including requirements relating to recordkeeping.

As part of your records management program

An effective records management program should be regularly measured. This includes that part of the program that is effectively implemented by a contractor on the public office's behalf. Mechanisms should be established to ensure that this measurement occurs, and that corrective action is taken as required, in line with the State Records' Standard on Managing a Records Management Program (1998), 'Principle 9: Measured'.

How to monitor records requirements in contracting arrangements

The contract serves as the benchmark for monitoring the contractor's compliance with the records requirements of the outsourced business.

The most efficient method of measuring a contractor's compliance is to periodically inspect the records of the outsourced business, either through a reporting regime established in the contract or by requesting that certain records be made available. It is important, therefore, that public offices ensure that contractual arrangements make clear their right to access records of the outsourced business for the purpose of monitoring.

QuestionsExample: Reporting regime
A public office might include in a contract a requirement that the contractor sends the public office copies of all records of serious complaints received by the contractor regarding the delivery of the service. In this way, the public office can monitor the delivery of the service and check that adequate records are being kept of the complaints received at the same time.

7 Keeping records of the outsourcing process

Overview: In addition to addressing the management of the records of the business that is being contracted out, it is important that your public office's own records of the contracting arrangements are created and dealt with appropriately.
This means these records should be captured into and kept in corporate recordkeeping systems and disposed of in accordance with approved disposal authorities.

Which records of the outsourcing process to create and keep?

A public office who is contracting out should keep full and accurate records of the contracting out process, including:

  • the tender specifications produced and records of their distribution to potential bidders
  • the tender and evaluation process, including reasons for the selection of the successful bidder
  • contracts, including any variations on contracts
  • financial records associated with the outsourced business
  • any correspondence with contractors, and
  • the results of any monitoring or evaluation of the contractors' work.

There are going to be variations and additional recordkeeping requirements for different public offices engaged in contracting out. A full analysis of the legal and business requirements and the community expectations for records of contracts should be carried out as part of establishing administrative arrangements for the contracting out project.

Disposal of records of the outsourcing process

Public offices should ensure that records of the outsourcing process are retained and disposed of in accordance with Part 3 of the State Records Act. The principal way that this will occur will be by reference to general or functional disposal authorities. For more information on authorised disposal of State records, go to State Records' guidance on disposing of State records.

InformationTip: Relevant disposal classes
In addition to any disposal classes relating the activity of outsourcing in your public office's functional retention and disposal authority, disposal classes relevant to this area have been included in the following retention and disposal authorities:

Appendix A: Contract inclusions checklist

Does the outsourcing contract include:
1. A listing of the recordkeeping requirements for the business being contracted out? Yes/No
2. A listing of the records that are to be returned to the public office at the completion of the contract? Yes/No
3. A specification of the format/s that the records are to be returned to the public office in at the completion of the contract? Yes/No
4. A statement regarding the public office's rights of access to the records of the outsourced business access for the duration of the contract? Yes/No
5. A requirement that basic control information is kept about the records of the outsourced business to facilitate access and retrieval? Yes/No
6. A requirement for the contractor to abide by the public office's privacy management plan or equivalent privacy statement in respect of the information it keeps for the purpose of the contract? Yes/No
7. A requirement for the contractor to cooperate fully with the public office in the event of an application under the Government Information (Public Access) Act relating to records of the outsourced business? Yes/No
8. Authorisation by the public office for the contractor to carry out specified disposal processes for specified classes of records? Yes/No
9. An undertaking that specified records and the control information required to access them will be returned to the public office at the completion of the contract? Yes/No
10. Dispute resolution procedures and penalties for breach of the contract, such as a failure to return records to the public office at the completion of the contract? Yes/No
11. Requirements for the contractor to store and handle records of the outsourced business in accordance with requirements drawn from the whole of Government standards on Physical Storage of State Records (2012) and Counter Disaster Strategies for Records and Recordkeeping Systems (2002)? Yes/No
12. Details of a mechanism by which the public office can measure the contractor's compliance with the records requirements of the contract? Yes/No

Appendix B: Examples of records clauses for contracts

Overview: In listing the following examples of records clauses for contracts, it is not suggested that these must be included in every outsourcing contract. They should be seen only as indicators of the types of statements that will assist your public office to adequately communicate its requirements to a contractor.

Records of (the outsourced business)

(Service provider) must create and keep records that fully document the operation and delivery of the service, including but not limited to:

  • (specific recordkeeping requirements listed here).

This includes records generated and kept using electronic technologies, such as e-mail.

Records format

(Service provider) must ensure that records of XYZ service, if created and maintained in electronic format, are kept in a standard format that will be easily migratable to (the public office)'s systems. In this case, the acceptable formats are:

  • (specific electronic / other formats listed here)

Access to records

(Public office) retains the right to access any records of (service provider) relevant to the delivery of (the outsourced business), for the purposes of monitoring compliance with this contract.

(Service provider) must ensure that:

  • data cannot be used for applications not specified in the contract (for example, to data match with databases owned by other clients of the contractor).
  • personal information is to only be used for the purpose for which it was gathered, in accordance with the Privacy and Personal Information Protection Act 1998, as amended from time to time, and
  • files and other official records are not to be shown to a third party without the written agreement of (the responsible public office).

(Service provider) must ensure that records are documented in manual or electronic control systems with basic identifying information, including (but not limited to) a unique identifier and location details.

Records storage and handling

Records (of the outsourced business) are to be kept in a stable environment, within the range of 15?C to 27?C temperature and 30% to 60% relative humidity.

Storage areas for magnetic media are protected from magnetic fields.

Records of (the outsourced business) that are in electronic format are backed up regularly, and copies of back up tapes are kept off-site.

Reporting

A report containing copies of records of the (XYZ activity) is to be forwarded to (the public office's contact person) every three months, starting three months after the commencement of the contract

Authorised disposal of records

(Service provider) is required to retain records of XYZ activity in its office for two years, and then destroy the records in a secure manner.

(Service provider) is not permitted to destroy any records of (the outsourced business) corruptly or fraudulently, for the purpose of concealing evidence of wrongdoing, or for any other improper purpose.

(Service provider) is not permitted to transfer records of (the outsourced business) to a third party for any purpose unless authorised to do so by (public office)

Return of records on completion of contract

The following records records of (the outsourced business) are to be returned to (public office) at the completion of the contract:

  • records of XYZ activity
  • records of ABC activity, and
  • any control records used to manage the above.

All records (of the outsourced business) created in the performance of this contract to be returned to (the responsible public office) in (an accessible) format. Nominated formats for electronic records are to be:

  • (format / application X), or
  • (format / application Y).

Bibliography

Audit Office of New South Wales, Contracting Out Review Guide. Available online: http://www.audit.nsw.gov.au

Department of Public Works and Services, At a Glance: NSW Government Procurement, 1999. Available online: http://www.dpws.nsw.gov.au

Department of Public Works and Services, Implementation Guidelines: NSW Government Procurement, 1999. Available online: http://www.dpws.nsw.gov.au

Department of Public Works and Services, Service Contracting Guidelines, 2000. Available online: http://www.dpws.nsw.gov.au

Independent Commission Against Corruption, Taking the Con Out of Contracting: Issues for local government procurement and contract administration, May 2001. Available online: http://www.icac.nsw.gov.au

NSW Government Chief Information Office, Guide to Labelling Sensitive Information, October 2002. Available online: URL of Web site: http://www.gcio.nsw.gov.au

NSW Government Chief Information Office, Information Security Guideline, 2003. Available online: URL of Web site: http://www.gcio.nsw.gov.au

NSW Department of Premier and Cabinet, FOI Procedures Manual, 2007. Available online: http://www.dpc.nsw.gov.au/__data/assets/pdf_file/0019/685/FOIManual15Aug07.pdf

Privacy and Personal Information Protection Act, 1998 (NSW). Available online: http://www.agd.nsw.gov.au/pc.nsf/pages/index

Standards Australia, AS/NZS ISO/IEC 19977:2001, Information Technology: Code of practice for information security management

State Contracts Control Board, Service Contracting Guidelines, March 2000. Available online: http://www.dpws.nsw.gov.au

State Records, Government Recordkeeping Manual. Available online: http://www.records.nsw.gov.au

State Records Act, 1998 (NSW). Available online: http://www.austlii.edu.au/au/legis/nsw/consol_act/sra1998156/

*Note: All online resource URLs were correct as at 24 February 2003

© State of New South Wales through the State Records Authority, 2003.
This work may be freely reproduced and distributed for most purposes, however some restrictions apply. See our copyright notice or contact us.
0-9750563-1-X