State Records Home
Personal tools
You are here :: Home Recordkeeping in the NSW public sector Government Recordkeeping Manual Guidance Recordkeeping In Brief Recordkeeping In Brief 44 - Using shared services for records management
 

Recordkeeping In Brief 44 - Using shared services for records management

This guidance has been prepared to assist public offices using these types of shared services for records management, to help them ensure that they are establishing appropriate arrangements to meet their business needs and comply with the requirements of the 'State Records Act, 1998'.

About shared service arrangements

Government policy on shared services aims to promote more effective and efficient service delivery across NSW Government agencies. The aims of shared service arrangements include:

  • the consolidation of corporate services
  • better use of available technology, and
  • business process re-engineering for greater efficiency.

To achieve these aims, shared service arrangements generally involve a degree of standardisation to allow groups of organisations to use common technical platforms, systems and processes. 

Shared records management services

In records management, common models for shared services are:

  • sharing records management services amongst a group of public offices, such as geographically co-located or functionally similar organisations, or with a 'parent' organisation, or
  • using a third party provider of services such as the Department of Commerce's Central Corporate Services Unit (CCSU) or NSW Businesslink.

About this guidance

This guidance is not designed as advice on managing the recordkeeping issues associated with outsourcing core business activities (see instead State Records' guideline Accountable outsourcing: Recordkeeping considerations of outsourcing NSW Government business). This RIB could be used as a reference for:

  • the negotiation of contractual arrangements between service providers and public offices
  • clarifying the boundaries of public office / service provider responsibilities, or
  • explaining the nature of shared records management services to senior managers to assist in decision making.

When using a shared service provider always bear in mind 

You are accountable!

Outsourcing any function of your organisation, including one seen as 'support' or 'administrative', such as records management, does not diminish your organisation's responsibility to ensure that it is carried out properly and that all legal and business obligations are met. 

Importance of the contract or agreement

The primary means by which you can ensure that a shared service provider is giving you the best possible service and is helping you to meet your obligations is by building requirements into the contract or agreement you make with them. As with any contract or agreement, it should be clear the types and level of services being provided and dispute resolution mechanisms should be included. 

Chief Executive is responsible

The Chief Executive is responsible for ensuring that a public office complies with the State Records Act. A failure by your public office to meet its records management obligations even where most of these activities are 'outsourced' to a shared service provider signals a failure by its Chief Executive to comply with the State Records Act (s.10). Perhaps more significantly, records not being properly managed can result in loss of productivity, financial loss and public embarrassment for your organisation. 

Your records must remain under your organisation's control

Even when you have outsourced records management or storage, the records created and captured in the conduct of your business that may be managed or stored by a service provider remain the responsibility of your organisation. If your organisation terminates its arrangement with a service provider, your records and control information needed to use them must remain with you.

Service providers also create their own records in the provision of records management services to your organisation and other clients. Matters such as access to these records or the provision of copies should be mutually agreed and addressed in contractual arrangements. 

Outsourcing arrangements must be monitored

You have a responsibility to monitor your shared service provider and employ other checks to ensure that contractual arrangements are being met. Regular communication with and reporting from your service provider is recommended. This may take the form, for example, of periodic meetings or a monthly report.

Adequate monitoring of contracted out records management services can be more challenging for agencies without qualified records managers on staff. In cases like these, make sure the deliverables and performance measures from the contract are expressed in simple terms to allow non-records professionals to monitor the services effectively.

Tips for shared records management services users
  • Know the exact nature and extent of the records management services being provided.
  • Know the existing relationship, context and expectations already established (if any) between your corporate services manager and the shared services provider.
  • Use the minimum compliance requirements from the records management standards as a 'checklist' for determining what you want your service provider to deliver.
  • Build performance measures into monitoring arrangements with providers. (Examples of performance measures that can be built into monitoring arrangements are provided in State Records' guidelines Monitoring Recordkeeping Performance - see 'For more information', below).
  • Identify where the gaps are between what the shared service provider is delivering and what is needed to meet your agency's records management requirements (see 'Meeting the key obligations..', below).
  • When you want to address the gaps, partner with your shared service provider and discuss with them what initiatives your agency is planning to address the gaps. That way, the service provider will be able to support you with advice and will be better placed to help you to implement your initiatives.
Tips for small public offices using shared records management services
Instead of using third party providers, small public offices may enter into arrangements with larger, 'parent' agencies for the provision of certain records management services. Under these circumstances, it is important that arrangements address:
  • how the records of the small organisation are to be identified and managed as a separate class of records from those of the larger organisation (for example, if the same records management software system is to be used, will there be separate databases?)
  • how security and access restrictions on the smaller organisation's records will be complied with, and
  • monitoring and reporting arrangements so the smaller organisation can be confident the State Records Act's requirements are being met in respect of any of their records that are being managed by the larger organisation.

Meeting the key obligations under the State Records Act

The tables below set out some of the ways in which a public office might comply with the key records management obligations from the State Records Act and associated standards in partnership with a shared service provider. Please note, the information in the tables is intended to be indicative only and does not represent the only model for how such an arrangement might work.

Records management program

The State Records Act says 'each public office must establish and maintain a records management program for the public office in conformity with standards and codes of best practice from time to time approved under section 13' (Section 12(2)). Refer to State Records' Standard on Managing a Records Management Program (2004) to check the minimum compliance requirements that your public office must meet in establishing and maintaining a records management program.

A service provider may be contracted to..

..and the public office would..
  • assist the public office in the development of records management policy
  • approve and promulgate records management policy across the organisation, and
  • actively encourage staff to read and understand the policy.
  • assist the public office in the development of records management planning documentation
  • approve records management program planning documentation at the appropriate level and incorporate it into the public office’s normal planning mechanisms.
  • supply appropriately skilled and qualified people to carry out day to day records management activities or special projects
  • ensure that the records management program is staffed with appropriately skilled and qualified people; they may choose to contract out for some of those people/skills.
  • assist in the design and implementation and ongoing maintenance of new or enhanced corporate recordkeeping systems
  • provide support for the development of new or enhanced corporate recordkeeping systems in the form of funding, staff time or expertise, and
  • endorse new or enhanced recordkeeping systems at the highest levels in the organisation.
  • assist in the development of a functional retention and disposal authority, and
  • follow the public office's and State Records' rules and procedures for records disposal and transfer as required
  • ensure the public office has an up to date functional records retention and disposal authority, and ensure that staff are not carrying out unlawful disposal by authorising any records destruction or transfer.
  • report to the public office on service levels and progress towards meeting objectives, using mutually agreed performance measures
  • require the service provider to report regularly on how the provider is meeting contractual obligations and keep its own documentation on how it is meeting its obligations under the standards and the Act.

Obligation to protect records

The State Records Act says: 'Each public office must ensure the safe custody and proper preservation of the State records that it has control of' (section 11(1)). Refer to the State Records' standards on Physical Storage of State Records and Counter Disaster Strategies for Records and Recordkeeping Systems to check the minimum compliance requirements that your public office must meet in storing records and protecting them from disaster.

A service provider may be contracted to..

..and the public office would..
  • assist the public office in the assessment of risks affecting records, the identification of vital records and the development of a counter disaster plan, and
  • meet standards set by the public office regarding how records are to be stored and protected from disaster
  • endorse and promulgate the counter disaster plan, and
  • monitor its own compliance with the standards on storage and disaster management for any records that it manages or stores itself and any records managed or stored by service providers, including electronic records.

Full and accurate records

The State Records Act says: 'Each public office must make and keep full and accurate records of the activities of the office' (section 12(1)). Refer to the State Records' Standard on Full and Accurate Records and Standard on digital recordkeeping (2008)to check the minimum compliance requirements that your public office must meet.

A service provider may be contracted to..

..and the public office would..
  • assist the public office in identifying requirements for records that need to be met, to ensure that 'full and accurate' records are being kept
  • approve at a senior level and promulgate policy, procedures and business rules that support the keeping of full and accurate records.
  • build recordkeeping systems that will support the capture of keeping of these records and ensure that records in all formats are able to be kept as records as required
  • approve at a senior level the identified recordkeeping requirements that will be met by the public office.
  • assist in the development of procedures, business rules and training for staff on making and keeping records
  • promote and promulgate procedures and training to staff; managers leading by example, and
  • check to make sure that all staff are aware of and understand procedures and rules for recordkeeping.

Monitoring and reporting

The State Records Act says: 'public office must make arrangements with the Authority for the monitoring by the Authority of the public office's records management program and must report to the Authority, in accordance with arrangements made with the Authority, on the implementation of the public office's records management program' (section 12(4)).

A service provider may be contracted to..

..and the public office would..
  • supply the public office with information, demonstrate systems or cooperate in other ways in order to assist the public office to participate in monitoring arrangements
  • enter into monitoring arrangements with State Records such as records management surveys or inspections.

Equipment/technology dependent records

The State Records Act says: 'If a record is in such a form that information can only be produced or made available from it by means of the use of particular equipment or information technology (such as computer software), the public office responsible for the record must take such action as may be necessary to ensure that the information remains able to be produced or made available' (section 14(1)).

A service provider may be contracted to..

..and the public office would..
  • assist the public office by carrying out activities such as migration and conversion, monitoring records accessibility and recordkeeping system management that support long term accessibility of electronic records
  • be responsible for assigning responsibility for ensuring electronic records' accessibility over time, including both records management and IT related responsibility.

Disposal of records

The State Records Act says: 'Public offices may not dispose of State records, transfer their possession or ownership, take or send them out of New South Wales, or alter them, without the approval of State Records' (section 21).

A service provider may be contracted to..

..and the public office would..
  • assist in the development of an up to date functional retention and disposal authority
  • have the functional retention and disposal authority approved by the Chief Executive before it is submitted to State Records for approval.
  • manage ongoing implementation of records disposal (routine destruction, transfer to storage or archives etc)
  • respond to requests from the service provider to give internal authorisation for records destruction, transfer or other form of disposal, and
  • ensure staff are aware of the corporate policy and procedures in relation to records disposal.

Management of State archives

Public office records that are required to be kept as part of the State archives must be properly protected while they remain in the public office's custody. Public offices should contact State Records to discuss transfer or other options for their permanent preservation when they are no longer required for current business needs (State Records Act, Part 4 'Authority entitled to control of State records not currently in use').

A service provider may be contracted to..

..and the public office would..
  • assist the public office by carrying out systematic disposal activities, including transfer to State Records
  • ensure State archives are identified through the development of an up to date disposal authority and use of current general retention and disposal authorities.
  • comply with State Records' procedures for the transfer of records as archives
  • authorise the transfer of records to State Records as archives in accordance with State Records' procedures.

Public access to State records after 30 years

Each public office must ensure that the State records for which it is responsible and that are over thirty years old are the subject of an access direction. An access direction either opens or closes the records to public access (State Records Act, Part 6 'Public access to records after 30 years').

A service provider may be contracted to..

..and the public office would..
  • keep information on access directions made for records controlled in public office recordkeeping systems as required
  • make decisions about access to the public office's records that are more than 30 years old.
  • assist the public office in liaising with State Records regarding the making of access directions
  • ensure that access directions are authorised by the Chief Executive or Corporate Records Manager.

Compliance with other laws and standards affecting recordkeeping

There are a range of laws, standards and codes affecting recordkeeping practice that the supplier of the records management service may need to be advised of. Again, the best way to communicate requirements is via your contractual arrangements. Examples of such rules and standards are:

  • Privacy and Protection of Personal Information Act 1998, and your organisation's Privacy Management Plan
  • Government Information (Public Access) Act 2009 and your organisation's GIPA procedures
  • AS/NZS 7799.2: 2003, Information Security Management: Specifications for information security systems and your organisation's compliance strategy, and
  • any quality assurance standards your organisation is seeking to comply with.

For more information

AS/NZS ISO/IEC 17799: 2001, Information Technology: Code of practice for information security management, 4.2.2 Security requirements in third party contracts. Available for purchase from: http://www.standards.com.au

Premiers Department, C2002-01 Implementing the Shared Corporate Services Strategy, 2002.

State Records, Accountable outsourcing: Recordkeeping considerations of outsourcing NSW Government business , 2003.

State Records, Monitoring Recordkeeping Performance , 2004.


© State of New South Wales through the State Records Authority, 2006.
This work may be freely reproduced and distributed for most purposes, however some restrictions apply.
ISSN 1440-3978