PEER CONSTRUCTIONS INTRANET

Information and records management policy

Having goods records management allows businesses to optimise their operations and protect the privacy of clients and their intellectual property.

Purpose

The purpose of this policy is to provide guidance and direction on the management of information and records throughout the information lifecycle.
 

Scope

This policy applies to all PEER Construction information and records, in all formats.

Requirements

Information governance requires that, information management activities are provided through annual Information Management Action Plans and are overseen by management.

Everyone plays a different role in records management. Assigning responsibilities for information asset management ensures the information asset is appropriately identified and managed throughout its lifecycle and is accessible to appropriate stakeholders.

Be aware of your roles and responsibilities.

The following are requirements of the policy.

Information and records management
Employees must capture all information and records that provide reliable and accurate evidence of business decisions and actions. PEER Construction retains and disposes of information and records in accordance with the Corporations Act 2011 and the Income Tax Assessment Act 1997.

All records must be captured in an approved records management system. These approved systems will appropriately support information and records management processes, and be secure from unauthorised access, damage, and misuse. Records must not be maintained in email folders, shared drives, personal drives, or external storage media.

To ensure PEER Construction employees have access to the right information at the right time, regardless of location, all records stored in the Digital File Management System (DFMS) must be captured digitally.

It is not necessary to attach paper copies of born-digital records to official folders.

Add digitised copies of born-physical records and attach the physical record to the official folder.

Employees should not dispose of records by either destruction, deletion, transfer, sale or donation, without prior approval from Information Management Services.

Records determined to be of historical or cultural significance to PEER Construction can be retained for longer than the minimum period required. This includes records contributing to the knowledge and understanding of aspects of PEER Construction history, culture, environment, and people.

Information accessibility
PEER Construction takes an open approach to information access encouraging a culture of information sharing to ensure organisational effectiveness.

Where required by legislative and business requirements, access restrictions are applied to protect individual employees or client privacy; sensitive
material; and records requiring restricted access.

Ownership of information, and records created or received during the course of business is vested in PEER Construction, unless otherwise agreed.

Information privacy

PEER Construction collects and uses personal information about its employees, management, apprentices, subcontractors, and others to operate effectively. Personal information held by PEER Construction is collected and managed in a responsible, secure manner, in compliance with the

Information Privacy Principles outlined in the Information Privacy Act 1988.

Access to personal information within PEER Construction is restricted to authorised employees with business process requirement.

Under the Information Privacy Act 1988, a person has the right to access PEER Construction documents that contain the person’s personal information. A person also has the right to amend, if inaccurate, incomplete, out of date or misleading, documents relating to their personal information.

PEER Construction will release requested documents to an applicant unless it is considered contrary to the public interest to do so, the documents are considered exempt under the Act, or documents are unable to be located.

Information security

PEER Construction demonstrates a commitment to maintaining a robust information security environment.

Public audience

Information intended for:

  • public use or consumption
  • distribution outside PEER Construction.

Internal audience

Information intended:

  • only for all employees and approved non employees of PEER Construction
  • strictly for distribution or use by a select group
  • information that is extremely sensitive and intended for use only by various named individuals.
Information integrity

All information and records management practices in PEER Construction are to be in accordance with this policy. Business processes must ensure the maintenance of reliable information and records.

Information asset register

Organisational information is created, collected, classified, and organised in a manner that ensures its integrity, quality, and security. The Information Asset Register records organisational information asset metadata to assist with information asset management, classification, and planning. The register outlines information asset: security, content type, location/source system, Information Asset Manager, Information Asset Administrator, and other related metadata.

The Information Asset Registers must be reviewed quarterly to maintain their value as evidence, electronic records must be inviolate. The Information Asset Register meets compliance and is being maintained property when it has been approved quarterly following an audit by senior management.

Your manager will provide information and records management training to PEER Construction employees to the level of their responsibility under this policy.

Information back up requirements

All data in any format should be regularly copied and archived for use in the event data recovery or restoration should become necessary.

Back up all data during PEER Construction’s off-peak hours this helps to avoid performance delays during office hours.

All backups to be stored off-site, in the cloud and one copy to be located at PEER Construction.

Make sure all backups are encrypted (to protect data from falling into wrong hands).

The appropriate team must perform backups for data they are responsible to protect.

Backups must be periodically tested to ensure they are recoverable.

Corporations Act 2011

Income Tax Assessment Act 1997

Information Privacy Act 1988

Intellectual property policy

Version 1.0 – Last updated 6/2/2022