Information and records management policy
Purpose
The purpose of this policy is to provide guidance and direction on the management of information and records throughout the information lifecycle.
Scope
This policy applies to all PEER Construction information and records, in all formats.
Requirements
Information governance requires that, information management activities are provided through annual Information Management Action Plans and are overseen by management.
Everyone plays a different role in records management. Assigning responsibilities for information asset management ensures the information asset is appropriately identified and managed throughout its lifecycle and is accessible to appropriate stakeholders.
Be aware of your roles and responsibilities.
The following are requirements of the policy.
Information and records management
All records must be captured in an approved records management system. These approved systems will appropriately support information and records management processes, and be secure from unauthorised access, damage, and misuse. Records must not be maintained in email folders, shared drives, personal drives, or external storage media.
To ensure PEER Construction employees have access to the right information at the right time, regardless of location, all records stored in the Digital File Management System (DFMS) must be captured digitally.
It is not necessary to attach paper copies of born-digital records to official folders.
Add digitised copies of born-physical records and attach the physical record to the official folder.
Employees should not dispose of records by either destruction, deletion, transfer, sale or donation, without prior approval from Information Management Services.
Records determined to be of historical or cultural significance to PEER Construction can be retained for longer than the minimum period required. This includes records contributing to the knowledge and understanding of aspects of PEER Construction history, culture, environment, and people.
Information accessibility
Where required by legislative and business requirements, access restrictions are applied to protect individual employees or client privacy; sensitive
material; and records requiring restricted access.
Ownership of information, and records created or received during the course of business is vested in PEER Construction, unless otherwise agreed.
Information privacy
PEER Construction collects and uses personal information about its employees, management, apprentices, subcontractors, and others to operate effectively. Personal information held by PEER Construction is collected and managed in a responsible, secure manner, in compliance with the
Information Privacy Principles outlined in the Information Privacy Act 1988.
Access to personal information within PEER Construction is restricted to authorised employees with business process requirement.
Under the Information Privacy Act 1988, a person has the right to access PEER Construction documents that contain the person’s personal information. A person also has the right to amend, if inaccurate, incomplete, out of date or misleading, documents relating to their personal information.
PEER Construction will release requested documents to an applicant unless it is considered contrary to the public interest to do so, the documents are considered exempt under the Act, or documents are unable to be located.
Information security
PEER Construction demonstrates a commitment to maintaining a robust information security environment.
Public audience
Information intended for:
- public use or consumption
- distribution outside PEER Construction.
Internal audience
Information intended:
- only for all employees and approved non employees of PEER Construction
- strictly for distribution or use by a select group
- information that is extremely sensitive and intended for use only by various named individuals.
Information integrity
All information and records management practices in PEER Construction are to be in accordance with this policy. Business processes must ensure the maintenance of reliable information and records.
Information asset register
Organisational information is created, collected, classified, and organised in a manner that ensures its integrity, quality, and security. The Information Asset Register records organisational information asset metadata to assist with information asset management, classification, and planning. The register outlines information asset: security, content type, location/source system, Information Asset Manager, Information Asset Administrator, and other related metadata.
The Information Asset Registers must be reviewed quarterly to maintain their value as evidence, electronic records must be inviolate. The Information Asset Register meets compliance and is being maintained property when it has been approved quarterly following an audit by senior management.
Your manager will provide information and records management training to PEER Construction employees to the level of their responsibility under this policy.
Information back up requirements
All data in any format should be regularly copied and archived for use in the event data recovery or restoration should become necessary.
Back up all data during PEER Construction’s off-peak hours this helps to avoid performance delays during office hours.
All backups to be stored off-site, in the cloud and one copy to be located at PEER Construction.
Make sure all backups are encrypted (to protect data from falling into wrong hands).
The appropriate team must perform backups for data they are responsible to protect.
Backups must be periodically tested to ensure they are recoverable.
Corporations Act 2011
Income Tax Assessment Act 1997
Information Privacy Act 1988
Intellectual property policy
Version 1.0 – Last updated 6/2/2022