Records Management Policy

  1. Purpose

The Records Management Policy establishes principles for managing institutional records, ensuring compliance with legislative obligations under the Higher Education Standards Framework (Threshold Standards) (HESF) 2021 and Privacy Act 1988, while safeguarding the integrity, security, and accessibility of records as corporate assets. This policy should be read in conjunction with the Records Management Procedures and Privacy Policy.

  1. Scope

This policy applies to all staff, contractors, and affiliates handling records (physical or electronic) including, but not limited to:

  • student enrolment, progression, and qualifications
  • academic integrity
  • governance, finance and human resources
  • complaints, misconduct, and critical incidents
  1. Definitions

See Glossary of Terms.

  1. Policy statements

4.1 The Institution embeds robust records management protocols throughout its operations so that accurate records are maintained and sensitive data is handled securely in compliance with the Higher Education Standards Framework 2021 and Privacy Act 1988.

4.2 The Institution maintains accurate and up-to-date records of all aspects of its operations including admission, enrolments, progression, completions and award of qualifications.

4.3 The Institution prevents unauthorised or fraudulent access to private, sensitive or personal information, including information where unauthorised access may compromise academic integrity.

4.4 The Institution documents and records responses to formal complaints, allegations of misconduct, breaches of academic integrity and critical incidents.

4.5 All records are stored securely with access given to authorised users only in order to safeguard information and protect the privacy of individuals.

4.6 Personal information held by the Institution is governed by the practices, protocols and systems outlined in the Privacy Policy.

4.7 The Institution stores its digital records in password-protected systems with encryption and its physical records in secure locations.

4.8 Records created or received prior to 2019 may be stored in hard copy format. Physical records are stored in secure locations, and in a to avoid damage and deterioration.

4.9 Records are retained for the minimum retention periods as specified in the Records Management Procedures.

4.10 Records may be disposed securely and confidentially in accordance with the timeframes in the Records Management Procedures.

4.11 External requests for records require written consent from the individual or a legal mandate.

4.12 Breaches of this policy may result in disciplinary action under the Staff Code of Conduct in the Employee Handbook or legal penalties under the Privacy Act

  1. Roles and responsibilities

5.1 The PVC (Employability) and Registrar is the responsible officer of this policy and is responsible for fostering a culture of excellent records management practices.

5.2 Managers are responsible for:

  • training staff on the Institution’s records management protocols;
  • monitoring staff under their supervision to ensure they understand and comply with this policy;
  • promoting good record management practices; and
  • reporting any identified breaches of compliance.

5.3 Staff are responsible for:

  • correct management and security of data, information and records;
  • implementing this policy across all aspects of their daily work;
  • ensuring they do not access information they are not authorised to access;
  • and handling all personal information in accordance with the Privacy Policy.
  1. Related documents

Records Management Procedures
Privacy Policy

  1. Change history
Summary of changes Approved by Approval date
Created Board of Directors 26 March 2021
Comprehensive review. Mainly editorial changes. Board of Directors 9 September 2025