1. The purpose of our procedure
This procedure outlines how records are created, managed, stored, accessed and disposed of, and gives effect to [Adelaide University’s Information Governance Framework].
Please read this procedure in conjunction with the Information Governance Policy.
2. Who our procedure applies to
This procedure applies to members of the Adelaide University community who create or manage records.
This procedure authorises the Chief Data and Analytics Officer to develop and maintain associated protocols.
3. Our records management procedure
This section describes how records must be created, maintained, accessed, stored, and disposed of in compliance with legislative and regulatory frameworks.
3.1 Record creation and capture
3.1.1 Adelaide University business activities must be documented in accordance with the Information Governance Policy and [Information Governance Framework].
3.1.2 Records must be created at the time of the activity or as soon as practicable thereafter (for example, meeting minutes, approvals, correspondence).
3.1.3 Records must be captured in approved Adelaide University systems of record such as, Content Manager, the official University recordkeeping system, or other systems that meet the relevant State Records Standards in accordance with the “Compliant Systems” requirements, as outlined in Section 3.7 of Information Governance Guideline V1 (State Records SA).
3.1.4 Email communications that record business activities, decisions, approvals or other actions of lasting value should be captured in an approved system of record with any supporting attachments.
3.2 Classification and metadata
3.2.1 Metadata standards must align with Standard – Minimum recordkeeping metadata requirements V1 (State Records SA). Metadata must enable retrieval and evidence of authenticity.
3.2.2 Records must be classified according to the [Data Management Procedure] and the Information Governance Policy.
3.2.3 Minimum metadata must be applied (including title, creator, date, subject, retention category or class).
3.2.4 Approved templates must be used for consistent metadata and classification in the University recordkeeping system, Content Manager.
3.3 Access, privacy, and security
3.3.1 Staff must restrict access to sensitive or restricted records to those with a demonstrable business need (‘need-to-know’).
3.3.2 System administrators must implement technical controls to enforce access restrictions.
3.3.3 Records containing personal information must be handled in accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (Office of the Australian Information Commissioner).
3.3.4 When a request is received under the Freedom of Information Act 1991 (SA), only the [FOI Officer] is authorised to process and release records.
3.3.5 Sensitive and restricted records must be classified accordingly and stored in approved repositories with appropriate access controls.
3.4 Retention and disposal
3.4.1 Records must be managed in accordance with the State Records Act 1997 (SA).
3.4.2 Staff must consult General disposal schedules (GDS) (State Records SA) and any approved University-specific schedules before disposing of records. Disposal must be documented and authorised by the Director, Information Governance or delegate under an approved disposal authority.
3.4.3 Permanent records must be transferred to the [University Archives] following approved transfer procedures.
3.4.4 The Senior Manager, Records Management maintains disposal logs, and the Manager, Special Collections and Archives oversees transfers. This process ensures compliance with the State Records Act 1997 (SA).
3.5 Research records
3.5.1 Researchers, including Graduate Research students, must create and store research data and documentation in approved Adelaide University research repositories.
3.5.2 Principal Investigators are responsible for ensuring their teams comply with the Australian Code for the Responsible Conduct of Research 2018 (Australian Research Council) and with retention requirements in funder agreements. Where funder-specific requirements are stricter than general schedules, they take precedence.
3.5.3 Where research involves Indigenous communities, researchers must adhere to the AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research. This includes obtaining appropriate cultural permissions before storing, accessing, or disposing of records.
3.6 Third-party and cloud systems
3.6.1 Business units seeking to store records with third-party or cloud providers must obtain approval from the Director, Information Governance.
3.6.2 Procurement and Legal teams must ensure that contracts include provisions for recordkeeping, privacy compliance, and data residency in Australia.
3.6.3 The Senior Manager, Records Management verifies that proposed systems can meet Adelaide University recordkeeping requirements, including retrieval and export in the event of contract termination without loss of metadata or record integrity.
3.7 Training, monitoring, and compliance
3.7.1 All staff must complete mandatory Information Management training within three months of commencing employment, with refresher training required annually.
3.7.2 The Information Governance team deliver training and conducts audits of compliance.
3.7.3 The Director, Information Governance ensures that sufficient resources are allocated to training and compliance monitoring.
3.7.4 Breaches of this procedure will be managed in accordance with the Information Breach Procedure.
4. Who holds a responsibility within this procedure
4.1 The Chief Data and Analytics Officer is required to:
- Ensure compliance with the State Records Act 1997 (SA).
- Allocate resources to support records management.
5. Definitions used in our procedure
Please refer to our Adelaide University glossary for a full list of our definitions.
Adelaide University community refers to a broad range of stakeholders who engage with Adelaide University and includes (but is not limited to) all students, staff, and non-staff members of Adelaide University including alumni, honorary title holders, adjuncts, visiting academics, guest lecturers, volunteers, suppliers and partners who are engaging with and contributing to the work of Adelaide University.
Disposal (data) means the secure and authorised destruction, deletion, or transfer of data that is no longer required to be retained, in accordance with the State Records Act 1997 (SA), Adelaide University records schedules, and approved destruction methods. Methods include secure destruction or transfer to archives.
Metadata means structured information that describes the context, content, structure and management of records and datasets throughout their lifecycle, enabling discovery, retrieval, use and control.
Record means information created, received or kept by Adelaide University in the conduct of its activities (including teaching, research and administration) and retained as evidence of those activities, regardless of format, medium, or location, as defined in the State Records Act 1997 (SA).
System of record means an authorised Adelaide University information system designated for the capture, storage, and management of official records.
6. How our procedure is governed
This procedure is categorised, approved and owned in line with the governance structure of Adelaide University and the offices and officers listed below.
| Parent policy | Information Governance Policy |
|---|---|
| Policy category | Corporate |
| Policy owner | Deputy Vice Chancellor – Corporate |
| Procedure owner | Chief Data and Analytics Officer |
| Procedure category | Corporate |
| Approving authority | Co-Vice Chancellors/Vice Chancellor and President |
| Responsible officer | Director, Information Governance |
| Effective from | 19 December 2025 |
| Review date | 6 months after date this version is approved |
| Enquiries | Interim Central Policy Unit/[Central Policy Unit] staff.policy.enquiries@adelaideuni.edu.au |
| Replaced documents | None |
7. Legislation and other documents related to our procedure
| Category | Documents |
|---|---|
| Associated procedures | [Data Management Procedure] Information Breach Procedure |
| Related policy documents | [Information Governance Framework] Information Governance Policy Collections Policy [Special Collections and Archives Procedure] |
| Referenced legislation | Information Governance Guideline V1 (State Records SA) Standard – Minimum recordkeeping metadata requirements V1 (State Records SA) |
| Related legislation | |
| External references | Australian Privacy Principles Guidelines (Office of the Australian Information Commissioner) Australian Code for the Responsible Conduct of Research 2018 | ARC AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research Information Management Standard V1.3 (State Records SA) ISO 15489-1:2016 Standard (Information and documentation — Records management) Previous policies – information management (National Archives of Australia) |
8. History of changes
| Date approved | To section/clauses | Description of change |
|---|---|---|
| 22 December 2025 | N/A | New procedure |
At the time of writing, Adelaide University’s organisational structure, position titles, and committee names have not been confirmed. Square brackets [ ] indicate placeholders for these details. Brackets are also used to identify policy elements that are subject to further decision-making or confirmation. These will be updated once final decisions are made.