This unit applies to individuals with understanding and specialist knowledge, with depth in some areas of business or records systems. The application is in relation to individuals with specialist knowledge in business or records systems. These people will generally be senior staff in a specialist recordkeeping environment with responsibility for a team, though they may also be individuals with sole responsibility for recordkeeping systems within larger enterprises. |
ELEMENT | PERFORMANCE CRITERIA |
1. Analyse access risks, rules and responsibilities | 1.1. Establish, analyse and describe the impact of the legal and regulatory framework on access to records for the unit or the entire organisation 1.2. Analyse organisational documentation and information, copies of appraisal reports and access conditions for records of comparable organisations 1.3. Review risk analyses and existing access rules for currency, and determine and document any necessary modifications 1.4. Analyse usage patterns of records in light of identified risks and existing access rules 1.5. Determine specific restrictions and other responses to regulatory obligations for records and activities 1.6. Determine responsibility for reviewing access decisions from gathered organisational documentation and information |
2. Develop access strategy, classifications and rules | 2.1. Consider factors impacting on access rights in developing an access strategy from gathered information, based on established responsibilities for access to records, and in response to identified difficulties and risks 2.2. Determine broad access classifications and reasons for access restrictions from regulatory requirements, identified risks and patterns of use of records within the jurisdiction 2.3. Compile criteria for applying access classifications to records based on gathered information and performed analyses 2.4. Develop rules for applying classifications 2.5. Circulate access classifications and draft rules to users of the business or records system for comment, identify and analyse exceptions, and modify classifications where appropriate 2.6. Determine compliance regime and jurisdictional access regime 2.7. Seek authorisation from appropriate body for access classifications and procedures |
3. Develop procedures to integrate into business or records system | 3.1. Determine access permissions and restrictions for records by applying access rules 3.2. Establish and document categories of users using analyses of access rules and records usage 3.3. Document access permissions and restrictions in relation to categories of users 3.4. Establish mechanisms to control user access applying to records and to users 3.5. Develop and document specifications for recording authorised use of records 3.6. Integrate authorised access procedures into business or records system rules and procedures, and document changes |
4. Review and amend access classifications and rules | 4.1. Develop procedures for reviewing access decisions and for responding to exceptions 4.2. Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime 4.3. Communicate changes to access rules and procedures to all users |
|
Required skills |
communication and negotiation skills to explain complex relationships and processes effectively to users and management, and to consult with relevant stakeholders information management skills to analyse and synthesise documentation, verbally delivered information, and observed behaviours information management skills to identify recordkeeping specifications to implement access control and records of use information management skills to use judgement and discretion with sensitive and confidential information leadership skills to create and implement achievable recordkeeping mechanisms and practices for others to follow literacy skills to prepare, compile, and write complex documents and reports, and to document complex relationships and processes problem-solving skills to solve recordkeeping problems technology skills to use equipment relevant to conducting recordkeeping activities. |
Required knowledge |
key provisions of relevant legislation from all forms of government, regulations, standards and documentation that may affect aspects of business operations, such as: AS 5044.1:2002 AGLS Metadata element set AS 5090:2003 Work process analysis for recordkeeping AS ISO 15489:2004 Records management AS ISO 23081.1:2006 Information and documentation - Records management processes - Metadata for records - Principles AS/NZS 4360:2004 Risk management Australian Stock Exchange(ASX) Principles of Good Corporate Governance ethical principles codes of practice archives and records legislation privacy and freedom of information occupational health and safety (OHS) general principles and processes of records management and records management systems, such as: systems of control records continuum theory mandate and ownership of business process organisational business functions, structure and culture organisational policies, strategies and procedures, particularly those relating to sensitive information principles and practices of diversity and cross-cultural communication. |
The Evidence Guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package. | |
Overview of assessment | |
Critical aspects for assessment and evidence required to demonstrate competency in this unit | Evidence of the following is essential: documenting usage and conducting a risk analysis of policies and procedures for implementing security and access rules reporting on a recordkeeping access strategy, classifications and rules documenting policies and procedures for recordkeeping in an organisation including access permissions, restrictions, and control mechanisms reporting on success of implementation and amendments made in response to monitoring the implementation of the recordkeeping system knowledge of organisational policies, strategies and procedures, particularly those relating to sensitive information. |
Context of and specific resources for assessment | Assessment must ensure: access to an actual workplace or simulated environment access to examples of records, recordkeeping system and policies access to office equipment and resources. |
Method of assessment | A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit: assessment of written reports on the risk management plans, plans, strategies and monitoring reports direct questioning combined with review of portfolios of evidence and third party workplace reports of on-the-job performance by the candidate observation of presentations of reports on the recordkeeping requirements, strategies, policies and procedures oral or written questioning to assess knowledge and understanding review of authenticated documents from the workplace or training environment review of testimony from team members, colleagues, supervisors or managers. |
Guidance information for assessment | Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, for example: administration units other knowledge management units. |
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included. | |
Legal and regulatory framework may include: | anti-discrimination legislation AS 1203:1996 Microfilming of engineering documents AS 2840:1986 Microfilming newspapers for archival purposes AS 3674:1989 Storage of microfilm AS 4003:1996 Permanent paper AS ISO 15489:2004 Records management award and enterprise agreements and relevant industrial instruments codes of practice corporation law ethical principles freedom of information legislation and principles healthcare tax, including income tax industrial relations OHS privacy laws statutory access superannuation |
Organisational documentation and information may include: | guidelines legislation, regulations, case law and ethical codes of conduct policies and standards precedents recordkeeping requirements records disposal status and retention periods records themselves risk analyses rules strategic plans for recordkeeping and for maintaining usability and availability of records over time |
Factors impacting on access rights may include: | codes of conduct common law rights protecting confidentiality copyright and intellectual property rights corporation law freedom of information legislation government records legislation power of attorney legislation privacy protection laws professional privilege |
Reason for access restrictions may include: | age of records commercial value and intellectual property rights confidentiality (personal, professional or commercial) cultural protocols investigatory and law enforcement requirements monetary value physical integrity, state, fragility political, personal and physical sensitivity security classifications |
Appropriate body may include: | external body designated by legislation governing recordkeeping for the jurisdiction senior manager responsible for recordkeeping policy for whole organisation statutory office holder designated by organisation's legislative warrant |
Categories of users may include: | groupings according to: delegated authority identified categories of external stakeholders level within organisational hierarchy location within organisational structure professional grouping public access rights security clearance codes |
Users may include: | staff members from: across the whole organisation or external internal business area parties to the business transactions those requiring the records for use unrelated to the original business recorded |
Mechanisms to control user access may include: | electronic keys external stakeholders individual permissions legislative permissions pass-codes passwords redaction other physical means of restricting access |
Unit sector |
Knowledge Management - Recordkeeping |
This unit contains employability skills. |
Not applicable.