Standard on records management
Appendix A – Consolidated list of compliance requirements
Principle 1: Organisations take responsibility for records and information management
| YES | NO | ||
| 1.1 | Corporate records and information management is directed by policy and strategy. | ||
| 1.2 | Records and information management is the responsibility of senior management who provide direction and support for records and information management in accordance with business requirements and relevant laws and regulations. | ||
| 1.3 | Corporate responsibility for the oversight of records and information management is delegated to a designated individual (senior responsible officer). | ||
| 1.4 | Organisations have skilled records and information management staff or access to appropriate skills. | ||
| 1.5 | Responsibility for ensuring that records and information management is integrated into work processes, systems and services is delegated to business owners and business units. | ||
| 1.6 | Staff and contractors understand the records and information management responsibilities of their role, the need to make and keep records, and relevant policies and procedures. | ||
| 1.7 | Records and information management responsibilities are identified and addressed in all outsourced, cloud, contracted and similar service arrangements. | ||
| 1.8 | Records and information management is monitored and reviewed to ensure that it is performed, accountable and meets business needs. | ||
YES NO |
1.1 Corporate records and information management is directed by policy and strategy. |
1.2 Records and information management is the responsibility of senior management who provide direction and support for records and information management in accordance with business requirements and relevant laws and regulations. |
1.3 Corporate responsibility for the oversight of records and information management is delegated to a designated individual (senior responsible officer). |
1.4 Organisations have skilled records and information management staff or access to appropriate skills. |
1.5 Responsibility for ensuring that records and information management is integrated into work processes, systems and services is delegated to business owners and business units. |
1.6 Staff and contractors understand the records and information management responsibilities of their role, the need to make and keep records, and relevant policies and procedures. |
1.7 Records and information management responsibilities are identified and addressed in all outsourced, cloud, contracted and similar service arrangements. |
1.8 Records and information management is monitored and reviewed to ensure that it is performed, accountable and meets business needs. |
Principle 2: Records and information management support business
| YES | NO | ||
| 2.1 | Records, information and data required to meet short and long term needs of the business are identified. | ||
| 2.2 | High risk and/or high value areas of business and the systems, records and information needed to support these business areas are identified. | ||
| 2.3 | Records and information management is a designed component of all systems and service environments where high risk and/or high value business is undertaken. | ||
| 2.4 | Records, information and data are managed across all operating environments. | ||
| 2.5 | Records and information management safeguard records, information and data, including records with long term retention. | ||
| 2.6 | Records, information and data are sustained through system and service transitions by strategies and processes specifically designed to support business and accountability. | ||
YES NO |
2.1 Records, information and data required to meet short and long term needs of the business are identified. |
2.2 High risk and/or high value areas of business and the systems, records and information needed to support these business areas are identified. |
2.3 Records and information management is a designed component of all systems and service environments where high risk and/or high value business is undertaken. |
2.4 Records, information and data are managed across all operating environments. |
2.5 Records and information management safeguard records, information and data, including records with long term retention. |
2.6 Records, information and data are sustained through system and service transitions by strategies and processes specifically designed to support business and accountability. |
Principle 3: Records, information and data are well managed
| YES | NO | ||
| 3.1 | Records, information and data are routinely created, captured and managed as part of normal business practice. | ||
| 3.2 | Records, information and data are managed to ensure they are reliable and trustworthy. | ||
| 3.3 | Records, information and data are identifiable, retrievable and accessible for as long as they are required. | ||
| 3.4 | Records, information and data are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration. | ||
| 3.5 | Access to records, information and data is managed in accordance with legal and business requirements. | ||
| 3.6 | Records, information and data are kept for as long as they are needed for business, legal and accountability requirements, then disposed. | ||
| 3.7 | Records, information and data are systematically and accountably destroyed when legally appropriate to do so. | ||
YES NO |
3.1 Records, information and data are routinely created, captured and managed as part of normal business practice. |
3.2 Records, information and data are managed to ensure they are reliable and trustworthy. |
3.3 Records, information and data are identifiable, retrievable and accessible for as long as they are required. |
3.4 Records, information and data are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration. |
3.5 Access to records, information and data is managed in accordance with legal and business requirements. |
3.6 Records, information and data are kept for as long as they are needed for business, legal and accountability requirements, then disposed. |
3.7 Records, information and data are systematically and accountably destroyed when legally appropriate to do so. |
Download or print
Download Standard No 15 Standard on records management
Current as of Thursday, 03 April 2025.
Download Standard No 15 Appendix A
Current as of Thursday, 03 April 2025.
Download Standard No 15 Table of commentary
Current as of Thursday, 03 April 2025.
Download Standard No 15 Implementation guide
Current as of Thursday, 03 April 2025.
Request accessible format of this publication.