Navigating the New Landscape of Records Management: Key Updates and Essential Practices

Introduction

Records management is constantly evolving, and as of February 2025, significant changes that will impact public sector agencies have come into effect. These updates, along with common challenges we observe in our audits, highlight the importance of robust and adaptable records management strategies. This blog post will guide you through the key changes and highlight crucial areas of focus.

Key Updates

Several important updates have recently been implemented, impacting how NSW public sector agencies manage their records:

• Standard 15 Replaces Standard 12:  The new State Records NSWStandard 15 places a critical emphasis on the role of IT, cyber security, cloud environments, and Information Asset Registers in effective records management.  All NSW public sector agencies will need to review their practices to ensure compliance.
• State Records NSW Standard 14 Replaces Standard 13:  New State Records NSWStandard 14 requires public sector agencies to reassess their physical storage protocols to remain compliant while many physical records are phased out.
• FA450 Supersedes GA39: This is a major change for NSW Local Government.   Functional Retention and Disposal Authority FA450 has replaced the GA39 General Retention and Disposal Authority: Local Government. This change necessitates a review of retention and disposal practices across Council to ensure compliance with new requirements.

The Rising Importance Information Management & Cybersecurity

State Records NSW Standard 15 includes a significant shift and focus on IT, cyber security, and cloud environments. In today's digital age, cyber security is more crucial than ever. With an increasing reliance on digital records, sharing platforms and cloud environments, protecting information from cyber threats is paramount. The updated standards place a strong emphasis on cyber security, ensuring that records management practices are not only efficient but also secure.

Effective cyber security measures help safeguard data integrity, prevent unauthorised access to information, and maintain the trust of stakeholders and the community.

Common Records Management Risks & Challenges

Beyond the legislative changes, our records management audits frequently reveal several recurring risks:

• Outdated or Non-Existent Records Management Strategies: Many organisations lack up-to-date strategies that align with their priorities…or they fail to implement existing strategies effectively.
• Misaligned Records Policies: Policies often don't reflect current roles, responsibilities, systems, and processes, leading to confusion and non-compliance.
• Limited Sentencing Activity: There is often insufficient sentencing activity for both electronic and physical records, resulting in storage inefficiencies, potential legal risks and increased cyber threats (i.e. larger ‘honeypot’ of records).
• Inadequate Assurance from Physical Storage Providers: Organisations may not seek sufficient assurance (or retain evidence) from third-party providers regarding the physical storage of records
• Unmanaged Network Drives: Limited review and management of documents stored on network drives, sharing platforms and other systems, with a lack of a documented strategy to move necessary documents to official recordkeeping systems.
• Insufficient Monitoring of Access Controls: Planned monitoring of Electronic Document and Records Management System (EDRMS) access controls is often lacking.
• Insufficient Staff Training: Mandatory training on records management roles and responsibilities is often limited, leading to inconsistent practices.

Recommendations and Better Practices:

To address these challenges and ensure compliance with the new standards, we recommend:

• Conducting a comprehensive review and update of your records management strategy and policies.
• Implementing regular sentencing activities for both electronic and physical records.
• Seeking and documenting assurance from physical storage providers.
• Establishing a robust monitoring program for electronic recordkeeping system security controls.
• Conducting spot-checks of record owner compliance.
• Providing comprehensive, mandatory and ongoing records management training for all staff.
• Developing and implementing a clear strategy for managing documents on network drives and migrating necessary documents to official recordkeeping systems.

 

Call to Action

Adapting to the new records management landscape requires proactive measures and a commitment to continuous improvement.

By addressing the key updates and common risks outlined in this blog, your organisation can strengthen its records management practices and ensure compliance.

If you require assistance in navigating these changes or would like to discuss your records management needs, please contact us for a consultation.