Unit of competency details

Unit descriptor 

This unit describes the performance outcomes, skills and knowledge required to determine and establish the rules for access and use of records in an organisation, including classifications and procedures for managing access over time.

No licensing, legislative, regulatory or certification requirements apply to this unit at the time of endorsement.

Application of the unit 

This unit applies to individuals with understanding and specialist knowledge, with depth in some areas of business or records systems. The application is in relation to individuals with specialist knowledge in business or records systems. These people will generally be senior staff in a specialist recordkeeping environment with responsibility for a team, though they may also be individuals with sole responsibility for recordkeeping systems within larger enterprises.

Prerequisite units 

Employability skills 

This unit contains employability skills.

Elements describe the essential outcomes of a unit of competency.

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the required skills and knowledge section and the range statement. Assessment of performance is to be consistent with the evidence guide.

ELEMENT 

PERFORMANCE CRITERIA 

1. Analyse access risks, rules and responsibilities

1.1. Establish, analyse and describe the impact of the legal and regulatory framework  on access to records for the unit or the entire organisation

1.2. Analyse organisational documentation and information , copies of appraisal reports and access conditions for records of comparable organisations

1.3. Review risk analyses and existing access rules for currency, and determine and document any necessary modifications

1.4. Analyse usage patterns of records in light of identified risks and existing access rules

1.5. Determine specific restrictions and other responses to regulatory obligations for records and activities

1.6. Determine responsibility for reviewing access decisions from gathered organisational documentation and information

2. Develop access strategy, classifications and rules

2.1. Consider factors impacting on access rights  in developing an access strategy from gathered information, based on established responsibilities for access to records, and in response to identified difficulties and risks

2.2. Determine broad access classifications and reasons for access restrictions  from regulatory requirements, identified risks and patterns of use of records within the jurisdiction

2.3. Compile criteria for applying access classifications to records based on gathered information and performed analyses

2.4. Develop rules for applying classifications

2.5. Circulate access classifications and draft rules to users of the business or records system for comment, identify and analyse exceptions, and modify classifications where appropriate

2.6. Determine compliance regime and jurisdictional access regime

2.7. Seek authorisation from appropriate body  for access classifications and procedures

3. Develop procedures to integrate into business or records system

3.1. Determine access permissions and restrictions for records by applying access rules

3.2. Establish and document categories of users  using analyses of access rules and records usage

3.3. Document access permissions and restrictions in relation to categories of users 

3.4. Establish mechanisms to control user access  applying to records and to users

3.5. Develop and document specifications for recording authorised use of records

3.6. Integrate authorised access procedures into business or records system rules and procedures, and document changes

4. Review and amend access classifications and rules

4.1. Develop procedures for reviewing access decisions and for responding to exceptions

4.2. Identify a hierarchy of responsibility for reviewing access decisions to comply with jurisdictional access regime

4.3. Communicate changes to access rules and procedures to all users

REQUIRED SKILLS AND KNOWLEDGE 

This section describes the skills and knowledge required for this unit.

Required skills 

• communication and negotiation skills to explain complex relationships and processes effectively to users and management, and to consult with relevant stakeholders
• information management skills to analyse and synthesise documentation, verbally delivered information, and observed behaviours
• information management skills to identify recordkeeping specifications to implement access control and records of use
• information management skills to use judgement and discretion with sensitive and confidential information
• leadership skills to create and implement achievable recordkeeping mechanisms and practices for others to follow
• literacy skills to prepare, compile, and write complex documents and reports, and to document complex relationships and processes
• problem-solving skills to solve recordkeeping problems
• technology skills to use equipment relevant to conducting recordkeeping activities.

Required knowledge 

• key provisions of relevant legislation from all forms of government, regulations, standards and documentation that may affect aspects of business operations, such as:

• AS 5044.1:2002 AGLS Metadata element set
• AS 5090:2003 Work process analysis for recordkeeping
• AS ISO 15489:2004 Records management
• AS ISO 23081.1:2006 Information and documentation - Records management processes - Metadata for records - Principles
• AS/NZS 4360:2004 Risk management
• Australian Stock Exchange(ASX) Principles of Good Corporate Governance
• ethical principles
• codes of practice
• archives and records legislation
• privacy and freedom of information
• occupational health and safety (OHS)

• general principles and processes of records management and records management systems, such as:

• systems of control
• records continuum theory
• mandate and ownership of business process

• organisational business functions, structure and culture
• organisational policies, strategies and procedures, particularly those relating to sensitive information
• principles and practices of diversity and cross-cultural communication.

EVIDENCE GUIDE 

The Evidence Guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment 

Critical aspects for assessment and evidence required to demonstrate competency in this unit 

Evidence of the following is essential:

• documenting usage and conducting a risk analysis of policies and procedures for implementing security and access rules
• reporting on a recordkeeping access strategy, classifications and rules
• documenting policies and procedures for recordkeeping in an organisation including access permissions, restrictions, and control mechanisms
• reporting on success of implementation and amendments made in response to monitoring the implementation of the recordkeeping system
• knowledge of organisational policies, strategies and procedures, particularly those relating to sensitive information.

Context of and specific resources for assessment 

Assessment must ensure:

• access to an actual workplace or simulated environment
• access to examples of records, recordkeeping system and policies
• access to office equipment and resources.

Method of assessment 

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

• assessment of written reports on the risk management plans, plans, strategies and monitoring reports
• direct questioning combined with review of portfolios of evidence and third party workplace reports of on-the-job performance by the candidate
• observation of presentations of reports on the recordkeeping requirements, strategies, policies and procedures
• oral or written questioning to assess knowledge and understanding
• review of authenticated documents from the workplace or training environment
• review of testimony from team members, colleagues, supervisors or managers.

Guidance information for assessment 

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, for example:

• administration units
• other knowledge management units.

RANGE STATEMENT 

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Legal and regulatory framework  may include:

• anti-discrimination legislation
• AS 1203:1996 Microfilming of engineering documents
• AS 2840:1986 Microfilming newspapers for archival purposes
• AS 3674:1989 Storage of microfilm
• AS 4003:1996 Permanent paper
• AS ISO 15489:2004 Records management
• award and enterprise agreements and relevant industrial instruments
• codes of practice
• corporation law
• ethical principles
• freedom of information legislation and principles
• healthcare
• tax, including income tax
• industrial relations
• OHS
• privacy laws
• statutory access
• superannuation

Organisational documentation and information  may include:

• guidelines
• legislation, regulations, case law and ethical codes of conduct
• policies and standards
• precedents
• recordkeeping requirements
• records disposal status and retention periods
• records themselves
• risk analyses
• rules
• strategic plans for recordkeeping and for maintaining usability and availability of records over time

Factors impacting on access rights  may include:

• codes of conduct
• common law rights protecting confidentiality
• copyright and intellectual property rights
• corporation law
• freedom of information legislation
• government records legislation
• power of attorney legislation
• privacy protection laws
• professional privilege

Reason for access restrictions  may include:

• age of records
• commercial value and intellectual property rights
• confidentiality (personal, professional or commercial)
• cultural protocols
• investigatory and law enforcement requirements
• monetary value
• physical integrity, state, fragility
• political, personal and physical sensitivity
• security classifications

Appropriate body  may include:

• external body designated by legislation governing recordkeeping for the jurisdiction
• senior manager responsible for recordkeeping policy for whole organisation
• statutory office holder designated by organisation's legislative warrant

Categories of users  may include:

• groupings according to:

• delegated authority
• identified categories of external stakeholders
• level within organisational hierarchy
• location within organisational structure
• professional grouping
• public access rights
• security clearance codes

Users  may include:

• staff members from:

• across the whole organisation or external
• internal business area

• parties to the business transactions
• those requiring the records for use unrelated to the original business recorded

Mechanisms to control user access  may include:

• electronic keys
• external stakeholders
• individual permissions
• legislative permissions
• pass-codes
• passwords
• redaction
• other physical means of restricting access

Unit sector 

Competency field 

Knowledge Management - Recordkeeping

Co-requisite units