We found the 4 sampled LGs were generally managing the preservation and security of physical records well. However, the preservation and security of digital records could be improved.
Physical records were generally well managed
All of the sampled LGs stored physical records on site, with Canning and Mosman Park also using contracted offsite storage facilities to manage records. Security of on-site storage was generally well managed in the following areas:
- access restriction through logged card or key entry
- temperature and humidity controls
- fire alarms and suppression equipment
- disaster recovery kits.
However, EMRC had poor controls over who had access to keys to storage facilities and none of the LGs were meeting their RKP commitments to regularly inspect on-site storage facilities to ensure conditions were appropriate for their records. Mosman Park advised they no longer needed to regularly inspect because they had moved many of the records offsite. We noted they had not documented the decision that this RKP commitment was no longer relevant. When management considers RKP commitments are no longer relevant they should document those decisions and where necessary update the RKP and supporting policies and procedures.
We did not audit contracted offsite records storage facilities but we did visit one of the providers and observed good security and preservation arrangements. It is good practice for LGs to embed sound security, preservation and destruction arrangements into their contracts and satisfy themselves that they are being met.
Digital records recovery could be better
The 4 LGs we reviewed were at varying stages of maturity in planning for and implementing disaster recovery processes for their records. We found that 3 of the 4 LGs had a records disaster recovery plan, but 1 did not. None had tested their disaster recovery plans to check they met required timeframes for recovery of digital records. Results of our testing are summarised in Table 3.
We have previously reported on the importance of periodically testing disaster recovery plans, including for digital records . Such planning and testing is vital as it provides for the rapid recovery of important records in the event of an unplanned disruption affecting business operations and services. LG management should develop and regularly test disaster recovery plans.