Freedom of Information request NDIA Offsite Data Record Storage Policy and Procedures.txt

Date: Thu, 08 Jul 2021 13:29:43 +1000
Subject: Freedom of Information request - NDIA Offsite Data Record Storage Policy and Procedures
From: Shirley <xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx>
To: FOI requests at NDIA <xxx@xxxx.xxx.xx>

Dear National Disability Insurance Agency,

Please provide a copy of the NDIA Offsite Data Records Storage Policy and Procedures. That is, the specific policy and procedures that guide, manage and evaluate the NDIA’s data records stored and/or accessed from the various NDIS physical sites or locations.

Context:

As a national Commonwealth entity, the NDIA occupies many physical locations [1]. Therefore, it is reasonable to assume that recorded data and information are contained both at NDIS locations and ‘other’ locations. That is, non-NDIA offices and controlled or managed physical space. According to the National Archives of Australia (NAA), this may present as a risk for Commonwealth Government Agency. As a result, the NAA provides specific guidance on conducting risk assessments [2], further suggesting that “Agencies may have other records management risks that apply specifically to their business functions. In addition, other general risks relating to outsourcing and data storage will need to be considered”. The NAA also provides guidance on other sources of information and regulatory compliance for Data Record Storage and management. This includes:

• Outsourcing digital data storage: Storing Commonwealth records in Data Centres, Digital Repositories and in the Cloud
• Risk Management: principles and guidelines (Australian Standard for Risk Management, AS/NZS ISO 31000:2009)
• ‘Security risk management’, Australian Government Protective Security Policy Framework (Attorney-General’s Department)
• Advice on Managing the Record keeping Risks Associated with Cloud Computing (Australasian Digital Record keeping Initiative)
• Australian Government Data Centre Strategy 2010–2025 (Department of Finance and Deregulation and Australian Government Information Management Office)
• Records Issues for Outsourcing including General Disposal Authority 25 (National Archives of Australia)

It is therefore reasonable to assume the NDIA’s policy and procedure aligns with these and other Commonwealth regulatory and legislative requirements.

Thank you for your assistance.

Yours faithfully,

Shirley

References:

1. NDIS (2021) Office and Contacts in your area, National Disability Insurance Agency, Australian Government, Available at: < https://www.ndis.gov.au/contact/locations >. Accessed [8 Jul 21]
2. NAA (2021) Records Management Risk Assessment Offsite Data Storage, version 1, National Archives of Australia, Australian Government, Available at: < https://www.naa.gov.au/sites/default/files/2019-09/IM-risk-assessment-offsite-data-storage.pdf>. Accessed [8 Jul 21]

-------------------------------------------------------------------

Please use this email address for all replies to this request:
xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx

Is xxx@xxxx.xxx.xx the wrong address for Freedom of Information requests to National Disability Insurance Agency? If so, please contact us using this form:
https://www.righttoknow.org.au/change_request/new?body=ndia

This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:
https://www.righttoknow.org.au/help/officers

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------