NDIA Offsite Data Record Storage Policy and Procedures

There was a delivery error or similar, which needs fixing by the Right to Know team.

Dear National Disability Insurance Agency,

Please provide a copy of the NDIA Offsite Data Records Storage Policy and Procedures. That is, the specific policy and procedures that guide, manage and evaluate the NDIA’s data records stored and/or accessed from the various NDIS physical sites or locations.

Context:

As a national Commonwealth entity, the NDIA occupies many physical locations [1]. Therefore, it is reasonable to assume that recorded data and information are contained both at NDIS locations and ‘other’ locations. That is, non-NDIA offices and controlled or managed physical space. According to the National Archives of Australia (NAA), this may present as a risk for Commonwealth Government Agency. As a result, the NAA provides specific guidance on conducting risk assessments [2], further suggesting that “Agencies may have other records management risks that apply specifically to their business functions. In addition, other general risks relating to outsourcing and data storage will need to be considered”. The NAA also provides guidance on other sources of information and regulatory compliance for Data Record Storage and management. This includes:

• Outsourcing digital data storage: Storing Commonwealth records in Data Centres, Digital Repositories and in the Cloud
• Risk Management: principles and guidelines (Australian Standard for Risk Management, AS/NZS ISO 31000:2009)
• ‘Security risk management’, Australian Government Protective Security Policy Framework (Attorney-General’s Department)
• Advice on Managing the Record keeping Risks Associated with Cloud Computing (Australasian Digital Record keeping Initiative)
• Australian Government Data Centre Strategy 2010–2025 (Department of Finance and Deregulation and Australian Government Information Management Office)
• Records Issues for Outsourcing including General Disposal Authority 25 (National Archives of Australia)

It is therefore reasonable to assume the NDIA’s policy and procedure aligns with these and other Commonwealth regulatory and legislative requirements.

Thank you for your assistance.

Yours faithfully,

Shirley

References:

1. NDIS (2021) Office and Contacts in your area, National Disability Insurance Agency, Australian Government, Available at: < https://www.ndis.gov.au/contact/locations >. Accessed [8 Jul 21]
2. NAA (2021) Records Management Risk Assessment Offsite Data Storage, version 1, National Archives of Australia, Australian Government, Available at: < https://www.naa.gov.au/sites/default/fil...>. Accessed [8 Jul 21]

National Disability Insurance Agency

2 Attachments

  • Attachment

    attachment.delivery status

    0K Download

  • Attachment

    Freedom of Information request NDIA Offsite Data Record Storage Policy and Procedures.txt

    3K Download View as HTML

This is the mail system at host righttoknow.org.au.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<[NDIA request email]>: Host or domain name not found. Name service error for
name=ndis.gov.au type=MX: Host not found, try again