Governance controls as of April 2019.

Lifecycle phase: Create and capture

Governance controlSource

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Public Records Act 2002

A process is in place to ensure the appropriate collection, storage, use, management and disclosure of records in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Information Privacy Act 2009

A process is in place to ensure the relevance of information in the University's possession.

Information governance roles and responsibilities are embedded across the University to support the management of broadcasted information.

Broadcasting Services Act 1992
Information governance roles and responsibilities are embedded across the University to support the management of information and data for electronic purposes.Electronic Transactions Act

A process is in place to ensure the appropriate collection and management of personal information in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Privacy Act 1988

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Education Services for Overseas Students Act 2000
Full and accurate records of students are captured with regards to any relevant policy, standards and guidelines.Education Services for Overseas Students Regulations 2001

Full and accurate records are created with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Records Governance Policy

A process is in place for the identification of records in possession of the University.

The University staff are aware of their roles and responsibilities in the management of records in the information asset register.

Information Asset Custodianship Policy
A process is in place for the description and classification of metadata information in possession of the University.Metadata (IS34)
Top of page

Lifecycle phase: Store, classify and secure

Governance controlSource
Information governance roles and responsibilities are embedded across the University to support the management of information and data for electronic purposes.Electronic Transactions Act

A process is in place to ensure the appropriate use and disclosure of personal information in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Privacy Act 1988

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Education Services for Overseas Students Act 2000

A process is in place to ensure the appropriate storage of records in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Information Privacy Act 2009
Top of page

Lifecycle phase: Manage and maintain

Governance controlSource

A process is in place for the safe keeping, proper preservation and return of records in possession of the University.

The University staff are aware of their roles and responsibilities in ensuring the safe keeping, proper preservation and return of records in possession of the University.

Public Records Act 2002
Information governance roles and responsibilities are embedded across the University to support the management of information and data.Public Records Act 2002
A process is in place to ensure the safe custody and preservation of records in the University's possession.Public Records Act 2002
A process is in place to ensure the safe custody and preservation of protected information in the University's possession.University of Queensland Act 1998
Information governance roles and responsibilities are embedded across the University to support the access of information and data.Information Privacy Act 2009
A process is in place to ensure the appropriate management of records in possession of the University.Information Privacy Act 2009

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Right to Information Act 2009

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Telecommunications (Interception and Access) Act 1979
Records providing evidence of the University activities are kept in accordance with legislation, policies and standards and are available for access when required by law.Cybercrime Act 2001

A process is in place to ensure the relevance of information in the University's possession.

Information governance roles and responsibilities are embedded across the University to support the management of broadcasted information.

Public Records Act 2002

A process is in place to ensure the protection and management of intellectual property in the University's possession.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Copyright Act 1968

A process is in place to ensure the appropriate management of personal information in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Privacy Act 1988
The University staff are aware of their roles and responsibilities in the management of records in possession of the University.Records Governance Policy
Information governance policies are consistent with broader agency frameworks and are embedded across the University to support the management of information and data.Records Governance Policy
A process is in place for the management of high-risk records in possession of the University.Records Governance Policy

A process is in place to ensure the appropriate management of records in possession of the University.

Information governance policies are embedded across the University to support the management of information and data

Information Governance Policy
The University staff are aware of their roles and responsibilities in the management of records in possession of the University.Information Asset Custodianship Policy

A process is in place for the management of metadata information in possession of the University.

Records providing evidence of the University activities are kept in accordance with policies and standards.

Metadata (IS34)
A process is in place for participation in whole-of-government metadata consolidation initiatives.Metadata (IS34)
Full and accurate records of activities are created and maintained in the Provider Registration and International Student Management System (PRISMS) database.National Code of Practice for Providers of Education and Training to Overseas Students 2018
Records providing evidence of the University activities are kept in accordance with this policy. Activities are reported to the ESOS agency for the University, and has up-to-date information on, specific aspects of the registered provider’s operations and any registered courses.National Code of Practice for Providers of Education and Training to Overseas Students 2018
An ISMS must be implemented and operated to ensure the protection of all information, application and technology assets.Information security policy (IS18:2018)

IT assets must be classified in accordance with the QGISCF.

All information transmitted over data communications networks must be secured in line with the Network transmission security assurance framework (NTSAF).

All services requiring user authentication must meet the requirements of the Queensland Government Authentication Framework (QGAF).

We must implement the Australian Signals Directorate (ASD) “Essential Eight” Strategies to Mitigate Cyber Security Incidents.

Information security policy (IS18:2018)
Top of page

Lifecycle phase: Share and reuse

Governance controlSource

A process is in place to ensure the appropriate access to the records in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Public Records Act 2002
A process is in place to ensure the safe custody and preservation of records in the University's possession.Public Records Act 2002
The University staff are aware of their roles and responsibilities when identifying, capturing and managing information.Public Records Act 2002
The University staff are aware of their roles and responsibilities when acquiring and using information.University of Queensland Act 1998

A process is in place for the proper use of records in possession of the University.

The University staff are aware of their roles and responsibilities in ensuring the proper use of records in possession of the University.

Information Privacy Act 2009
Information governance roles and responsibilities are embedded across the University regarding the use of intercepted information and data.Telecommunications (Interception and Access) Act 1979
A process is in place for the relevance of information for commercial electronic messages sent by the University.Spam Act 2003
The University staff are aware of their roles and responsibilities when using information for electronic messaging.Spam Act 2003

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Evidence Act 1995

A process is in place for the use of copyright literary works in possession of the University.

The University staff are aware of their roles and responsibilities in ensuring the management of intellectual property in possession of the University.

Copyright Act 1968

A process is in place to ensure the appropriate storage of personal information in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Privacy Act 1988

Full and accurate records of activities are captured with regards to any relevant policy, standards and guidelines.

Records providing evidence of the University activities are kept in accordance with legislation, policies and standards.

Education Services for Overseas Students Act 2000

A process is in place to ensure the protection and management of information in the University's possession.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Public Interest Disclosure Act 2013
Top of page

Lifecycle phase: Retain and archive

Governance controlSource

A process is in place to ensure the protection and management of information in the University's possession.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Public Interest Disclosure Act 2013
A process is in place for the use of records in possession of the University.Records Governance Policy
Top of page

Lifecycle phase: Dispose or destroy

 Source
Retention and disposal of information is managed in accordance with Queensland State Archives defined periods and the University's policies.Public Records Act 2002

A process is in place to ensure the appropriate access to the records in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the management of information and data.

Public Records Act 2002
Information governance roles and responsibilities are embedded across the University to support the disposal of information and data.Information Privacy Act 2009

A process is in place to ensure the appropriate disposal and disclosure of records in possession of the University.

Information governance roles and responsibilities are embedded across the University to support the disposal and disclosure of information and data.

Information Privacy Act 2009
Information governance roles and responsibilities are embedded across the University to support the disposal of intercepted information and data.Telecommunications (Interception and Access) Act 1979
A planned and authorised process is in place for the disposal of records in possession of the University.Records Governance Policy
Top of page