• Section 1 - Context
• Section 2 - Authority
• Section 3 - Scope
• Section 4 - Procedure
• Part A - Institutional Data
• Planning and Design
• Creation and Acquisition
• Management
• Storage and Retention
• Disposal
• Part B - Research Data
• Part C - Unofficial Information
• Creation
• Management 
• Destruction
• Responsibilities 
• Section 5 - Resources
• Section 6 - Definitions

Section 1 - Context

(1) This procedure documents the required steps for the effective management of RMIT Group data and information (Information) across the entire lifecycle. It applies to both Institutional and Research Data.

Section 2 - Authority

(2) Authority for this document is established by the Information Governance Policy.

Section 3 - Scope

(3) Throughout this procedure, RMIT means the RMIT Group. The RMIT Group is RMIT University and its controlled entities (e.g. RMIT Vietnam, RMIT Europe, RMIT Online and RMIT University Pathways (RMIT UP)).  

(4) This procedure applies to all individuals who manage, handle or process information for RMIT, including staff, students, casual employees, contractors, visitors and honorary appointees. This also includes third parties (e.g. suppliers) and agents of the organisation who are contractually bound to RMIT Policy.

(5) This procedure applies to information in all its forms, both digital and non-electronic formats, and should be read in conjunction with the Research Policy and the Information Technology and Security Policy.

Section 4 - Procedure

Part A - Institutional Data

(6) Institutional Data refers to Information that is governed by the Information Governance Policy, set out under each of the Information Domains defined in the Information Domain Register. It excludes Research Data as defined by the Research Policy, which is covered in Part B of this procedure. 

(7) The stages of information lifecycle applicable to Institutional Data include: Planning and Design, Creation and Acquisition, Management, Storage and Retention, and Disposal.

Planning and Design

(8) The Information Domain Register is established by the Information Governance Policy. It is RMIT’s enterprise data catalogue and must be maintained by and available to everyone with responsibility for managing Institutional Data.

1. Custodianship of sensitive information must be identified and catalogued in the Information Domain Register.
2. Information architecture must be documented in the Information Domain Register.
3. The authoritative source of master data and reference data must be declared and catalogued in RMIT’s Information Domain Register to enable its reuse.

(9) RMIT’s information assets support RMIT processes and can exist in many formats (e.g. a collection of reports, a database, Information contained in a database, etc.). 

(10) Data Management Strategies provide documented decisions and direction for the governance, accountability and maintenance of information in each information domain. Data Management Strategies will be endorsed by the Information Governance Board and approved by Information Trustees.

(11) RMIT records must be digital unless otherwise justified. Digitisation must be lawful and authorised.

Creation and Acquisition

(12) Information must be created and managed to provide evidence of RMIT activities, in accordance with the Retention and Disposal Standard. 

(13) Information must be collected in accordance with RMIT’s Privacy Statements and in compliance with the Privacy Policy.

(14) Information acquired from external sources for RMIT use must be governed as per Part A of this procedure. 

(15) Copies of Institutional Data approved for research use must be governed as per Part B of this procedure.

Management

(16) Data structures in systems must be documented and maintained consistently and accurately in a central repository.  The introduction or modification of data structures in systems must be governed by the System Administrator.

(17) Information created, managed and used at RMIT must be of high quality and measured in accordance with RMIT’s Data Quality Standard. The Data Quality Guideline provides practical guidance for staff to implement the Standard.

(18) All projects and initiatives must consider the impact on data and ensure that appropriate data management controls are in place.

(19) Master data refers to data that is common to different functions and is used in multiple processes. Master data usually describes entities that are participating in a transaction or event (e.g. information about a course, a person, or a location). Reference data is a type of master data that refers to data that is used to categorise other data (e.g. status codes), or related to information beyond the boundaries of the organisation (e.g. fields of study).

(20) Master data must be managed and stored in alignment with the approach specified in the RMIT Data Management Strategies.

(21) Common requirements for master data management across all Information Domains are:

1. master data created, managed and used must be of high quality and there must be processes in place to ensure its quality meets expectations
2. the data quality of master data must be tracked, managed and improved
3. accountability and responsibility for the management of master data must be identified
4. master data must have an identified system of record as its authoritative source
5. master data must be properly integrated across RMIT systems to preserve integrity (i.e. via the use of a unique identifier).

Storage and Retention

(22) Active records refer to information that is required for current use and execution of RMIT processes.

1. Active records must be managed in compliance with the Retention and Disposal Standard.
2. When migrating records between systems or formats, the Information Custodian must assess the retention requirements and must ensure that the value of the records is not lost and that the records continue to be managed beyond the life of the system, for as long as they are required.  

(23) Inactive records refer to information that is no longer required for current use and execution of RMIT processes, and has not been transferred for long term archiving and preservation.

1. Inactive records must be stored in authoritative source systems, which are compliant and certified for long-term retention of information and must be managed in compliance with the RMIT Retention and Disposal Standard.
2. Changes to Information Custodian responsibility and/or information classification for inactive records must be managed.

(24) Preserved records are records that have been transferred for long term archiving and preservation.

1. Records must be appraised and reclassified prior to preservation.
2. Preserved records must be managed in compliance with the Retention and Disposal Standard.

Disposal

(25) The Retention and Disposal Standard details the requirements for disposal of information at RMIT and includes Section 5 – Retention and Disposal Authority (RDA) which specifies the required retention periods for RMIT Information.

(26) The Retention and Disposal Guideline provides instruction for compliant disposal of RMIT information.

(27) Disposal of master data and reference data (e.g. deduplication) must preserve the referential integrity of records.

Part B - Research Data

(28) Research Data is defined by the Research Policy. It refers to Information in any format generated during research undertaken by RMIT researchers (staff and students). 

(29) The Research Data Management Procedure defines the lifecycle for Research Data. The procedure specifies that researchers must complete Research Data Management Plan prior to commencing research, and defines requirements for the collection; storage; ownership; access and sharing; Indigenous data sovereignty; confidentiality; retention; and destruction of Research Data.

(30) Research Data of archival and historical value must be managed in compliance with the Retention and Disposal Standard. 

(31) Information submitted to RMIT by HDR candidates as part of HDR Submission and Examination Procedure is governed under Part A of this document.

(32) Information submitted to RMIT by researchers as part of Dissemination of Research Outputs Procedure is governed under Part A of this document.

Part C - Unofficial Information

(33) Unofficial Information refers to Information that is not covered by Part A or Part B of this procedure. Unofficial Information is unrelated to official RMIT work duties or functions (e.g. holiday photos stored on Microsoft Teams, photo of child’s birth certificate stored on OneDrive, etc.).  Content in this category has no operational impact. This information is in scope of acceptable use according to the Information Technology and Security Policy.

Creation

(34) Unofficial Information should only be created or stored on RMIT systems when necessary.

(35) When Unofficial Information is used for RMIT purposes, it may become Institutional Data or Research Data and must be treated according to Part A or Part B as appropriate.

(36) The Acceptable Use Standard- Information Technology outlines both acceptable and unacceptable use of RMIT information technology for the storage of unofficial information.

Management 

(37) Unofficial Information should be minimised as the storage of such may carry additional risk and costs for RMIT.

(38) RMIT systems must not be the authoritative source of unofficial information. 

Destruction

(39) Unofficial information will be destroyed before or at termination of engagement between RMIT and the Information Custodian.

Responsibilities 

(40) Refer to the relevant policy.

Section 5 - Resources

(41) Refer to the following documents which are established in accordance with this procedure:

1. Retention and Disposal Standard
2. Retention and Disposal Guideline
3. Data Quality Standard
4. Data Quality Guideline
5. Source Data Extract Controls Standard
6. Master Data Management Standard
7. Data Management Strategies
8. RMIT Research Data Management Procedure
9. Acceptable Use Standard – Information Technology

Section 6 - Definitions