Skip links and keyboard navigation

Help shape the For government website by joining our user research panel.

Register now

High-value, high-risk and vital public records

Policy requirement 4 in the Records governance policy requires all public authorities to treat permanent, high-value and high-risk public records as a priority.

Permanent public records are the public records produced or received by your public authority that are of enduring value to Queensland. Find out how to identify permanent public records.

High-value public records are the public records that the public authority could not or would have great difficulty operating without.

High-risk public records are the public records that pose a significant risk to the public authority if they were misused, lost, damaged or deleted prematurely.

While all high-value public records are also high-risk, not all high-risk public records are high-value.

Find out how to assess and prioritise risks.

Vital public records

Knowing what and where your public authority's vital public records are will help your public authority maintain or re-establish operations during or after a disruption.

Vital public records plan

You should include a vital public records plan with your public authority's business continuity and disaster management plans.

A vital public records plan ensures critical public records:

  • have been identified and registered
  • are easily accessible in the event of a service disruption
  • are suitably stored and maintained, including regular review for currency and disposal.

Identify vital public records

We recommend identifying and monitoring your vital public records so you can prioritise protecting and accessing them.

Your vital public records should be identified as part of your public records governance framework.

Only a small percentage of public records are likely to be considered vital (approximately 5–10%). They will include all permanent public records identified under an approved retention and disposal schedule. Others may include:

  • your disaster management or business continuity plan (which should include a vital public records plan)
  • public records relating to core business operations (i.e. critical client services)
  • employee details, including contact information and payroll details
  • delegations of authority
  • current customer and stakeholder public records or registers
  • contracts, titles, and other signed original legal public records
  • licences, leases, or permits which enable the public authority to operate or perform a particular action
  • insurance public records
  • financial information (e.g. current or unaudited accounting and tax public records)
  • infrastructure plans, operational policies and procedures
  • public records relating to current or potential litigation
  • public records protecting the legal and financial rights of clients for which the public authority is responsible.

Vital public records may be temporary or permanent and exist in any format (e.g. physical, digital, audiovisual tapes, microfiche).

You can use a number of approaches to identify vital public records including:

  • reviewing the disaster management or business continuity plan for activities and public records needed during or after an exceptional event
  • reviewing risk assessments
  • examining organisational structures, policies and procedures
  • consulting with business managers and legal advisors
  • reviewing your public authority's statutory and regulatory responsibilities
  • considering business activities and related public records included in an approved retention and disposal schedule.

When identifying vital public records, remember:

  • to assess all of your public authority's public records, regardless of location and format
  • not all 'important' public records are vital to recovering core business operations.

When you assess public records, risk management principles may help to distinguish between vital public records, important public records, useful public records and non-essential public records.

Document and track vital public records

The easiest way to identify and document these public records is through a vital public records register. For each public record include:

  • brief description of public record type
  • explanation (e.g. brief explanation of why the public record is considered vital, its critical purpose, consequences of loss)
  • location (e.g. on-site, off-site, of original, of duplicate, server, data centre, backups, mirror sites)
  • date for review, update and disposal
  • format (e.g. hard copy, digital, audiovisual tape)
  • accessibility requirements (e.g. position, authorisation, access to storage if off-site, recovery protocols for systems).

Fields and entries in a vital public records register can include:

  • Public record type and description: public authority's revenue, expenditure, debt recovery, contracts, licences, legal documents, and public records scheduled for permanent preservation in an approved retention and disposal schedule
  • Explanation: why the public records would be of high risk if they were not available (e.g. accounting public records would be considered vital public records when current and/or unaudited)
  • Location: off-site, storage facility, data centre
  • Date for review: date scheduled for disposal–retain minimum of 7 years after end of financial year in which transaction was completed, then dispose
  • Format: paper, microfilm, tape, digital
  • Accessibility requirements: who is authorised to access the public records; will the public records be required in the event of a service disruption
  • Responsible department or work area (e.g. Corporate Services–financial management)
  • Application location (if digital): PDF, network drive, eDRMS
  • Title or unique identifier: if applicable
  • Frequency of update: how often this document will need to be updated to remain effective in the recovery of business operations.

How to manage vital public records

Vital public records should be easily accessible, up-to-date, and identified as critical to the recovery of business operations.

Vital public records need to be stored so that they are protected and accessible. This can be:

  • onsite using data backups, a fire and flood-proof safe or storage area
  • offsite in a data centre or storage facility with a high level of hazard protection (against fire, theft, flood, power failure)
  • across a variety of secure secondary locations.

Storage needs to be suitable for the public record format and identified risks.

You may need to duplicate or backup vital public records (marking as 'copy') in a variety of formats.

Backups or duplicates should be stored offsite to ensure they will not be affected by the same disaster, but are still accessible.

Last updated:
5 December 2024