Manage public records when decommissioning business systems
Most business systems contain public records that must be captured and kept.
When a business system reaches end of life or is replaced, must ensure records in the system are identified, managed and either migrated, preserved or lawfully disposed of before the system is decommissioned.
The decommissioning business systems workflow and methodology 446.7 KB) will help you manage digital public records when decommissioning legacy business systems. It provides a transparent and defensible process for assessing the value of public records in business systems and determining the best strategy for managing them.
You should use this guidance alongside your ICT governance and change processes.
When to use this guidance
Use this process when a business system containing public records is being retired or replaced. Common situations covered include when records in the system:
- have already been migrated to another system
- are no longer accessible
- are accessible but not covered by a retention and disposal authorisation
- are accessible and covered by a retention and disposal authorisation.
More than one situation may apply within a single system.
Steps to decommissioning a business system containing public records
Confirm which public authority is responsible for the records contained in the system.
Responsibility usually sits with the authority that:
- created the records
- inherited the records through a machinery-of-government change
- is responsible for the function or business activity the records document
- otherwise controls the records.
Responsibility for records may be separate from ownership of the system itself. A public authority may still control records even where another entity operates or hosts the system. Control may exist where the authority has possession or custody of the records, or has the legal right or responsibility to access, manage or preserve them.
For example, a shared service provider may operate a system that contains records belonging to multiple public authorities.
If the system contains records belonging to other public authorities, involve them in the decommissioning process and obtain agreement before any disposal decisions are made.
If the responsible public authority cannot be identified, contact Queensland State Archives before disposing of any records.
Conduct an initial assessment to understand what the system contains and what can be retrieved.
Identify whether records:
- remain in the system
- can be accessed and used
- have already been migrated to another system.
This initial scan will help you determine which pathways to follow for managing the records.
Assess whether the records in the system are covered by a current and approved disposal authorisation issued by the Queensland State Archivist.
You can do this by identifying:
- the business function the system supports
- the activities and transactions captured by the system
- the types of records produced or stored.
Records that cannot be matched to an approved disposal authorisation are not eligible for disposal until an appropriate disposal authorisation is established. In some cases, a special appraisal decision may need to be sought.
If records have been migrated to another system, confirm that the migration was successful before decommissioning the source system.
As a condition for disposal of migrated source records , your public authority must have developed and documented a defensible process for migration, including appropriate quality assurance checks.
At a minimum, quality assurance checks should confirm that:
- all intended records are present in the target system
- record content is complete and unaltered
- metadata, attachments and contextual relationships remain accurate
- records remain accessible and usable
- integrity checks have been carried out where appropriate.
Evidence of migration checks, results and approvals must be retained for the life of the records under Disposal Authorisation 1137 Data quality and integrity validation in the General Retention and Disposal Schedule (GRDS).
Use the quality assurance checklist for decommissioning business systems 147.3 KB) to help document these outcomes as well as the disposal decisions for any source records.
All migration outcomes must first be verified and documented, and then approved by your public authority’s chief executive (or their authorised delegate with disposal responsibilities) before any disposal of source records can take place.
Document all disposal decisions, including:
- the records that were disposed of
- the disposal authorisation relied upon
- the date disposal occurred
- who approved the disposal
- the quality assurance checks completed beforehand.
These records of disposal decisions need to be retained for a minimum period of 50 years after the disposal of the related record, as per Disposal Authorisation 1131 Record destruction documentation in the General Retention and Disposal Schedule (GRDS).
Follow your ICT governance processes to retire the system once records have been appropriately managed.
This guidance focuses on managing the records during system decommissioning. Technical, security and operational activities should be managed through your internal ICT processes.
Records that have been migrated to the new system after decommissioning must continue to be managed and may be disposed of once they have reached their minimum retention period in a current disposal authorisation issued by the Queensland State Archivist.
Ensure storage arrangements support:
- ongoing access
- security requirements
- integrity monitoring.
Plan for technology change by scheduling periodic migration activities to ensure records remain complete, accessible and usable.