Recordkeeping Framework for Departments and

Agencies: Policies and Requirements

 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Authority
This suite of policies and requirements is issued under section 8 (a) of The Archives and Recordkeeping Act (C.C.S.M. c. A132) which enables the
Archives of Manitoba to establish government-wide policies, standards, and guidelines for recordkeeping based on professional standards and
best practices. The Government Records Office (GRO), a unit within the Archives of Manitoba, is the central agency that administers these
responsibilities.

Acknowledgements
The Framework is based on the State Records Authority of New South Wales’ Standard on records management (2018) and Implementation
Guide (2023) and the Archives of New Zealand’s Information and records management standard (2016) and Implementation Guide (2022).

References
The policies and requirements are in accordance with the International Standards Organization (ISO) group of standards, technical reports, and
codes of best practice on Archives/records management - ISO/TC 46/SC 11.

Contents
Introduction ................................................................................................................................................................................................................... 3
Purpose .......................................................................................................................................................................................................................... 4
Scope .............................................................................................................................................................................................................................. 4
Intended outcomes ........................................................................................................................................................................................................ 4
Policy 1 – Governance: Departments and agencies are responsible for recordkeeping ............................................................................................... 5
Policy 2 – By design: Recordkeeping requirements are linked to business requirements ............................................................................................ 8
Policy 3 – Management regime: Records and information are well managed ........................................................................................................... 12

2
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Introduction
Records and information are key strategic assets of government and are the evidence of government business. In the Manitoba government,
records and information help departments and agencies plan for and achieve short-term and long-term outcomes that benefit citizens, business,
and government.

Ensuring that evidence of government business is created, captured, and managed is not simply about legislative compliance. A well-managed
information base is the foundation of responsible, accountable government. It is a public service duty that underpins data-driven evaluation,
responsible stewardship, and evidence-based decision-making in the public interest.

Records and information:

• provide the foundation for sustainable and effective programs, products, and services
• support decision-making
• outline responsibilities
• document rights and entitlements
• drive collaboration and communication
• facilitate and enable transformation, creativity, and growth
• preserve public knowledge for discovery and reuse
• make up the corporate memory of an organization
• support transparency and accountability

To provide these benefits, records and information need to be:

• routinely created and captured
• trustworthy
• available when needed, understandable, and usable
• secured and protected
• valued as critical to business operations
• part of an organization’s approach to risk management
• maintained and disposed of in an authorized way
• managed effectively and responsibly

3
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Purpose
This Framework sets out three high-level policies and corresponding requirements for effective records and information management in the
Manitoba government. It is designed to help departments and agencies understand their records management responsibilities and meet their
obligations under The Archives and Recordkeeping Act (ARA). The policies cover records and information in all formats, including both digital and
physical records, and special attention is focussed on digital recordkeeping as the Government of Manitoba continues its transition to digital
business processes.

The goal is to ensure that in complex business and information environments business is supported by sound, integrated records and
information management, generally referred to as recordkeeping. The policies should be implemented in conjunction with instructions,
directions, and any other standards or guidance issued by the Archives of Manitoba under the authority of the ARA.

Scope
The policies are applicable to all Manitoba government bodies, defined in ARA as: a government department, a government agency, 1 the
Executive Council Office, and the office of a minister. For the purposes of this Framework, government bodies are referred to as “departments”
or “departments and agencies.”

The Recordkeeping Framework can also be used by the Courts (ARA, s. 10) and the Legislative Assembly and officers (ARA, s. 11).

Intended outcomes
Departments and agencies that comply with the policies and requirements will:
• create trustworthy, useful, and accountable records and information in evolving business environments
• ensure that meaningful, accurate, reliable, and useable records and information are available whenever required for government business
• sustain and secure the records and information needed to support short and long-term business outcomes
• enable the reliable sharing of relevant records and information
• minimise records and information volumes, preventing unnecessary digital and physical storage and management costs
• proactively protect and manage the records and information that provide ongoing value to government business and to the public
• meet obligations and requirements of The Archives and Recordkeeping Act

1A government agency is defined as “any board, commission, association, agency, or similar body, whether incorporated or unincorporated, all the members of which, or all the
members of the board of management or board of directors or government board of which are appointed by an Act of the Legislature or by the Lieutenant Governor in Council,
and any other body designated as a government agency in the regulations.” This includes Manitoba Crown corporations.

4
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Policy 1 – Governance: Departments and agencies are responsible for recordkeeping

To ensure records and information can support all business functions and operations departments must:
• assign responsibilities and allocate resources
• develop business-specific strategies and priorities directing how records and information will be managed
• communicate responsibilities, strategies, and priorities throughout the department
• monitor recordkeeping activities, systems, and processes

Requirements Explanation Examples demonstrating compliance

1.1 Recordkeeping is Ultimate responsibility for recordkeeping lies with senior management. • Responsibility is identified in
the responsibility of They must provide direction and support and ensure recordkeeping meets department strategies and
senior management. legislative and business requirements in their department. policies.
• An executive lead is assigned by
Visible senior management commitment and support sets the expectation the Deputy Minister and this role
for staff to conduct business according to accepted standards of practice. is identified in recordkeeping
strategies and projects.
Responsibility for recordkeeping is cascaded down throughout the • Recordkeeping is a regular agenda
department, to various levels of management. item in management committee
meetings.

1.2 Recordkeeping must Governance frameworks are critical to effective recordkeeping practices. • A departmental-wide directive on
be directed by recordkeeping is adopted and
department-focused Departments must set a high-level strategy and internal policies for communicated.
strategy and policy. managing records and information in accordance with the ARA and the • Strategies and internal policies
GRO’s policies, standards, and guidelines. that align with GRO’s
government-wide policies are
developed to support program
areas.

5
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

1.3 Departments must Records management professionals are responsible for working with • Departments have a
have skilled records program managers and allied information professionals to lead or support recordkeeping professional.
management such activities as records scheduling, development of records classification • The role is identified in strategies
professionals. systems, analysis of recordkeeping requirements in business processes, and policies on recordkeeping and
design and implementation of records systems, and delivery of role- communicated throughout the
specific training. organization.
• The responsibilities, skills, and
A department must be able to access recordkeeping skills through capabilities are defined in job
recruitment, service providers, and by networking with other descriptions and performance
organizations. plans.
• The recordkeeping expert is
consulted in all business process
transformation and system design
projects.
• The recordkeeping expert is in
regular contact with the GRO.

1.4 Division, branch, This requirement places responsibilities more broadly within the • Responsibility is assigned and
and program area department. It reflects a business manager’s detailed understanding of the identified in a recordkeeping
management must take records and information produced by and necessary to perform their work, directive.
responsibility for and their responsibility for ensuring its management. • Roles and responsibilities are
integrating understood.
recordkeeping into Cascading responsibility to different business areas of the department lets • Recordkeeping requirements are
work processes, business unit staff and records and information staff work together to considered upfront in any
systems, and services. ensure that recordkeeping is integrated into business processes, systems, projects that impact physical or
and services. electronic records.

Departments with strong capacity consider recordkeeping requirements in

strategic, financial, and human resources planning; risk management; and
the development of policies, programs, services and systems.

Business managers must be aware that recordkeeping requirements are

needed when they move to a new service environment; develop new

6
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

business processes, systems, or services; or improve on existing business
processes, systems, or services (see Policy 2).

Business owners must demonstrate that they have considered

recordkeeping requirements and assessed risks as part of the business
development process.

1.5 All staff understand All staff, including contractors, must understand their recordkeeping • The recordkeeping directive is
their recordkeeping responsibilities. communicated to all staff.
responsibilities. • Policies and procedures outline
Policies, business rules, and procedures must include clear requirements staff responsibilities.
for creating and managing records and information. • Orientation and training are
tailored to the appropriate
Roles and responsibilities for recordkeeping must be defined, assigned, audience and support the
and communicated throughout the department, so that those responsible department’s recordkeeping
have the authority required to carry out their duties and the appropriate responsibilities and goals.
position and expertise. These roles and responsibilities include:
• Senior managers, who have overall program responsibility and are
expected to promote program compliance and allocate
resources/funding (see 1.1).
• Records management professionals, who establish and implement
policies, procedures, and standards (see 1.3).
• Program managers, who ensure that staff follow recordkeeping
guidelines to create and keep records to document business processes
(see 1.4).
• All staff, who must create and keep records in accordance with
recordkeeping guidelines, policies, and procedures.

1.6 Contracts and Corporate policy and strategy should include responsibilities for ensuring • Recordkeeping requirements
agreements must that records and information requirements are identified and met. have been analyzed and identified
consider recordkeeping Departments should undertake risk assessments and have recordkeeping (see 2.1).
requirements. issues addressed in any agreed upon contractual arrangements. • Recordkeeping requirements
have been incorporated into
contracts, agreements, and

7
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

Departments must ensure that the portability of records and information service arrangements in
and associated information about the records (metadata) is assessed and consultation with Legal Services
appropriately addressed in outsourcing and service contracts, instruments, and the GRO.
and arrangements.

1.7 Recordkeeping Policies alone will not guarantee good recordkeeping practices. Success • All processes and systems are
activities must be requires active and visible support by senior management and a reviewed regularly to ensure they
monitored and commitment to continuous improvement. are meeting business
reviewed. requirements and recordkeeping
best practices.
• Monitoring activities are
documented.

Policy 2 – By design: Recordkeeping requirements are linked to business requirements

Recordkeeping is a corporate activity designed to ensure the systematic creation, maintenance, usability, and sustainability of records needed
for business operations. Recordkeeping must be planned by management and linked to business requirements.
Program areas need to:
• analyze and define their key records and information requirements
• design and embed requirements into business processes and systems

Requirements Explanation Examples demonstrating compliance

2.1 Records and This requirement provides the foundation for managing records and • Functions and activities of the
information needed to information in all environments. department are analyzed to
support business must determine what records are
be identified and By analyzing and documenting functions and activities, each program area required to document activities.
documented. can identify what records and information it needs to support business. • Recordkeeping requirements are
integrated into documented
Decisions on what records and information are required should be business rules.
documented in business rules, policies, and procedures, and should also be

8
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

incorporated in system specifications (see 2.3). The department must • Up-to-date records schedules are
embody these decisions in records schedules (see 2.4). in place and regularly reviewed.

2.2 High-risk/high-value High-risk/high-value functions include those that: • Risks are identified, managed, or
areas of business and • protect the rights and entitlements of citizens mitigated.
the records and • protect public safety or health • Systems managing high-risk/high-
information needed to • collect and use sensitive personal information value records are protected by
support them must be • are subject to close scrutiny by the public or oversight bodies business continuity strategies and
identified. • allocate or spend large amounts of money plans.
• require long-term retention of records and information

By identifying high-value records and information at creation, a

department can better manage and use these core assets. Better
management can increase the value of information.

Departments must identify the potential risks to records and information

and mange or mitigate them. This includes protecting the systems that
manage records and information that are high-risk/high-value from loss
and damage.

Departments should set up appropriate security measures and business

continuity strategies and plans.

2.3 Recordkeeping must It is important to build in recordkeeping requirements from the start (see • Systems specifications include
be an essential Policy 3). recordkeeping requirements.
consideration in design • Systems design and configuration
of all systems. Where systems supporting high-risk/high-value records and information is documented and maintained.
have not included recordkeeping requirements, mitigation strategies must
be adopted. Systems that do not meet
requirements:
• are identified
• risks are mitigated

9
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

• are redesigned to include
requirements.

2.4 Records and Regardless of format, records that relate to the same transaction, case, or • Internal inventories, policies,
information are business event/decision should be managed comprehensively, so that they procedures, and processes
managed can easily be identified, retrieved, or disposed of. document where records are
comprehensively created and held, and in what
across all operating Records schedules are a basic mechanism for managing business records. form.
environments. They identify records held by government and provide an important • Records schedules are prepared
inventory for planning, protecting, and providing access (see 3.6). Under and approved.
The Archives and Recordkeeping Act, all government records must be
scheduled, regardless of how long they need to be kept or what format
they are in.

2.5 Recordkeeping is This requirement ensures that the Archives of Manitoba can identify which • Program areas develop records
designed to safeguard systems and service environments hold records and information with long- schedules in conjunction with the
records and information term or archival value. Archives, in order to identify
with long-term value. records with long-term value.
This requirement builds on requirements 2.1, 2.2 and 2.4 and works in • Records are kept in accordance
conjunction with approved records schedules. with approved records schedules.

Records and information designated as having archival value must be

safeguarded and managed appropriately over time to ensure authenticity,
reliability, trustworthiness, and accessibility.

Permanent or long-term records and information will outlive the systems

in which they currently reside and will also outlive outsourcing
arrangements and contracts with service providers. Departments must
ensure that they plan and manage the protection of permanent or long-
term records and information through transitions of systems (system
migration, conversion, and/or decommissioning) and changes to service
arrangements (termination of services, new outsourcing arrangements).

10
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

Permanent and long-term records must also be protected during and after
administration and machinery of government changes. This includes
records and information that must be transferred between organizations,
as well as records that may remain with the creating department.

2.6 Records and Rapid changes in information technology can leave critical business records • A migration strategy is
information and information inaccessible. Many government records need to be kept implemented and regularly
requirements are for longer than the expected lifespan of the systems they depend on. reviewed.
maintained through Ensuring continued access to electronic records requires inclusion of • The process of migrating or
systems and service retention requirements in system design and a planned approach to converting records, information,
transformations. migration. and metadata from one system to
another is managed to ensure
A department must have documented migration strategies, and records remain trustworthy and
appropriate planning and testing processes. These must ensure that accessible.
records and information are not ‘left behind’ or disposed of unlawfully. • The portability of records and
information and associated
A department must use a migration, conversion, and/or decommissioning
metadata is addressed in
process that ensures that records and information are kept for as long as
outsourcing or service
needed.
arrangements.
• The decommissioning of systems
follows the requirements for
disposing of records and
information.
• System documentation is
maintained.

11
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Policy 3 – Management regime: Records and information are well managed

Effective recordkeeping is based on trustworthy and reliable records and information that are accessible, reliable, and maintained for as long as
they are needed to meet business requirements. This extends to all formats, business environments, types of systems, and locations.

Requirements Explanation Examples demonstrating compliance

3.1 Records and Decisions about what records to create are business decisions that must be • Policies, business rules, and
information must be based on the requirements and obligations of the department and agency. procedures articulate staff
created and managed requirements and responsibilities
as part of normal Policy, rules, and processes articulate and inform the department and its for the creation, capture, and
business activities. staff of the requirements and responsibilities for creation, capture, and management of records.
management of records. • Assessments or audits
demonstrate that systems
A department must identify, assess the risk, resolve or mitigate, and operate routinely.
document any exceptions that affect the creation, integrity, accessibility, • Exceptions to routine operations
and usability of its records and information. that affect information integrity,
usability, or accessibility are
Staff and contractors must conform to policies, business rules, and identified, resolved, and
procedures to ensure records and information are routinely created and documented.
managed.

3.2 Records and A key purpose of records is to provide evidence of business activities. The • Systems are in place that create
information must be value of records as evidence depends on the department’s ability to and capture adequate metadata.
reliable and demonstrate that the records have not been modified or altered. • System audits test management
trustworthy. controls of systems, including
Demonstrating this requirement is accomplished by ensuring that records information integrity, reliability
have adequate descriptive information (metadata) to provide meaning and and trustworthiness.
context, and that the metadata remains associated with the record.

3.3 Records and A department must associate or link appropriate minimum metadata to • Testing verifies that systems can
information must be records and information to ensure they can be identified, retrieved, and locate and produce records and
identifiable, retrievable, shared. information that are viewable and
accessible, and usable. understandable.

12
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

To maintain the accessibility and usability of digital records and • Appropriate minimum metadata
information, an organization must ensure it regularly migrates or moves is in place.
records from one system or platform to another (see 2.5 and 2.6). • Appropriate storage of physical
records is deployed in the active
Departments must regularly test systems and perform assessments or phase (in office) and the
audits to demonstrate that the systems can locate and produce records Government Records Centre is
and information that can be read and understood. used to store semi-active records.

To maintain the accessibility and usability of physical records and

information, departments must keep them in appropriate storage areas
and conditions.

3.4 Records and Records and information must be protected. • Information security and
information must be protection mechanisms are in
protected from Clearly defined, documented, and distributed guidance and procedures are place.
unauthorized access, essential and the organization should implement appropriate security • Records and information are
alteration, loss, deletion mechanisms. protected wherever they are
and/or destruction. Security measures should include: located, including in transit,
• access and use permissions in systems outside the workplace, and on
• processes to protect records and information no matter where they are removable storage media or
located, including in transit and outside the workplace mobile devices.
• secure physical storage facilities • Assessments or audits can test
that access controls are
Undertaking regular assessments or audits will help a department verify implemented and maintained.
that access controls have been implemented and are working. • Physical records are stored at the
Government Records Centre
when active business use has
ceased.

3.5 Access to, use, and Departments must ensure that access to, use, and sharing of records and • Policies, business rules, and
sharing of records and information is in compliance with legal requirements such as The Freedom procedures identify how access,
information must be of Information and Protection of Privacy Act, The Personal Health

13
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Requirements Explanation Examples demonstrating compliance

managed appropriately, Information Act, The Mental Health Act, The Child and Family Services Act, use, and appropriate sharing of
in line with legal and The Youth Criminal Justice Act, etc. information are managed.
business requirements. • Assessments and audits confirm
Undertaking regular assessments or audits of systems will help access requirements.
departments verify that access to, use, and sharing of records and
information is managed in accordance with business requirements and
legal obligations.

3.6 Records and Records schedules are a basic mechanism for managing business records. • Retention requirements are
information are kept for They establish minimum retention periods and are required to authorize identified and reflected in up-to-
as long as needed for disposal of all government records. Records schedules should be regularly date, approved records
business, legal, and reviewed to ensure they reflect current recordkeeping arrangements and schedules.
accountability needs. • Policies, business rules, and
requirements. procedures support retention
Records must be scheduled and disposed of according to the provisions of requirements.
authorized records schedules. This includes records located in business • Records that have been
systems, in outsourcing or service agreements, or in physical storage. designated as archival are
protected and maintained
A department must implement policies, business rules, and procedures to according to the provisions of
ensure that records and information are kept for as long as required and in approved records schedules and
accordance with approved records schedules. the direction of the Archivist of
Manitoba (see 2.5).

3.7 Records and Records (physical and digital) must be disposed of in accordance with • Disposal complies with authorized
information must be approved records schedules and Government Records Office policies and records schedules.
systematically disposed procedures. • GRO procedures and processes
of when no longer for disposal of records and
required, and when information are followed.
authorized and legally • Disposal of records and
appropriate to do so. information is documented.

14
 Recordkeeping Framework for Departments and Agencies:
Policies and Requirements

Further information
For definitions of specific terms used in this policy, refer to the Glossary of Records and Information Management Terms.

To obtain a baseline and measure progress in meeting the policy requirements see Compass: A Capacity Assessment Tool for Recordkeeping.

Version Control
Initiated July 2017
Final Draft February 2018
Endorsed by the Archivist of Manitoba April 2018
Published May 2018
Revision Initiated January 2024
Version 2 Finalized March 2024
Endorsed by the Archivist of Manitoba March 2024
Published March 2024

Government Records Office, Archives of Manitoba

T: 204-945-3971 | E: GRO@gov.mb.ca
Visit our website to learn more about Government Recordkeeping

15