Managing Digital Records
The State Records Commission (SRC) Standard 1 Government Record Keeping, Standard 2 Record Keeping Plans and Standard 8 Managing Digital Information require State organisations to ensure that State records, including digital information, are created, managed and maintained over time. Records should also be disposed of in accordance with principles and standards issued by the State Records Commission.
Recommended methods for managing digital records rather than managing information within network drives are to:
- capture digital records into a record keeping system such as an Electronic Document and Records Management System (EDRMS)
- integrate Business Information Systems (BIS) with EDRMS or build record keeping functionality into BIS to ensure appropriate records capture and management, OR
- where a business need determines that a hard copy is required, print and file the document in a secure records storage space.
State organisations with limited resources may use network drives as a temporary solution before implementing an EDRMS or BIS. However, organisations should note that network drives cannot manage records in compliance with the State Records Commission’s Standards and Principles, as mandated by the State Records Act 2000.
Limitations of Network Drives
Several issues increase the risks to the security and management of records on network drives.
Insufficient Security and Audit
Anyone who has access can alter or delete records in network drives, undermining their evidential value as records. For evidential purposes, it is essential that an information system is secured and auditable, for instance, an access history or log (i.e. metadata) is available to indicate who has viewed the record, extracted a copy or modified the content. Network drives are unable to provide such audit logs of changes. For more information see: SRC Standard 8 Principle 3
Unmanaged Records Retention and Disposal
Without proper security and access controls, records stored on network drives can be deleted without authorisation. On the other hand, records could be stored without active disposal as it is difficult to implement retention rules in an unmanaged repository. A lack of management results in the retention of large volumes of uncontrolled information increasing storage costs and the difficulty of implementing disposal in the future. For more information see the SRO Guideline: Records Retention, Disposal and Destruction
Lack of Metadata and Linking Capability
Network drives store basic metadata such as file name, date and type. This does not meet the minimum metadata requirement for information. For more information see Records Management Advice: Metadata
Metadata provides meaningful contextual information about records. Searching becomes more difficult without sufficient metadata. Network drives do not have the functionality of a built-in relational database or metadata system that can create, track or enforce relationships between records and their business context. This makes it difficult to search and retrieve related records.
Without an interconnected structure, staff must search through multiple folders to locate related documents. This increases the administrative burden and the potential to overlook related information.
Version Control
Files in network drives can be overwritten, and earlier versions are not stored. Multiple versions of a document must be saved to generate a version history. Different contributors may save versions using different naming conventions making it difficult to identify the most recent version of a document.
Network drives are usually structured in team silos resulting in duplication of information, higher storage costs and confusion about the “single source of truth” when different versions of a document are saved.
Reduce the risks
In accordance with SRC Standard 8, organisations must undertake risk assessments on the risks of using network drives to store information and records. Where network drives continue to be used, the organisation must have adequate records management policies and procedures to reduce risks to records in network drives. These should cover:
- staff training program
- retention and disposal program using an approved retention and disposal authority
- performance indicators that involve reviewing, evaluating and reporting on the effectiveness of the use of the network drive
- security controls and access permissions (such as password protected folders) to address how access is managed for sensitive and confidential information
- regularly conduct a manual audit of network drives to ensure procedures are followed.
For further information about managing digital records see the State Records Office Records Management Advice
Sources
The SRO acknowledges the following sources used in the development of this advice:
Tasmanian Archive and Heritage Office, Information Management Advice 41 Managing Records on Shared Network Drives, https://osa.tas.gov.au/wp-content/uploads/2023/08/Advice-41-Managing-Records-on-Shared-Network-Drives.pdf (accessed 12 February 2026)
NAA, Network drives, https://www.naa.gov.au/information-management/managing-information-assets/systems-manage-information/network-drives (accessed 12 February 2026)
Windows Server Learn, Volume Shadow Copy Service, https://learn.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service (accessed 17 February 2026)
Print this page
