Conducting an assessment of your recordkeeping

A little while ago QSA released the Recordkeeping maturity assessment tool (RMAT). Agencies can use the Tool to:

  • self-assess their recordkeeping maturity
  • support their planning to improve recordkeeping maturity.

Today’s blog post is about how you can use the RMAT to do both.

Assessing your recordkeeping maturity

You can use the RMAT as part of a larger project or assessment of your recordkeeping practices. The assessment can be of the recordkeeping maturity of your whole agency or a distinct part or area.

How many people you need to conduct an assessment will depend in part on the size of your agency.

For a small agency, a review could probably be done by one or two people. Larger agencies might need a team. Teams that include members from areas outside of Records management such as IT or corporate governance are usually best as they can provide information and insight into those areas. A decentralised agency might need a team with stakeholders from each location. Your team should be representative of your agency because recordkeeping affects and is present in every part.

The best review will involve every part of the agency at some part, but at a minimum, you’re going to need to work with your IT team because of their integral role when it comes to digital recordkeeping.

The four steps in an assessment are:

  1. Gathering information
  2. Analysing your information
  3. Setting targets
  4. Taking action.

Step one: gathering information

person holding basket with berries Unsplash free to use
Person in grass holding basket with berries.

The first thing to do is to gather as much information on your recordkeeping as possible. This includes:


  • what your recordkeeping requirements and business needs are
  • what risks are involved in your work including recordkeeping risks
  • what records you currently create and how as well as how you manage those records after creation
  • how your records governance works together including:
    • system functionalities
    • technology and applications
    • recordkeeping tools
    • roles and responsibilities
    • policies and procedures
  • what training there is on all of the above
  • how you monitor and review your recordkeeping.

This information can be gathered from documentation (e.g. legislation, policies, procedures, etc), interviews with staff, observation (e.g. shadowing), focus groups or surveys to check understanding of a particular topic or audits (e.g. checking if procedures are being followed).

Don’t worry about any contradictory information you gather, just focus on making sure you are building a thorough picture of your recordkeeping.

Step two: analysing information

Microscope Unsplash free to use

Here’s where you start putting all the information you found into some sort of order.

Start with making sure you understand:

You can find more information on each Policy requirement in the Records governance policy implementation guideline and also on our blog.

Use the information your gathered in the last step to identify which level for each element is the best fit.

You can also perform this step on its own without gathering information first, using what you already know about your agency’s recordkeeping. This type of quick assessment is useful where:

  • you have in-depth knowledge of your agency’s recordkeeping or the part of the agency you are performing the assessment for
  • you only want a rough idea of your level of maturity.

Using the RMAT

You can find the RMAT on the QGCIO website.

You’ll find two versions there – a word version and an excel version.

The key difference between the word and excel version is that the excel version will automatically calculate your results for you, depending on the information you enter.

The word version won’t calculate your results automatically but does have some instructions on how to determine your result yourself.

You might want to use the word version or manually calculate your result if your agency has determined that your needs and goals mean some policy requirements or their elements need to have greater weight than others.

We’ll focus on the excel version today.

To calculate your maturity using the excel version, go to the ‘Maturity tool’ tab. It’ll look like this:


RMAT screen shot 1
Extract from the Recordkeeping maturity assessment tool showing Maturity tool tab


Read the maturity indicators for each element. There will be five – one for each maturity level. Determine which description best matches where your agency is now.

RMAT screen shot 2
Extract from the Recordkeeping maturity assessment tool showing maturity indicators

Under the ‘Level’ column (column D), go to the drop-down box (indicated by the small arrow) for each element and select the level you think your agency is at.

RMAT screen shot 3
Extract from the Recordkeeping maturity assessment tool show how to select a maturity level

Once you’ve done this for each element, your agency’s overall result will be calculated at the bottom of the sheet (rows 124 to 143).

RMAT screen shot 4
Extract from the Recordkeeping maturity assessment tool showing overall results

That’s it. Simple.

If you’re having trouble deciding what level you fit into, have a look at the information on the ‘Maturity levels’ and ‘Instructions’ tabs.

RMAT screen shot 5
Extract from the Recordkeeping maturity assessment too showing Maturity levels and Instructions tabs

You might not match a maturity indicator exactly or match parts of maturity indicators at different levels. Think about what you know of how your agency practices and thinks about recordkeeping and use this to choose the best description that matches.

It’s likely that different parts of your agency will have different levels of maturity for the same element. In this case, you should use the averaged level of maturity between the agency parts as your maturity level for that particular element.

As you go through the Tool you might realise that there’s information you’re missing. You may need to cycle through Steps one and two a few times to gather all the information you need.

If the assessment is something you think you’ll do again later, it can be useful to document the reasons why you’ve chosen a particular level of maturity for each element. You can do this in the ‘Notes/comments’ column (column F). This allows comparisons with past results to be as accurate as possible. Make sure you write it so that someone with no or little background information can understand your reasons if they came across the document.

Step three: setting targets


Archery arrow target Unsplash free to use
Person holding bow aiming at target.


When you get to step three, you should have a good idea of where your recordkeeping maturity is at. Now you need to decide where you want it to be and how you’ll get there.

To decide where you want to be, look at the Records governance policy and the descriptions of maturity levels in the RMAT.

We recommend that you:

  • identify both long- and short-term goals
  • focus on outcomes rather than process (e.g. choose a goal such as ‘all digital records are secure, discoverable and can be appropriate accessed’ rather than ‘introduce an EDRMs’, though introducing an EDRM can be an action you take to achieve this goal.)
  • determine priority of tasks based on risk and value (i.e. focus on tasks that will help you to address more serious risks).

For more information on assessing and managing risk, go to our website.

Step four: taking action

Film clapper slate board Unsplash free to use
Hands holding clapperboard.

This is its own project. Now is when you start putting all that planning into action.

Once you have identified your goals, you can start breaking them down into what actions you need to take, deciding who will be responsible for each task and when you’re going to complete each task by.

Involve as many areas and levels of the agency as possible when identifying what actions to take to achieve your goals. This will encourage buy-in as well as provide new ideas, suggestions and provide insight into what’s involved that you alone may not be aware of.

Make sure you also account for how you’re going to track progress to see if you’re on track. This could involve another RMAT or some other form of monitoring. Don’t be afraid to revise your plan if it’s not getting the results you want or if your circumstances change.

For more advice on how to measure if your recordkeeping is achieving its goals, see our blog post on measuring your records governance..

You can also find some more information on implementing recordkeeping changes on our website.

If you have suggestions for future blog posts or there’s something about the Recordkeeping maturity assessment tool you’d still like answered, get in touch! Leave a comment below, contact us by email, telephone, blog, Twitter– we want to hear from you!

Government Recordkeeping


Leave a Reply

Powered by

Up ↑

%d bloggers like this: