A provider’s self-assurance system is only as strong as the evidence behind it. For RTOs, CRICOS providers, and ELICOS providers, the following records should be kept current and reviewed regularly (among other evidence):
1. Compliance and Continuous Improvement Register
This should record issues, actions, responsibilities, due dates, outcomes and evidence of completion. It should be reviewed by management or the relevant quality committee.
2. Risk Register
The risk register should identify key compliance, quality, student, operational, financial and governance risks. It should include controls, ratings, treatment actions and review dates.
3. Staff and Capability Records
Providers should maintain evidence of staff qualifications, currency, professional development, role descriptions, induction and ongoing capability review.
4. Student Lifecycle Records
These include marketing, admissions, enrolment, support, progress, complaints, appeals, completion and certification records. For CRICOS providers, additional international student records must also be maintained.
5. Governance and Management Review Records
Meeting agendas, minutes, reports, action registers and decision records demonstrate that management is monitoring compliance, quality, risk and provider performance.
A useful test is to ask: Could a new manager understand what has been happening by reviewing the records?
If the answer is no, the records may not be sufficiently complete, clear or connected.
Strong recordkeeping supports audit readiness, renewal preparation, self-assurance and continuous improvement. It also helps providers identify issues early and respond with confidence.
Self-Assurance and Recordkeeping: Why the Two Are Connected
Self-assurance depends on the provider being able to show, with evidence, that its systems are working in practice. Under the 2025 Standards for RTOs, ASQA’s Practice Guides include self-assurance questions to help providers measure their own performance against the Standards, and ASQA explains that the 2025 Standards set out both the requirements RTOs must meet and the outcomes they are expected to deliver.
For RTOs, this means records should not be maintained only because an auditor may ask for them. They should be used by management to monitor quality, identify risks, review student outcomes, check implementation and drive continuous improvement. This is especially relevant to Standard 4.4, which requires systematic monitoring and evaluation to support quality delivery and continuous improvement.
A practical self-assurance record system should allow the provider to answer questions such as:
- Are training and assessment systems being implemented as designed?
- Are student support needs being identified and followed up?
- Are assessment decisions supported by valid and sufficient evidence?
- Are complaints, appeals, feedback and validation outcomes reviewed?
- Are risks, audit findings and improvement actions tracked to completion?
- Are governance bodies receiving enough information to make informed decisions?
For CRICOS providers, recordkeeping also supports obligations under the ESOS framework and the National Code 2018. The Department of Education states that the National Code is a legislative instrument under the ESOS Act and that education providers must comply with it to maintain registration to provide education services to overseas students. ASQA also notes that the ESOS Regulations require providers to keep student records, submit information about students to PRISMS and maintain CRICOS information about their organisation and courses.
Key Recordkeeping Requirements to Keep in Mind
1. Assessment evidence and certification records
ASQA’s Integrity of Nationally Recognised Training Practice Guide states that NVR RTOs must retain records of all assessments submitted by a VET student for two years after the student has completed the training product. It also states that AQF certification documentation issued to VET students must be retained for 30 years. ASQA identifies risks such as failing to retain completed assessments, including partially completed assessments that result in withdrawal and RPL evidence, and disposing of assessment evidence before the two-year period has elapsed.
2. Records must be accessible and usable
Recordkeeping is not only about retaining files. ASQA also expects assessment documentation, whether hard copy or electronic, to be stored so that it remains accessible and usable for the full retention period. ASQA also refers to digital backup, safeguards for privacy, and systems that allow records to remain accessible and understandable over time.
3. CRICOS written agreements and payment records
For CRICOS providers, ASQA’s written agreements guidance states that Standard 3 of the National Code requires ESOS providers to enter into written agreements with overseas students. It also states that registered providers must retain records of all written agreements and receipts of payment for at least two years after the overseas student ceases to be an accepted student.
4. PRISMS and student information reporting
CRICOS providers must also maintain records that support accurate reporting. ASQA’s reporting obligations guidance explains that when an overseas student’s identity or course duration changes, CRICOS providers must inform DEWR through PRISMS, and that course duration changes may require a Student Course Variation.
5. Governance and quality records
Self-assurance also requires records that show oversight and improvement. Providers should maintain governance minutes, quality reports, risk registers, internal audit outcomes, validation records, student feedback analysis, complaints and appeals records, continuous improvement actions and evidence of management review.
Related official guidance
These are the legal instruments that mandate specific administrative actions:
- Standard 10(c): Assessment Records. Explicitly requires RTOs to retain records of all assessments submitted by a student for 2 years from the date the student completes the training product.
- Clause 9: Issuance of Certification. Mandates that AQF certification documentation must be issued within 30 calendar days of a student being assessed as competent.
- Standard 12: General Records Management. General obligation to maintain secure and accurate records to support the integrity of RTO operations.