Scanning and Disposal Policy

Transcription

1 Information Security Document Scanning and Disposal Policy 1

2 Version History Version Date Detail Author /01/2012 Completed for Distribution David Jenkins /02/2012 Approved by Information Governance David Jenkins Group /03/2013 Reviewed by Information Governance David Jenkins Group /04/2014 Reviewed by Information Governance David Jenkins Group /05/2015 Reviewed by Information Governance Group. David Jenkins. This document has been prepared using the following ISO27001:2013 standard controls as reference: ISO Control Description A Information security awareness, education and training A Classification of information A Labelling of information A Handling of assets A Disposal of Media A Identification of applicable legislation and contractual requirements A Compliance with security policies and standards 2

3 1. Introduction Derbyshire County Council acknowledges that as part of the corporate roll out of the Council s Electronic Document and Records Management System (EDRM) it is likely that large series of paper documents will be scanned and added to the system to improve access and workflows. The Council needs to be able to demonstrate that these scanned documents have been unaltered since the time of electronic storage and that they are a true representation of the original paper record. After scanning records and uploading them to the EDRM, departments/sections may wish to destroy the original paper file and use the scanned version as the definitive record for operational and compliance purposes. The disposal of original paper records (and subsequent reliance on a scanned version) is a relatively recent concern and there is, as yet, no definitive case law on the subject of the legal admissibility of scanned files after the destruction of the paper original. However increasing numbers of public authorities are choosing to scan and destroy paper documents. This policy sets out the arrangements required in the scanning and disposal process for scanned records in order to reduce the risk of a challenge to the legal admissibility and evidential value of the scanned records. This policy aims to conform with BS10008:2008 which is the British Standard on the Legal Admissibility and Evidential Weight on Information Stored Electronically. 2. Roles and Responsibilities It is the responsibility of departmental and service managers to approve the scanning of documents and the destruction of the paper original, unless the original has to be returned to a third party or has to be retained for specific reasons because it is important to retain a wet signature. It is also the responsibility of all managers to ensure that staff are made aware of the proper procedures to follow. It is the responsibility of all staff involved in the scanning process to follow the agreed corporate procedures for scanning. It is the responsibility of all staff involved in the destruction process to ensure it is carried out in accordance with the principles of the Council s Records Disposal Policy. The main concern being that the original paper records are treated as confidential waste. 3. Scope This policy applies to all staff who are involved in the scanning of records. Responsibilities under this policy include all stages of the scanning process including the preparation, scanning, quality assurance and filing stages. For the purposes of this policy when a document has been scanned and the original paper copy destroyed, the scanned version will be regarded as the definitive record for legal, accountability and transparency purposes. The scanned copy will need to be managed in accordance with the Council s Corporate Records Management and Records Disposal policies including retention of the digitised document for the agreed retention period. 3

4 4. Legal Framework This policy seeks to address the key legal issues regarding the scanning and destruction process in terms of the legal admissibility and evidential weight of the digitised images. As a general principle the action of copying a document may reduce its evidential weight. In order to respond to this there needs to be sufficient authentication evidence available to reassure legal and regulatory stakeholders that the image is an accurate copy. This will often require evidence that the document is what it claims to be and that it is a true and accurate copy, including proof that it has not been altered since the date it was added to a council approved electronic record keeping system. The key principles outlined within the policy arise from the Civil Evidence Act 1995 and are supported in respect of criminal prosecutions by the Policy and Criminal Evidence Act As outlined under Section 6, a risk assessment approach is required for scanning initiatives, which should include assessing the likelihood of future legal reliance on the scanned images. Where the legal risks are high then the use of the Council s offsite document storage contract should be considered. 5. Policy statements The Council is committed to the management of electronic information as outlined in the Council s Information Security Policies including its Corporate Records Management Policy. The Council is committed to the continued use of electronic systems in the form of its Electronic Document and Records Management System for the storage of records over time. This system will be one of the Council s primary systems used for the storage of digitised documents to ensure their authenticity and reliability. The Council is committed to consulting with key stakeholders to ensure that the systems used for the storage of digitised documents meet their needs in respect to compliance with legislation and regulations (see Section 6 for more information on the principles). The Council is committed to complying with the practice outlined under BS10008:2008. This standard outlines the practice which should be followed when scanning to maximise the evidential weight of that scanned information. The standard requires that the procedures in place for scanning meet certain key requirements. The Standard is particularly concerned with the methods used as part of the scanning process, the auditability of the scanned document and assurances that the scanned document has not been amended or altered after the scanning process. The key requirements of the Standard can be found in Appendix A. 6. Policy Principles The framework outlined under BS10008:2008 shall be complied with during scanning initiatives in order to maximise the evidential weight and legal admissibility of the 4

5 scanned documents. Adherence to the following principles will enable the Council to demonstrate its approach to scanning if the legal admissibility of scanned documents is questioned. If the scanning conforms to the principles outlined within this policy and associated procedures it will be acceptable to destroy the paper original and regard the electronic copy as the definitive record. Procedures: General scanning procedures have been produced as part of the EDRM roll out which meet the requirements of BS10008:2008. These procedures should be followed in all instances where scanning takes place in order to maximise the legal admissibility of those resulting scanned records. It is essential that these procedures be followed regardless of whether departments are intending to destroy the paper originals. This is because if decisions over destruction occur after scanning, it is the scanning process itself which will raise legal admissibility questions. The scanning procedures can be found at the following link: ent/scanning/scanning_procedures/default.asp Risk Assessment: In addition to adhering to the procedures developed by the EDRM Team another requirement in any scanning initiative is to undertake a risk assessment with regards to the potential issues that might arise from a scanning project. This risk assessment should address the risk of a legal challenge, the risk of human error in the scanning process, the risk of technological failure and obsolescence and the risk of the alteration and manipulation of the scanned image. A template for a risk assessment exercise can be found in Appendix B. Stakeholder Consultation: As part of the risk assessment process key stakeholders should be contacted prior to undertaking the scanning and destruction of originals. This should include contacting those stakeholders who are likely to be in a position of requesting access to scanned records (e.g. HMRC for finance related records). There may be some cases were certain stakeholders feel that it is essential to retain the paper original, examples might include deeds to property, or documents with seals etc. to denote authenticity. The majority of records can be scanned with no need to retain the original, however in these minority of cases proper arrangements should be made to ensure the storage of the paper copy (for example using the Council s approved supplier of off-site document storage). Documentation: As part of the auditable scanning and disposal procedures authorisation for the destruction of the paper originals following scanning shall need to be obtained from the relevant head of service. This level of authorisation is only required for destruction occurring after a scanning initiative. Routine destruction of time expired records should be carried out according to the Council s Record Disposal Policy. Documenting the destruction shall require confirmation that the scanning process has been carried out in accordance with appropriate EDRM procedures. A destruction authorisation document can be found in Appendix C. This documentation will need to 5

6 be retained for the duration of the retention period for the records which have been scanned as outlined in the appropriate departmental records retention schedule. 7. Review and Monitoring A review of this policy will take place at least every two years to take into account changes in legislation and best practice. On-going monitoring of this policy will be the responsibility of departmental Heads of Service, in consultation with the Corporate Records Manager, to ensure that the principles of the policy are being adhered to. This document forms part of the Council's ISMS Policy and as such, must be fully complied with. 6

7 Appendix A: Key considerations of BS10008:2008 A procedural manual should be produced detailing the procedures to be followed concerning information held within an electronic management system. Procedures should be established for capturing information to ensure that any information loss as a result of the capture process is acceptable. A description should be produced of the key technology component used in electronic information management. Systems used for managing electronic information should be reviewed regularly. Audit trails should be created showing activities associated with information management systems, stored information and transferred information. Where the date or time of an event is relevant, appropriate timing and dating information should be stored in association with the event in the audit trail. Quality control procedures should be established to check for missing images or images that do not meet specified quality standards. Re-scanning procedures should be established to correct any errors identified, as far as possible. Where batching techniques are used in scanning, numbers should be allocated to each batch. Where documents in paper form are photocopies and the photocopies are to be scanned, the images should be identified as being from photocopies. Metadata should be captured to ensure details of information capture processes are retained throughout the storage life of the information. Procedures should be established to demonstrate that information stored has not been changed (either accidentally or maliciously) or, where changes have been made, that they have been authorised. Where information is compressed during the storage process, compression methods used should not affect the authenticity and integrity of the stored information. Procedures should be established to test storage media at regular intervals to reduce the risk of unrecoverable errors. Procedures should be established to ensure that all appropriate digital objects have been migrated to new storage technology; that the file format of migrated digital objects has not changed; the digital objects themselves have either not been changed or that the changes are known, audited and meet corporate requirements. Information should be stored and maintained in a file format that is predicated to allow access over the relevant retention period (PDF(A) or TIFF are generally recommended). Where output is required as evidence in legal or other proceedings, procedures for certifying that the output is authentic should be used. Where the identity of those involved in information capture or transfer is important, procedures which authenticate the identity of the person or body shall be established. Procedures should be in place that protect electronic information storage and/or transfer from loss or corruption. 7

8 Appendix B: Risk Assessment template for the scanning of records and the destruction of their paper original. This risk assessment concerns the proposal by the [name of] Section to scan various [name of] records and manage them in the Electronic Document and Records Management System and destroy the paper originals. The risk assessments identified the various risks involved and outlined the steps taken to reduce the level of risk. Risk Outline of risk Comments Risk Reduction Activity Risk 1: Legal challenge to the legal admissibility of the scanned image after the destruction of the paper original Risk that courts or other key stakeholders may not accept a scanned image as a true record, particularly after the destruction of the original paper record. Risk 2: Human error during the scanning process Risk that a record may be scanned incorrectly or to a poor quality due to errors by a member of staff. Risk 3: Technological failure or obsolescence Risk that technology fails resulting in the loss of the digital images with no paper counterpart, or that technological/software changes makes the file format and technology obsolete. Risk 4: Alteration of the scanned image (which would cause legal admissibility issues highlighted in risk 1 Risk that an employee digitally manipulates the scanned image and alter it in some way. This risk assessment will be reviewed by the Corporate Records Manager and a nominated representative from the X Section after a period of one year. It is the opinion of the Corporate Records Manager that the steps taken to reduce the levels of risk by the X Section are sufficient to allow for the scanning and destruction of original paper records. The procedural manual which has been followed complies with BS10008:2008 which aims to maximise the legal admissibility and evidential weight of the scanned images. 8

9 Appendix C: Disposal Authorisation Document DERBYSHIRE COUNTY COUNCIL Destruction Authorisation Document Department: Section/Service: Date of scanning: Schedule of original paper records which have been scanned and which will be destroyed: Title of record series Covering Dates i.e. SEN Case Files DOB I declare that my section/service has carried out the scanning process in line with the agreed procedures for my section/service. I confirm that my section/service has carried out all appropriate quality assurance requirements specified within the procedures and the scanned records meet the standards set. Derbyshire County Council acknowledges that the scanned records now supersede and entirely replace the original paper records as the Council s master record. I confirm that the original paper records are not subject to any current legal procedures, access to information requests, or any regulatory/legislative requirements which require records to be retained in their original format. The original paper source records will be destroyed as confidential waste. Name: Signature: Job Title: Policy Derbyshire County Council Scanning and Disposal 9