4.3.1 University storage areas Registering and tracking system using the University Document Management System

Transcription

1 CORPORATE RECORDS MANAGEMENT STANDARDS 1 SUMMARY OF PRINCIPAL CHANGES General changes This dcument has been revised t reflect the implementatin n 1 September 2012 f the University s new Schl-based structure fr purpses f academic gvernance. This dcument shuld be read in full. Fr substantive changes in this revisin, refer t versin 03.0 Appendix I, UPR IM11 (Amendments t versin 03.0, Appendix II, UPR IM11, are shwn in italics.) Structure 1 Managing Recrds 1.1 Aim f standards 1.2 What is recrds management? 1.3 What are recrds? 1.4 What is nt a recrd? 1.5 Why manage Recrds: the benefits 1.6 Managing recrds: A quick guide 2 Rles and Respnsibilities 2.1 Vice-Chancellr 2.2 Secretary and Registrar 2.3 Chief Infrmatin Officer 2.4 Recrds Manager 2.5 Managers 2.6 Training, Awareness and Advice 3 Creating Recrds 4 Managing Physical Recrds 4.1 Organising Files 4.2 Labelling and tracking files 4.3 Strage f active physical recrds University strage areas Registering and tracking system using the University Dcument Management System 5 Managing Electrnic Recrds 5.1 Classificatin: File structures 5.2 Adding Metadata (indexing) 5.3 Titling recrds 5.4 Versin Cntrl 5.5 Unique identifiers 5.6 Managing s 5.7 Scanning recrds 5.8 Preserving digital recrds Methds fr electrnic preservatin 1 The Crprate Recrds Managements Standards set ut in this dcument were apprved by the Chief Executive s Grup n 5 June /19

2 6 Security 7 Retaining And Destrying Recrds 7.1 Recrds retentin and Data Prtectin 7.2 Recrds retentin and Freedm f Infrmatin 7.3 Recrds dispsitin Destructin Permanent recrds Appendix A: Appendix B: Relevant legislatin, standards and guidance Glssary f Recrds Management Terms CORPORATE RECORDS MANAGEMENT STANDARDS 1 MANAGING RECORDS Recrds are a vital asset t any rganisatin and need t be managed efficiently fr it t be able t cnduct business, accunt fr what has happened in the past and t make decisins abut the future. Specifically recrds are required: t prvide evidence f actins and decisins t supprt accuntability and transparency t supprt decisin making t prtect the interests f staff, students and ther stakehlders t cmply with legal and regulatry bligatins, including emplyment, cntractual and financial, as well as the Data Prtectin and Freedm f Infrmatin Acts. 1.1 Aim f standards These standards prvide practical guidance fr all University staff n key aspects f managing recrds including creatin (r receipt), capture int recrdkeeping systems, strage and maintenance, retentin and dispsal. They will be applied t all University recrds, in all frmats, including use f the University s dcument management system. They have been frmulated in accrdance with the University f Hertfrdshire s Recrds Management Plicy UPR Recrds Management and the Archiving and Retentin f Prime Dcuments (UPR IM11), relevant University Infrmatin Management plicies (see Appendix A) and natinal standards including, BS ISO fr Recrds Management. 2/19

3 1.2 What is recrds management? Recrds Management is the efficient and systematic cntrl f recrds (bth paper and electrnic) thrughut their life-cycle frm their creatin r receipt until the time f their dispsal (see figure 1). It aims t ensure that recrds: Figure 1: Recrds Lifecycle are accurate and reliable can be retrieved quickly and easily are kept fr n lnger than necessary 1.3 What are recrds? Recrds can be in any frmat (paper dcuments, electrnic files, s, databases r scanned images) and bradly speaking are thse which have a crprate gvernance, academic, business, legal, financial r histrical value t the University. Imprtant recrds t be retained include thse which: Prvide evidence f key decisin-making prcesses and respnsibilities (eg Bard and Cmmittee recrds, prgramme and curse validatin) Are created as a result f a key business transactin (eg Student recrds, cntracts and related recrds, building prjects) Are required fr legislative r ther statutry requirements (eg QAA Institutinal Audit purpses, HEFCE returns) Have lng-term research value (eg research prjects) Have histrical value (eg majr events and initiatives) 1.4 What is nt a recrd? T make sure that the University des nt waste valuable resurces keeping unnecessary recrds it is imprtant t identify thse dcuments which d nt need t be managed as recrds and can therefre be destryed rutinely nce they are n lnger required. Such recrds include: duplicate recrds held fr reference purpses where the riginal is held as a frmal recrd elsewhere (eg Bard r Cmmittee recrds, strategy, plicy r regulatry dcuments etc) draft dcuments where a final versin has been created and apprved, which d nt track majr plicy develpment wrking papers where results have been written int an fficial dcument and are nt required t supprt it 3/19

4 cpies f external and internal Publicatins, prmtinal material and similar materials that are publicly available elsewhere administratin arrangements fr lectures, rm requests/ changes, meetings, events, cnferences etc, which have all taken place individuals day files these may need t be checked fr any imprtant recrds prir t destructin persnal diaries, address bk etc. any ther recrds being kept just in case, there must be a valid reasn fr hlding nt a particular recrd 1.5 Why manage Recrds: the benefits Time Space Mney Efficiency Legal cmpliance Cntrl Quality Security Risk Cntinuity Saves time by ensuring infrmatin can be fund quickly and easily Saves space by ensuring recrds are kept fr n lnger than necessary Saves mney by reducing strage csts and maintenance csts Imprves efficiency by ensuring infrmatin is accurate and accessible Imprves cmpliance by keeping dcumentatin in line with and legal regulatry requirements, including Data Prtectin and Freedm f Infrmatin Keeps infrmatin under cntrl by preserving imprtant data and preventing the accumulatin f ephemeral material Imprves the quality f infrmatin by reducing unnecessary duplicatin and prviding versin cntrl Increases the security f cnfidential infrmatin Supprts risk management and business cntinuity planning Ensures cntinuity by preserving the crprate memry (regardless f rganisatinal restructuring and turnver f staff) 1.6 Managing recrds: A quick guide Respnsibilities Make sure that yu are aware f the University s plicies which affect the way yu manage recrds and infrmatin. Appendix A prvides a list f these. Define and assign recrds management respnsibilities and authrities t rles and named individuals s that it is clear wh is respnsible fr making decisins and taking necessary actins Ensure staff have the necessary recrds management knwledge and skills Creating recrds Identify the recrds which need t be created and received t dcument business activities and ensure that they are cmplete, accurate and up t date Identify which is the latest versin r master cpy f a recrd and ensure it is managed apprpriately D nt create unnecessary duplicate cpies Capturing recrds Develp adequate recrdkeeping systems in shared areas, rather than persnal systems, t ensure all recrds can be lcated when required by all relevant staff Base the arrangement f shared recrdkeeping systems n the activities yur SBU carries ut and the agreed University file structures and file naming cnventins. Cntact Recrds Management fr advice n this. Capture and attach relevant infrmatin (metadata) t help interpret, retrieve and manage recrds 4/19

5 String and maintaining recrds Stre recrds in apprpriate systems, lcatins, cnditins and in equipment that is apprpriate t their media, frmat and security and access requirements Develp strategies t ensure electrnic infrmatin will remain accessible, readable, usable and can be relied upn and accessed fr as lng as is required by the University and all relevant external agencies Ensure access t recrds is cntrlled apprpriate t the sensitivity, shared use r imprtance f the recrd Track and recrd the mvement, lcatin and use f a recrd Retaining and dispsing f recrds Establish and review hw lng recrds need t be kept t meet business needs and legal and regulatry requirements Make sure yu are aware f the University s plicy fr retaining recrds Frmally assign respnsibilities fr authrising the dispsal f recrds Dispse f all cpies f recrds in all frmats securely, cnsidering sensitivity and cnfidentiality f recrds Make sure destructin f recrds is recrded 2 ROLES AND RESPONSIBILITIES Recrds management is a key respnsibility f the University and all recrds created in the curse f business belng t the University and nt the individual. It is the respnsibility f all thse wrking n behalf f the University t carry ut their recrds management duties in accrdance with these standards, the Recrds Management plicy and all ther related plicies and prcedures. Where pssible, recrd keeping respnsibilities shuld be agreed and defined in jb descriptins. Training requirements relating t recrds management shuld be identified by managers and staff and training prvided by recrds management staff, where necessary. The Recrds management Plicy, Recrds Management and the Archiving and Retentin f Prime Dcuments and Business Recrds (IM11) utlines the specific respnsibilities as fllws. 2.1 Vice-Chancellr The Vice-Chancellr has verall respnsibility fr the authrisatin f the recrds management plicy and prcedures and will versee the management f plicy and standards within the University. 2.2 Secretary and Registrar As the chief administrative fficer, the Secretary and Registrar is respnsible t the Bard f Gvernrs fr the maintenance f recrds management within the University. 2.3 Chief Infrmatin Officer The Chief Infrmatin Officer is respnsible fr the implementatin, prmulgatin and prmtin f the plicy; training; maintaining the technlgy fr the University s recrds management systems; maintaining the integrity and authenticity f recrds and fr the crdinatin f plicy reviews. 5/19

6 2.4 Recrds Manager The Recrds Manager is respnsible fr verseeing the design, implementatin and maintenance f the recrds management plicy and related standards and prcedures, as well as mnitring cmpliance. 2.5 Managers Managers at all levels are respnsible fr the management f plicy and related prcedures thrugh resurce allcatin and ther management supprt within thse areas fr which they have respnsibility. They will embed the recrds management practices within nrmal business practices and ensure recrds are captured in the apprpriate crprate system. They are als respnsible fr identifying training requirements in recrds management related issues. Managers will be respnsible fr nminating key users wh will carry ut the duties f a key user 2.6 Training, Awareness and Advice Fr all training, awareness and advice n recrds management please cntact the University Recrds Manager. 3 CREATING RECORDS All emplyees are respnsible fr creating cmplete, accurate and up t date recrds t supprt the business activities and decisin-making prcesses in which they are invlved. The implicatins f specific legislatin and cdes f practice shuld als be cnsidered when identifying what recrds are required t supprt this. The fllwing practice will help in the creatin f full, accurate and up t date recrds:- identify where key evidence is required t dcument activities and decisin-making. It may help t draw up prcess maps f yur activities t identify pints where the recrding f evidence assciated with each activity is required; d nt create duplicate cpies f the same recrd. Identify the master cpy f the recrd and capture int a shared recrdkeeping system; set up and use shared standard templates and frms fr creating recrds where pssible. Nminate specific staff t cntrl the editing and creatin f templates and save new templates as a.dt template frmat; this will create a new dcument based n the template each time it is pened and ensure the riginal template remains intact; when creating recrds ensure that they are a true, bjective accunt f what has happened, particularly in the case f minutes r case ntes n an individual; always attach the fllwing infrmatin t a recrd as a minimum: Title Date Authr/ Creatr Unique ID (if available). 6/19

7 4 MANAGING PHYSICAL RECORDS University recrds will increasingly be managed electrnically s the need t keep and stre paper recrds will reduce. Hwever, there are likely t always be a certain number f recrds which are in paper cpy and the fllwing guidance shuld be fllwed fr paper recrds. 4.1 Organising Files Organise files in a unifrm, lgical way (by date, invice number etc.) s that dcuments can be retrieved easily and quickly. Persnal files maintained by individual members f staff shuld nly cntain wrk in prgress, reference r cnfidential material; all recrds that ther members f the department are likely t need shuld be held within a centralised filing system. Maintaining departmental files will reduce duplicatin, allw infrmatin t be mre easily lcated if smene is away and ensure greater cnsistency in the retentin and dispsal f infrmatin. Only recrds f a similar nature shuld be gruped tgether because if the cntents f files are t diverse it will be difficult, nt nly t lcate material, but als t assign apprpriate retentin perids. In sme cases files can be divided int sectins fr papers with differing retentin schedules. The redundant material can then be easily remved at the apprpriate time withut the need t undertake time-cnsuming weeding. N.B. Files which are held electrnically d nt need t be printed ut and stred in physical frmat prviding the prper standards have been applied t the electrnic versin (see sectin 5. Managing Electrnic Recrds) Files shuld be clsed at regular intervals t keep them at a manageable size and als t ensure that the cntent f 'pen' files nly relates t current r recent wrk. Suitable rules fr clsing files are: when the academic/financial year has ended; when a prject has cme t an end; when a file cvers a perid f mre than 5 years; when nthing has been added fr 2 years. When a file is clsed, n further papers must be added. The dispsal date shuld be recrded n the cver and it shuld be separated frm the active recrds. 4.2 Labelling and tracking files T help identify and retrieve the infrmatin, recrd sme r all f the fllwing n the file: reference numbers/ unique ID cdes where available; a title which is a brief, accurate and meaningful descriptin; the name f the department/sectin that has created r wns the file cvering dates f the cntents f the file (e.g. Aug 2005-July 2006); destructin date. Track the use and mvement f files by using a frm t recrd the name f the persn retrieving the file, as well as its reference, title and the date f retrieval. The frm can then be inserted in place f the file s that if ther members f staff require access, they will knw where t find it. 7/19

8 4.3 Strage f active physical recrds Active paper and ther physical recrd types (vide/ audi tape, micrfilm) recrds required fr current business needs shuld be stred in filing equipment apprpriate fr strage and security needs as well as being near t where they are being used. When cnsidering where t stre recrds the fllwing will help. Activity/ frequency f use recrds used n a regular basis shuld be stred near t the users; thse with less frequent use but which have t be kept fr several years shuld be stred in centrally managed University strage areas. Cntact Recrds Management t arrange. Prtectin required make sure recrds can be adequately secured and prtected frm envirnmental effects. Cst Strage space is expensive and limited s must be used effectively t stre active business recrds. Clear ut unnecessary r duplicate dcuments regularly. Strage Units must be strng and have sufficient space, t prvide effective strage fr recrds. They must als: be secure if hlding persnal r ther cnfidential recrds; be able t be reached by a persn f average height fr health and safety reasns; prtect recrds frm envirnmental damage such as fire, flding r vermin - where a fld risk exists the lwest shelf shuld be mm ff the flr. Recrds in all frmats can deterirate if nt prtected adequately. Simple, cmmn sense measures can be taken t prtect them frm avidable damage: stre paper recrds away frm extremes f temperature, humidity r light; avid sticking imprtant, additinal ntes nt dcuments as these can easily becme detached. Phtcpy these instead and add t the file; take care when hle punching paper t ensure cntent is nt damaged; use apprpriate flders t stre paper dcuments. Avid using ring-binders and lever arch flders where pssible as these are mst likely t cause damage and als take up valuable strage space. Cardbard dcument wallets shuld be used instead University strage areas The University has sme centrally managed strage areas fr semi-active r inactive paper recrds and files but these will nly be used t stre business recrds as defined in sectin 1.4 f these standards. If yu are in dubt abut whether recrds need t be stred, cntact Recrds Management wh will carry ut an appraisal f the dcuments and advise as necessary. The prcedural dcument Managing Physical Recrds prvides further guidance n hw paper recrds shuld be rganised and managed. Als refer t the strage prcedures made available n the staff intranet when requesting t depsit new files and recrds. These can be fund at clicking n Archiving prcedure. When filing recrds in bxes please nte the fllwing: weed ut all unnecessary, duplicate r ut f date material; nly recrds f the same type and age shuld be stred tgether s that apprpriate indexing data and retentin perids can be applied; 8/19

9 d nt pack files and bxes t tightly. Bxes which are t full will damage the recrds and will als nt be able t be lifted (10kg max. weight limit is accepted); take recrds ut f lever arch files, plastic wallets and hanging files which all take up space and can be re-used and secure, instead, using treasury tags r cardbard dcument wallets which can be recycled Registering and tracking system using the University Dcument Management System All paper and physical recrds held in central strage areas must be registered int the Physical Recrds system n the University Dcument Management System. The system will allw the University t effectively track and lcate the mvement f all its physical recrds thrugh an auditable trail, preventing lss r misplacement f recrds. The system will als be used t mnitr and recrd destructin f recrds. 5 MANAGING ELECTRONIC RECORDS The main recrdkeeping system f the University will increasingly be the University Dcument Management System. All recrds must be captured int the Dcument Management System where this has been made available fr the relevant functin. The Chief Infrmatin Officer is respnsible fr determining the arrangements fr the electrnic strage f the University s recrds and dcuments, in cnsultatin with the Secretary and Registrar. Please cnsult the Chief Infrmatin Officer abut any specific requirements prir t cnsidering any lcal Strategic Business Unit r team arrangements. The fllwing guidance is recmmended fr dcuments and recrds nt yet included in the University Dcument Management system t ensure apprpriate availability and back up It is recmmended that Recrds: are stred in a shared area (S:Drive) where they can be stred and retrieved by all thse wh need access t the infrmatin; shuld nt be maintained n cmputer hard drives (C: drives r external hard drives) because this is nt autmatically backed up s there is a greater risk f lss f infrmatin due t system r equipment failure; shuld nt be stred n prtable media (USB, external hard drives laptps) lng term as these are insecure, nt backed up and, therefre, at risk frm damage r lss. If recrds are stred n prtable media fr hme wrking purpses r because f system r equipment failure, they shuld always be stred nt the University s netwrk at the earliest pprtunity; the strage and use f persnal and cnfidential infrmatin must cmply with the University s Managing Persnal and Cnfidential Infrmatin guidance. Persnal infrmatin (such as Student r staff recrds) shuld nt be saved nt prtable media as these can easily be accessed if lst r stlen. All staff are prvided with secure access t University systems via the UHVPN (University f Hertfrdshire s Virtual Private Netwrk) frm where they shuld access this kind f data; shuld nly be stred n CDs fr shrt term (up t 3 years); CDs are nt suitable fr lng r medium term strage r fr imprtant business recrds as they are prne t crruptin. Where CDs are used they shuld be stred in cl, dark, dry cnditins 5.1 Classificatin: File structures Electrnic recrds must be arranged in a cnsistent, lgical way t ensure they can be accessed quickly and easily, prperly secured with relevant permissins attached and retained fr the crrect amunt f time. A well-defined flder structure r file plan will enable this. 9/19

10 Wherever pssible, flder structures shuld reflect the functins 2 and activities 3 f the Department r SBU rather than the rganisatinal structure, which is prne t frequent change. Persnal named flders shuld never be used as these d nt adequately describe the cntents and becme ut f date with persnnel changes. The University s dcument and recrd management file structure is determined by the Secretary and Registrar based n natinal standards and with advice frm the Recrds Manager frm whm staff shuld request advice and guidance when creating and maintaining filing systems. 5.2 Adding Metadata (indexing) Metadata is data describing the cntext, cntent and structure f recrds and their management thrugh time. This infrmatin is used t help identify, retrieve and manage recrds. Metadata als helps t create an audit trail f a recrd, ie hw it is used and accessed ver its lifetime, making it authentic and reliable. Examples f metadata include: Title Date created r received Versin Date t r clsed Authr Subject Unique identifier (e.g. student number, persnnel number) Retentin and dispsal infrmatin The University uses the e-gvernment Metadata Standard (e-gms) which recmmends the fllwing elements must be applied as a minimum t all recrds and dcuments: Creatr Date created r published Title Unique identifier (if applicable) In additin t these, there are a number f ther recmmended metadata elements which shuld be cnsidered. These are: Subject (r keywrd) Versin Destructin Date All SBUs shuld think abut metadata requirements and develp lcal guidelines in line with University standards. 5.3 Titling recrds Recrds need t be identified and retrieved by a number f different peple ver a perid f time s it is imprtant they are titled and indexed r described adequately t ensure this. In general, titles shuld accurately reflect the cntent, be cncise and shuld nt include uncmmnly understd abbreviatins. 2 3 things the University des t achieve its aims and bligatins actins carried ut t achieve the functins 10/19

11 Standard University naming cnventins have been written t allw fr cnsistent titling t be carried ut and can be fund in the dcument Standard Naming Cnventins fr Electrnic Files, flders and Recrds. These standards shuld be adpted and lcal guidelines written within each SBU. 5.4 Versin Cntrl Versin cntrl prcedures shuld be applied t dcuments which are frequently updated (plicy etc.). Including a number and date n the title page (and within fters) will reduce cnfusin ver which dcument is the current versin, as well as prviding an audit trail fr tracking changes. A versin cntrl table n the dcument culd als be used t keep track f what changes have been made and by whm. Decimal increments shuld be used s that a distinctin can be made between majr and minr changes. Yu can add Draft r Final t shw the difference between drafts and published versins. Fr example The first draft wuld be v0.1 draft then 0.2 draft etc. Once the dcument has mved t a final versin, then the integer values shuld begin, s the first final versin shuld be V1.0 Final. Any minr revisins made after this wuld then be V1.1, V1.2 etc. The secnd final versin wuld be V2.0 Final etc. 5.5 Unique identifiers Assign unique identifiers t recrds where available s they can be easier identified and retrieved. The title f a recrd alne may nt be sufficient because tw recrds culd have the same title. Persnal names are nt adequate either because tw peple can ften have the same name (e.g. Rachel Smith, Jhn Brwn etc.) r can change their name. The simplest frm is t use a cding which is unique such as student number r staff number. Unique identifiers shuld als be used in place f persnal names in cmpliance with Data Prtectin principles. 5.6 Managing s is a majr medium fr business cmmunicatin and a great deal f crprate knwledge is cntained in crrespndence which must be retained t prtect the rights f the University f Hertfrdshire. Staff shuld be aware that s may be evidential recrds and need t be saved apprpriately. They are als legally admissible and may be released under access t infrmatin legislatin (FOIA, DPA) r in a Curt f Law. Inbxes shuld be actively managed t ensure nn-business s are deleted and business s are managed efficiently. Business s shuld be saved alngside related recrds in the University dcument management system where available, r in a shared strage area T save s use the File, Save As ptin and save as an msg. file, remembering t give the a clear title which shuld include the date the was sent. Business s shuld be retained and dispsed f in line with retentin plicies. It is always the cntent f the which determines hw lng it shuld be kept fr and nt the frmat. Further guidance n this is available in the best practice guidance Identifying and Managing s as University Recrds. 11/19

12 5.7 Scanning recrds Scanning paper recrds is smetimes seen as a way f freeing up valuable strage space and, whilst this is true, it is nt always necessary r resurce efficient t d this. In general, recrds with a shrt t medium retentin are nt wrth back-scanning unless frequently accessed by many peple instead, they shuld be stred ffsite and pssibly scanned as required. Recrds which are created electrnically shuld always be captured in their riginal frmat rather than printing then re-scanning. With the implementatin f the Dcument Management system, the University has taken the verall decisin nt t undertake large-scale back-scanning f paper recrd, pting instead fr a frm tday frwards apprach where required. Hwever, there may well be valid business benefits t carrying ut back-scanning in sme areas these will be assessed n an individual basis. Business Units shuld always cnsult the Chief Infrmatin Officer befre undertaking any large-scale scanning exercise. If scanning is t be carried ut it is imprtant t ensure the fllwing: scanned images are an accurate duplicate f the riginal recrd, ie, all infrmatin is captured and f excellent quality; the crrect dpi is used as fllws t ensure readability: Standard text dcuments minimum 200 dpi Drawings, maps and plans minimum 300 dpi Dcuments with faded text r fine detail 600 dpi; written scanning prcedures are in place; scanned recrds are authenticated, where necessary, with metatdata etc; the quality f the scanned image is checked and verified befre the physical recrd is destryed. It is advisable t keep the paper recrd fr up t 90 days in case f any prblems with the scanned versin; sme imprtant recrds (e.g. majr cntracts, deeds etc.) shuld als be kept in physical frmat but these can be stred elsewhere, recrds management can advise. 5.8 Preserving digital recrds Electrnic recrds shuld be reviewed peridically and, if necessary, migrated t new sftware s that they d nt becme inaccessible due t bslete technlgy. Recrds with a mid t lng-term life-span (i.e. ver 5 years) may need t be part f a prgramme t ensure they are accessible and useable fr as lng as required by the University. Cnsideratin shuld be given t the lng-term preservatin needs f a particular recrd at all times. It is imprtant t preserve recrds adequately in rder t make sure they cntinue t prvide an accessible, useable and authentic recrd f the University s activities. T identify electrnic preservatin requirements, cnsider the fllwing: identify the recrds yu create and their verall value t the University; establish the retentin n these recrds using the University retentin schedule and advice frm Recrds Management. In general, nly thse recrds with a retentin f lnger than 5 years need t be cnsidered; determine the likelihd f lsing the recrds and the impact t the University in terms f: Hw serius the cnsequences wuld be; Hw high the risks are t the recrds in their current frmat; Hw expensive it wuld be t preserve r replace the recrds. 12/19

13 5.8.1 Methds fr electrnic preservatin There are three main ptins available, these are: Emulatin sftware is used t mimic a piece f hardware r sftware which preserves access t the electrnic recrds. This methd preserves the riginal feel f the recrd by maintaining its appearance and style. It will require IT specialists t create this sftware. Migratin - transfers recrds frm ne generatin f hardware/sftware t the next, fr example cnverting a dcument frm Wrd 6 t Wrd 7. The cntent f the recrd is preserved, thugh nt always the riginal lk and feel, and it is a labur intensive ptin. Technlgical preservatin - invlves keeping the riginal hardware and sftware. It can be an ptin fr recrds that will nly need t be kept fr a very shrt perid f time by simply maintaining them n their existing frmat and equipment. This ptin may be dependant n cntinuing maintenance cntracts fr the equipment and sftware and als carries a risk f breakdwns in the technlgy used. 6 SECURITY The management f the security f infrmatin and recrds is essential t prtect the infrmatin assets f the University and its stakehlders. This ensures business cntinuity, minimises risk and prtects the rights f individuals abut whm we hld infrmatin. In rder t mitigate the risk f security breaches r accidental damage r lss, there are sme general gd practice prcedures which shuld be fllwed, these are prvided belw. Staff shuld als read the Infrmatin Security Plicy (UPR IM03) fr further infrmatin. Clarify the access requirements f staff t establish wh needs t retrieve particular dcuments, wh can edit thse dcuments, and wh is authrised t delete them. Infrmatin that is nly accessible t a single persn shuld be kept t a minimum: as far as pssible, recrds that ther staff may require shuld be stred within an apprpriate flder n a shared netwrk s that departments can perate effectively if individual members f staff are away. Access t cnfidential infrmatin (eg persnal data) shuld be cntrlled thrugh the use f ID lg-ins, passwrds and read-nly settings, and cmputers must nt be left unattended when lgged-n. Screen lck cmputer screens when absent frm yur desk r wrk area when away at meetings s they are nt left as readable. This can be dne by selecting CTRL+ALT+DEL keys then selecting the Lck Cmputer ptin. Staff shuld be aware f the risks f transprting data and recrds n prtable media such as USBs and laptps. This shuld be avided as much as pssible and staff shuld use the UHVPN (University f Hertfrdshire Virtual Private Netwrk) t access data and recrds. The integrity f data is f paramunt imprtance if it is cnsidered the primary, definitive recrd f a transactin. Adequate audit trails, allwing all actins t be traced t a persn, date and time are essential. Stre cnfidential paper and physical recrds in a lckable filing cabinet and strage facilities. Unencrypted sensitive r persnal data must nt be sent via as this can easily be intercepted. 13/19

14 7 RETAINING AND DESTROYING RECORDS The University needs t make sure its business recrds are retained fr as lng as necessary fr it t be able t carry ut its cre functins and cmply with relevant legal bligatins. It als needs t destry recrds in a timely manner t ensure the efficient use f bth physical and server strage space and minimise the risk f breaching the Data Prtectin Act. The University Retentin Schedule in the UPR Recrds Management and the Archiving and Retentin f Prime Dcuments and Business Recrds IM11 sets ut the amunt f time that the University needs t keep certain types f recrds. It applies t recrds in all frmats, including paper and electrnic infrmatin. The UPR identifies the main University business recrds (Bards and Cmmittee minutes, student files etc.) which need t be retained but it is cnstantly being updated and develped t include mre recrds series. Where recrds are nt n the retentin schedule it may help t cnsider the fllwing befre yu decide t destry a recrd: hw likely is it that we will need the recrds again fr business purpses? hw serius wuld the cnsequences be if we did nt have the recrds? hw expensive is it t keep the recrds? what lng-term research/ histrical value d these recrds have? If yu are in any dubt abut what t d yu shuld cntact the Recrds Manager fr advice. 7.1 Recrds retentin and Data Prtectin A retentin schedule als helps the University t cmply with specific pieces f legislatin. The Data Prtectin Act stipulates that infrmatin shuld be held fr as lng as necessary and n lnger s it is vital that a plicy fr hw lng we shuld be keeping data n individuals is in place. 7.2 Recrds retentin and Freedm f Infrmatin Freedm f Infrmatin des nt require that all recrds are retained frever,just in rder t cmply with a request fr infrmatin, as is a cmmn miscnceptin. Instead, the University must retain its recrds and infrmatin fr as lng as required t supprt its decisin making prcesses and business activities. The University needs t dispse f its recrds in a timely, cmpliant manner and be able t have the plicy t supprt its dispsal decisins and actins. 7.3 Recrds dispsitin When a recrd cmes t the end f its retentin there are three (3) pssible actins t be taken, these are: recrd is destryed; recrds is reviewed and retained fr a further retentin perid; recrd will be retained permanently fr research r histrical purpses. The vast majrity f the University s recrds that have reached the end f their retentin perid will be destryed with a very small number being retained permanently. 14/19

15 7.3.1 Destructin When recrds are destryed, the prper prcedures need t be in place t make sure they are dispsed f crrectly and that there is an audit trail f their destructin. Gd Recrds Management practice ensures that destructin is dne in a timely secure manner with the fllwing: destructin shuld be authrised by a designated fficer in line with retentin plicies and destructin prcedures; sensitive and persnal infrmatin shuld be destryed in a cnfidential manner; all duplicates f the recrds authrised fr destructin shuld als be destryed; apprpriate evidence f what has been destryed shuld be retained. Cnfidential paper recrds, including thse stred ff-site, will be destryed cnfidentially by the University s cntractr. A recrd shuld be kept f all thse recrds that have been destryed alng with the date they were destryed. Recrds stred in Offices which are due fr destructin shuld be put int cnfidential waste sacks fr cllectin by the Estates department. If yu have cnfidential waste t be cllected please keep in a lcked ffice and cntact the Estates department fr cllectin at the earliest pprtunity. Cnfidential waste sacks shuld nt be left where they can be accessed freely Permanent recrds Gvernance Services is respnsible fr managing the University s Bard and Cmmittee papers. The University als has a small archive relating t the histry f the University. This huses a cllectin f business and histrical material frm the 1950s t the present day including: Annual Reprts, Phtgraphs frm Graduatins, University publicatins such as the Prspectus and ther histrical dcuments frm Hatfield Plytechnic and ther clleges (Balls Park, Wall Hall). All recrds which are deemed t have a lng term, histrical value t the University, and need t be managed as such, shuld be stred here. P E Waters Secretary and Registrar Signed: 1 September /19

16 Appendix A: RELEVANT LEGISLATION, STANDARDS AND GUIDANCE Relevant UK legislatin and Recrds Management Standards Data Prtectin Act 1998 Freedm f Infrmatin Act 2000 Cde f Practice n Recrds Management under Sectin 46 f the Freedm f Infrmatin Act 2000 Envirnmental Infrmatin Regulatins 2004 BS ISO Infrmatin and Dcumentatin Recrds Management Part 1: General BS ISO Infrmatin and Dcumentatin Recrds Management Part 2: Guidelines BIP 0008:2004 Cde f Practice fr legal admissibility and evidential weight f infrmatin stred electrnically PD 00016:2001 Dcument Scanning Guide t scanning business dcuments University Recrds management Plicies and guidelines Guidelines fr creating and maintaining electrnic filing areas Identifying and Managing s as University Recrds Managing and rganising Physical Recrds Recrds Management and the Archiving and Retentin f Prime Dcuments and Business Recrds - UPR IM11 Scanning Recrds: Guidelines (in draft, available later in 2009) Standard Naming Cnventins fr Electrnic Files, flders and Recrds Assciated University Infrmatin Management plicies and guidelines Cmputer Netwrks, Security f Infrmatin Systems and the Prtectin f Infrmatin Systems frm Cmputer Viruses UPR IM01 Data Prtectin UPR IM08 Freedm f Infrmatin UPR IM09 Infrmatin Management Plicy UPR IM02 Infrmatin Security Plicy UPR IM03 Internet/Intranet Based Infrmatin Systems UPR IM04 Data Management Plicy UPR IM12 Managing Persnal and Cnfidential Infrmatin UPR IM12 Appendix 2 Privacy Plicy UPR IM10 16/19

17 Appendix B: GLOSSARY OF RECORDS MANAGEMENT TERMS Term Active Recrds Appraisal Archives Authenticity Classificatin Current Recrds Data Prtectin Act 1998 Dispsal Dispsitin Dcument Dcument Management System Electrnic Recrds File Freedm f Infrmatin Act 2000 Descriptin See Current Recrds The prcess f evaluating an rganisatin s activities t determine which recrds shuld be kept, and fr hw lng, t meet the needs f the rganisatin, the requirements f accuntability and the expectatins f researchers and ther users f the recrds. Recrds that are recgnized as having lng-term (including histrical and cultural) value. An authentic recrd is ne that can be prven t be what it purprts t be, t have been sent by the persn purprted t have created r sent it and t have been created r sent at the time purprted. The prcess f devising and applying schemes based n business activities which generate recrds, whereby they are categrised in systematic and cnsistent ways t facilitate their capture, retrieval, maintenance and dispsal. Thse recrds which are being regularly used fr the cnduct f business (see als recrds lifecycle ). Prvides legal rights t individuals with regard t the persnal infrmatin held abut them by thers (see: The implementatin f appraisal and review decisins. These cmprise the destructin f recrds and transfer f selected recrds t the Archive. They may als include the mvement f recrds frm ne system t anther (e.g. paper t electrnic) r the transfer f custdy f the recrds. A range f prcesses assciated with implementing recrds retentin, destructin r transfer decisins (e.g. dispsal, review, and archive) The smallest unit f filing, generally a single letter, frm, reprt r ther item hused in a filing system An electrnic system that is used t stre, rganise, retrieve and manage recrds received r created by the University. Such a system ffers the functinality f rganising (r classifying) recrds int a relevant structure, managing retentin schedules and prviding audit trails f hw a recrd has been used and by whm.. Recrds where the infrmatin is recrded in a frm that is suitable fr retrieval, prcessing and cmmunicatin by a digital cmputer. A grup f related dcuments cntained within a file cver and fastened tgether. A virtual file can be created fr electrnic dcuments. Prvides a general statutry right f access t infrmatin f any age and in any frmat held by public authrities, subject t a number f limited exemptins (see: 17/19

18 Term Hardcpy Indexing Integrity Medium Metadata Nn-current Recrds Physical recrds Recrd Series Recrds Recrds Lifecycle Recrds Management Recrds Audit r Survey Registratin Reliability Retentin Schedule Descriptin All infrmatin that is nt held in an electrnic frmat and can be read withut additinal equipment. Includes files, maps and plans, and bund vlumes. The prcess f attaching key data (see Metadata) t a recrd t enable it t be described, identified and retrieved efficiently The integrity f recrds refers t its being cmplete and unaltered The frmat n which a recrd is held, i.e. paper, micrfiche, micrfilm, electrnic, ptical disc, magnetic tape etc Infrmatin abut an rganisatins recrds, including infrmatin abut their nature, extent and lcatin, the cntext f their creatin r receipt, the means f access t them and decisins relating t their future management. Thse recrds which have little r n business value, thugh they may be used fr ther purpses, such as histrical research (see als recrds lifecycle ). See Hardcpy recrds A cllectin f recrds having a cmmn subject r theme r functin e.g. annual accunts, invices, cmmittee minutes, Head f Department s crrespndence files etc. A series is distinguished by the fact that it prvides evidence f a particular prcess and as such may vary in size frm a single dcument (e.g. Schl Strategic Plan) t many thusands in the case f invices. Thse dcuments required t facilitate the business carried ut by the University and retained fr a set perid t prvide evidence f its transactins r activities. Recrds may be created, received r maintained in many frmats including hard cpy, r electrnic frmat. A cncept fr describing the varius stages thrugh which infrmatin passes. Recrds are current frm their creatin and fr as lng as their business/ administrative value remains at its highest. They becme semicurrent when their administrative value declines and reference t them becmes irregular and less frequent. When a recrd has ceased t have any administrative value at all it is nn-current. The field f management respnsible fr the efficient and systematic cntrl f the creatin, maintenance, use and dispsitin f recrds. A systematic exercise t lcate and identify all the recrds held by a particular business area. The prcess f recrds creatin and its recrding in an apprpriate finding aid, such as a register, index, cmputer database etc. A reliable recrd is ne whse cntents can be trusted as a full and accurate descriptin f the transactins, activities r facts t which they are evidence f. An index t different types f recrds, detailing hw lng they shuld be kept fr in rder t meet peratinal and legal requirements. Fr example, t meet VAT and taxatin regulatins, there is an bligatin t keep mst financial recrds fr the current year +6, making the effective perid f retentin 7 years 18/19

19 Term Semi-current Recrds Tracking Useability Versin Cntrl Vital Recrds Descriptin Thse recrds whse business value has declined, but which may still be referred t n an irregular basis (see als recrds lifecycle ). Capturing and maintaining infrmatin abut the mvement, use and transactin f recrds. A useable recrd is ne that can be lcated, retrieved, presented and interpreted. A prcedure which seeks t identify and manage recrds which are subject t intensive redrafting, thereby enabling differences in authrship and cntent t be lgged and cntrlled. Thse recrds crucial t the cnduct f the University s business and withut which the University wuld be unable t functin shuld they be destryed by fire, fld r any ther catastrphe. Identificatin f vital recrds wuld frm an integral part f any business cntinuity planning. Signed: Date: 1 September 2012 P E Waters Secretary and Registrar 19/19