Freedom of Information & Records Management Group Standards for Creation and Storage of Physical & Electronic Files

Transcription

1 Freedom of Information & Records Management Group Standards for Creation and Storage of Physical & Electronic Files 1

2 Document Control: Issued By: Freedom of Information and Records Management Group (FIRM) Version Reason for Change Author Date 1.0 Initial Issue B Dale 06/08/ Amendments from S Kerridge B Dale 01/10/ Amendments from FIRM Group meeting B Dale 30/11/ Amendments from C Gales C Gales 13/01/ Amendments from FIRM Group (13/1/11) and C Gales (8/2/11) FIRM and C Gales 8/2/ Final check B Dale 10/3/11 Version control of a document is vital for good records management and consistency across the whole organisation. The latest version of this document will be made available on the University website, please ensure that you use the most up-to- version. 2

3 8. Standards for Creation and Storage of Physical & Electronic Files 1. Introduction The University s Freedom of Information and Records Management Group (FIRM) was set up to develop University Policy and Procedures in relation to Records Management, and to oversee the implementation of recommendations made by Internal Audit, and approved by the University s Audit Committee. This document now forms part of the University s Records Management Policy and relates to University Standards for the Creation Storage and Archival of Physical and Electronic Files. 2. Purpose of document To communicate to University staff the University s Standards for the Creation Storage and Archival of Physical and Electronic files. These standards will come into force following Executive approval. Physical and electronic files already in existence will be exempt from the Creation and Storage of Physical & Electronic Files standards. Please note that all physical and electronic files in existence now and in the future must adhere to the University s Retention, Archiving and Disposal Policy. 3. File Structures Whatever type of information you are dealing with, the aim of storing that information either electronically or physically is to enable quick retrieval with the minimum of effort. It is important to remember that you are storing University information in order to retrieve it and by consistent file creation and file management you will assist the University in achieving: Compliance with the statutory 20 days retrieval of information under the Freedom of Information Act, and 40 days under the Data Protection Act. Control of records within offices across the University and quick access to information. 3

4 Lifecycle of a record Create Archive Store Retrieve 4. Creation - Physical and Electronic Files The following recommended standards should be adopted by staff to aid retrieval of both physical and electronic files. There is no need to change existing file names however; these standards should be adhered to for new physical and electronic files. File Names - should be short and clear, as clarity and usability permits, and should not contain non-standard abbreviations or terms other staff may not understand. Repetition and redundancy Avoid repetition and redundancy in file names: e.g. a record s name should not contain information that is already present in the folder in which it is filed. Capital letters Use capital letters to start each word; never use spaces or underscores e.g. FinAccounts2009.doc. Some software packages have difficulty recognising files names with spaces and this can be a particular problem when publishing files to external web sites. Therefore the avoidance of spaces and underscores in naming files is very important. Two-digit numbers A minimum of two-digit numbers is required. It is important to include the zero for numbers 0-9 in file names to maintain the numeric order is cases where file names include numbers. An advantage of this is that it assists in easier retrieval of the most recent record number. Date Format If using a in a file name this should state the in a back to front format, and always use four digit years, two digit months and two digit days, e.g. YYYYMMDD or YYYYMM or YYYY. The back to front format means the chronological order of the records is maintained in the file directory, and this assists when trying to retrieve the latest d record. Personal Names When a record is a piece of correspondence it may be appropriate to include within the file name the name of the individual. When it is appropriate to include a personal name it should be given as - the Surname first followed by the Forename. Generic Terms Avoid using words like draft, letter or memo at the start of file names. Using descriptive generic terms at the start of file names, 4

5 means that all such records will appear together in the file directory. This will make it much more difficult to retrieve records. e.g. DraftFinancial2010.doc FinalFinancial2010.doc Would make it difficult to find the financial documents, whereas: FinancialDraft2010V01.doc FinancialDraft2010V02.doc FinancialFinal2010.doc Would follow each other if the files were sorted alphabetically. Order the Elements - The elements to be included in a file name should be ordered according to the way in which the record will be retrieved during the course of day to day business, e.g. Retrieved by Date the element should appear first. Retrieved by Description then the description should be listed first. Recurring events should include the and description of the event, unless these elements already exist in the file name, e.g. minutes of meetings, regular reports, event management and budget planning documents need to include the and the event name/description in order for the record to be identified and retrieved. The file names of correspondence need to include the name of the correspondent, an indication of the subject, the of the correspondence and whether it is incoming or outgoing correspondence. Hence the file names of correspondence should include the following elements: 1. Name of correspondent. (This is either the name of the person who sent you the correspondence or the name of the person to whom you sent the correspondence) 2. A description of the subject, provided it is not already stated in the folder title; 3. The of the correspondence; 4. If it is received correspondence, then include the standard abbreviation Rcvd. The version number of a record should be indicated in its file name by the inclusion of the letter V followed by the version number and, if applicable, Draft or Final. e.g. FinancialFinal2010V01 It is always important to differentiate between various drafts of a document by giving each draft its own number. If a version number is applicable, it should always appear in the file name of the record so that the most recent version can be readily identified 5

6 Summary - Ensure each file has the following: A unique title so that it can be easily identified. Always make sure that the file title refers to the records contained within it. Metadata displayed on the front cover. See appendix 2 for the metadata template which must be completed and attached to new physical files. An index of directories holding electronic files must be created (See Appendix 4) and held in a location which is regularly backed up (e.g. your Faculty or Service shared S: drive) to ensure the index is not lost. Ensure all staff that may need to access the information are trained in the retrieval process. Print a copy of the index on a regular basis. The frequency will depend on how often you create new files but you must print a copy at least once per month. This is your contingency in the event you need to retrieve a file and the computer systems are not available for you to access the index. 5. Physical Files How to File and Store Physical files should use a filing system to facilitate the storage and efficient retrieval of records. Every new physical file must be recorded and maintained in an ordered and consistent manner. The following standards must be followed:- The filing system must:- Enable you to find the information as quickly as possible and with the minimum of effort. Everyone who uses the filing system must know how it works It must be simple to use Files must be:- Kept up to Stored away from threat of fire/water/malicious attack/unauthorised access Accessible within the statutory 20-day response deadline to any requests for information made under the Freedom of Information Act Retained in line with the University s Data Retention, Archiving and Disposal Policies. 6

7 Removal of Files If a physical file is removed from its usual location you must up who has taken it, when it was taken and when it was returned. This will help locate missing files. This information must be completed on the template attached to the front cover of the physical file and also in the electronic index. See Appendix 2 & 3 Before the file is removed:- 1. Locate the physical file. You may need to refer to the electronic index to find the physical file location 2. Up the template on the front cover with the name of the person and the the file is removed (Date loaned & to whom) 3. Open the electronic index and locate the row relating to this particular file 4. Remove any entry in the last loaned to, last loaned and the last returned this will refer to the last time the file was loaned 5. Up the electronic index columns last loaned to and last loaned with the name of the person removing the file and the it was removed 6. Save the upd electronic index When the file is returned:- 1. Up the template on the front cover with the the file was returned ( Date returned & by whom) 2. Open the electronic index and locate the row relating to this particular file 3. Up the electronic index with the last returned 4. Save the electronic index 5. Replace the physical file in its designated location - If an contains important information that needs action, or to which you will need to refer later, you must save it in the relevant hard copy file. Security - All files must be held in appropriate accommodation. Confidential files and personal data must be located in maintained lockable filing cabinets. All files must be locked away or otherwise made secure every night. 7

8 Never allow physical files to get so large that they become unwieldy. Once a file is full, create a continuation file and number the files accordingly (e.g. File title - File 01 - range, File title - File 02 - range etc). Name the files to make it clear the order they were created and how many there are e.g. SmithJohn of2. Should file 3 be created for this student then you will need to up the reference on files 1 and 2 to become 01of 03 and 02 of 03. You will also need to up your electronic index. When a physical file is closed, ensure that all documents that need to be kept are in fact in the file i.e. remember to print to paper any relevant electronic documents or transactions and file them to ensure that the physical file is complete and that all relevant information is in one place. 6. Electronic Files How to File and Store Location of electronic files must be carefully considered by the Faculty/Service to ensure ease of retrieval. Remember everyone who needs to have access must know where the file is located and its name. It is sometimes worth having a mirror image of your Physical and Electronic File Names for ease of reference and retrieval. However as with physical storage it is important to follow the same principle of standards therefore: All electronic files must contain metadata. See Appendix 1 for the metadata template which must be the first page of electronic documents Files must be stored within the Document Management System if the file is made available under the University s Publication Scheme. Non Publication Scheme documents (including draft documents to be made available via the University s Publication Scheme) must be stored on the University s filestore. Faculties and Services may decide their own directory structures and directory naming conventions Documents must contain the full path name and file name in the footer of the documents to aid identification and location Files must be archived, retained and disposed of in line with the University s Data Retention, Archiving and Disposal Policies. 7. Guidance on Preparing Records for Onsite Storage There may be some records which you need occasional rather than regular access to and the pressure for office accommodation on-campus means that you may wish to consider moving some of your records to another on-campus location which might be cheaper and safer to use. This guidance provides some simple ideas on what to take into account when making such decisions. Records should be secured, cabinets, filing cabinets, storage rooms/cupboards should be lockable 8

9 Ensure you keep a list of where records are stored Ensure storage areas are kept tidy and clean Consult HR to ensure that health and safety requirements are met in your storage area Ensure that records used most frequently are the most easily accessible Records should not be stored in a place where they are going to cause an obstruction Don t store records near water Ensure your records are free from interference by animal pests Use proper storage boxes Label your boxes, contents list may be kept elsewhere if this is necessary for security purposes Don t stack boxes any more than 3 high on a shelf Don t overfill storage boxes Use proper storage furniture and don t stack anything directly on the ground 8. Recommendations for Desktop Computer Users Network Drives C: Drive Computer s Hard Drive This is your computer s hard-drive and is commonly known as your C:Drive or Local Drive. Only temporary files should be stored on the local C:Drive. The reasons for this are: If your computer develops a fault with its hard-drive the files stored may become corrupt or may not even be recoverable and could be lost permanently. Therefore the recommendation to take regular back-ups is important to remember. Do not use your local C: Drive to store permanent files as they are not backed up on the University s network and could be lost if your PC crashes. Files stored on your local C:Drive are only accessible by you and this could cause problems for your colleagues if they need to access information during your absence. Personal - Central Storage This is a storage space on the central network which is only accessible by you, much like the C:Drive. However, the difference is using this part of the network ensures that your data is backed up centrally, and means data lost due to accidental deletions or amendments can be recovered. The network drive is usually known as H however, depending on how your computer has been set up and configured may be known by another letter name, for example Z. Whatever letter is used, your own user ID will appear in the network address denoting that it is your personal drive. 9

10 Shared Access Central Storage The University s Central Filestore is accessible both on and off Campus. Access on-site: Usually this is set up on your PC as the S:Drive, again depending on how your computer has been set up and configured you may use a different letter name. The S:Drive gives you the flexibility of being able to share documents with your colleagues and have the added benefit of knowing that files are centrally stored therefore backed up regularly. In fact backed-up files are stored in the snapshot folder on your S.Drive which enables you to recover deleted files yourself without the need for IT intervention. Access off-campus: is via: Click on the Filestore Icon and log in with your staff User ID and Password. If you have never used the Central Filestore before you may need to activate it. You can do this by changing your University Password in Selfcare. The Selfcare icon is also at Retention and Review Files created or upd should be reviewed every 6 months. In most cases information saved to your H: Drive (see information above) may well be obsolete and should be deleted. Subject Access Requests may require you to provide any information you hold in your personal directories i.e. C: or H: Drives, also within your . Therefore it is good practice to regularly review and delete old files including . Portable Data Devices The use of portable data storage e.g. data pens should be kept to a minimum and Filestore as mentioned previously is available off-campus and is a more secure means of storing and accessing data. The use of Filestore is the preferred University method of secure storage. Data of a personal and sensitive nature should only be copied to a portable data device in exceptional circumstances and with the permission of your line manager.(refer to guidance on data security) Where it is necessary to copy personal or sensitive data to a portable data device an iron key should be used. Iron keys look like a pen drive but they allow you to protect the data through identity management (i.e. a login and password are required); also the data itself should be encrypted on the iron key. The purchase of Iron Keys is available via ITS Service Desk - helpdesk@sunderland.ac.uk. Iron keys can typically cost anything between The Information Commissioner s Office has now begun to issue significant fines in cases of serious personal data loss. The University will 10

11 also take disciplinary action against a member of staff deemed to have ignored this guidance). Loss of personal data via unprotected portable devices is a serious breach of Data Protection and a disciplinary offence. Portable data devices (e.g. pens / sticks) are for temporary storage only. Do not rely on a data pen as your only copy of the file. The master version of a document must be stored on filestore, or the Document Management System, according to your local Faculty/Service arrangements. Document Management System The Freedom of Information Act grants access rights to recorded information held by a wide range of public bodies (which includes Universities) and, in line with the Information Commissioners much more demanding expectations of public bodies, a new Publication Scheme was introduced and became operation on 1 st January The Publication Scheme is available via The Publication Scheme falls into 7 main categories: Who we are and What we do What we Spend and How we spend it What our Priorities are and How we are doing How we make Decisions Policies and Procedures List and Registers Services We Offer As an example, we are expected to make publicly available documents which display our performance in a range of areas; including external reviews and audit reports. The Scheme also required that the documents available must be the most recent including Minutes from Boards and Committees, recent consultative documents etc. Therefore all corporate files to be retained in line with the University s Records Management Policy should be held within Document Management System and those that do not fall under the scheme but need to be accessible to other colleagues should be held on the S:Drive. All files held within Document Management System must contain a review and expiry on the initial upload. These s should again conform to the University s Retention Policy All Information Champions have responsibility for the review archiving and destruction of these files. Facilities also use the Document Management System for storage of key master documents. 11

12 Recommended Templates Appendix 1 Electronic File Header Information (Metadata) Title Description Revision History Version Date Author&Department Changes Archive and Disposal Review Date Date to be archived Date to be deleted Deleted by 12

13 Appendix 2 - Physical File Cover Sheet File Title ( name) e.g. SmithJohn Description Physical records relating to student John Smith reg. no File sequence 1 of 2 Names of related files e.g. 2 of 2 Review Date 10 th July 2010 Date File Created 10 th July 2009 Created by ( person) Physical location of file Store cupboard room 23 Hutton Building Location of related files e.g. where is 2 of 2 Date added to electronic index Location of electronic index e.g. \\uos-staff.sunderland.ac.uk\academicrvs Date Loaned & to whom Date Returned & by whom Date file closed Date Archived Date Destroyed Archive Location Destroyed by whom 13

14 Appendix 3 - Physical File Index File Index Title Descri ption creation created by sequence physical location relate d files location of related files review added to this index location of electronic copy last loaned to Last loaned last returned closed archived archived location & ref destroye d dest roye d by who m for Creation and Storage of Physical & Electronic Files.docx 14

15 Appendix 4 Electronic Directory Index Directory Directory location Navigation path Description Date directory (and subdirectories) contents reviewed and upd/deleted Next review Docushare Collection-641 Financial regulations etc P&F shared directory \\uosstaff\planningfinance\ Project documentation, minutes of meetings 15