Management Policy

Transcription

1 Information Management Standards & Procedures Management Policy Appendices: A. Decision Matrix For Records Management 1 st December 2009 Document Version: 1.0 Page 1 of 14

2 Contents 1.0 Document Control and Information Annual Version History Approval History Introduction Scope & Purpose Definitions Information Management Standard Managing Types of Corporate Standards and Guidelines Retention and deletion Message content, formatting and attachments Circulation and distribution lists Signatures Etiquette and professionalism Out of office, account activity and absence planning Mobile and home working Restrictions on the use of Corporate Personal and sensitive information Offensive Material Personal Use of Monitoring and audit Responsibilities Appendices Index Further Information and links Insite Pages: Useful training resources: Related Documents: Page 2 of 14

3 1.0 Document Control and Information IMPORTANT: Before reading this document please check the status and version number. Please check that this is a published version before undertaking any recommended actions. The current versions of Information Management Policies are available via Insite and the staff handbook. If you have received this document via another source please check Insite: Staff Handbook; Information Management and Security to ensure you have the latest version for release. Title Management Standard Status Updated Version Version N o. 1.1 Issue Date 01/12/2009 Primary Author Geoff Smith Position Corporate Records Manager Quality Reviewed By IM Programme Board Date of Review 12/02/2010 Revision Details Amended to incorporate Acceptable Use of s 1.1 Annual Version History Title Version # Date of release Records Standard Reason for change Owner /02/2009 First Version Corporate Records manager 1.2 Approval History Approved By Head Of Information Management Date Of Approval 16/02/09 Page 3 of 14

4 2.0 Introduction continues to provide a number of vital functions in the conduct of day to day business activities. Under current legislation can be requested as part of the Freedom Of Information Act and can be called upon as evidence in a Court of Law. Employees must, therefore, be able to retrieve records, demonstrate their authenticity and demonstrate effective Record keeping practices. This standard has been introduced to assist employees manage their records, to ensure that important s are not discarded and ensure the quality of information within the Council. 3.0 Scope & Purpose The purpose of this standard is to explain how good management contributes to better service delivery, and how records must be managed. This standard applies to the creation, management and disposal of s by Council employees. 4.0 Definitions An , within the context of this standard, refers to both the text message and the attachment that may be created or received by a member of staff. can be used to authorise business transactions, from approving new policies to authorizing expenditures. Individual messages and their content are therefore essential in the conduct of Council business. 5.0 Information Management Standard The Council allows all staff to create, manage, receive and dispose of . The Council has a legal duty to manage the information it produces, treat information as a valuable resource, comply with regulatory requirements and maintain quality information. This includes all s that record key transactions or Records. This document establishes a corporate standard for management, from the creation or , the quality of content, the acceptable use of systems and identification of records to their disposal. 6.0 Managing is subject to the same laws as paper and other electronic records and must be managed in a similar manner. There are benefits to improving the management of records including: can be made accessible to other employees within the Council in a controlled manner. Page 4 of 14

5 can be linked (or filed with) other records relating to the same transaction, placing the record in context. s will be managed as records and disposed of according to the Council s retention and disposal schedule 7.0 Types of created or received can be divided into three different types: Business Short-term Personal 7.1 Business business forms part of the department s records and documents important business activities. Examples of which form part of the department records include: A communication between staff in which a formal approval is recorded A direction for an important course of action A discussion between staff where the context results in a decision being formulated Records of conversations Business correspondence received from outside or inside the department These records must be retained to provide evidence of business activity and meet legal requirements. 7.2 Short Term Short term facilitates department business but is of a trivial nature or short term value. It does not need to be saved into a filing system. Examples of this type of include: Notices of meetings Copies of minutes Copies if reports or newsletters Internal work related received by carbon copy (CC) or blind copy (BCC). 7.3 Personal personal relates to a private or personal matter and has nothing to do with the business of the department. Examples of personal s include: Personal/family arrangements Unsolicited information or newsletters (i.e. not related to staff work responsibilities) 8.0 Corporate Standards and Guidelines 8.1 Retention and deletion The majority of should be regarded as ephemeral information. That is, information that is useful on a daily basis but does not have long-term value to the Page 5 of 14

6 business. that is considered to have longer term value to the business must be treated as a formal record and filed outside of the system in the appropriate repository such as on the corporate EDRMS or a designated and secure network drive (i.e. fileshare). that does not have long-term value to the business must be deleted from the e- mail system (including the trash folder). should not be retained in the system for a period longer than 6 months 1 and files should be reviewed and deleted at least monthly. Staff should not keep all just in case it is required. containing information that has a legal or business requirement or must be retained for audit purposes must be filed in the appropriate repository, where it is either searchable (e.g. corporate EDRMS) or appropriately classified in a folder on the network and can be accessed quickly. Users should think carefully about the subject matter, which colleagues require access to the information and should not rely on an individual knowing its location in order to retrieve it. s are used for a number of different purposes therefore the retention period for an record must be determined by its contents. The decision matrix (Appendix A) provides a guide to determining which messages should be saved as records. 8.2 Message content, formatting and attachments The same care should be taken in writing as any other business correspondence. Appropriate professional language must be used. A subject heading must always be identified and the should be concise and reflect the subject matter. Use paragraphs to improve readability. Before sending your message always check spelling and re-read your message to ensure it is appropriate. A corporate standard font is not prescribed but the font used must be considered readable and staff should avoid using elaborate fonts. These may look unprofessional to the recipient or be difficult to read. Also, avoid using coloured fonts and use black on white text, unless there is a specific individual requirement for the recipient, for example a visual impairment or dyslexia. When replying to , always include the original to provide a context to the message. Refer in the text to an attachment if sending one and avoid attaching large files, as they will affect the performance of the network. For documents over 2MB always consider if there is a more appropriate way of sharing the information such as a link to a network fileshare or publishing the document on Insite if that is appropriate. A general guide to the size of attachments sent over Leicester City Council s network and the prescribed action is detailed in the table below: 1 See LCC Retention of Records Policy Staff Handbook: Information Management and Security Page 6 of 14

7 Size of attachment Frequency of circulation Action Up to 1MB Any This is acceptable use 1 to 2MB Occasional This is acceptable use 1 to 2MB Frequent Consider publication on Insite or another appropriate repository Over 2MB Any Consider publication on Insite or another appropriate repository Over 12 MB Any Unacceptable use, another information sharing medium must be used 8.3 Circulation and distribution lists Ensure that addresses are for the intended recipients to avoid embarrassment; or at worst; disclosure of sensitive information to unauthorised recipients. users must consider carefully whether it is necessary to copy individuals into messages to avoid any unnecessary network traffic. For example, it may not always be necessary to copy a manager into . Users should not automatically retain a copy of all sent messages and must decide on a message by message basis whether a copy of a sent message is to be retained and review their sent mail monthly and delete if no longer required. may be used as a medium to broadcast information across departments or even corporately subject to the following guidelines. 2 The subject of the should be relevant to the majority of recipients and should be urgent in nature. To promote a corporate sponsored event; e.g. Dissemination of urgent or very important information; e.g. the council achieving the 4 th Beacon Council award Notification of a business related incident that will impact the majority of staff; e.g. a major interruption to electricity supplies It would not be acceptable to use a corporate to: Canvas for personal sponsorship Marketing an internally traded service (these internal sales activities should be carried out on Insite). Selling personal items Diligent management of distributions lists is required. If distribution lists are not maintained correctly then messages will not go to the intended recipients which can have negative consequences ranging from embarrassment to improper disclosure of sensitive information. 2 Further detailed technical guidance and advice on GroupWise use for Corporately distributed s available via Staff Handbook: Information and Communications Technology Page 7 of 14

8 8.4 Signatures Always include a signature at least once in an message. Your signature must contain your full name, job title or role, department, division, team and contact information. s to external organisations must state that you are representing Leicester City Council. 8.5 Etiquette and professionalism These general guidelines provide advice on how to send an effective message in a professional environment. Length: The must be concise and to the point but must not be abrupt. Where must go into more detail consider whether an attached word document maybe more appropriate, particularly if your reads more like a report than a summary. Do not use abbreviations in e.g. plz for please. This may be appropriate for instant messaging or SMS (text) messages, but is not appropriate for business communication. Tone: The tone of is a difficult thing to explain, it is much more difficult to convey an appropriate tone in written language than in a meeting or a telephone call. In some circumstances, therefore particularly on a matter of sensitivity, then a phone call or meeting may be more appropriate. The best course of action in determining an appropriate tone is a diligent approach and good habits of reading and re-reading your before hitting the send button. The desired outcome is to come across as professional, approachable and respectful as opposed to curt, demanding and too informal. o Use of Emoticons: Experienced users often use emoticons to convey a certain tone. Emoticons are little faces made up by arranging parentheses, colons, and semi-colons for example :),to represent a happy face and :(,to represent a sad face. Use good judgement here; emoticons maybe useful when liaising regularly with a long-term colleague but it is too informal for the majority of business relationships. Do not use uppercase text for whole words, e.g. HELLO, it reads like you are shouting. If there are disputes or differences of opinion at work, is not an appropriate medium to use and copying in managers and colleagues to add weight to an argument is not considered good practice. A meeting or telephone call to discuss the issue is usually more appropriate. 8.6 Out of office, account activity and absence planning An account should be actively used and maintained at all times. If the account is a generic representing a service or unit then there must be a designated officer, either on a permanent or rota basis, responsible for its management and they must ensure messages are responded to. It is not acceptable for an account to be left unmanaged for prolonged periods of time. Page 8 of 14

9 For periods of absence longer than 3 weeks it may be appropriate to temporarily disable or redirect messages to a responsible colleague. Staff must discuss appropriate arrangements with their line management and log calls for any action required on the ICT support helpdesk. At least 10 working days notice for technical services to respond is required in advance of the proposed absence date. Where staff are on leave from duty arrangements, an alternative contact must be identified and must be explicitly stated in an appropriate automated out of office message. Also, details of the message should state when they are able to respond to messages and when they are likely to return to their duties. On returning to work, it may be appropriate to send a further automated reply explaining there is a large backlog of mail and therefore there may be a reasonable delay in responding to messages. If an individual leaves the organisation it is their responsibility to ensure that the appropriate application access form instructing the account to be deleted is processed and authorised by their line management. 8.7 Mobile and home working is becoming increasing associated with working on the move or out of the office environment. Although there are distinct benefits for the time this saves the business, users must ensure they spend the same amount of time and care sending form a mobile device such as a blackberry. The same diligent approach applies to sending business related from their home computer, for example via webmail, as if they were working from their desktop computer at the office. Make sure that mobile devices are switched off or silent during meetings. alert tones during a meeting are not considered polite business practice. As a rule staff should refrain from answering s whilst attending meetings and other business events. 9.0 Restrictions on the use of Corporate 9.1 Personal and sensitive information 3 No personal details of individuals must be included in as a general rule, unless you have agreement from the data subject, i.e. the person who the information is about. In some circumstances, such as relating to Child Protection and Youth Offending, use of a corporately identified secure system such as Criminal Justice Secure (CJSM) to transfer personal details between approved agencies can be authorised. This is the responsibility of the relevant agencies and services. Any requirements for such agreements must be progressed in accordance with the corporate Head of Information Security & corporate Head of Information Governance. 3 Refer to the Staff Handbook Information Governance for detailed advice on the Data Protection Act and processing personal information. Page 9 of 14

10 It is explicitly forbidden to send any payment card details, even if the details are encrypted. Payment Card details are defined as account numbers, card-holder details, issue numbers and any other information derived from a payment card. A payment card is any card that can be used for payment of goods and services such as a credit or debit card. must NEVER be used to send a card verification code or value (the threedigit or four-digit number printed on the front or back of a payment card used to verify cardholder-not-present transactions) or PIN verification data. 9.2 Offensive Material It is unacceptable to send containing offensive material and would be a breach of Leicester City Council s Terms and Conditions of work 4. This includes material that may be considered: Discriminatory in breach of Leicester City Council s Equalities Policy 5 Specifically; Considered offensive to others due to their colour, race or ethnic background Considered offensive to others due to their gender Considered offensive to others due to their sexual orientation Considered offensive to others due to their disability Considered offensive to others due to their religious or other beliefs Considered offensive to others due to their national origin Considered offensive to others due to their marital status Considered offensive to others due to their membership of a trade union. Pornographic; including images and text Any communication considered to be bullying or harassment Inappropriate language such as sexual swearwords Anything else that can reasonably be considered material with the intention to offend 9.3 Personal Use of This is strictly forbidden and is considered unacceptable use of Leicester City Council s resources. Use of for personal reasons (not relating to your work for Leicester City Council) is contrary to your conditions of employment. The two major risks relate to lost working time and the risk of breaching the council s ICT security 6. The use of for personal use significantly increase the risks of harmful such as SPAM (unsolicited that takes up network resources), Phishing attacks ( designed to extract personal information for illegal purposes) and computer viruses and malware (harmful programs designed to cause damage to the Council s network) 7 4 LCC Terms and Condtions: Appendix V Leicester City Council Employees Code Of Conduct And Behaviour At Work 5 See Insite Staff Handbook: Equalities 6 See Leicester City Council Staff Handbook: Information Management and Security: Acceptable Use Policy 7 Page 10 of 14

11 9.4 Monitoring and audit Records of every sent or received are recorded against each user account This means that if there is reasonable cause to investigate unacceptable use and breaches of this policy then specific records of transactions can be reported on if required, subject to Internal Audit procedures Responsibilities Leicester City Council is responsible for issuing best practice guidance in relation to all aspects of management. This includes providing guidance on the categories of s that should be retained and their retention periods. Individual staff are responsible for managing their own records by: Identifying and retaining records Avoiding inappropriate destruction of records Applying Council wide retention periods to their records. Page 11 of 14

12 Appendices Index. A. Decision Matrix For Records Management. Co 1 st December Further Information and links Insite Pages: Staff Handbook for Information Governance Staff Handbook for Information Management and Security Information Management Strategy and Programme Insite Page Useful training resources: Bob s Business; Information Security Learning tool. Available on your Council desktop computer Related Documents: Information Management Strategy Information Management Policy Information Security policy Retention & Disposal Policy Page 12 of 14

13 Appendix A Decision Matrix For Records Management This decision table will help employees decide which records to keep. Answer the questions in the left column and follow each decision step, until you fond the answer you require. Sending s Yes No 1. Does it relate to work? Go to 2 is personal and can be deleted. 2. Am I sending an to another staff member (or members) that requires action? Save as business record. Go to 3 3. Am I sending an to another staff member (of members) which authorizes a piece of work? 4. Am I sending an to a person external to department which is business correspondence? 5. Am I forwarding an I received in which I am requesting an action? 6. Am I forwarding an I received just for information? 7. Am I replying to an sent by a corporate department employee? 8. Am I replying to an sent by a person external to department? Save as business record. Save as business record. Save as business record. is for information only and is therefore short term. Delete when no longer required or after 6 months. is for information only and is therefore short term. Delete when no longer required or after 6 months. Save as business record. Go to 4 Go to 5 Go to 6 Go to 7 Go to 8 Receiving s Yes No 1. Does it relate to work? Go to 2 is personal and can be deleted 2. Was the sent or forwarded by a Departmental Employee? Go to 3 Go to 5 3. Was the sent for information purposes only i.e. as a BCC or CC? 4. Was the a reply to one I had sent and contains further information or action? 5. Was the from an external source or a service based employee? Page 13 of 14 No need to save. is a business record and should be saved by the originator. Save as business record. Save as business record Go to 4 Go to 5

14 Page 14 of 14