Records Management Policy & Guidance

Transcription

1 Records Management Policy & Guidance COMMERCIALISM

2 Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management Policy Version Date 28/09/12 Effective Date 1 November 2012 Version 1.3 Issue THREE Change Record Modified Date Author Version Description of Changes 14/07/2009 N Spencer 1.0 Comments addressed and minor format changes 23/05/2011 S Smith 1.1 Reviewed on behalf of Service Desk 25/05/2011 A R Last 1.2 Reviewed by M Brazier & A R Last 28/09/12 A R Last 1.3 Annual review Stakeholder Sign off Name Position Signature Date Nigel Spencer Information Services Manager May 2011 Martin Brazier Knowledge Manager May 2011 Nigel Spencer Head of IS September 2012 Martin Brazier Knowledge Manager September 2012 Security Sign-off Name Position Signature Date Adrian Last Business Support Manager May 2011 Adrian Last ISMS Manager September

3 Table of Contents 1. Policy Purpose 3 2. Introduction What are records? 3 3. Organisational Arrangements Lead Responsibility Responsibility of Heads of Business Units Information Asset Owners Responsibility for Change Management General Roles and Responsibilities 5 4. Records Systems Information Classification Choosing Where to Store Records 5 5. Storage of Paper Records New Paper Records Legacy Paper Records and SAPA Items on Loan from The National Archives 6 6. Security of Records Access Control Collection of Evidence of Security Breaches 7 7. Retention and Disposal General Principles Making Disposal Decisions Implementing Disposal Decisions Documenting Destruction 8 8. Records Created by Partners Typical Contract Requirements Collection of Evidence of Security Breaches 9 9. Review of Records for Transfer to The National Archives Selection of Records for Permanent Preservation Determining the Access Status of Records Transfer of Public Records Compliance Monitoring and Reporting Review of Records for Transfer to The National Archives Selection of Records for Permanent Preservation Determining the Access Status of Records Transfer of Public Records 12 2

4 Table of Contents (Cont.) 12. Compliance Monitoring and Reporting User Awareness Incident Reporting Disciplinary Process Deviations From Policy Glossary Of Terms 12 Appendix A List Of Related Documents, Procedures And Processes 13 3

5 1. Purpose The aim of this policy is to ensure that employees and agents and advisers are aware of their responsibilities when managing records belonging to The Crown Estate and has been written to support the Management Board Statement below: We recognise that records management is vital to our business. Effective records management will help us to ensure we have the right information at the right time to make the right decisions. It will provide evidence of what we do and why, thereby protecting our interests. We recognise that records and the information they preserve are essential corporate assets. By implementing this policy, we aim to balance our commitment to integrity, openness and transparency with our commercial and stewardship responsibilities. We will provide supporting standards, procedures and guidelines, and monitor compliance with them. We will review this policy annually or whenever a significant change is being planned, and we will keep it up to date. 2. Introduction Managing Crown Estate records to agreed standards is essential if those records are to be available and used in the future. Freedom of information and data protection legislation has put greater emphasis on our obligation to maintain a corporate memory securely and to make information available to the public as appropriate. All records need to be managed in line with legal, business or heritage obligations and be accessible, accurate, in good condition and either held permanently or disposed of in a timely fashion, as appropriate. Furthermore, adequate records management ensures the security of our information and is an enabler for accreditation under ISO All employees, advisers and agents should be aware of the value of the Crown Estate records they create or manage, and relevant legislation and regulations governing their use and retention. This policy defines the way Crown Estate records and information should be managed to standards which ensure that vital and important records are identified, that the business holds records that are necessary, sufficient, timely, reliable and consistent with business need, and that legal and regulatory obligations are met. It also defines the roles and responsibilities for the creation, safekeeping, access, change and disposition of information What are records? Records provide a history in detail of an issue, matter, dealing, transaction, project, initiative or decision. Any type of document, data and information in any format can be a record, including paper, electronic files, s, presentations, scanned images, spreadsheets and models. It is important that all evidence is recorded to show the build-up and background to outcomes. A record is not just the final report or product. To use an analogy with paper file systems, it is important to include draft versions, correspondence, memos, notes and comments the metaphorical pencilled notes in margins - which all help to tell the story and retain the corporate memory. In the electronic world, we must strive to retain and secure all related information in such a way that it is holistic and in context. 4

6 3. Scope The scope of this policy applies to: The Crown Estate s personnel, temporary staff, contractors and service providers utilising The Crown Estate s information system resources; and Information system resources, including data networks, LAN servers and personal computers (stand-alone or network-enabled) located at The Crown Estate and non-crown Estate locations, where these systems are under the jurisdiction and/or ownership of The Crown Estate, and any personal computers and/ or servers authorised to access The Crown Estate s data networks. Personal mobile devices such as Blackberrys and laptops provided by The Crown Estate are also included. Third parties shall also adhere to this policy. All corporate records, whether in paper or electronic format. 4. Policy 4.1. Policy statement The Crown Estate s records are assets essential to The Crown Estate s business and its dependency on these assets to meet its statutory obligations demands that appropriate levels of records management be instituted and maintained. It is The Crown Estate s policy that appropriate organisational arrangements (see Section 5 below) and processes (Sections 6 to 9) are implemented to ensure its records are maintained in a systematic and orderly fashion, protected against accidental or malicious destruction, damage, modification or disclosure, and to maintain appropriate levels of confidentiality, integrity and availability of its records Policy objectives The objectives of this policy with regard to records management are to: Ensure that comprehensive records are readily available as a corporate memory to enable The Crown Estate to conduct its business in an effective way Enable The Crown Estate to meet its statutory obligations; Minimise reputation exposure, which may result from ineffective records management Policy overview The Crown Estate s records are important business assets. Appropriate systems are required to ensure that sufficiently comprehensive and complete records are kept to enable The Crown Estate to maintain a corporate memory sufficient to meet its statutory obligations. Users should be made aware of the dangers of inadequate record keeping Policy maintenance Supporting standards, guidelines and procedures will be issued on an ongoing basis by The Crown Estate. Users will be informed of any subsequent changes or updated versions of such standards, guidelines and procedures by way of or other relevant communication media. Users shall then have the obligation to obtain the current information systems policies from The Crown Estate Intranet or other relevant communication media on an ongoing basis and accept the terms and conditions contained therein. 5

7 5. Organisational Arrangements 5.1. Lead Responsibility The Management Board recognises the importance of records management as a core corporate function, as part of a wider knowledge management function. This responsibility covers records in all formats throughout their lifecycle, from planning and creation through to disposal and includes records managed on our behalf by external partners. Allocation of lead responsibility for the records and information management function is designated to the Director of Finance and Information Systems to act as a records management champion. Operational responsibility is designated to the Knowledge Manager Responsibility of Heads of Business & Support Groups Heads of business and support groups are responsible for ensuring that adequate records are kept of the activities for which they are accountable. Roles and responsibilities for records management and information security will form part of staff induction procedures (including temporary staff, contractors, secondees and consultants) to ensure that all staff are aware of the business s records management policies, standards, procedures and guidelines and understand their personal responsibilities. Heads of business groups are responsible for ensuring that their staff know how they apply to their business or support groups. General responsibilities will be included in Personal Scorecards, with more detailed objectives set for those with a more specific role in record keeping Information Asset Owners Heads of business and support groups are the information asset owners for the information generated or used in their area of responsibility Responsibility for Change Management Records management issues will be considered when planning or implementing IT systems, when extending staff access to new technologies and during re-structuring or major changes to the organisation General Roles and Responsibilities Management Board board level responsibility for ensuring compliance with this policy lies with the Director of Finance and Information Systems. Individual Management Board members have responsibility for ensuring that their heads of business units follow procedures and guidance, comply with the records management policy and standards, and that records management is carried out in accordance with those procedures. Knowledge Management Team this team has the following responsibilities: ensure that the records management policy and standards are kept up to date and relevant; raise staff awareness of records management issues; provide advice and guidance to heads of business units and staff; audit compliance with the records management policy and associated standards; develop and maintain retention and disposal schedules and document disposal activity. Heads of Business & Support Groups are responsible for taking the lead on records management issues in their areas of responsibility, and ensuring that procedures and guidance are in place which support the records management policy and associated standards. All staff all staff who receive, create, maintain, use or delete records are responsible for ensuring that they do so in accordance with this policy. 6

8 6. Records Systems 6.1. Information Classification The Protective Marking System (often referred to as the Government Protective Marking System/ Scheme or GPMS) is the Government s classification system to ensure that access to information and other assets is correctly managed and safeguarded to an agreed and proportionate level throughout their lifecycle, including creation, storage, transmission and destruction. The system is being adopted by The Crown Estate to ensure good business practice and meet the requirements of relevant legislation and regulation. It is a means of protecting information from accidental or deliberate compromise or disclosure. As staff at The Crown Estate generate and handle sensitive or confidential documents, they must apply the Protective Marking System, and the necessary controls and technical measures as detailed in the Information Classification and Data Handling Policy Choosing Where to Store Records For many specialist types of records there will be an obvious and dedicated repository. For example, financial and purchase-to-pay records will be stored in Agresso, and some HR records in Snowdrop. However, the majority of records are created by standard desktop applications such as Word, Excel, Powerpoint etc. It is the storage of the records created by these generic applications that requires greater levels of advice and guidance Personal Storage Portable Media Portable media (memory sticks) are provided for users to store small quantities of information which needs to be mobile or intended for sharing with others. Portable media must not be used to store any information which does not exist as a record on a Crown Estate computer system. Information on a memory stick must be considered as in transit and dispensable and transferred as a record as soon as is practicable. Portable media must be encrypted. Crown Estate records must not be transferred to CD or DVD Personal Storage The U: Drive The U: drive is provided for users as a short term area to store personal and rough draft information. For example, users might choose to keep working copies of their personal scorecards or expenses. However, the U: drive must not be used to keep corporate records Shared Storage The S: Drive The S: drive stores archived material, and cannot be used to store new records. Some transient information may be stored there by exception and prior arrangement. The S: drive must not be used to keep records Corporate Document & Records Management System Wisdom Wisdom is the corporate document and records management system and is provided for users to store information which forms the corporate record; that is the corporate memory of the work of the organisation. Wisdom provides adequate security of access, implements Protective Marking and provides an audit trail and version control for the evolution of documents. It also has appropriate functionality to specify and implement retention and disposal schedules and to review records under the Public Records Act. 7

9 7. Storage of Paper Records 7.1. New Paper Records The Crown Estate no longer keeps paper records as a matter of course. There are exceptions, such as title deeds, contracts and signed agreements. Individuals must not keep their own private or personal paper files of corporate information corporate paper documents (such as incoming letters) must be scanned and placed into Wisdom and the originals securely destroyed Legacy Paper Records and SAPA Legacy paper documents are held in an offsite store at Peterborough, run by Document Control Services Limited (DCS). Physical security arrangements for those records vary according to need title deeds, for example, are held in vacuum sealed packets in fire safes. The content of the external store can be interrogated using the SAPA application, accessible from the home page of The Crown Estate Intranet, i-site. From SAPA, users can request the transfer of an item or request that it is scanned. Proactive scanning of frequently-used files is undertaken monthly, and the scanned images placed on Wisdom. Records that are recalled from the store are delivered to the requester, and remain in their safekeeping until returned. Requesters will be permitted to retain a file for up to three weeks, after which it must be returned. If a file is needed for longer than three weeks, the file will be scanned and made available through Wisdom. Original paper files will only be released for longer than three weeks in special circumstances. Files must not be despatched directly to an external party such as a managing agent or law firm. Any file required by external bodies must be passed to the Knowledge Management team so that its intended location can be recorded on the SAPA System, and preferably scanned Items on Loan from The National Archives Items held at The National Archives should be requested through the Knowledge Management Team. Items on loan from The National Archives will be immediately assessed to determine whether they contain the information required, and if so, scanned and the original returned as soon as possible. Once items have been transferred to The National Archives they are no longer Crown Estate property and they must therefore be kept safely when in The Crown Estate s possession and returned as soon as possible. 8. Security of Records 8.1. Access Control Records will be stored securely and access to them will be controlled. Storage arrangements, handling procedures and arrangements for transmission of records reflect accepted standards and good practice in information security. Access control will be applied in two ways general access control and specific control using protective marking. Ease of access will depend on the nature and sensitivity of the records, although the presumption will be to open internal access. Access restrictions will be applied when necessary to protect the information concerned and security should be kept up to date with access control removed when information is no longer sensitive. Particular care should be taken with personal information about living individuals in order to comply with the 7th data protection principle, which requires precautions against unauthorised or unlawful processing, damage, loss or destruction. Particular care should be taken with information bearing a protective marking, and should be handled in 8

10 accordance with the Information Classification and Data Handling Policy. Other information, such as information obtained on a commercially confidential basis, may also require particular protection Collection of Evidence of Security Breaches To allow follow-up action after a breach of information security, evidence should be collected, retained and presented. In general, the rules for evidence cover admissibility of evidence (whether or not the evidence can be used in court) and weight of evidence (the quality and completeness of evidence). Documents stored in Wisdom are likely to meet the rules for evidence, as access control and audit trails are embedded functionality. 9. Retention and Disposal 9.1. General Principles As a general principle, records should be kept for as long as they are needed - for reference or accountability purposes, to comply with regulatory requirements or to protect legal and other rights and interests. Destruction at the end of this period ensures that office and server space are used resourcefully and costs are not incurred in maintaining records that are no longer required. For records containing personal information it also ensures compliance with the fifth data protection principle which requires that personal data is kept only for as long as it is needed. Removing records that are no longer required also improves the likelihood and speed of retrieving retained records. Records should not be kept after they have come to the end of their retention period unless: They are known to be the subject of litigation or a request for information. If so, destruction should be delayed until the litigation is complete or, in the case of a request for information, all relevant complaint and appeal provisions have been exhausted; They have long-term value for historical or research purposes and have been or should be selected for permanent preservation; They contain or relate to information recently released in response to a request under the Freedom of Information Act. This may indicate historical value and destruction should be delayed while this is re-assessed; They relate to the state of existing property and will be kept until the state changes or the property is sold Making Disposal Decisions Disposals of records should be undertaken only in accordance with the Retention and Disposal Schedules, which identify and describe records to which a pre-defined disposal action can be applied, for example destroy x years after [trigger event]; review after y years, transfer to archives for permanent preservation after z years. Asset owners (i.e. heads of business and support groups) must identify a Reviewer who can make disposal decisions at the end of retention periods on behalf of their group. If any records are not covered by a Retention and Disposal Schedule, special arrangements should be made to review them and decide whether they can be destroyed or should be selected for permanent preservation. Decisions of this nature should be documented and kept to provide evidence of which records have been identified for destruction, when the decision was made, and the reasons for the decision, where this is not apparent from the overall policy. 9

11 9.3. Implementing Disposal Decisions Disposal decisions should be implemented by the appropriate reviewer or the Knowledge Management Team. Records scheduled for destruction should be destroyed in as secure a manner as required by the level of confidentiality or protective security markings they bear. For example, records containing personal information about living individuals should be destroyed in a way that prevents unauthorised access (this is required to comply with the seventh data protection principle). With digital records it may be necessary to do more than overwrite the data to ensure the information is destroyed. When destruction is carried out by an external contractor, the contract should stipulate that the security and access arrangements established for the records will continue to be applied until destruction has taken place, and that the destruction will be certified. In some cases there will be more than one copy of a record. For example, there are likely to be back-up copies of digital records, or there may be digital copies of paper records. A record cannot be considered to have been completely destroyed until all copies, including back-up copies, have been destroyed, if there is a possibility that the data could be recovered Documenting Destruction Details of destruction of records should be kept, either as part of the audit trail metadata or separately. This is done automatically for electronic files reviewed through Wisdom. Ideally, some evidence of destruction should be kept indefinitely because the previous existence of records may be relevant information. At the very least it should be possible to provide evidence that as part of routine records management processes destruction of a specified type of record of a specified age range took place in accordance with the Retention and Disposal Schedule. 10. Records Created by Business Partners Typical Contract Requirements When The Crown Estate is working in partnership with other organisations, sharing information and potentially contributing to a joint records system, contractual arrangements should include, where possible, protocols that specify: What information should be contributed and kept, and by whom; What level of information security should be applied; Who should have access to the records; What disposal arrangements should be in place; What happens at the end of the contract with regard to records; Which body holds the information for the purposes of FOI. Instructions and training should be provided to all those involved in such collaborative working. Record management controls should be applied to information being shared with or passed to other bodies. Particular protection should be given to confidential or personal information. Protocols should specify when, and under what conditions, information will be shared or passed, and details should be kept of when this information has been shared or passed. Details should be kept also of how undertakings given to the original source of the information have been respected. 10

12 11. Review of Records for Transfer to The National Archives Selection of Records for Permanent Preservation The Public Records Acts of 1958 and 1967 and the subsequent Dacre review place upon The Crown Estate a requirement that we assess all our records before they are 20 years old, unless they have been routinely destroyed as part of a retention and disposal policy. The review is to determine whether the records can be destroyed or passed to The National Archives for permanent preservation. Records can only be retained after this period in exceptional circumstances, and then only with the approval of the Lord Chancellor. To enable review, it is important that records are accurate, complete, kept together and in context. It is also important that related record sets can be reviewed together. In the context of the Public Records Acts and the Dacre Review, records means May both 2007 paper and electronic records Determining the Access Status of Records When preparing public records for transfer to The National Archives the access status of those records should be considered in order to: Consider which information must be available to the public on transfer because no exemptions under FOI or EIR apply; Consider whether the information must be released in the public interest, notwithstanding the application of an exemption under FOI or EIR; Consider which information must be available to the public at 30 years because relevant exemptions in FOI have ceased to apply; Consider which information should be withheld from public access through the application of an exemption under FOI or EIR. Consultation will take place, both within the business and with other organisations that might be affected by the decision, such as the original suppliers of the information. If the outcome of the review is that records are to be transferred as open, there will be no formal review of this designation by The National Archives. If the outcome of the review is identification of specified information which ought not to be released under the terms of FOI or EIR, a scheduled should be prepared that: Identifies the information precisely; Cites the relevant exemption(s); Explains why the information may not be released; Identifies a date at which either release would be appropriate or the case for release should be reconsidered. The review must also consider whether parts of records might be released if the sensitive information were redacted, i.e. rendered invisible or blanked out. Information that has been redacted should be stored securely and should be returned to the parent record when the exemption has ceased to apply. The schedule should be submitted to The National Archives for review and advice prior to transfer. If the outcome of the review is that some or all of the information in the records should be closed after it is 30 years old, the schedule will be considered by the Advisory Council. 11

13 11.3. Transfer of Public Records It is the responsibility of the Knowledge Management Team to ensure that those records are adequately prepared and are transferred with the level of security appropriate to the confidentiality of the information they contain. 12. Compliance Monitoring and Reporting Monitoring will be undertaken on a regular basis and the results reported to the person with lead responsibility for records management at Management Board level, so that risks can be assessed and appropriate action taken. 13. User Awareness Users shall be made aware of their responsibilities in the effective management of Crown Estate records, including, but not limited to: The need to use The Crown Estate s corporate records system (Wisdom) for the filing of all business related information created by them; The need to ensure that any paper records held either by DCS or at The National Archives are returned promptly when no longer required; The need to be aware of this policy and all its provisions. 14. Incident Reporting All security incidents, including actual or potential unauthorised access to The Crown Estate s records, should be reported immediately to the ISMS Manager or Information Services Manager in accordance with the Security Breach & Weakness Policy. 15. Disciplinary Process The Crown Estate reserves the right to audit compliance with the policy from time to time. Any disciplinary action, arising from breach of this policy, shall be taken in accordance with The Crown Estate s Rules and Disciplinary Code. Disciplinary action may ultimately lead to dismissal. 16. Deviations From Policy Unless specifically approved, any deviation from this policy is strictly prohibited. Any deviation to or non-compliance with this policy shall be reported to the ISMS Manager & Head of IS. 17. Glossary Of Terms The terms used in this policy document are to be found in the ISMS Glossary of Terms. 12

14 Appendix A List Of Related Documents, Procedures And Processes 13