Records Retention and Disposal Schedule. Information Management



Similar documents
Records Retention and Disposal Schedule. Waste Management

Staffordshire County Council. Records Retention and Disposal Policy

OFFICIAL. NCC Records Management and Disposal Policy

Records Retention and Disposal Schedule. Property Management

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Records Retention and Disposal Schedule. Human Resources Management

Caedmon College Whitby

Highland Council Information Security Policy

Information & ICT Security Policy Framework

Records Disposal Schedule Construction Management Department of Construction and Infrastructure

Disposal Authorisation for Information and Technology Management Records. Administrative Schedule No. 4

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

Information governance strategy

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Data Protection Policy

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Privacy and Cloud Computing for Australian Government Agencies

Corporate Information Security Policy

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

Information Governance Policy

Corporate Records Management Policy

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Information Governance Policy

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Guideline for the Implementation of Retention and Disposal Schedules

Records Disposal Schedule. NT Fleet Management. Department of Corporate and Information Services. Disposal Schedule No. 2004/2

Data Protection Policy June 2014

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

Information Integrity & Data Management

Merthyr Tydfil County Borough Council. Data Protection Policy

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

RECORD MANAGEMENT STANDARD OPERATING PROCEDURE (SOP)

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

Data Security and Extranet

Public Record Office Standard. Retention & Disposal Authority for Records of the Transport Accident Prevention and Assistance Functions

Information Governance and Assurance Framework Version 1.0

DATA PROTECTION POLICY

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

(Joint) Information Management Strategy April 2014

Document Management Policy

Information and Compliance Management Information Management Policy

ISO27001 Controls and Objectives

CCTV CODE OF PRACTICE

INFORMATION GOVERNANCE POLICY

Council Policy. Records & Information Management

Self assessment tool. Using this tool

RECORDS MANAGEMENT POLICY

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Document and Record Control Procedures

Policy on Public and School Bus Closed Circuit Television Systems (CCTV)

RECORDS MANAGEMENT POLICY

Scope and Explanation

Information Management Strategy. July 2012

Information and records management. Purpose. Scope. Policy

University of Liverpool

University of Liverpool

RECORDS MANAGEMENT POLICY

Management of Official Records in a Business System

Records and Information Management. General Manager Corporate Services

Data Retention Policy

Guidance for managing your records effectively (1)

Data Protection Policy

So the security measures you put in place should seek to ensure that:

INFORMATION SECURITY MANAGEMENT POLICY

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Information Management Policy

Implementing an Electronic Document and Records Management System. Key Considerations

Document Management in the FIPPA Era

Comcare Asbestos Related Compensation Claims & Workers Compensation Claim Management

ULH-IM&T-ISP06. Information Governance Board

Module 3 Licensed Software TABLE OF CONTENTS. Version 3.0

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Rotherham CCG Network Security Policy V2.0

BIG LOTTERY FUND Document archive and retention policy

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

RECORDS MANAGEMENT POLICY

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH

ISO Controls and Objectives

Transcription:

Records Retention and Disposal Schedule Information Management

Version control Version Author Policy Approved By Approval Date Publication Date Review Due V 1.0 Information Governance Unit Philip Jones, Head of Information Governance 03/04/2012 April 2012 March 2013 Information Rights Staffordshire County Council asserts its right to be identified as the author of this Retention Policy and Schedule, and a statement to this effect must be clearly displayed when reproducing all or any part this document. Disclaimer This Policy and Schedule reflect the record keeping requirements of Staffordshire County Council. Staffordshire County Council accepts no liability if this Retention Schedule is used by individuals or organisations outside of the Authority.

Understanding Retention and Disposal Schedules Business Classification: Describes the business functions, activities and processes that records support Scope Notes: Further define the business function, activity or process that records support Retention Trigger / Closure Procedure: Defines the event that triggers the start of the retention period and/or closure procedure Retention Period: Specifies the length of time records must be kept following the retention trigger event Disposal Action: Specifies disposal action following end of retention period Authority: Identifies the legal, regulatory or business reasons that records need to be created, received and kept (even if requirements are not explicitly stated)

Contents Business Classification Page Corporate Governance 1 Information Management 1 Information Access Management 1 Access to Information Compliance Audit 1 Data Controller Notification 1 Copyright Administration 1 Public Sector Information Reuse Management 1 Data Sharing Protocol Development 1 Publication Scheme Maintenance 1 Information Security Management 1 Information Security Compliance Audit 1 Incident Response & Investigation 1 Records Management Programme Implementation 1 Records Management Compliance Audit 1 Classification Scheme Development & Maintenance 2 EDRMS Specification & Configuration 2 Re-organisation Rationalisation & Closure Planning Support 2 Retention Schedule Development & Maintenance 2 Records Storage Management 2 Disposal Processing 2 Records Migration 2 Retrieval Requests Processing 2 Transfer Processing 2 Surveillance Management 2 Investigatory Powers Regulation Monitoring 2 Index

Business Classification Scope Notes Retention Trigger (event triggering start of retention period) / Closure Procedure Corporate Governance Information Management Information Access Management Access to Information Compliance Audit Audit to ascertain compliance with access to information requirements Including: Privacy impact assessment Close records at completion of audit Data Controller Notification Notification data controllers to ICO Retention Period starts at Date Created Retention Period Disposal Action (following end of retention period) Authority Management of Information Assets Including: Information access management, Information security management, records management programme implementation, records storage & surveillance management Excluding: Strategic planning, policy & standards development, communications management, training provision, enquiries management & statutory complaints management Management of Information access Including: Publication scheme maintenance, compliance audit, privacy impact assessment, data controller notification, information rights management, copyright administration, reuse of public sector information, development of data sharing protocols Excluding: Enquiries management & statutory complaints management Retain records for 3 years Data protection Act 1998 Limitation Act 1980, Data protection Act 1998 Copyright Administration Administration of copyright Excluding: Licensing Retention Period starts at Retain records 6 year Copyright, Designs & Date Created Patents Act 1988 Public Sector Information Reuse Management Management of public sector information reuse Close records when licence expires or terminated Reuse of Public Sector Information Regulations 2005, Protection of Freedoms Bill Data Sharing Protocol Development Development negotiation & agreement of data Close records when Data protection Act 1998, sharing protocols Excluding: Formal legal agreements & contracts superseded or terminated Data Sharing Code of Practice 2011 Publication Scheme Maintenance Maintenance of scheme of published & publicly available information Close records when superseded Limitation Act 1980, Freedom of Information Act 2000 Information Security Management of information security Including: Incident response & investigation, compliance audit & Information Asset Register maintenance Management Information Security Compliance Audit Audit to ascertain compliance with information Close records at Retain records for 3 years Data protection Act 1998 security requirements completion of audit Incident Response & Investigation Response to & investigation of security breach incidents Records Management Programme Implementation Records Management Compliance Audit Audit to ascertain compliance with records management requirements Close records at conclusion of investigation, subsequent action, or resolution of incident Development & implementation of records management programme Close records at completion of audit Retain records for 3 years Limitation Act 1980, Computer Misuse Act 1990, Police & Criminal Evidence Act 1984 Page 1

Business Classification Scope Notes Retention Trigger (event triggering start of retention period) / Closure Procedure Classification Scheme Development & Maintenance EDRMS Specification & Configuration Development & maintenance of classification scheme(s) Including: Structuring & organisation of records & information systems Development, review & configuration of records management elements of electronic document & records management systems (EDRMS) Including: consultation Excluding: ICT systems design, development, integration & maintenance Close records when superseded Close records when implementation completed Retention Period Disposal Action (following end of retention period) Authority Business Need Re-organisation Rationalisation & Closure Planning Support Provision of records management planning & support required by re-organisation, rationalisation & closure of services & premises Close records following completion of reorganisation, rationalisation or closure Business need Retention Schedule Development & Maintenance Development & maintenance of records retention schedules Close records when SCC no longer responsible for all functions contained within schedule Retain records 0 years Records Storage Management Management of records storage Including: Storage capacity management, record transfer processing, retrieval request processing & disposal processing Disposal Processing Administration of records disposal processes Including: Identification of records due for disposal, review, disposal authorisation, transfer or destruction Close records following disposal of records to which destruction process documentation relates Records Migration Planning & implementation of records migration between systems, storage & migration or conversion to alternative media or formats Close records of migration when records destroyed Retain records 0 years Business need Retrieval Requests Processing Processing of requests to retrieve records from storage Close records following return of issued item(s) Transfer Processing Transfer of physical records into off-site storage Close records when Business Need records destroyed Surveillance Management Management of surveillance Including: Management of access to communications data, covert human surveillance & directed surveillance Investigatory Powers Regulation Retention Period starts at Monitoring Date Created Monitoring of investigatory powers processes Including: Access to communications data, covert human surveillance & directed surveillance Excluding: Carrying out of investigations & surveillance activities Retain records for 6 years Limitation Act 1980, Regulation of Investigatory Powers Act 2000 & Code of Practice Page 2

Index Business Classification Page Access to Information Compliance Audit 1 Classification Scheme Development & Maintenance 2 Copyright Administration 1 Corporate Governance 1 Data Controller Notification 1 Data Sharing Protocol Development 1 Disposal Processing 2 EDRMS Specification & Configuration 2 Incident Response & Investigation 1 Information Access Management 1 Information Management 1 Information Security Compliance Audit 1 Information Security Management 1 Investigatory Powers Regulation Monitoring 2 Public Sector Information Reuse Management 1 Publication Scheme Maintenance 1 Records Management Compliance Audit 1 Records Management Programme Implementation 1 Records Migration 2 Records Storage Management 2 Re-organisation Rationalisation & Closure Planning Support 2 Retention Schedule Development & Maintenance 2 Retrieval Requests Processing 2 Surveillance Management 2 Transfer Processing 2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information