Efficient Records Management for Legislative Compliance and Business Efficiency

Learn how to effectively manage your records to ensure legislative compliance and enhance business efficiency. Discover the importance of aligning records management with strategic objectives and university values. Empower yourself with the knowledge and skills to organize records systematically while maximizing their value and accessibility. Stay confident, supported, ambitious, and innovative in your approach to records management.

• Records Management
• Legislative Compliance
• Business Efficiency
• Strategic Alignment
• University Values

skerf Follow

Uploaded on Sep 25, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. MANAGING YOUR RECORDS EFFECTIVELY Legislative compliance and business efficiency Organise your (the Uni s) records don t let them organise (or disorganise) you!!

2. House-keeping Fire procedure Toilets No mobile phones Confidential Breaks

3. Alignment with Strategy 20:20 Build Innovation, Enterprise and Citizenship Adopt a continuous improvement/enhancement approach in all that we do Maximise the value of our [information] assets Information and records are received and created by University staff members and representatives to facilitate and support business processes they are inputs and outputs of the University s activities. Ensuring that our information assets are managed correctly corresponds directly with the objectives of Strategy 2020, namely improving the efficiency of business processes.

4. Alignment with the Universitys Values (for PDR) Professional - Take personal responsibility - Use resources efficiently and effectively - Comply with the University s statutory obligations, policies and regulations where applicable Ambitious and Innovative - Using the information from today s session to work proactively, using initiative, to improve working practices to ensure the University is legislatively compliant, including identifying potential risks and taking steps to mitigate these. Inclusive - Records Management relies on ensuring information is accessible to all those who require it, and consistent and compliant practices are shared with colleagues. Confident and Supported - Equipped to perform role - Updated professional/specialist skills and knowledge - Sharing good practice across the University

5. Confident & Supported Ambitious & Innovative Professional Inclusive

6. What is records management? the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence and information of business activities and transactionsin the form of records. BS ISO 15489-1:2001 It is about managing records, not just information or documents, from their creation, through processes associated with their use, such as version control, distribution, filing, retention, storage, through to their final disposition and/or disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the University and preserving an adequate historical record. The aim is to capture and maintain evidence of activities and transaction in an efficient and systematic way. Organise records don t let them organise (or disorganise) you!

7. Why manage records? Image EdinburghNapierHealthandSafetyTeam

8. Fines of up to 500K or potentially a % of the University s turnover in future Fines of up to 500K or potentially a % of the University s turnover in future Keeping information longer than permitted Loss of information Difficulties finding or retrieving information Breach of legislation Unlawful disclosure of personal or confidential information Destroying information too soon Impact on individuals affected

9. What is a record? The word record is used to mean any recorded evidence of an activity or business transaction Records are not defined by: Format, either physical or electronic Age, or importance

10. What is a record? A record is recorded information kept to provide evidence of some transaction or activity The term record can be used for an individual document or a collection of documents organised as a unit: eg a letter, a paper files, a MS word file, an electronic folder, an email, an MS outlook folder. Records management processes are the same regardless of the format of the material because they are based on the content of the record. We should therefore organise paper and electronic records according to the same scheme.

11. Why is records management necessary? Good records management is not optional It is essential as a result of: Legislative requirements such as Freedom of Information, Data Protection and other information related legislation Regulatory requirements eg QAA Contractual requirements; and Business needs Some drivers are external (FOI) but the strongest are internal, and to do with working more efficiently and effectively.

12. Legislative requirements Legislation often imposes general requirements which require good record keeping. The Data Protection Act 1998: Sets down conditions for processing personal data creating records is a form of processing, as is storing, retrieving, updating and sharing them Creates rights of access by individuals to their data; Personal data must not be retained for longer than necessary for the purpose(s) for which it was gathered How long will depend on the circumstances, any may be overridden by other legal requirements. Consider the consequences for a breach of the DPA? How does a breach happen? Good records management can mitigate the risk!

13. Legislative requirements The Freedom of Information (Scotland) Act 2002 has created a general right of access to information and records (mainly non personal) held by public authorities Under Section 61 of the FOISA, Scottish Ministers have issued a Code of Practice regarding records management in Scottish public authorities Good records management is central to compliance with FOI, as without good records systems the University won t know what information it has created, where it is stored and will ultimately be unable to respond to requests for information This can result in legal action being taken against the University The Scottish Information Commissioner is also able to conduct audits of public authorities which scrutinise records management practices. Generally one University is routinely audited, but others are audited if there is a breach of FOISA

14. Business requirements But above all .. we need good records management to function effectively and efficiently an as organisation. Records are an asset (and a liability!). Everybody s work requires access to and use of information . records are the result. Not having the records you need is a problem as is accumulating too many of them!

15. Good records management depends on Creating records when necessary and in an appropriate way Organising records to support access and re-use Retaining records for as long as they have value Disposing of records correctly through destruction or transfer to offsite storage Security of records and data protection should be taken into account throughout the life cycle of the record

16. Records Management Basics It s your RESPONSIBILITY as a University employee to ensure your records are managed appropriately! That is: Appropriate records are created/received/retained Records are retained in a way that other colleagues (as appropriate) have access. If you store information in personal storage areas what happens when you are not available. Storing information where others have access means that you will have less interruptions where colleagues have to ask you for information. You are not treating corporate information as if it is YOUR information File plans should be corporate, not personal and should be replicated across all systems e.g. hard copy, SharePoint, S: Drive etc. Departmental procedures should exist so that everyone is following the same guidance with regards records management Information is only kept for as long as necessary

17. Records Management Basics Records (evidence of business activity and/or transactions) should be kept in a filing system (hardcopy/electronic folders/libraries/etc.) according to the business process they relate to and should be accessible to colleagues who deal with that process. Sensitive or confidential information should be kept in secured libraries/folders to which at least a manager has access. University records should never be kept in personal folders to which only one person has access e.g. individual email accounts, H: Drive, C: Drive, MySite (SharePoint), removable drives.

18. Creating and organising records Which comes first? Record creation OR it s place in the filing structure? When a record is created, in the majority of cases, as it is evidence of business activity (generated by a specific business process), its place in the filing system (classification, access, security) and retention period should already exist. This means that if the filing system is set up correctly the person who is creating the record does not necessarily have to think about these issues. If you are creating a new record it should be saved before you start working on it. Creative Commons image

19. Business processes, activities and tasks

20. Business process contd Retention Periods Termination of contract + 6years Recruitment completion + 3 years Termination of contract + 6years Others incl. exercise completion + 3 months

21. Retention Periods and Schedules These business processes should therefore be linked to your retention schedules and records with the same retention periods grouped together for easy disposition.

22. Records Retention Periods File Arrangement/Plan Business Process Working documents (examples) HR Recruitment -Email correspondence -Statistics spreadsheets -Draft business case -Business case -CFY+6yrs Business Cases -Meeting minutes documenting BCase approval -Authorisation form (signed) -Permanent Authorisations -Emails -CFY+1yr -Drafts, emails, reference documents -Job T+1yr -Job T+1yr -Process T+3mnths -Process T+3mnths -Process T+3mnths -Unsuccessful UK Process T+3mnths -Unsuccessful EU Process T+1yr -Successful T+6yrs -Process T+3mnths -Process T+3mnths Job Descriptions Person Specifications -Person specification -Job description -Advertisement text -Emails, drafts Advertising -Checklists -Shortlisting matrix template -Interview questions Enquiries -Enquiries -Completed applications Applications, shortlisting and interview records -Completed shortlist -Interview notes/scoring -T+6yrs -T+6yrs (moves from recruitment files to personnel file) -Employment offer -Employment contract Employee Contract Management Training and Development Evaluation, Pay and Benefits

23. Organising records When creating records think about: Do you need to share the information? Will your colleagues need access to it? If other people need access to records the you should: Save the records to a shared directory (if electronic) or a shared paper filing system Shared record keeping systems are preferable to personal systems eg storing on H:Drive or on disks. Personal files and directories should be used for personal information not corporate records created in the course of your employment. Drafts and confidential information can be protected using access controls/passwords. Advantages of shared systems: Other people can access the information e.g. if you're away Less duplication of documents

24. Organising records File plans/systems should correlate directly to the business process Where possible put all related documents in a single area Name folders for activities and subjects Try to be as open/accessible with permissions as possible make sure someone else knows where your data is (however, do not give out your network password to anyone!) Involves setting up a filing or classification scheme and applying the same scheme to every part of your recordkeeping system. This would include using the same filing scheme for paper files, MS Office folders, Outlook folders and Sharepoint workspace

25. Things to think about when creating records.. Some information does not need to become records in the sense of information retained in a record-keeping system, for example: Ephemeral/transitory/temporary emails eg thank yous , acknowledgements, invitations Publications and reference materials Duplicates of information Phone messages and post-it-notes Drafts (in most cases, there may be exceptions) once the final version is produced. You also have to ensure that the record is complete, for example: Does it provide a full and accurate picture of the subject, event, decision etc...? If emails are used to make key decisions or convey important information, they too will also become records. What format are you going to keep your records in? Print to paper (Not recommended) All electronic

26. Document and Folder Naming Name them sensibly for the relevant activity. Titles should be concise, but contain enough relevant information. Use standard terms or forms for names, places etc.. Use the date format YYYYMMDD Use whole names, or standard acronyms. If acronyms are used, ensure that the full description is spelt out within the document.

27. Using records: security issues Security is particularly vital for records containing: Personal data Commercially sensitive information Information provided in confidence Legally privileged information Because: The Data Protection Act requires us to protect personal data against unauthorised access and accidental loss Poor data security (loss of USB data sticks) can lead to reputational damage and result in the University being fined or prosecuted. censorshipinamerica.com/

28. Using records: security issues For electronic records, this means: Keeping passwords secure and changing them regularly Restricting access to those who need it (use of passwords on documents) Backing up data regularly especially those held on USB sticks or laptops Further guidance is available form C&IT. The University s Information Security Policy can be accessed at: http://staff.napier.ac.uk/Services/citservices/Information+for+Staff/Info rmation+Security/ For paper records, especially those containing personal data: Always use lockable cabinets or secure areas Operate a clear desk policy Consider using security markings on files eg Personal data-in-confidence, commercial-in-confidence, Legal-in-confidence.

29. Emails Outlook is a communication tool NOT a filing system Emails documenting decisions and evidence of business transactions are records and therefore subject to the same legislation and other requirements as records held in other formats. Records kept in Outlook are essentially being filed in a personal storage area and are therefore not accessible to others who may need to see them. Emails should be routinely managed and stored along with other records pertaining to the same task/subject/business

30. Vital Records Vital records are those records which are crucial to the functioning of the University. They are necessary for the continuing operation of the organisation following a crisis/disruption/disaster as they contain information which is essential to provide evidence of the University s legal and financial status, ensuring that the rights and responsibilities of stakeholders are maintained. These records are necessary to assist the University in resuming business as soon as possible after a crisis/disaster. How do we identify vital records? Risk assessments and inclusion of vital records schedules in business continuity plans.

31. Contracts One area that many organisations find challenging is the records management of contracts, agreements and associated documents. Good records management is critical to efficient and effective contract management. Do we know where all the Uni s contracts are? It is estimated that companies spend almost 5% of their revenue to track agreements after signing a contract. - Goldman Sachs That s a lot of money! Apart from time wasted searching for contract documents costs could also be incurred by having to re-draft documents, losses incurred if SLAs or contract terms are not met and this cannot be substantiated by production of the original contract or related documents.

32. Contracts and records management Contracts should be registered on a central or departmental register and accessible to the necessary people. This register should be cross referenced to a retention schedule and identify the following information: Where the Golden Record held How the golden record is held (fire proof safe, off-site storage, etc.) Who is the custodian (department or faculty/job title) What is the trigger point for the retention period to kick in? (Generally contract termination) What is the retention period? Is there a review date? Is the contract a vital record?

33. Contracts other considerations Risk Management good records management practices can mitigate risks: Legislative compliance (Prescription and Limitation Act 1973, EU Law, etc.) Legal admissibility and evidential weight of information Audit requirements is an adequate audit trail provided? Evidence for litigation purposes in the event of a legal challenge. Other considerations: Consistency ensuring the contract complies with recommendations/University guidance and using University templates which include relevant data protection and FOISA clauses Evidence of past actions to inform future developments e.g. setting precedents for re-tendering High costs associated with contract creation and management good RM can assist with rationalising these For guidance drafting contracts and using templates contact: Commercialisation Contracts - Aileen Wood and Fiona Mason, Innovation Managers Finance and Procurement Contracts Lynne Smith, Operations Support Manager General Contracts Helen Mizen, Governance Officer (Data Protection & Legal) Outcome Agreements with the SFC Anastasia Dragona, Information and Project Officer

34. Overview Good records management is necessary for statutory, regulatory and contractual reasons. It also helps the University to function more efficiently. When creating records, we need to think about: Whether the record is necessary Whether the language is appropriate What format are we going to save the record in Whether people will need access to the record Records can exist in many different formats and pass through a lifecycle reflecting their business value.

35. Overview Records are the output of business activities and should be arranged in a way that reflects this. Put records in organised shared areas, preferably on SharePoint. When deciding on the file structure think about how you are going to dispose of them don t have folders full of documents with mixed retention periods. No records should just be accessible to one person (e.g. in an H: Drive or in Outlook). This doesn t necessarily make them secure. Name documents sensibly. Ideally have departmental naming conventions which have been documented, so everyone knows how they should be naming documents and has something to refer to. Have disposal events once or twice a year to weed out records/documents that you no longer need to retain. Individuals should schedule time into their diaries to maintain their records and information.

36. Further information Records Management Governance Services http://staff.napier.ac.uk/services/secretary/Pages/uso.aspx http://staff.napier.ac.uk/services/secretary/governance/records/Page s/default.aspx JISC Infokit Records Management www.jiscinfonet.ac.uk/infokits/records-management JISC Managing records guide for administrators www.jiscinfonet.ac.uk/records-management/guide-for-administrators Freedom of Information Edinburgh Napier FOI website: www.napier.ac.uk/foi Scottish Information Commissioner: www.itspublicknowledge.info Data Protection Info Commissioner - www.ico.gov.uk/

37. Contact Diana Watt Governance Officer (Records Manager) Email: D.Watt@napier.ac.uk Telephone: 0131 455 6257