Efficient Records Management for Legislative Compliance and Business Efficiency

M
A
N
A
G
I
N
G
 
Y
O
U
R
 
R
E
C
O
R
D
S
E
F
F
E
C
T
I
V
E
L
Y
L
e
g
i
s
l
a
t
i
v
e
 
c
o
m
p
l
i
a
n
c
e
 
a
n
d
 
b
u
s
i
n
e
s
s
 
e
f
f
i
c
i
e
n
c
y
O
r
g
a
n
i
s
e
 
y
o
u
r
 
(
t
h
e
 
U
n
i
s
)
 
r
e
c
o
r
d
s
d
o
n
t
 
l
e
t
 
t
h
e
m
 
o
r
g
a
n
i
s
e
 
(
o
r
 
d
i
s
o
r
g
a
n
i
s
e
)
 
y
o
u
!
!
H
o
u
s
e
-
k
e
e
p
i
n
g
Fire procedure
Toilets
No mobile phones
Confidential
Breaks
A
l
i
g
n
m
e
n
t
 
w
i
t
h
 
S
t
r
a
t
e
g
y
 
2
0
:
2
0
B
u
i
l
d
 
I
n
n
o
v
a
t
i
o
n
,
 
E
n
t
e
r
p
r
i
s
e
 
a
n
d
 
C
i
t
i
z
e
n
s
h
i
p
Adopt a continuous improvement/enhancement
approach in all that we do
Maximise the value of our [information] assets
Information and records are received and created by University staff
members and representatives to facilitate and support business
processes – they are inputs and outputs of the University’s activities.
Ensuring that our information assets are managed correctly corresponds
directly with the objectives of Strategy 2020, namely improving the
efficiency of business processes.
A
l
i
g
n
m
e
n
t
 
w
i
t
h
 
t
h
e
 
U
n
i
v
e
r
s
i
t
y
s
 
V
a
l
u
e
s
 
(
f
o
r
 
P
D
R
)
 
P
r
o
f
e
s
s
i
o
n
a
l
-
 
Take personal responsibility
-
 
Use resources efficiently and effectively
-
 
Comply with the University’s statutory obligations, policies and regulations where
 
applicable
A
m
b
i
t
i
o
u
s
 
a
n
d
 
I
n
n
o
v
a
t
i
v
e
-
 
Using the information from today’s session to work proactively, using initiative, to
 
improve working practices to ensure the University is legislatively compliant,
 
including identifying potential risks and taking steps to mitigate these.
I
n
c
l
u
s
i
v
e
-
R
e
c
o
r
d
s
 
M
a
n
a
g
e
m
e
n
t
 
r
e
l
i
e
s
 
o
n
 
e
n
s
u
r
i
n
g
 
i
n
f
o
r
m
a
t
i
o
n
 
i
s
 
a
c
c
e
s
s
i
b
l
e
 
t
o
 
a
l
l
 
t
h
o
s
e
w
h
o
 
r
e
q
u
i
r
e
 
i
t
,
 
a
n
d
 
c
o
n
s
i
s
t
e
n
t
 
a
n
d
 
c
o
m
p
l
i
a
n
t
 
p
r
a
c
t
i
c
e
s
 
a
r
e
 
s
h
a
r
e
d
 
w
i
t
h
c
o
l
l
e
a
g
u
e
s
.
C
o
n
f
i
d
e
n
t
 
 
a
n
d
 
S
u
p
p
o
r
t
e
d
-
 
Equipped to perform role
-
 
Updated professional/specialist skills and knowledge
-
 
Sharing good practice across the University
P
r
o
f
e
s
s
i
o
n
a
l
A
m
b
i
t
i
o
u
s
 
&
I
n
n
o
v
a
t
i
v
e
C
o
n
f
i
d
e
n
t
 
&
S
u
p
p
o
r
t
e
d
I
n
c
l
u
s
i
v
e
W
h
a
t
 
i
s
 
r
e
c
o
r
d
s
 
m
a
n
a
g
e
m
e
n
t
?
“…the efficient and systematic 
control
 of the creation, receipt,
maintenance, use and disposition of records, including 
processes
 for
capturing and maintaining 
evidence and information of business activities
and transactions
 in the form of records.”
      
BS ISO 15489-1:2001
It is about managing records, not just 
information’ or documents, from
their creation, through processes associated with their use, such as
version control, distribution, filing, retention, storage, through to their
final disposition and/or disposal of records, in a way that is
administratively and legally sound, whilst at the same time serving the
operational needs of the University and preserving an adequate
historical record.
The aim is to capture and maintain evidence of activities and
transaction in an efficient and systematic way.
Organise records…don’t let them organise (or disorganise) you!
 
I
m
a
g
e
 
 
E
d
i
n
b
u
r
g
h
 
N
a
p
i
e
r
 
H
e
a
l
t
h
 
a
n
d
 
S
a
f
e
t
y
 
T
e
a
m
W
h
y
 
m
a
n
a
g
e
 
r
e
c
o
r
d
s
?
Loss of
information
Difficulties
finding or
retrieving
information
Breach of
legislation
Unlawful
disclosure of
personal or
confidential
information
Fines of up to £500K
or potentially a % of
the University’s
turnover in future
Keeping
information
longer than
permitted
Destroying
information
too soon
Impact on
individuals
affected
W
h
a
t
 
i
s
 
a
 
r
e
c
o
r
d
?
T
h
e
 
w
o
r
d
 
r
e
c
o
r
d
 
i
s
 
u
s
e
d
 
t
o
 
m
e
a
n
 
a
n
y
r
e
c
o
r
d
e
d
 
e
v
i
d
e
n
c
e
 
o
f
 
a
n
 
a
c
t
i
v
i
t
y
 
o
r
 
b
u
s
i
n
e
s
s
t
r
a
n
s
a
c
t
i
o
n
Records are not defined by:
Format, either physical or electronic
Age, or
importance
W
h
a
t
 
i
s
 
a
 
r
e
c
o
r
d
?
A record is recorded information kept to provide evidence of some
transaction or activity
The term 
record
 can be used for an individual document or a
collection of documents organised as a unit:
eg a letter, a paper files, a MS word file, an electronic folder, an
email, an MS outlook folder.
Records management processes are the same regardless of the
format of the material because they are based on the content of the
record.
We should therefore organise paper and electronic records according
to the same scheme.
W
h
y
 
i
s
 
r
e
c
o
r
d
s
 
m
a
n
a
g
e
m
e
n
t
 
n
e
c
e
s
s
a
r
y
?
Good records management is not optional
It is essential as a result of:
Legislative requirements such as Freedom of Information, Data
Protection and other information related legislation
Regulatory requirements eg QAA
Contractual requirements; and
Business needs
Some drivers are external (FOI) but the strongest are internal, and
to do with working more efficiently and effectively.
L
e
g
i
s
l
a
t
i
v
e
 
r
e
q
u
i
r
e
m
e
n
t
s
Legislation often imposes general requirements which require good
record keeping.
The Data Protection Act 1998:
Sets down conditions for processing personal data 
 creating records is a form of
processing, as is storing, retrieving, updating and sharing them
Creates rights of access by individuals to their data;
Personal data must not be retained for longer than necessary for the purpose(s) for
which it was gathered
How long will depend on the circumstances, any may be overridden by other legal
requirements.
Consider the consequences for a breach of the DPA?
How does a breach happen?
Good records management can mitigate the risk!
L
e
g
i
s
l
a
t
i
v
e
 
r
e
q
u
i
r
e
m
e
n
t
s
The Freedom of Information (Scotland) Act 2002 has created a
general right of access to information and records (mainly non
personal) held by public authorities
Under Section 61 of the FOISA, Scottish Ministers have issued a
Code of Practice regarding records management in Scottish public
authorities
Good records management is central to compliance with FOI, as
without good records systems the University won’t know what
information it has created, where it is stored and will ultimately be
unable to respond to requests for information
This can result in legal action being taken against the University
The Scottish Information Commissioner is also able to conduct audits
of public authorities which scrutinise records management practices.
Generally one University is routinely audited, but others are audited if
there is a breach of FOISA
B
u
s
i
n
e
s
s
 
r
e
q
u
i
r
e
m
e
n
t
s
But above all
.. we need good records management to function
effectively and efficiently an as organisation.
Records are an asset (and a liability!).
Everybody
s work requires access to and use of information
.
records are the result.
Not having the records you need is a problem 
as is accumulating
too many of them!
G
o
o
d
 
r
e
c
o
r
d
s
 
m
a
n
a
g
e
m
e
n
t
 
d
e
p
e
n
d
s
 
o
n
C
r
e
a
t
i
n
g
 
r
e
c
o
r
d
s
 
w
h
e
n
 
n
e
c
e
s
s
a
r
y
 
a
n
d
 
i
n
 
a
n
 
a
p
p
r
o
p
r
i
a
t
e
 
w
a
y
O
r
g
a
n
i
s
i
n
g
 
r
e
c
o
r
d
s
 
t
o
 
s
u
p
p
o
r
t
 
a
c
c
e
s
s
 
a
n
d
 
r
e
-
u
s
e
R
e
t
a
i
n
i
n
g
 
r
e
c
o
r
d
s
 
f
o
r
 
a
s
 
l
o
n
g
 
a
s
 
t
h
e
y
 
h
a
v
e
 
v
a
l
u
e
D
i
s
p
o
s
i
n
g
 
o
f
 
r
e
c
o
r
d
s
 
c
o
r
r
e
c
t
l
y
 
 
t
h
r
o
u
g
h
 
d
e
s
t
r
u
c
t
i
o
n
 
o
r
t
r
a
n
s
f
e
r
 
t
o
 
o
f
f
s
i
t
e
 
s
t
o
r
a
g
e
S
e
c
u
r
i
t
y
 
o
f
 
r
e
c
o
r
d
s
 
a
n
d
 
d
a
t
a
 
p
r
o
t
e
c
t
i
o
n
 
s
h
o
u
l
d
 
b
e
 
t
a
k
e
n
 
i
n
t
o
a
c
c
o
u
n
t
 
t
h
r
o
u
g
h
o
u
t
 
t
h
e
 
l
i
f
e
 
c
y
c
l
e
 
o
f
 
t
h
e
 
r
e
c
o
r
d
R
e
c
o
r
d
s
 
M
a
n
a
g
e
m
e
n
t
 
B
a
s
i
c
s
It’s your RESPONSIBILITY as a University employee to ensure your
records are managed appropriately! That is:
Appropriate records are created/received/retained
Records are retained in a way that other colleagues (as appropriate) have
access. If you store information in ‘personal’ storage areas what happens
when you are not available. Storing information where others have access
means that you will have less interruptions where colleagues have to ask
you for information.
You are not treating corporate information as if it is YOUR information
File plans should be corporate, not ‘personal’ and should be replicated
across all systems e.g. hard copy, SharePoint, S: Drive etc.
Departmental procedures should exist so that everyone is following the
same guidance with regards records management
Information is only kept for as long as necessary
R
e
c
o
r
d
s
 
M
a
n
a
g
e
m
e
n
t
 
B
a
s
i
c
s
Records (evidence of business activity and/or transactions)
should be kept in a filing system (hardcopy/electronic
folders/libraries/etc.) according to the business process they
relate to and should be accessible to colleagues who deal
with that process. Sensitive or confidential information should
be kept in secured libraries/folders to which at least a
manager has access. University records should never be
kept in personal folders to which only one person has access
e.g. individual email accounts, H: Drive, C: Drive, MySite
(SharePoint), removable drives.
C
r
e
a
t
i
n
g
 
a
n
d
 
o
r
g
a
n
i
s
i
n
g
 
r
e
c
o
r
d
s
W
h
i
c
h
 
c
o
m
e
s
 
f
i
r
s
t
?
R
e
c
o
r
d
 
c
r
e
a
t
i
o
n
 
O
R
 
i
t
s
 
p
l
a
c
e
 
i
n
 
t
h
e
 
f
i
l
i
n
g
 
s
t
r
u
c
t
u
r
e
?
When a record is created, in the majority of cases, as it is ‘evidence of
business activity’ (generated by a specific business process), its place in
the filing system (classification, access, security) and retention period
should already exist. This means that if the filing system is set up
correctly the person who is creating the record does not necessarily have
to think about these issues.
I
f
 
y
o
u
 
a
r
e
 
c
r
e
a
t
i
n
g
 
a
 
n
e
w
 
r
e
c
o
r
d
 
i
t
 
s
h
o
u
l
d
 
b
e
 
s
a
v
e
d
b
e
f
o
r
e
 
y
o
u
 
s
t
a
r
t
 
w
o
r
k
i
n
g
 
o
n
 
i
t
.
C
r
e
a
t
i
v
e
 
C
o
m
m
o
n
s
 
i
m
a
g
e
B
u
s
i
n
e
s
s
 
p
r
o
c
e
s
s
e
s
,
 
a
c
t
i
v
i
t
i
e
s
 
a
n
d
 
t
a
s
k
s
B
u
s
i
n
e
s
s
 
p
r
o
c
e
s
s
 
c
o
n
t
d
R
e
t
e
n
t
i
o
n
 
P
e
r
i
o
d
s
T
e
r
m
i
n
a
t
i
o
n
 
o
f
c
o
n
t
r
a
c
t
 
+
 
6
y
e
a
r
s
R
e
c
r
u
i
t
m
e
n
t
c
o
m
p
l
e
t
i
o
n
 
+
 
3
y
e
a
r
s
T
e
r
m
i
n
a
t
i
o
n
 
o
f
c
o
n
t
r
a
c
t
 
+
 
6
y
e
a
r
s
O
t
h
e
r
s
 
i
n
c
l
.
e
x
e
r
c
i
s
e
c
o
m
p
l
e
t
i
o
n
 
+
 
3
m
o
n
t
h
s
R
e
t
e
n
t
i
o
n
 
P
e
r
i
o
d
s
 
a
n
d
 
S
c
h
e
d
u
l
e
s
These business processes should therefore be linked to your retention
schedules and records with the same retention periods grouped together
for easy disposition.
O
r
g
a
n
i
s
i
n
g
 
r
e
c
o
r
d
s
When creating records think about:
Do you need to share the information?
Will your colleagues need access to it?
If other people need access to records the you should:
Save the records to a shared directory (if electronic) or a shared paper filing system
Shared record keeping systems are preferable to personal systems eg storing
on H:Drive or on disks. Personal files and directories should be used for
personal information not corporate records created in the course of your
employment. Drafts and confidential information can be protected using
access controls/passwords.
Advantages of shared systems:
Other people can access the information e.g. if you're away
Less duplication of documents
O
r
g
a
n
i
s
i
n
g
 
r
e
c
o
r
d
s
File plans/systems should correlate directly to the business process
Where possible put all related documents in a single area
Name folders for activities and subjects
Try to be as open/accessible with permissions as possible 
 make
sure someone else knows where your data is (however, do not give
out your network password to anyone!)
Involves setting up a filing or classification scheme and applying the
same scheme to every part of your recordkeeping system.
This would include using the same filing scheme for paper files, MS
Office folders, Outlook folders and Sharepoint workspace
T
h
i
n
g
s
 
t
o
 
t
h
i
n
k
 
a
b
o
u
t
 
w
h
e
n
 
c
r
e
a
t
i
n
g
 
r
e
c
o
r
d
s
.
.
S
o
m
e
 
i
n
f
o
r
m
a
t
i
o
n
 
d
o
e
s
 
n
o
t
 
n
e
e
d
 
t
o
 
b
e
c
o
m
e
 
r
e
c
o
r
d
s
 
 
i
n
 
t
h
e
 
s
e
n
s
e
 
o
f
i
n
f
o
r
m
a
t
i
o
n
 
r
e
t
a
i
n
e
d
 
i
n
 
a
 
r
e
c
o
r
d
-
k
e
e
p
i
n
g
 
s
y
s
t
e
m
,
 
f
o
r
 
e
x
a
m
p
l
e
:
Ephemeral/transitory/temporary emails eg 
thank yous
, acknowledgements,
invitations
Publications and reference materials
Duplicates of information
Phone messages and post-it-notes
Drafts (in most cases, there may be exceptions) once the final version is produced.
You also have to ensure that the record is complete, for example:
Does it provide a full and accurate picture of the subject, event, decision etc...?
If emails are used to make key decisions or convey important information, they too
will also become records.
What format are you going to keep your records in?
Print to paper’ 
(Not recommended)
‘All electronic’
D
o
c
u
m
e
n
t
 
a
n
d
 
F
o
l
d
e
r
 
N
a
m
i
n
g
Name them sensibly for the relevant activity.
Titles should be concise, but contain enough relevant information.
Use standard terms or forms for names, places etc..
Use the date format YYYYMMDD
Use whole names, or standard acronyms. If acronyms are used,
ensure that the full description is spelt out within the document.
U
s
i
n
g
 
r
e
c
o
r
d
s
:
 
s
e
c
u
r
i
t
y
 
i
s
s
u
e
s
Security is particularly vital for records containing:
Personal data
Commercially sensitive
  
information
Information provided in
  
confidence
Legally privileged information
Because:
The Data Protection Act requires us to protect personal data
against unauthorised access and accidental loss
Poor data security (loss of USB data sticks) can lead to
reputational damage and result in the University being fined or
prosecuted.
censorshipinamerica.com/
U
s
i
n
g
 
r
e
c
o
r
d
s
:
 
s
e
c
u
r
i
t
y
 
i
s
s
u
e
s
For electronic records, this means:
Keeping passwords secure 
 and changing them regularly
Restricting access to those who need it (use of passwords on documents)
Backing up data regularly 
 especially those held on USB sticks or laptops
Further guidance is available form C&IT. The University
s Information
Security Policy can be accessed at:
 
http://staff.napier.ac.uk/Services/citservices/Information+for+Staff/Info
rmation+Security/
For paper records, especially those containing personal data:
Always use lockable cabinets or secure areas
Operate a clear desk policy
Consider using security markings on files eg
Personal data-in-confidence, commercial-in-confidence, Legal-in-confidence.
E
m
a
i
l
s
Outlook is a communication tool NOT a filing system
Emails documenting decisions and evidence of business transactions
are records and therefore subject to the same legislation and other
requirements as records held in other formats.
Records kept in Outlook are essentially being filed in a personal
storage area and are therefore not accessible to others who may need
to see them.
Emails should be routinely managed and stored along with other
records pertaining to the same task/subject/business
V
i
t
a
l
 
R
e
c
o
r
d
s
Vital records are those records which are crucial to the functioning of the
University. They are necessary for the continuing operation of the organisation
following a crisis/disruption/disaster as they contain information which is essential
to provide evidence of the University’s legal and financial status, ensuring that the
rights and responsibilities of stakeholders are maintained. These records are
necessary to assist the University in resuming business as soon as possible after
a crisis/disaster.
How do we identify vital records?
Risk assessments and inclusion of vital records schedules in business continuity
plans.
C
o
n
t
r
a
c
t
s
One area that many organisations find challenging is the records
management of contracts, agreements and associated documents.
Good records management is critical to efficient and effective contract
management. Do we know where all the Uni’s contracts are?
It is estimated that companies spend almost 5% of their revenue to track agreements after
signing a contract.
      
- Goldman Sachs
That’s a lot of money! Apart from time wasted searching for contract
documents costs could also be incurred by having to re-draft documents,
losses incurred if SLAs or contract terms are not met and this cannot be
substantiated by production of the original contract or related documents.
C
o
n
t
r
a
c
t
s
 
a
n
d
 
r
e
c
o
r
d
s
 
m
a
n
a
g
e
m
e
n
t
Contracts should be registered on a central or departmental register and
accessible to the necessary people.
This register should be cross referenced to a retention schedule and
identify the following information:
Where the ‘Golden Record’ held
How the ‘golden record’ is held (fire proof safe, off-site storage, etc.)
Who is the custodian (department or faculty/job title)
What is the ‘trigger point’ for the retention period to kick in? (Generally
contract termination)
What is the retention period? Is there a review date?
Is the contract a vital record?
C
o
n
t
r
a
c
t
s
 
 
o
t
h
e
r
 
c
o
n
s
i
d
e
r
a
t
i
o
n
s
Risk Management – good records management practices can mitigate risks:
 
Legislative compliance (Prescription and Limitation Act 1973, EU Law, etc.)
 
Legal admissibility and evidential weight of information
 
Audit requirements – is an adequate audit trail provided?
 
Evidence for litigation purposes in the event of a legal challenge.
Other considerations:
Consistency – ensuring the contract complies with recommendations/University guidance and
using University templates which include relevant data protection and FOISA clauses
Evidence of past actions to inform future developments e.g. setting precedents for re-tendering
High costs associated with contract creation and management – good RM can assist with
rationalising these
For guidance drafting contracts and using templates contact:
C
o
m
m
e
r
c
i
a
l
i
s
a
t
i
o
n
 
C
o
n
t
r
a
c
t
s
 
-
 
A
i
l
e
e
n
 
W
o
o
d
 
a
n
d
 
F
i
o
n
a
 
M
a
s
o
n
,
 
I
n
n
o
v
a
t
i
o
n
 
M
a
n
a
g
e
r
s
F
i
n
a
n
c
e
 
a
n
d
 
P
r
o
c
u
r
e
m
e
n
t
 
C
o
n
t
r
a
c
t
s
 
 
L
y
n
n
e
 
S
m
i
t
h
,
 
O
p
e
r
a
t
i
o
n
s
 
S
u
p
p
o
r
t
 
M
a
n
a
g
e
r
G
e
n
e
r
a
l
 
C
o
n
t
r
a
c
t
s
 
 
H
e
l
e
n
 
M
i
z
e
n
,
 
G
o
v
e
r
n
a
n
c
e
 
O
f
f
i
c
e
r
 
(
D
a
t
a
 
P
r
o
t
e
c
t
i
o
n
 
&
 
L
e
g
a
l
)
O
u
t
c
o
m
e
 
A
g
r
e
e
m
e
n
t
s
 
w
i
t
h
 
t
h
e
 
S
F
C
 
 
A
n
a
s
t
a
s
i
a
 
D
r
a
g
o
n
a
,
 
I
n
f
o
r
m
a
t
i
o
n
 
a
n
d
 
P
r
o
j
e
c
t
 
O
f
f
i
c
e
r
O
v
e
r
v
i
e
w
Good records management is necessary for statutory, regulatory
and contractual reasons.
It also helps the University to function more efficiently.
When creating records, we need to think about:
Whether the record is necessary
Whether the language is appropriate
What format are we going to save the record in
Whether people will need access to the record
Records can exist in many different formats 
 and pass through a
lifecycle reflecting their business value.
O
v
e
r
v
i
e
w
Records are the output of business activities and should be arranged
in a way that reflects this.
Put records in organised shared areas, preferably on SharePoint.
When deciding on the file structure think about how you are going to
dispose of them – don’t have folders full of documents with mixed
retention periods.
No records should just be accessible to one person (e.g. in an H:
Drive or in Outlook). This doesn’t necessarily make them secure.
Name documents sensibly. Ideally have departmental naming
conventions which have been documented, so everyone knows how
they should be naming documents and has something to refer to.
Have disposal events once or twice a year to weed out
records/documents that you no longer need to retain. Individuals
should schedule time into their diaries to maintain their records and
information.
F
u
r
t
h
e
r
 
i
n
f
o
r
m
a
t
i
o
n
Records Management
Governance Services
http://staff.napier.ac.uk/services/secretary/Pages/uso.aspx
http://staff.napier.ac.uk/services/secretary/governance/records/Page
s/default.aspx
JISC Infokit 
 Records Management
www.jiscinfonet.ac.uk/infokits/records-management
JISC Managing records 
 guide for administrators
www.jiscinfonet.ac.uk/records-management/guide-for-administrators
Freedom of Information
Edinburgh Napier FOI website:
www.napier.ac.uk/foi
Scottish Information Commissioner:
www.itspublicknowledge.info
Data Protection
Info Commissioner - 
www.ico.gov.uk/
C
o
n
t
a
c
t
Diana Watt
Governance Officer (Records Manager)
Email: D.Watt@napier.ac.uk
Telephone: 0131 455 6257
Slide Note
Embed
Share

Learn how to effectively manage your records to ensure legislative compliance and enhance business efficiency. Discover the importance of aligning records management with strategic objectives and university values. Empower yourself with the knowledge and skills to organize records systematically while maximizing their value and accessibility. Stay confident, supported, ambitious, and innovative in your approach to records management.


Uploaded on Sep 25, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. MANAGING YOUR RECORDS EFFECTIVELY Legislative compliance and business efficiency Organise your (the Uni s) records don t let them organise (or disorganise) you!!

  2. House-keeping Fire procedure Toilets No mobile phones Confidential Breaks

  3. Alignment with Strategy 20:20 Build Innovation, Enterprise and Citizenship Adopt a continuous improvement/enhancement approach in all that we do Maximise the value of our [information] assets Information and records are received and created by University staff members and representatives to facilitate and support business processes they are inputs and outputs of the University s activities. Ensuring that our information assets are managed correctly corresponds directly with the objectives of Strategy 2020, namely improving the efficiency of business processes.

  4. Alignment with the Universitys Values (for PDR) Professional - Take personal responsibility - Use resources efficiently and effectively - Comply with the University s statutory obligations, policies and regulations where applicable Ambitious and Innovative - Using the information from today s session to work proactively, using initiative, to improve working practices to ensure the University is legislatively compliant, including identifying potential risks and taking steps to mitigate these. Inclusive - Records Management relies on ensuring information is accessible to all those who require it, and consistent and compliant practices are shared with colleagues. Confident and Supported - Equipped to perform role - Updated professional/specialist skills and knowledge - Sharing good practice across the University

  5. Confident & Supported Ambitious & Innovative Professional Inclusive

  6. What is records management? the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence and information of business activities and transactionsin the form of records. BS ISO 15489-1:2001 It is about managing records, not just information or documents, from their creation, through processes associated with their use, such as version control, distribution, filing, retention, storage, through to their final disposition and/or disposal of records, in a way that is administratively and legally sound, whilst at the same time serving the operational needs of the University and preserving an adequate historical record. The aim is to capture and maintain evidence of activities and transaction in an efficient and systematic way. Organise records don t let them organise (or disorganise) you!

  7. Why manage records? Image EdinburghNapierHealthandSafetyTeam

  8. Fines of up to 500K or potentially a % of the University s turnover in future Fines of up to 500K or potentially a % of the University s turnover in future Keeping information longer than permitted Loss of information Difficulties finding or retrieving information Breach of legislation Unlawful disclosure of personal or confidential information Destroying information too soon Impact on individuals affected

  9. What is a record? The word record is used to mean any recorded evidence of an activity or business transaction Records are not defined by: Format, either physical or electronic Age, or importance

  10. What is a record? A record is recorded information kept to provide evidence of some transaction or activity The term record can be used for an individual document or a collection of documents organised as a unit: eg a letter, a paper files, a MS word file, an electronic folder, an email, an MS outlook folder. Records management processes are the same regardless of the format of the material because they are based on the content of the record. We should therefore organise paper and electronic records according to the same scheme.

  11. Why is records management necessary? Good records management is not optional It is essential as a result of: Legislative requirements such as Freedom of Information, Data Protection and other information related legislation Regulatory requirements eg QAA Contractual requirements; and Business needs Some drivers are external (FOI) but the strongest are internal, and to do with working more efficiently and effectively.

  12. Legislative requirements Legislation often imposes general requirements which require good record keeping. The Data Protection Act 1998: Sets down conditions for processing personal data creating records is a form of processing, as is storing, retrieving, updating and sharing them Creates rights of access by individuals to their data; Personal data must not be retained for longer than necessary for the purpose(s) for which it was gathered How long will depend on the circumstances, any may be overridden by other legal requirements. Consider the consequences for a breach of the DPA? How does a breach happen? Good records management can mitigate the risk!

  13. Legislative requirements The Freedom of Information (Scotland) Act 2002 has created a general right of access to information and records (mainly non personal) held by public authorities Under Section 61 of the FOISA, Scottish Ministers have issued a Code of Practice regarding records management in Scottish public authorities Good records management is central to compliance with FOI, as without good records systems the University won t know what information it has created, where it is stored and will ultimately be unable to respond to requests for information This can result in legal action being taken against the University The Scottish Information Commissioner is also able to conduct audits of public authorities which scrutinise records management practices. Generally one University is routinely audited, but others are audited if there is a breach of FOISA

  14. Business requirements But above all .. we need good records management to function effectively and efficiently an as organisation. Records are an asset (and a liability!). Everybody s work requires access to and use of information . records are the result. Not having the records you need is a problem as is accumulating too many of them!

  15. Good records management depends on Creating records when necessary and in an appropriate way Organising records to support access and re-use Retaining records for as long as they have value Disposing of records correctly through destruction or transfer to offsite storage Security of records and data protection should be taken into account throughout the life cycle of the record

  16. Records Management Basics It s your RESPONSIBILITY as a University employee to ensure your records are managed appropriately! That is: Appropriate records are created/received/retained Records are retained in a way that other colleagues (as appropriate) have access. If you store information in personal storage areas what happens when you are not available. Storing information where others have access means that you will have less interruptions where colleagues have to ask you for information. You are not treating corporate information as if it is YOUR information File plans should be corporate, not personal and should be replicated across all systems e.g. hard copy, SharePoint, S: Drive etc. Departmental procedures should exist so that everyone is following the same guidance with regards records management Information is only kept for as long as necessary

  17. Records Management Basics Records (evidence of business activity and/or transactions) should be kept in a filing system (hardcopy/electronic folders/libraries/etc.) according to the business process they relate to and should be accessible to colleagues who deal with that process. Sensitive or confidential information should be kept in secured libraries/folders to which at least a manager has access. University records should never be kept in personal folders to which only one person has access e.g. individual email accounts, H: Drive, C: Drive, MySite (SharePoint), removable drives.

  18. Creating and organising records Which comes first? Record creation OR it s place in the filing structure? When a record is created, in the majority of cases, as it is evidence of business activity (generated by a specific business process), its place in the filing system (classification, access, security) and retention period should already exist. This means that if the filing system is set up correctly the person who is creating the record does not necessarily have to think about these issues. If you are creating a new record it should be saved before you start working on it. Creative Commons image

  19. Business processes, activities and tasks

  20. Business process contd Retention Periods Termination of contract + 6years Recruitment completion + 3 years Termination of contract + 6years Others incl. exercise completion + 3 months

  21. Retention Periods and Schedules These business processes should therefore be linked to your retention schedules and records with the same retention periods grouped together for easy disposition.

  22. Records Retention Periods File Arrangement/Plan Business Process Working documents (examples) HR Recruitment -Email correspondence -Statistics spreadsheets -Draft business case -Business case -CFY+6yrs Business Cases -Meeting minutes documenting BCase approval -Authorisation form (signed) -Permanent Authorisations -Emails -CFY+1yr -Drafts, emails, reference documents -Job T+1yr -Job T+1yr -Process T+3mnths -Process T+3mnths -Process T+3mnths -Unsuccessful UK Process T+3mnths -Unsuccessful EU Process T+1yr -Successful T+6yrs -Process T+3mnths -Process T+3mnths Job Descriptions Person Specifications -Person specification -Job description -Advertisement text -Emails, drafts Advertising -Checklists -Shortlisting matrix template -Interview questions Enquiries -Enquiries -Completed applications Applications, shortlisting and interview records -Completed shortlist -Interview notes/scoring -T+6yrs -T+6yrs (moves from recruitment files to personnel file) -Employment offer -Employment contract Employee Contract Management Training and Development Evaluation, Pay and Benefits

  23. Organising records When creating records think about: Do you need to share the information? Will your colleagues need access to it? If other people need access to records the you should: Save the records to a shared directory (if electronic) or a shared paper filing system Shared record keeping systems are preferable to personal systems eg storing on H:Drive or on disks. Personal files and directories should be used for personal information not corporate records created in the course of your employment. Drafts and confidential information can be protected using access controls/passwords. Advantages of shared systems: Other people can access the information e.g. if you're away Less duplication of documents

  24. Organising records File plans/systems should correlate directly to the business process Where possible put all related documents in a single area Name folders for activities and subjects Try to be as open/accessible with permissions as possible make sure someone else knows where your data is (however, do not give out your network password to anyone!) Involves setting up a filing or classification scheme and applying the same scheme to every part of your recordkeeping system. This would include using the same filing scheme for paper files, MS Office folders, Outlook folders and Sharepoint workspace

  25. Things to think about when creating records.. Some information does not need to become records in the sense of information retained in a record-keeping system, for example: Ephemeral/transitory/temporary emails eg thank yous , acknowledgements, invitations Publications and reference materials Duplicates of information Phone messages and post-it-notes Drafts (in most cases, there may be exceptions) once the final version is produced. You also have to ensure that the record is complete, for example: Does it provide a full and accurate picture of the subject, event, decision etc...? If emails are used to make key decisions or convey important information, they too will also become records. What format are you going to keep your records in? Print to paper (Not recommended) All electronic

  26. Document and Folder Naming Name them sensibly for the relevant activity. Titles should be concise, but contain enough relevant information. Use standard terms or forms for names, places etc.. Use the date format YYYYMMDD Use whole names, or standard acronyms. If acronyms are used, ensure that the full description is spelt out within the document.

  27. Using records: security issues Security is particularly vital for records containing: Personal data Commercially sensitive information Information provided in confidence Legally privileged information Because: The Data Protection Act requires us to protect personal data against unauthorised access and accidental loss Poor data security (loss of USB data sticks) can lead to reputational damage and result in the University being fined or prosecuted. censorshipinamerica.com/

  28. Using records: security issues For electronic records, this means: Keeping passwords secure and changing them regularly Restricting access to those who need it (use of passwords on documents) Backing up data regularly especially those held on USB sticks or laptops Further guidance is available form C&IT. The University s Information Security Policy can be accessed at: http://staff.napier.ac.uk/Services/citservices/Information+for+Staff/Info rmation+Security/ For paper records, especially those containing personal data: Always use lockable cabinets or secure areas Operate a clear desk policy Consider using security markings on files eg Personal data-in-confidence, commercial-in-confidence, Legal-in-confidence.

  29. Emails Outlook is a communication tool NOT a filing system Emails documenting decisions and evidence of business transactions are records and therefore subject to the same legislation and other requirements as records held in other formats. Records kept in Outlook are essentially being filed in a personal storage area and are therefore not accessible to others who may need to see them. Emails should be routinely managed and stored along with other records pertaining to the same task/subject/business

  30. Vital Records Vital records are those records which are crucial to the functioning of the University. They are necessary for the continuing operation of the organisation following a crisis/disruption/disaster as they contain information which is essential to provide evidence of the University s legal and financial status, ensuring that the rights and responsibilities of stakeholders are maintained. These records are necessary to assist the University in resuming business as soon as possible after a crisis/disaster. How do we identify vital records? Risk assessments and inclusion of vital records schedules in business continuity plans.

  31. Contracts One area that many organisations find challenging is the records management of contracts, agreements and associated documents. Good records management is critical to efficient and effective contract management. Do we know where all the Uni s contracts are? It is estimated that companies spend almost 5% of their revenue to track agreements after signing a contract. - Goldman Sachs That s a lot of money! Apart from time wasted searching for contract documents costs could also be incurred by having to re-draft documents, losses incurred if SLAs or contract terms are not met and this cannot be substantiated by production of the original contract or related documents.

  32. Contracts and records management Contracts should be registered on a central or departmental register and accessible to the necessary people. This register should be cross referenced to a retention schedule and identify the following information: Where the Golden Record held How the golden record is held (fire proof safe, off-site storage, etc.) Who is the custodian (department or faculty/job title) What is the trigger point for the retention period to kick in? (Generally contract termination) What is the retention period? Is there a review date? Is the contract a vital record?

  33. Contracts other considerations Risk Management good records management practices can mitigate risks: Legislative compliance (Prescription and Limitation Act 1973, EU Law, etc.) Legal admissibility and evidential weight of information Audit requirements is an adequate audit trail provided? Evidence for litigation purposes in the event of a legal challenge. Other considerations: Consistency ensuring the contract complies with recommendations/University guidance and using University templates which include relevant data protection and FOISA clauses Evidence of past actions to inform future developments e.g. setting precedents for re-tendering High costs associated with contract creation and management good RM can assist with rationalising these For guidance drafting contracts and using templates contact: Commercialisation Contracts - Aileen Wood and Fiona Mason, Innovation Managers Finance and Procurement Contracts Lynne Smith, Operations Support Manager General Contracts Helen Mizen, Governance Officer (Data Protection & Legal) Outcome Agreements with the SFC Anastasia Dragona, Information and Project Officer

  34. Overview Good records management is necessary for statutory, regulatory and contractual reasons. It also helps the University to function more efficiently. When creating records, we need to think about: Whether the record is necessary Whether the language is appropriate What format are we going to save the record in Whether people will need access to the record Records can exist in many different formats and pass through a lifecycle reflecting their business value.

  35. Overview Records are the output of business activities and should be arranged in a way that reflects this. Put records in organised shared areas, preferably on SharePoint. When deciding on the file structure think about how you are going to dispose of them don t have folders full of documents with mixed retention periods. No records should just be accessible to one person (e.g. in an H: Drive or in Outlook). This doesn t necessarily make them secure. Name documents sensibly. Ideally have departmental naming conventions which have been documented, so everyone knows how they should be naming documents and has something to refer to. Have disposal events once or twice a year to weed out records/documents that you no longer need to retain. Individuals should schedule time into their diaries to maintain their records and information.

  36. Further information Records Management Governance Services http://staff.napier.ac.uk/services/secretary/Pages/uso.aspx http://staff.napier.ac.uk/services/secretary/governance/records/Page s/default.aspx JISC Infokit Records Management www.jiscinfonet.ac.uk/infokits/records-management JISC Managing records guide for administrators www.jiscinfonet.ac.uk/records-management/guide-for-administrators Freedom of Information Edinburgh Napier FOI website: www.napier.ac.uk/foi Scottish Information Commissioner: www.itspublicknowledge.info Data Protection Info Commissioner - www.ico.gov.uk/

  37. Contact Diana Watt Governance Officer (Records Manager) Email: D.Watt@napier.ac.uk Telephone: 0131 455 6257

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#