Records Management Policy & Guidance

Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management
of 14
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management Policy Version Date 28/09/12 Effective Date 1 November 2012 Version 1.3 Issue THREE Change Record Modified Date Author Version Description of Changes 14/07/2009 N Spencer 1.0 Comments addressed and minor format changes 23/05/2011 S Smith 1.1 Reviewed on behalf of Service Desk 25/05/2011 A R Last 1.2 Reviewed by M Brazier & A R Last 28/09/12 A R Last 1.3 Annual review Stakeholder Sign off Name Position Signature Date Nigel Spencer Information Services Manager May 2011 Martin Brazier Knowledge Manager May 2011 Nigel Spencer Head of IS September 2012 Martin Brazier Knowledge Manager September 2012 Security Sign-off Name Position Signature Date Adrian Last Business Support Manager May 2011 Adrian Last ISMS Manager September Table of Contents 1. Policy Purpose 3 2. Introduction What are records? 3 3. Organisational Arrangements Lead Responsibility Responsibility of Heads of Business Units Information Asset Owners Responsibility for Change Management General Roles and Responsibilities 5 4. Records Systems Information Classification Choosing Where to Store Records 5 5. Storage of Paper Records New Paper Records Legacy Paper Records and SAPA Items on Loan from The National Archives 6 6. Security of Records Access Control Collection of Evidence of Security Breaches 7 7. Retention and Disposal General Principles Making Disposal Decisions Implementing Disposal Decisions Documenting Destruction 8 8. Records Created by Partners Typical Contract Requirements Collection of Evidence of Security Breaches 9 9. Review of Records for Transfer to The National Archives Selection of Records for Permanent Preservation Determining the Access Status of Records Transfer of Public Records Compliance Monitoring and Reporting Review of Records for Transfer to The National Archives Selection of Records for Permanent Preservation Determining the Access Status of Records Transfer of Public Records 12 2 Table of Contents (Cont.) 12. Compliance Monitoring and Reporting User Awareness Incident Reporting Disciplinary Process Deviations From Policy Glossary Of Terms 12 Appendix A List Of Related Documents, Procedures And Processes 13 3 1. Purpose The aim of this policy is to ensure that employees and agents and advisers are aware of their responsibilities when managing records belonging to The Crown Estate and has been written to support the Management Board Statement below: We recognise that records management is vital to our business. Effective records management will help us to ensure we have the right information at the right time to make the right decisions. It will provide evidence of what we do and why, thereby protecting our interests. We recognise that records and the information they preserve are essential corporate assets. By implementing this policy, we aim to balance our commitment to integrity, openness and transparency with our commercial and stewardship responsibilities. We will provide supporting standards, procedures and guidelines, and monitor compliance with them. We will review this policy annually or whenever a significant change is being planned, and we will keep it up to date. 2. Introduction Managing Crown Estate records to agreed standards is essential if those records are to be available and used in the future. Freedom of information and data protection legislation has put greater emphasis on our obligation to maintain a corporate memory securely and to make information available to the public as appropriate. All records need to be managed in line with legal, business or heritage obligations and be accessible, accurate, in good condition and either held permanently or disposed of in a timely fashion, as appropriate. Furthermore, adequate records management ensures the security of our information and is an enabler for accreditation under ISO All employees, advisers and agents should be aware of the value of the Crown Estate records they create or manage, and relevant legislation and regulations governing their use and retention. This policy defines the way Crown Estate records and information should be managed to standards which ensure that vital and important records are identified, that the business holds records that are necessary, sufficient, timely, reliable and consistent with business need, and that legal and regulatory obligations are met. It also defines the roles and responsibilities for the creation, safekeeping, access, change and disposition of information What are records? Records provide a history in detail of an issue, matter, dealing, transaction, project, initiative or decision. Any type of document, data and information in any format can be a record, including paper, electronic files, s, presentations, scanned images, spreadsheets and models. It is important that all evidence is recorded to show the build-up and background to outcomes. A record is not just the final report or product. To use an analogy with paper file systems, it is important to include draft versions, correspondence, memos, notes and comments the metaphorical pencilled notes in margins - which all help to tell the story and retain the corporate memory. In the electronic world, we must strive to retain and secure all related information in such a way that it is holistic and in context. 4 3. Scope The scope of this policy applies to: The Crown Estate s personnel, temporary staff, contractors and service providers utilising The Crown Estate s information system resources; and Information system resources, including data networks, LAN servers and personal computers (stand-alone or network-enabled) located at The Crown Estate and non-crown Estate locations, where these systems are under the jurisdiction and/or ownership of The Crown Estate, and any personal computers and/ or servers authorised to access The Crown Estate s data networks. Personal mobile devices such as Blackberrys and laptops provided by The Crown Estate are also included. Third parties shall also adhere to this policy. All corporate records, whether in paper or electronic format. 4. Policy 4.1. Policy statement The Crown Estate s records are assets essential to The Crown Estate s business and its dependency on these assets to meet its statutory obligations demands that appropriate levels of records management be instituted and maintained. It is The Crown Estate s policy that appropriate organisational arrangements (see Section 5 below) and processes (Sections 6 to 9) are implemented to ensure its records are maintained in a systematic and orderly fashion, protected against accidental or malicious destruction, damage, modification or disclosure, and to maintain appropriate levels of confidentiality, integrity and availability of its records Policy objectives The objectives of this policy with regard to records management are to: Ensure that comprehensive records are readily available as a corporate memory to enable The Crown Estate to conduct its business in an effective way Enable The Crown Estate to meet its statutory obligations; Minimise reputation exposure, which may result from ineffective records management Policy overview The Crown Estate s records are important business assets. Appropriate systems are required to ensure that sufficiently comprehensive and complete records are kept to enable The Crown Estate to maintain a corporate memory sufficient to meet its statutory obligations. Users should be made aware of the dangers of inadequate record keeping Policy maintenance Supporting standards, guidelines and procedures will be issued on an ongoing basis by The Crown Estate. Users will be informed of any subsequent changes or updated versions of such standards, guidelines and procedures by way of or other relevant communication media. Users shall then have the obligation to obtain the current information systems policies from The Crown Estate Intranet or other relevant communication media on an ongoing basis and accept the terms and conditions contained therein. 5 5. Organisational Arrangements 5.1. Lead Responsibility The Management Board recognises the importance of records management as a core corporate function, as part of a wider knowledge management function. This responsibility covers records in all formats throughout their lifecycle, from planning and creation through to disposal and includes records managed on our behalf by external partners. Allocation of lead responsibility for the records and information management function is designated to the Director of Finance and Information Systems to act as a records management champion. Operational responsibility is designated to the Knowledge Manager Responsibility of Heads of Business & Support Groups Heads of business and support groups are responsible for ensuring that adequate records are kept of the activities for which they are accountable. Roles and responsibilities for records management and information security will form part of staff induction procedures (including temporary staff, contractors, secondees and consultants) to ensure that all staff are aware of the business s records management policies, standards, procedures and guidelines and understand their personal responsibilities. Heads of business groups are responsible for ensuring that their staff know how they apply to their business or support groups. General responsibilities will be included in Personal Scorecards, with more detailed objectives set for those with a more specific role in record keeping Information Asset Owners Heads of business and support groups are the information asset owners for the information generated or used in their area of responsibility Responsibility for Change Management Records management issues will be considered when planning or implementing IT systems, when extending staff access to new technologies and during re-structuring or major changes to the organisation General Roles and Responsibilities Management Board board level responsibility for ensuring compliance with this policy lies with the Director of Finance and Information Systems. Individual Management Board members have responsibility for ensuring that their heads of business units follow procedures and guidance, comply with the records management policy and standards, and that records management is carried out in accordance with those procedures. Knowledge Management Team this team has the following responsibilities: ensure that the records management policy and standards are kept up to date and relevant; raise staff awareness of records management issues; provide advice and guidance to heads of business units and staff; audit compliance with the records management policy and associated standards; develop and maintain retention and disposal schedules and document disposal activity. Heads of Business & Support Groups are responsible for taking the lead on records management issues in their areas of responsibility, and ensuring that procedures and guidance are in place which support the records management policy and associated standards. All staff all staff who receive, create, maintain, use or delete records are responsible for ensuring that they do so in accordance with this policy. 6 6. Records Systems 6.1. Information Classification The Protective Marking System (often referred to as the Government Protective Marking System/ Scheme or GPMS) is the Government s classification system to ensure that access to information and other assets is correctly managed and safeguarded to an agreed and proportionate level throughout their lifecycle, including creation, storage, transmission and destruction. The system is being adopted by The Crown Estate to ensure good business practice and meet the requirements of relevant legislation and regulation. It is a means of protecting information from accidental or deliberate compromise or disclosure. As staff at The Crown Estate generate and handle sensitive or confidential documents, they must apply the Protective Marking System, and the necessary controls and technical measures as detailed in the Information Classification and Data Handling Policy Choosing Where to Store Records For many specialist types of records there will be an obvious and dedicated repository. For example, financial and purchase-to-pay records will be stored in Agresso, and some HR records in Snowdrop. However, the majority of records are created by standard desktop applications such as Word, Excel, Powerpoint etc. It is the storage of the records created by these generic applications that requires greater levels of advice and guidance Personal Storage Portable Media Portable media (memory sticks) are provided for users to store small quantities of information which needs to be mobile or intended for sharing with others. Portable media must not be used to store any information which does not exist as a record on a Crown Estate computer system. Information on a memory stick must be considered as in transit and dispensable and transferred as a record as soon as is practicable. Portable media must be encrypted. Crown Estate records must not be transferred to CD or DVD Personal Storage The U: Drive The U: drive is provided for users as a short term area to store personal and rough draft information. For example, users might choose to keep working copies of their personal scorecards or expenses. However, the U: drive must not be used to keep corporate records Shared Storage The S: Drive The S: drive stores archived material, and cannot be used to store new records. Some transient information may be stored there by exception and prior arrangement. The S: drive must not be used to keep records Corporate Document & Records Management System Wisdom Wisdom is the corporate document and records management system and is provided for users to store information which forms the corporate record; that is the corporate memory of the work of the organisation. Wisdom provides adequate security of access, implements Protective Marking and provides an audit trail and version control for the evolution of documents. It also has appropriate functionality to specify and implement retention and disposal schedules and to review records under the Public Records Act. 7 7. Storage of Paper Records 7.1. New Paper Records The Crown Estate no longer keeps paper records as a matter of course. There are exceptions, such as title deeds, contracts and signed agreements. Individuals must not keep their own private or personal paper files of corporate information corporate paper documents (such as incoming letters) must be scanned and placed into Wisdom and the originals securely destroyed Legacy Paper Records and SAPA Legacy paper documents are held in an offsite store at Peterborough, run by Document Control Services Limited (DCS). Physical security arrangements for those records vary according to need title deeds, for example, are held in vacuum sealed packets in fire safes. The content of the external store can be interrogated using the SAPA application, accessible from the home page of The Crown Estate Intranet, i-site. From SAPA, users can request the transfer of an item or request that it is scanned. Proactive scanning of frequently-used files is undertaken monthly, and the scanned images placed on Wisdom. Records that are recalled from the store are delivered to the requester, and remain in their safekeeping until returned. Requesters will be permitted to retain a file for up to three weeks, after which it must be returned. If a file is needed for longer than three weeks, the file will be scanned and made available through Wisdom. Original paper files will only be released for longer than three weeks in special circumstances. Files must not be despatched directly to an external party such as a managing agent or law firm. Any file required by external bodies must be passed to the Knowledge Management team so that its intended location can be recorded on the SAPA System, and preferably scanned Items on Loan from The National Archives Items held at The National Archives should be requested through the Knowledge Management Team. Items on loan from The National Archives will be immediately assessed to determine whether they contain the information required, and if so, scanned and the original returned as soon as possible. Once items have been transferred to The National Archives they are no longer Crown Estate property and they must therefore be kept safely when in The Crown Estate s possession and returned as soon as possible. 8. Security of Records 8.1. Access Control Records will be stored securely and access to them will be controlled. Storage arrangements, handling procedures and arrangements for transmission of records reflect accepted standards and good practice in information security. Access control will be applied in two ways general access control and specific control using protective marking. Ease of access will depend on the nature and sensitivity of the records, although the presumption will be to open internal access. Access restrictions will be applied when necessary to protect the information concerned and security should be kept up to date with access control removed when information is no longer sensitive. Particular care should be taken with personal information about living individuals in order to comply with the 7th data protection principle, which requires precautions against unauthorised or unlawful processing, damage, loss or destruction. Particular care should be taken with information bearing a protective marking, and should be handled in 8 accordance with the Information Classification and Data Handling Policy. Other information, such as information obtained on a commercially confidential basis, may also require particular protection Collection of Evidence of Security Breaches To allow follow-up action after a breach of information security, evidence should be collected, retained and presented. In general, the rules for evidence cover admissibility of evidence (whether or not the evidence can be used in court) and weight of evidence (the quality and completeness of evidence). Documents stored in Wisdom are likely to meet the rules for evidence, as access control and audit trails are embedded functionality. 9. Retention and Disposal 9.1. General Principles As a general principle, records should be kept for as long as they are needed - for reference or accountability purposes, to comply with regulatory requirements or to protect legal and other rights and interests. Destruction at the end of this period ensures that office and server space are used resourcefully and costs are not incurred in maintaining records that are no longer required. For records containing personal information it also ensures compliance with the fifth data protection principle which requires that personal data is kept only for as long as it is needed. Removing records that are no longer required also improves the likelihood and speed of retrieving retained records. Records should not be kept after they have come to the end of their retention period unless: They are known to be the subject of litigation or a request for information. If so, destruction should be delayed until the litigation is complete or, in the case of a request for information, all relevant complaint and appeal provisions have been exhausted; They have long-term value for historical or research purposes and have been or should be selected for permanent preservation; They contain or relate to information recently released in response to a request under the Freedom of Information Act. This may indicate historical value and destruction should be delayed while this is re-assessed; They relate to the state of existing property and will be kept until the state changes or the property is sold Making Disposal Decisions Dispo
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks