Menu
Home Page

Records Management Policy

Records Management Policy

Responsibilities for management of information to support secure access and effective retention, destruction and preservation processes

Policy points are numbered. The numbering corresponds to explanations of ‘why?’ and ‘how?’ for each point further down the page.

 

What must I do?

1. MUST: You must document your work activities in line with procedures

2. MUST: You must store all work information in the format and medium best suited to its use in line with procedures

3. MUST: You must ensure that the information you manage is only known to an appropriate audience

4. MUST: All information in any format which we hold as a record of our activity must be retained after ‘closure’ in line with Retention Guidelines

5. MUST: Owners must regularly review information in line with Retention Guidelines to make best use of the available storage space

6. MUST: We must monitor the success of the review process to maintain compliance with the law

7. MUST: You must manage Pupil records in line with best practice and specific system guidance

8. MUST: You must follow Good Practice for Managing E-Mail when storing emails as records

9. MUST: We must ensure that the facilities available for storing and managing information meet legal requirements and best practice

10. MUST: We must maintain a selection procedure for identifying, reviewing and managing records with historical value

11. MUST NOT: You must not store business information on a personal drive or on equipment not provided by the Organisation

12. MUST: All Information Assets identified on the Register must be associated with a retention period from the Retention Guidelines.

13. MUST: The Retention Guidelines must be reviewed for changes in legislation and the Organisation’s business needs.

14. MUST: When archiving paper records, information on ownership, retention and indexing quality must be recorded.

15. MUST NOT: You must not use the archive storage services of any other commercial company than the approved supplier.

 

Why must I do it?

  • These measures ensure Organisation information, where appropriate to do so, is shared effectively to support efficient business processes and maintain effective service delivery to customers.
  •  Managing records in line with the best practice guidance fulfils duties under the section 46 Code of Practice on Records Management under the Freedom of Information Act 2000. Retention Guidelines are published so there is clear communication to customers over what information should still be available to them if they wish to make a request. To retain information too long or to destroy too soon leaves us open to criticisms on openness and transparency, and in some cases, compliance with the law.
  • In order to comply with the Section 46 Code of Practice (see above) we must ensure that we are destroying all related information across all formats. For example, destroying a paper file on a project but keeping all the electronic documents about the project in a shared network folder can cause problems if a Freedom of Information request is received. The request co-ordinator assumes that as the paper file is destroyed then we do not hold any information and responds accordingly. We would then be in breach of the act.

 

How must I do it?

1. Employees are aware of best practice requirements and any guidance on use of specific systems through training and communications

2. Employees are aware of best practice requirements and any guidance on use of specific systems through training and communications

3. You must ensure that paper files are accessible to authorised colleagues in your absence, by ensuring others know where to find keys to lockable storage areas. You must be aware of who information should be shared with, and ensure it is only shared with that audience. You must ensure that you save electronic information in a shared environment, but with appropriate access controls if the information has a restricted audience.

4. Follow the best practice guidance and any superseding amendments made by the Organisation

5. Follow the best practice guidance and any superseding amendments made by the Organisation

6. Designated employees must gather performance data on activities within the scope of this policy for review by the Data Protection Officer and the Leadership Team

7. Follow the best practice guidance and any superseding amendments made by the Organisation

8. Follow the best practice guidance and any superseding amendments made by the Organisation

9. The organisation must approve and regular review facilities such as systems and physical storage as appropriate against security requirements in Data Protection Law, and all employees must help maintain security standards by following procedure.

10. Records can be identified for preservation at any point in the records lifecycle, but will not transfer until we have no ongoing administrative need (i.e. at the end of a retention period). When information is due to be destroyed, there should be a final review to select records for transfer to the Essex Record Office.

11. By only storing all business information on the relevant systems designated by the Organisation and by using only equipment approved by the Organisation.

12. The Information Asset Owner is responsible for ensuring that Information Asset Managers amend entries on the Information Asset Register to show the correct retention period from the schedule.

13. A policy review (at least annually) must review the provisions of best practice retention guidance and make any necessary amendments, documenting the reasons for change and managing affected records accordingly.

14. We must complete and retain archiving indexes providing the relevant information about paper records in storage, ensuring that the Organisation is aware of what information it holds at all times and when they can be reviewed.

15. Any use of a commercial storage provider must be assessed and approved to ensure the right security and financial provisions are in place. Use of alternatives that have not been approved may not provide value for money and may not provide secure services.

 

What if I need to do something against the policy?

If you believe you have a valid business reason for an exception to these policy points, having read and understood the reasons why they are in place, please raise a formal request by contacting Walesby C of E Primary School DPO Mrs J Marshall dpo@walesby.notts.sch.uk;

 

Document Control

Version: 2

Adapted by Walesby C of E Primary School

Date approved: Monday 4th June 2018

Approved by: Walesby C of E Primary School Governing Body

Next review: Tuesday 4th June 2019

 

References

  •  Data Protection Act 1998 (to May 25th 2018)
  •  General Data Protection Regulations 2016 (from 25th May 2018)
  • Article 8, The Human Rights Act 1998
  • Freedom of Information Act 2000.
  • Code of Practice on Records Management (under Section 46 of the FoIA)

 

Breach Statement

Breaches of Information Policies will be investigated and may result in disciplinary action. Serious breaches of Policy may be considered gross misconduct and result in dismissal without notice, or legal action being taken against you.

Top

Cookies

Unfortunately not the ones with chocolate chips.

Our cookies ensure you get the best experience on our website.

Please make your choice!

Cookies

Some cookies are necessary in order to make this website function correctly. These are set by default and whilst you can block or delete them by changing your browser settings, some functionality such as being able to log in to the website will not work if you do this. The necessary cookies set on this website are as follows:

Website CMS

A 'sessionid' token is required for logging in to the website and a 'crfstoken' token is used to prevent cross site request forgery.
An 'alertDismissed' token is used to prevent certain alerts from re-appearing if they have been dismissed.
An 'awsUploads' object is used to facilitate file uploads.

Matomo

We use Matomo cookies to improve the website performance by capturing information such as browser and device types. The data from this cookie is anonymised.

reCaptcha

Cookies are used to help distinguish between humans and bots on contact forms on this website.

Cookie notice

A cookie is used to store your cookie preferences for this website.

Cookies that are not necessary to make the website work, but which enable additional functionality, can also be set. By default these cookies are disabled, but you can choose to enable them below: