What does records management involve?
Records management involves controlling all records (e.g. paper files, electronic documents, emails) throughout their life cycle from creation or receipt until the time of their disposal. The controls should cover every aspect of record-keeping, including:
- information audit
- What records are required to carry out the work of the department?
Each department must create records that are accurate and complete, so that it is possible to establish what has been done and why. The quality of the records must also be sufficient to allow staff to carry out their work efficiently, demonstrate compliance with legal and regulatory requirements, and ensure accountability and transparency expectations are met. Where appropriate, templates should be used, so that documents are produced consistently and quickly. In addition, version control procedures should be applied to documents that are periodically revised (such as policies and handbooks) to ensure the current versions can be easily identified.
- What information is held and where is it held?
It may be helpful to carry out an audit in order to establish what information (both paper and electronic) is held by a department and where it is held; and to clarify who is responsible for keeping the definitive versions of documents and who is simply holding copies. Unless a department can readily locate its records, it will be difficult not only to respond to enquiries promptly, but also to implement retention schedules effectively. Conducting an audit may also help to eliminate unnecessary duplication, leading to a reduction in storage and maintenance costs.
- Are the records arranged in a systematic way? Are they named consistently and helpfully?
All records (e.g. paper files, electronic documents, emails) should be arranged systematically, so that they can be retrieved easily and quickly. The main areas of work carried out by a department should be identified, and then a paper filing structure and electronic directory tree developed into which all the documents can be logically placed. In addition, file titles and document names must describe the content or subject matter of individual files and documents accurately and helpfully.
- Who needs access to the records and how often?
Staff must be able to retrieve the information they need to carry out their work. Records that are consulted frequently should be kept close-at-hand within the immediate office space, while semi-current material can be housed in separate store rooms or stored off-site at FileStore. Information that is only accessible to a single person should be kept to a minimum: as far as possible records that other staff may require should be stored on a shared network or within a centralised filing system, so that departments can operate efficiently when individual members of staff are absent.
- Are the records confidential and has access been restricted to authorised staff only?
Paper records containing confidential information must be stored in locked cabinets or drawers when not in use, and access only granted to authorised staff. In the case of sensitive electronic data, access should be controlled through the use of log-ins, passwords and read-only settings, and computers should not be left unattended when logged-on. It is also essential that data held on portable media (e.g. CDs, DVDs, USB memory sticks), as well as laptops, is kept securely and protected from theft. Any disclosure that takes place must be in line with the requirements of Data Protection and Freedom of Information legislation. For more information, see Information Security.
- Is the retrieval of the records monitored?
In departments where several people need to consult the same documents, it may helpful to track the movement of files to ensure they can always be found. For example, a form can be used to record the name of the person retrieving a file, as well as its reference, title and the date of retrieval; the form can then be inserted in place of the file, so that other members of staff will know where to find it. Gathering data on the level of use will also assist retention decisions.
- Will the records remain accessible?
Records of continuing value need to remain accessible. Wherever documents are stored, they should be protected from potential hazards, such as fire and flood, and the temperature and humidity maintained at stable levels (to prevent the development of mould). Critical electronic data must be held on a network drive, so that it will be adequately backed up and safeguarded from hardware and software failure. In addition, electronic data should be reviewed periodically and, if necessary, upgraded to new file formats so that it does not become trapped in obsolete technology. See preservation.
- How long must the records be kept?
Records should only be retained as long as necessary to conduct business, and to comply with legal and regulatory requirements. Each department should have a retention schedule listing its major categories of records (both paper and electronic) and for how long they are required.
- Are there clear, auditable procedures?
The disposal of each department?s core administrative records (both paper and electronic) should be controlled by retention schedules, and a record should be kept of what is destroyed and when. See destruction.