Developing an institutional Records Management programme
This webpage has been archived. Its content will not be updated.
View web retention policy
Audience those charged with implementing FOI within FE and HE institutions, Records Managers, Data Protection officers, Management Information Systems (MIS) staff and IT senior team leaders.
Contents
- The drivers and benefits of a Records Management programme
- Some underlying concepts and principles
- The steps necessary to implement a Records Management programme
- The Lord Chancellor's Code of Practice on the Management of Records. Issued under section 46 of the Freedom of Information Act 2000
- Scottish Ministers Code of Practice on the Discharge of Functions by Public Authorities under the Freedom of Information (Scotland) Act 2002 (draft)
The Freedom of Information Act (FOIA) 2000 (applies to the UK except Scotland) and the Freedom of Information Scotland Act 2002 (applies to Scotland only) have increased the public's right of access to the information created and maintained by all institutions.
These, together with the Data Protection Act 1998, constitute the most demanding in a series of initiatives by Government and other regulatory bodies to improve corporate governance in the public sector, and to become more publicly accountable and accessible.
These initiatives require the development of more robust record creation and management procedures than have previously been the case.
The issue is particularly urgent in the case of electronic records due to their volume, complexity and transience. This presents additional challenges for ensuring that they are effectively managed and accessible.
More and more complex records now have to be maintained for longer periods of time. It is no longer sufficient to rely on the 'personal memory' of individual members of staff about past initiatives, procedures and the history of the institution. This is particularly relevant where there is high staff turnover and organisational change.
An active institutional Records Management Programme is now an essential prerequisite for preparing an effective response to these internal and external demands.
Whilst the Lord Chancellor's Code of Practice on the Management of Records (a requirement under the UK FOIA) and the Code of Practice on Records Management (under the Scottish FOIA) are not legally binding, institutions are strongly advised to pay heed to the guidance they contain. Both the UK and the Scottish Information Commissioners may issue a 'practice recommendation' setting out the steps the institution should take to ensure conformity with the Codes if they consider that the practice of an institution in relation to its duties under the FOIAs do not conform with that set out in the 'Codes'.
In all institutions the demands on record-keeping practices have increased dramatically as a result of both Data Protection and Freedom of Information legislation.
Efficient Records Management is now a strategic necessity for all institutions. It is necessary in order to comply with legal and regulatory obligations. It will also support core functions and provide the basis for effective and accountable administration.
The volume of records being created in both physical and digital media has increased dramatically in recent years.
It is likely that both paper and electronic records systems will continue to operate alongside each other for the foreseeable future.
It is vital that an institution's Records Management programme is able to deal consistently and effectively with all records, regardless of their format or medium.
Records Management - an overview
Records Management is a process for the systematic management of information recorded on all media - traditionally paper and microfiche or film, but increasingly information held in electronic format including emails, web-based content and databases.
In the light of recent high profile cases there is an increased emphasis being placed on all organisations to be able to demonstrate good corporate governance. The effective management of records helps achieve this by ensuring that sound decisions can be made based on full, accurate and up-to-date information and by ensuring that the rationale for those decisions can be traced, scrutinised and justified as necessary.
Records Management encompasses the whole life cycle of records from creation through operational use to final disposition. Based on the principles of regular review and controlled retention or destruction, the general aim is to ensure cost-effective business processes, legal and regulatory compliance, and good practice by identifying those records it is necessary or desirable for an organisation to retain and those they can or should destroy and by managing the process by which this is achieved.
Records Management policies must be imposed on electronic records as early as possible: preferably prior to or at the point of creation. This is due to the ease with which electronic material can be quickly become inaccessible and effectively lost due to media decay or out-of-date technology (technical obsolescence).
Records, whatever their format, should be viewed as one of an institution's most valuable assets. They represent its collective memory, underpin its daily operation and support the image it presents to the world outside.
Records Management is a professional management discipline, with a proven and established theoretical basis, recognised
international standards and an acknowledged professional training route.
Digital Asset Management
Much of the knowledge base and intellectual assets of an institution and its staff are now held in digital form and will have long-term value for teaching and research.
Many institutions are also increasingly moving towards the digital presentation of corporate information, such as web sites that contain prospectuses, course guides, corporate policies and research papers. Increasingly this information is being published in digital form only, with no paper equivalent, and with content updated on a daily basis. Decisions are often made
against the content of such corporate resources as they stood at the time the decision was made and it is vital that steps are taken to preserve this content as evidence of the decision-making process.
The management of digital materials is therefore a necessary element of any modern Records Management Programme.
Preservation on the original storage media is not enough to ensure the integrity and accessibility of digital material over extended periods of time. Whilst the costs of digital storage media are in themselves relatively inexpensive, regular 'refreshing' of storage media to prevent degradation of the content and the periodic migration of data to new software formats to avoid software obsolescence are all essential additional operations and costs.
An effective retention strategy as part of Digital Asset Management within the institution will help identify exactly which resources have ongoing value and need preserving and for how long. This will ensure key assets are safeguarded and institutional resources and investment are targeted appropriately and not wasted on the retention of unimportant, or outdated information.
Business benefits
The considerable business benefits of introducing an institutional Records Management Programme should not be overlooked. These include the streamlining of business processes, a reduction in both the staff time and physical space needed for managing and exploiting records and the foundation of an information-rich organisation able to maximise and exploit the knowledge it contains.
The average filing cabinet requires approximately 1 square metre of space to house the cabinet itself and allow sufficient space for its drawers to be opened and contents accessed. With office accommodation costs within urban universities estimated to be in excess of £600 per square metre per annum it is easy to see how the storage of unnecessary records can represent a significant but largely overlooked cost to the institution.
The Model Records Management programme
The Lord Chancellor's Code of Practice on the Management of Records was issued under Section 46 of the Freedom of Information Act 2000, and a similar Code exists under Section 61 of the Scottish Act. The National Archives of Scotland has published a generic Model Action Plan to assist Public Authorities in compliance with the Scottish Code of Practice to which
Scottish institutions should refer. JISC has funded the development of a Model Action Plan for achieving compliance with the Lord Chancellor's Code of Practice on the Management of Records. This Model Action Plan applies the recommendations of the Lord Chancellor's Code of Practice specifically to the FE and HE sectors and translates the principles into a series of working targets. Between them, these two documents and with reference also to the Scottish documents represent the core of existing best practice for starting a Records Management Programme.
The objectives of the Model Action Plan are to help FE and HE institutions to develop Records Management Programmes that meet the following criteria:
- Consolidate a coordinated approach to the management of corporate information
- Ensure that the organisation recruits staff with the appropriate competencies and has in place the appropriate network to support Records Management
- Provide an authoritative statement on the management of corporate records
- Ensure relevant staff are appropriately qualified, trained or experienced and that all staff understand the need for Records Management
- Establish and maintain a well-structured system to ensure information can be identified and retrieved when required
- Ensure authentic records are maintained over time by providing appropriate protection throughout their life cycle
- Ensure retention and destruction decisions can be explained by documentation of the appraisal of records
Key concepts
Records Life Cycle
The challenges posed by the management of digital records in particular have increasingly led to recognition of the inter-dependence between the stages of creation, use and final disposition of records and the importance of the legal and economic environments in which they operate.
The concept of the Records Life Cycle helps to identify the four major stages in the 'life' of a record that a Records Management Programme must address if it is to be truly effective.
This approach emphasises the inter-dependencies and continuum between the stages of creation, management, preservation and use, and the need for pro-active intervention. This re-enforces the view that the 'life cycle' should not be seen as a linear progression of largely independent stages and that Records Management is not something which can be put off and tackled at some future point long after the creation of the records in question. It requires thought and consideration at the point of record creation, and possibly even earlier when new systems or processes which will create and maintain records are being devised.
Record retention
This is the period of time, varying from a few weeks to permanency, during which a record has to be maintained and remain accessible. This is usually determined by a combination of statute, regulatory or business compliance and, where these do not apply, by a best assessment of the risks involved in destruction.
Retention periods can exist in one of two forms:
- A fixed number of years from creation For example, most financial records of businesses and organisations have to be kept for the current year + 6 years to meet VAT and Tax regulations, an effective total of 7 years
- The life of the transaction + a fixed period of years Commercial contracts must be maintained for the life of the contract + 6 years. The total number of years such records need to be retained will therefore be determined by the length of the contract to which it relates. In such instances it is therefore impossible to determine a definite destruction date at the point of creation, and both regular reviews of such records and appropriate links with the business process to which they relate are essential to ensure their correct retention.
A suggested list of retention periods for HE institutions may be found as part of the JISC's Revised Study of the Records Life Cycle (see Further Information for details).
1st steps in developing an institutional Records Management programme
Summary
- Every FE and HE institution has a corporate responsibility to maintain its records and record-keeping systems in full compliance with the regulatory environment in which it operates. The first step is to ensure that this is recognised by senior management and that an appropriate member of senior management staff has been assigned overall ownership of the policy and procedures that are required
- A Records Management Policy should be developed which acknowledges the above, sets the context for the planned programme and demonstrates full senior management support for it
- An audit of existing record creating and keeping practices and systems and the information they contain should be undertaken
- Ensure that the appropriate resources, human and financial, are dedicated to implement the programme throughout the institution
- Ensure that all relevant staff are made aware of the programme's objectives and the role they must play in helping to achieve them, and are given sufficient training to enable them to fulfil this
1. Convincing Senior Management
This is often best achieved by stressing the legal, financial and operational risks posed by not investing in this area and by indicating the advantages of investment to the institution at a strategic and financial level. It is often possible to identify one member of senior management who has demonstrated an interest or awareness of matters relating to Records Management or legal compliance who may be willing to act as its 'champion'.
Internal auditors and boards of governors should also have an interest in the objectives of Records Management and may prove valuable allies in raising the issue with senior management.
2. The Records Management policy
The approval of the institution's Records Management Policy by members of senior management should represent the first significant objective of a Records Management Programme. This policy can then be used to demonstrate to others that the work proposed has the support of management and should act as the authority for the proposed programme.
The danger for all policy statements is that they are soon forgotten about once approval has been obtained and that their actual impact is therefore minimal. This should be guarded against by ensuring the policy is widely disseminated and regularly referred to (ie during new staff induction).
Any subsequent policies or procedures which are developed should be informed by and make reference to the policy.
3. The information audit
The information audit can be an exercise used to achieve a variety of information-related objectives, but usually has the following Records Management focused goals:
- identify which functions within the organisation create which records
- identify what these records are used for and by whom
- identify where they are kept and by whom
- identify how long they are currently kept and how long they should be kept
- identify who might need to use these records in the future
Methods
Established theory is to take a 'functional analysis' approach to this process, which enables a more accurate and stable picture of your institution's operations to emerge and can more readily track the complexity of record creation and use that these records are put to. The basic framework for such analysis involves an examination of the functions the institution undertakes during its day-to-day operation, the processes these are made up of and the transactions these result in to determine the context of the records they produce. The JISC's Revised Study of the Records Life Cycle for a generic HE institution provides an ideal starting point for your institution to adapt and build upon.
Methods for adapting this model to the specifics of your institution include:
- Questionnaires
- Interviews with key staff members
- Observation
- A mixture of the above
Outputs
The results of such analysis should provide the basis for your:
- Corporate filing structure for both paper and electronic systems
- File naming rules
- Access controls
- FOIA Publication scheme
- Retention schedules
- Preservation strategy
- Identification of vital records
The audit will also show clearly where record keeping can be simplified and processes streamlined.
4. Resource issues
More and more institutions are choosing to appoint a qualified records manager to oversee their activities in this area, often combining responsibility for Records Management with that for Data Protection and FOIA issues also. Where this is not possible it is vital that a senior member of staff is given definite responsibility for this area and is provided with sufficient training and support to carry out this function.
Whilst a good deal can be achieved within existing resources through the training of staff and the introduction of new procedures, it must also be acknowledged by institutions that some additional expenditure may be required when implementing a Records Management Programme, but that such investment will soon be repaid through reduced overheads and increased efficiency. It should also be remembered that the cost of legal action caused by poor Records Management can run into many thousands of pounds.
5. The human element
The Freedom of Information Act reinforces the notion that Records Management is the responsibility of all staff at every level in the institution. It is vital to achieve wide scale 'buy in', because it is at the level of the individual member of staff that the success or failure of any Records Management Programme ultimately lies.
Staff reactions to such new initiatives are likely to vary considerably and may include some hostility on the part of staff who consider such records to be 'their' property, rather than representing an institutional resource.
Buy-in is probably best achieved by using 'quick hits' to show that good Records Management will benefit everybody during their daily work. Regular communication through formal or informal staff training, presentations to departmental meetings and articles in internal publications can all help to spread the message. Often a few successes will soon increase demand for advice and support.
References and further information
JISC infoNet is the Centre of Expertise in the Planning and Implementation of Information Systems. It aims to support and enable planners, implementers and practitioners in FE and HE to understand, innovate and use new technological developments that support learning, teaching and business processes. Further information is available from:
JISC Legal Information Service is a JISC-funded service providing current legal information covering many key ICT legal issues and is helpful to those working in Networking and Computing Services, Library Services, Media Services and those using ICT for general educational purposes. It does not give legal advice; its materials are for informative purposes only and should not be relied upon exclusively.
The Revised JISC Study of the Records Life Cycle (including the generic Function and Activity Model and Record HEI Retention Schedule for HEIs)
The Records Management JISCMail list
JISC's Records Management Focus development activities
JISC Senior Management Briefing paper: Data Protection Act 1998
JISC Senior Management Briefing paper: Freedom of Information Act 2000
JISC Senior Management Briefing paper: Freedom of Information (Scotland) Act 2002
Model Action Plan for achieving Compliance with the Lord Chancellor's Code of Practice on the Management of Records for further and higher education