Records Management Policy and Strategy
The University’s Records Management Policy is:
- To establish across the University effective, efficient and economic records management practice for paper and electronic records and, where practicable, to standardise this across the University to maximise the capabilities and efficiency of the information resource of the institution.
- To manage records in accordance with current information access legislation (Data Protection and Freedom of Information).
- To afford records storage conditions and protective measures appropriate to their significance (both long and short term), their allocated retention periods and legislative requirements.
The Policy forms an important component of a planned University-wide information management framework for the University which will bring together document management, records management, content management, knowledge management, information management and data management.
We will fulfil the Policy through implementation of a Strategy which has the following objectives:
- To develop and deliver staff training on records management.
- To develop and disseminate policy and guidance for the development of effective, efficient and economic records management systems.
- To co-ordinate and support the records management activities required for the Durham Project.
- To implement a formal project to provide guidance and support to colleagues in academic departments and colleges.
- Identifying and sorting existing records and information.
- Identifying how long to keep records and then what to do with them.
- Identifying and preparing records for permanent preservation in the University Archives.
- Destroying records (where appropriate).
- Managing current paper and electronic records.
- Information security.
- Managing vital records.
- Preparing closed records for storage.
- Complying with the Data Protection Act 2018, General Data Protection Regulation 2016 and Freedom of Information Act 2000.
To achieve effective records management it is essential that key underlying systems and protocols for paper and electronic records are embedded, particularly before embarking on large-scale electronic records management (ERM) software solutions. We need to begin with the basics, such as:
- Clearing out time-expired records.
- Organising current business records so that they are clearly identified and are held in well-structured folders (paper and electronic).
- Training staff in good records management practice.
ERM software solutions are only likely to be successful if well-organised records are transferred into them and staff have been trained – and routinely perform – good records management practice. The deployment of ERM solutions also involves significant culture change and must be instigated gradually through incremental change in records management practices.
In order to effect the culture change needed to put in place good records management practices and to maximise progress with staff, we need to implement records management best practice gradually and appropriately and in tandem with hands-on practical assistance. This will foster a mutually beneficial two-way process and create the good relationships which are crucial to successful implementation.
It is important that we set and publicise clear priorities for the work to be undertaken. Our priorities need to take account of the staff moves planned within the Durham Project (2011 and 2012) which of necessity must be the short term focus for the University’s Records Manager. We do however envisage that general policy and guidance will be produced during the preparations for the office moves which will be of help and support to colleagues more widely across the University.
The Lord Chancellor’s Code of Practice on the Management of records under Section 46 of the Freedom of Information Act 2000 sets the framework of records management expectations on a public body if it is to meet its obligations under the Freedom of Information Act. Good records management is also fundamental to helping an institution to meet its obligations under the Data Protection Act 1998.
The key risks faced by the University in relation to records management are as follows:
- Failure to create appropriate records or to be able to retrieve records as needed.
- Failure to manage electronic records.
- Failure to effectively manage requests for information from the public under Freedom of Information and Data Protection legislation.
- Failure to dispose of records securely and in a timely manner in line with a retention schedule based upon legal and business requirements.
The realisation of these risks could lead to:
- Business disruption or inefficiency, including ineffective use of staff time.
- Action against the University for failure to meet audit, regulatory, statutory or legislative requirements.
- Reputational damage.
- Unnecessary records storage and retrieval costs.
- Security breaches.
- IncompleteUniversity Archives.
These risks are being mitigated by the roll-out of effective, efficient and economic records management policy and practice across the University in tandem with Data Protection and Freedom of Information policies and procedures.
The University has a corporate responsibility to maintain its records and recordkeeping systems in accordance with the regulatory environment. The senior manager with overall responsibility is the Chief Operating Officer.
The University’s Information Governance Manager is responsible for developing policy and guidance and promoting compliance with it.
Heads of colleges, academic departments and professional support services are responsible for ensuring that records created and received by their respective functions are managed in line with University policy and guidance.
Records Contacts are asked to lead the development and maintenance of effective, efficient and economic records management in their teams in liaison with the University’s Information Governance Manager.
All staff are responsible for ensuring that University records they create or receive are managed in line with University policy and guidance. Staff must involve the University’s Information Governance Manager prior to the development of any new systems impacting upon the management of records in the University.
Monitoring and Review of Strategy
Records management policy and procedure will be brought to University Executive Committee for approval, as appropriate.
 ISO 15489:2001 defines records management as the “field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records”.
 The International Standard on records management (ISO 15489:2001) defines records as information “created, received and maintained as evidence and information by an organisation or person in pursuance of legal obligations or in the transaction of business”. This applies to all formats and media, both paper and electronic.