Records Management Quick Guide
Durham University staff can check their current records management practices against the Seven Point Checklist below. The more points that are taken into consideration during everyday working the better the University's records - and information in them - will be managed.
RECORDS - Seven Point Checklist
1. Records are the audit trail. They must be created and managed to provide:
Accountability (show appropriate business decisions have been made).
Knowledge (allow past experience to inform present thinking).
Compliance (show that the business operates within the law).
Protection (allow the business to defend itself).
2. Electronic records provide accountability as well as paper records, and must be equally well managed, especially regarding:
- Storage (security, meaningful titles, structured folder system).
- Accessibility (meaningful titles, shared folder system).
- Disposal (regular deletion of ephemera, transfer of business records to a structured folder system).
3. Corporate ownership, not personal ownership of business records. These records:
- Belong to the University, not individual members of staff.
- Must be accessible when required by the University.
- Are subject to corporate policy and procedures.
4. Omit unnecessary subjective comments from business records. Record information with care, ensuring that it:
- Has business relevancy only.
- Can be seen by a data subject without recourse for reasonable complaint.
5. Record the files you create. This will help:
- Prepare for a planned corporate structured paper and electronic records filing system.
- Avoid duplication.
- Provide quicker access to information for everyday business and in response to requests for information, such as under Freedom of Information (FOI) Act.
6. Draft exclusion.
- File drafts only if they contribute significantly to the decision-making process.
- Generally, file only final versions of documents.
- Consider the space taken up by multiple drafts - are they necessary?
- If multiple drafts or versions need to be filed, ensure they are clearly individually marked to show their relation to each other and any superseding.
7. Send immediately any received information requests submitted under FOI, Environmental Information Regulations and data protection legislation (i.e. subject access requests under General Data Protection Regulations) to the Information Governance Unit (firstname.lastname@example.org) to respond.
- Response time for information requests under the Freedom of Information Act 2000 is 20 working days.
- Response time for subject access requests under the GDPR is one month.