Records Management Policy

Related pages

The University recognises that the efficient management of its records is necessary in order to support its core functions, to comply with its legal and regulatory obligations and to enable the effective management of the institution.

The policy follows from the University's Information Strategy. Its purpose is to ensure the creation and maintenance of authentic, reliable and useable records, with appropriate evidential characteristics, within the University by establishing a framework and accountabilities for records management, through which best practice can be implemented and audited.

Policy

1. Policy

1.1  The University will manage records efficiently and systematically, in a manner consistent with ISO15489 and the Lord Chancellor’s Code of Practice on Records Management, to support University operations and meet legislative, regulatory, funding and ethical requirements.

1.2  Records will be created, maintained and retained in order to provide information about and evidence of the University’s transactions and activities.  Retention schedules will govern the period of time that records will be retained.

1.3  A small percentage of the University’s records will be selected by an appraisal process for permanent preservation.  The appraisal process is defined in the ‘Method Statement - Appraisal policy for Corporate Records’. These records will become part of the University’s Archive and will provide an enduring record of the conduct of University functions and business.

1.4  Records management training is mandatory for all staff as part of the University’s statutory and compliance training programme.

1.5  This document, together with subsidiary policies and implementation documents available from http://www.york.ac.uk/, define the framework within which records are managed across the University.

Scope

2. Scope

2.1  This policy applies to all records in hard copy and electronic format that are created, received and maintained by University members in the course of carrying out their University functions.

2.2  This policy applies to records created in the course of research, whether internally or externally-funded, in addition to any contractual and academic record-keeping requirements.

2.3  This policy is binding on all those who create or use University records such as staff, students, contractors, consultants, visitors and guests of the University, whether accessing records from on or off-campus.

Oversight

3. Oversight

3.1  The Registrar and Secretary is responsible for records management within the University and has the authority to define and implement University-wide records management policies.

3.2  Information Strategy Group is responsible for the approval of records management policy and for overseeing policy implementation via the Information Security Board.

3.3  The Information Security Board, chaired by the Director of Information, is responsible for regular policy reviews and monitors the effectiveness of the records management policy across the University.  It also commissions and responds to independent audits of records management arrangements.

3.4  The University’s Records Manager is responsible for promoting compliance with this policy and for drawing up guidance about good records management practice.

3.5  The University’s Records Manager has responsibility for the University Archive.

Responsibilities

4. Responsibilities

4.1  All information users are responsible for creating, maintaining and preserving records to which they have access in accordance with this policy.

4.2  University Officers, Heads of Departments and Section Heads, as data owners, are responsible for ensuring that all records in their area are managed in conformance with this policy.

4.3  Principal investigators, as data owners, are responsible for ensuring that their research projects and their resulting records and data are created, managed and disposed of in compliance with this policy, the University’s Code of good practice for research, and any specific legal, ethical and contractual conditions.

4.4  Records Liaison Officers, a member of staff from within University departments who has been designated to the role by their Head of Department, are responsible for liaising with the Records Manager on behalf of their departments, disseminating policy and guidance and assisting in local implementation.

4.5  Staff, students, contractors, consultants, visitors and guests who act in breach of this policy, or who do not act to implement it, may be subject to disciplinary procedures or other appropriate sanctions.

Implementation

5. Policy implementation documents

5.1  This document, together with related records management policies and implementation documents is available at: http://www.york.ac.uk/records-management.

5.2  Guidance document - Policy Guidance provides context and further information to support implementation of the University Records Management Policy.

5.3  Method Statement - appraisal of corporate records Appraisal Policy (PDF  , 112kb).

Definitions

Appendix A - Definitions

Records

All those documents, regardless of format, which facilitate University activities (e.g. teaching, learning and research) and business and which are thereafter retained (for a set period) to provide evidence of its transactions or activities. These records may be created, received or maintained in hard copy or electronically. A record has the following essential qualities:

  • it is present (the information needed to evidence and reconstruct the relevant activity or transactions is recorded).
  • it can be accessed (it is possible to discover, locate and access the information, and present it in a way that is true to the original presentation of the information).
  • it can be interpreted (a context for the information can be established showing how it is related to other information, when, where and who created it, and how it was used).
  • it can be trusted (the information and its representation is fixed and matches that which was actually created and used, and its integrity, authenticity and provenance can be demonstrated beyond reasonable doubt).
  • it can be maintained (the record can be deemed to be present and can be accessed, interpreted and trusted for as long as necessary and on transfer to other agreed locations, systems and technologies).

Records management

Records management is defined as the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, distribution, storage and disposal of records (ISO 15489).

Document history

Document history

12 December 2012 Approved by Information Strategy Group
29 January 2016 Reviewed and approved by Information Security Board

Review

Review cycle: Three yearly

Date of next review: January 2019