Information and Records Management Policy

Related pages

The University recognises that the efficient management of its records is necessary in order to support its core functions, to comply with its legal and regulatory obligations and to enable the effective management of the institution.

The policy follows from the University's Information Strategy. Its purpose is to ensure the creation and maintenance of authentic, reliable and useable records, with appropriate evidential characteristics, within the University by establishing a framework and accountabilities for records management, through which best practice can be implemented and audited.

Policy

1. Policy

1.1  The University will manage records efficiently and systematically, in a manner consistent with ISO15489 and the Lord Chancellor’s Code of Practice on Records Management, to support University operations and meet legislative, regulatory, funding and ethical requirements.

1.2  Records will be created, maintained and retained in order to provide information about and evidence of the University’s transactions and activities. Appropriate systems must be in place to document decisions and activities.

1.3 Records must be maintained in a manner to ensure they have the following qualities:

  • it is present (the information needed to evidence and reconstruct the relevant activity or transactions is recorded).

  • it can be accessed (it is possible to discover, locate and access the information, and present it in a way that is true to the original presentation of the information).

  • it can be interpreted (a context for the information can be established showing how it is related to other information, when, where and who created it, and how it was used).

  • it can be trusted (the information and its representation is fixed and matches that which was actually created and used, and its integrity, authenticity and provenance can be demonstrated beyond reasonable doubt).

  • it can be maintained (the record can be deemed to be present and can be accessed, interpreted and trusted for as long as necessary and on transfer to other agreed locations, systems and technologies).

1.4  Appropriate measures will be employed to safeguard the security and integrity of University records.

1.5  Records must be maintained and stored in such a way that they can be easily identified and located to support business activities and that ensures appropriate accountability, using established procedures for secure storage, access and handling.

1.6  Records will be disposed of in accordance with agreed retention schedules. Retention schedules will set out the minimum period for which a record should be retained and will be reviewed regularly and amended as necessary. Retention schedules will be agreed by the senior data owners for the relevant business function. When the currency of the records and their need to be retained expires, the records will either be destroyed or, if they have lasting historical value, added to the University Archive.

1.7  A small percentage of the University’s records will be selected by an appraisal process for permanent preservation.  The appraisal process is defined in the ‘Method Statement - Appraisal policy for Corporate Records’. These records will become part of the University’s Archive and will provide an enduring record of the conduct of University functions and operations.

1.8  Information and records management awareness and training is provided for staff as part of the University’s statutory and compliance training programme.

1.9  This document, together with subsidiary policies and implementation documents available from http://www.york.ac.uk/, define the framework within which records are managed across the University.

Scope

2. Scope

2.1  This policy applies to all records in hard copy and electronic format that are created, received and maintained by University members and associates (as set out in 2.3 below) in the course of carrying out their University functions. Records are those documents, regardless of format, which facilitate University activities (e.g. teaching, learning and research) and business and which are thereafter retained (for a set period) to provide evidence of its transactions or activities. Records may be created, received or maintained in hard copy or electronically.

2.2  This policy applies to records created in the course of research, whether internally or externally-funded, in addition to any contractual and academic record-keeping requirements.

2.3  This policy is binding on all those who create or use University records such as staff, students, contractors, consultants, visitors and guests of the University, whether accessing records from on or off-campus.

Oversight

3. Oversight

3.1  The Registrar and Secretary is responsible for records management within the University and has the authority to define and implement University-wide records management policies.

3.2  Information Strategy Group is responsible for the approval of records management policy and for overseeing policy implementation via the Information Security Board.

3.3  The Information Security Board, chaired by the Deputy Registrar, is responsible for regular policy reviews and monitors the effectiveness of the information and records management policy across the University. It also commissions and responds to independent audits of records management arrangements.

3.4  The University’s Information and Records Manager is responsible for promoting and supporting compliance with this policy across the University and its wholly-owned subsidiaries, including the development of retention schedules and procedures, and drawing up guidance about good information and records management practice.

3.5  The University’s Information and Records Manager has responsibility for the University Archive.

Responsibilities

4. Responsibilities

4.1  All information users are responsible for creating, maintaining and preserving records to which they have access in accordance with this policy and guidance.

4.2  University Officers, Heads of Departments and Section Heads, as data owners, are responsible for ensuring that all records in their area are managed in conformance with this policy.

4.3  Principal investigators, as data owners, are responsible for ensuring that their research projects and their resulting records and data are created, managed and disposed of in compliance with this policy, the University’s Code of good practice for research, and any specific legal, ethical and contractual conditions.

4.4  Records Liaison Officers, a member of staff from within University departments who has been designated to the role by their Head of Department, are responsible for liaising with the Records Manager on behalf of their departments, disseminating policy and guidance and assisting in local implementation.

4.5  Staff, students, contractors, consultants, visitors and guests who act in breach of this policy, or who do not act to implement it, may be subject to disciplinary procedures or other appropriate sanctions.

Implementation

5. Policy implementation documents

5.1  This document, together with related records management guidance is available at: http://www.york.ac.uk/records-management.

5.2  Policy Guidance provides context and further information to support implementation of the University Information and Records Management Policy.

5.3  Appraisal of corporate records. The Appraisal Policy (PDF , 112kb) sets out the process by which the University will distinguish and select those corporate records with the highest value for permanent preservation from those of no enduring value.

5.4  The Research data management policy enables the University and its researchers to meet the standards and responsibilities set out in the University's Code of Practice on Research Integrity and to meet funder, ethical, legal and other responsibilities.

Document history

Document history

12 December 2012 Approved by Information Strategy Group
29 January 2016 Reviewed and approved by Information Security Board
31 July 2019 Reviewed and approved by Information Security Board

Review

Review cycle: Three yearly

Date of next review: July 2022