Records Management & Information Governance
This guidance document provides associated context and further information to support the implementation of the University Information and Records Management Policy.
The University recognises that the efficient management of its records is necessary in order to support its core functions, to comply with its legal and regulatory obligations and to enable the effective management and operation of the institution. It is committed, through the Information and Records Management Policy, to creating, keeping and maintaining those records which document its principal activities, including teaching, research, the administration of its resources and the protection of the rights and interests of the organisation and its stakeholders.
The Information and Records Management policy follows from the University’s Information and Records Management strategies. Its purpose is to ensure the creation and maintenance of authentic, reliable and useable records, with appropriate evidential characteristics, within the University by establishing a framework and accountabilities for records management. Through this framework best practice can be implemented and audited.
Records are defined as recorded information, regardless of format, which facilitate and derive from University activities (e.g. teaching, learning and research) and business and which are thereafter retained (for a set period) to provide evidence of its decisions, transactions or activities. Records are fixed in time and contain content (information), context and structure. The use or reuse of the information that changes any of these three factors results in the creation of a new record of a different transaction. Records may be created, received or maintained in hard copy or electronically and include email and instant messaging, social media, websites and blogs. They may also be considered as ‘Information Assets’.
A record has the following essential qualities:
Records management is defined as a field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, distribution, storage and disposal of records (ISO 15489). It constitutes a series of integrated systems related to the core processes of the University that ensure that evidence of, and information about, its activities and transactions are captured and maintained as viable records.
Records contain information that is a unique and invaluable resource and are fundamental to University processes and operations. The objectives of a records management system are as follows:
A systematic approach to the management of the University’s records is essential:
Records Management enables and supports the University’s realisation of the corporate objectives described in its Strategy, namely:
Records management is accordingly necessary to:
The University has a corporate responsibility to maintain its information and records and its record-keeping systems in accordance with the regulatory environment. For this reason the member of the University’s senior management with overall responsibility for the Information and Records Management policy is the Chief Operating Officer.
The University’s Information and Records Manager is responsible for
Heads of Departments, Principal and Co-Investigators at the University, and all those who lead a team of staff in an organisational unit, programme or project, have overall responsibility, as Information Owners, for supporting the management of records generated by their department’s/team’s activities, and should ensure that:
Staff designated as Information Champions, a role held by a member of staff within a University department, provide a key point of contact between departments and the Records Manager in the implementation of records management and compliance policies. Designated by their Head of Department, they will liaise with the Records Manager on behalf of their departments, promote central guidance to colleagues and assist in the local implementation of data management and compliance procedures and best practice.
All staff and contractors are responsible for creating, maintaining and preserving accurate records that support and document their employment/contracted activities in accordance with this policy and its associated policies, procedures and guidance. They must know what information they hold, where it is held and University staff should complete mandatory records management training.
Other staff may have specific responsibilities for records as part of their role e.g. Committee Secretaries and should follow relevant University policy and guidance for the specific types of records that they manage.
University records and its processing of data are governed by a variety of legislation (including employment, contract, charity and financial laws), common law duties (of confidentiality and care), and regulated practice. The Information and Records Management policy framework has been formulated in the context of University policies and guidelines, national legislation and sectoral/professional standards. It is intended to support standards and practice and to promote easier compliance with legislative and regulatory environments. Key policies and legislation related to this policy are cited below.
A fuller survey of legislative and regulatory provisions concerning record-keeping and the processing of University data is maintained by the Records Manager.
A suite of Information and Records Management guidance has been produced on the following areas and will continue to be developed.
External records store: inventorying
External records store: transfer to
External records store: recall from
External records store: destruction
Security classification & handling scheme
Online induction training and awareness material is provided through the University’s statutory compliance training programme, the University’s general Staff Induction sessions, and Records Management website.
|Records Management and the University Archive||Charles Fonge
|13 December 2012||Approved by Information Strategy Group|
|29 January 2016||Reviewed and approved by Information Security Board|
|31 July 2019||Reviewed and approved by Information Security Board|
|5 April 2023||Reviewed and approved by Information Security Board|
Review cycle: Three yearly
Date of next review: April 2026