Accessibility statement

Information and Records Management Policy: associated guidance

1 Introduction

1.1 This Guidance document provides context and further information to support implementation of the University Information and Records Management Policy.

1.2 The University recognises that the efficient management of its records is necessary in order to support its core functions, to comply with its legal and regulatory obligations and to enable the effective management and operation of the institution. It is committed, through the Information and Records Management Policy, to creating, keeping and maintaining those records which document its principal activities, including teaching, research, the administration of its resources and the protection of the rights and interests of the organisation and its stakeholders.

1.3 The Information and Records Management policy follows from the University’s Information and Records Management strategies. Its purpose is to ensure the creation and maintenance of authentic, reliable and useable records, with appropriate evidential characteristics, within the University by establishing a framework and accountabilities for records management. Through this framework best practice can be implemented and audited.

2 Definition of 'records' and 'records management'

2.1 Records are defined as all those documents, regardless of format, which facilitate University activities (e.g. teaching, learning and research) and business and which are thereafter retained (for a set period) to provide evidence of its transactions or activities. These records may be created, received or maintained in hard copy or electronically and include email and blogs.

2.2 A record has the following essential qualities:

  • it is present (the information needed to evidence and reconstruct the relevant activity or transactions is recorded).
  • it can be accessed (it is possible to discover, locate and access the information, and present it in a way that is true to the original presentation of the information).
  • it can be interpreted (a context for the information can be established showing how it is related to other information, when, where and who created it, and how it was used).
  • it can be trusted (the information and its representation is fixed and matches that which was actually created and used, and its integrity, authenticity and provenance can be demonstrated beyond reasonable doubt).
  • it can be maintained (the record can be deemed to be present and can be accessed, interpreted and trusted for as long as necessary and on transfer to other agreed locations, systems and technologies).

2.3 Records management is defined as a field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, distribution, storage and disposal of records (ISO 15489). It constitutes a series of integrated systems related to the core processes of the University that ensure that evidence of, and information about, its activities and transactions are captured and maintained as viable records.

2.4 The objectives of a records management system are as follows:

  • Records contain information that is a unique and invaluable resource and important operational asset. A systematic approach to the management of the University’s records is essential
    • to ensure that the information we rely on has the qualities of a record
    • to protect and preserve records as evidence of our actions.
  • Records management enables and supports the University’s realisation of the corporate objectives described in the University Plan, namely:
    • encouraging openness, creativity, participation and innovation;
    • facilitating the creation, curation and dissemination of knowledge and information assets;
    • supporting staff, students and stakeholders in the management of records, compliance, risk;
    • applying the best ethical standards.
  • Records management is accordingly necessary to:
    • ensure that the University conducts itself in an orderly, efficient and accountable manner;
    • realise best value through improvements in the quality and flow of information and greater coordination of records and storage systems;
    • support core University functions, teaching and research, providing evidence of conduct and the appropriate maintenance of associated tools, resources and outputs;
    • meet legislative, regulatory, funding and ethical requirements;
    • deliver services to staff and stakeholders in a consistent and equitable manner;
    • assist and document policy formation and managerial decision making;
    • provide continuity in the event of a disaster;
    • protect the interests of the organisation and the rights of employees, clients, students, research participants and present and future stakeholders;
    • equip and support researchers to be adaptable and flexible in an increasingly diverse, mobile and global research environment; and
    • establish an institutional and cultural identity and maintain a corporate memory.

3 IRM responsibilities

3.1 The University has a corporate responsibility to maintain its information and records and its record-keeping systems in accordance with the regulatory environment. For this reason the member of the University’s senior management with overall responsibility for the Information and Records Management policy is the Registrar and Secretary.

3.2 The University’s Information and Records Manager, based in Corporate and Information Services, is responsible for defining policy, for drawing up guidance for good information and records management practice. The Information and Records Manager provides advice on data and records management issues and the selection of records as archives.

3.3 Heads of Departments, Principal Investigators, and all those who lead a team of staff in an organisational unit, programme or project, have overall responsibility, as ‘data owners’, for supporting the management of records generated by their department’s/team’s activities, and should ensure that:

  • adequate records are kept of the activities for which they are accountable,
  • the records created, received and controlled within the purview of their department, unit or project, and the systems (electronic or otherwise) and procedures they adopt, are selected and managed in a way which meets the aims of the University’s records management policy and any other relevant contractual requirements
  • staff inductions cover local and corporate policies and procedures and staff and students have access to relevant training opportunities.

3.4 Staff designated as Records Liaison Officers, a role held by a member of staff within a University department, provide a key point of contact between departments and the Information and University Records Manager in the implementation of records management and compliance policies. Designated by their Head of Department, they are responsible for liaising with the Records Manager on behalf of their departments, disseminating central guidance to colleagues and assisting in the local implementation of data management and compliance procedures and best practice.

3.5 Other staff may have specific responsibilities for records as part of their role e.g. Committee Secretaries and should follow relevant University policy and guidance for the specific types of records that they manage.

4 Relationship with existing policies and legislation

4.1 This University Information and Records Management policy has been formulated within the context of University policies and guidelines, national legislation and sectoral/professional standards and is intended to act as a framework to support standards and promote compliance with legislative and regulatory environments. Key policies and legislation related to this policy are cited below.

University documents



  • Copyright, Design and Patents Act 1988
  • Data Protection Act 2018
  • Environmental Information Regulations 2004
  • Equality Act 2010
  • Freedom of Information Act 2000
  • Human Rights Act 1998
  • Limitations Act 1980
  • Privacy and Electronic Communications (EC Directive) Regulations 2003
  • Regulation of Investigatory Powers Act 2000

Codes of Practice / Professional Standards

  • Lord Chancellors Code of Practice on the Management of Records: issued under Section 46 of the Freedom of Information Act 2000, (Ministry of Justice, The National Archives, 2009)
  • ISO 15489:2001 Information and Documentation Records Management
  • ISO 27001:2005 Information Security Management Systems Requirements
  • BSI DSC PD0008:1999 A Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (2nd edition)
  • BSI DSC PD5000:2002 Legal admissibility: an international code of practice for electronic documents and e-business transactions for evidence, audit, long-term duty of care
  • BS 5454:2000 Recommendations for the storage and exhibition of archival documents
  • Study of the Records Lifecycle (JISC, 2007)
  • Integrity, Clarity and Good Management: RCUK Policy and Code of Conduct on the Governance of Good Research Conduct (RCUK, 2009)
  • Functional Requirements and Testing of Electronic Records Management Systems (The National Archives, 1999)
  • Information on Quality and Standards in Higher Education (HEFCE, 2002)

5 Further information

5.1 Guidance on the following areas for use by University members is available:

  • Introduction to records management
  • Creating records
  • File naming
  • Version control
  • Managing workspaces
  • Managing email
  • Managing shared drives
  • Data handling and security (includes cloud computing)
  • Record retention
  • Preserving information
  • Depositing records in the University Archive
  • Disposing of information

5.2 Online induction training and awareness material is provided through the University’s Statutory Compliance Training programme, the University’s general Staff Induction sessions, and Records Management website.


6 Contacts

Records Management and the University Archive Dr Charles Fonge
Borthwick Institute
  Mr Graham Hughes
Borthwick Institute

Document history and status

13 December 2012 Approved by Information Strategy Group
29 January 2016 Reviewed and approved by Information Security Board
31 July 2019 Reviewed and approved by Information Security Board


Review cycle: Three yearly

Date of next review: January 2022