Records Management Policy
- Policy Statement
- Roles and Responsibilities
- Monitoring of Policy
- Policy Review
- SOAS Records Management Policy, Annex A: Definitions
- SOAS Records Management Policy, Annex B: Legislation and Standards relevant to Records Management
- SOAS Records Management Policy, Appendix C: Implementation Methods
The purpose of the Records Management Policy is to establish a framework for the creation, maintenance, storage, use and disposal of SOAS records to:
- Facilitate compliance with statutory and regulatory requirements
- Prevent unauthorized or unlawful disclosure of information by ensuring records are managed in a controlled way
- Protect the interests of SOAS, its staff, students and other stakeholders by maintaining high quality information for as long as its required, and to ensure its timely and secure destruction
- Support continuous improvement in the School’s core activities of teaching and research and decision making by maintaining accurate and reliable records
- Provide evidence of corporate governance
- Support business efficiency and continuity by ensuring information can be quickly located and protecting vital information for the continued functioning of SOAS during a disaster
- Provide evidence in litigation
- Maintain the corporate memory by preserving records of historical significance
- This policy applies to all SOAS staff. It will also apply to all contractors engaged to work within the School. Excepting where the terms of funding contradict it, this policy will also apply to all records of research carried out by staff of SOAS
- The policy covers all records created in the course of SOAS business and activities. A record is recorded information, in any form (e.g.an electronic file or e-mail, a database record or a paper document), created or received by SOAS or individual members of staff to support and show evidence of the School’s activities. More detailed definitions of a record and other related terms are provided in appendix A
The records of SOAS are its corporate memory, and are necessary for good corporate governance, to be accountable, to comply with legal requirements, to provide evidence of decisions and actions, to provide information for current and future decision-making, and to safeguard the rights of individuals. All records created by staff whilst working for SOAS are the property of the School and therefore need to be managed in line with this Policy. Managing and using records effectively and efficiently will ensure that SOAS gains the maximum benefit from them.
SOAS recognises the importance of this essential resource and undertakes to:
- Manage records effectively and efficiently in line with this policy
- Comply with legal obligations that apply to its records (see appendix B)
- Exercise best practice in the management of records, where beneficial to SOAS and cost efficient, as outlined in relevant standards (see appendix B)
- Provide the tools to enable staff to effectively and efficiently access and use records as corporate resources of information
- All records should be stored digitally where possible with all necessary provisions made to maintain the integrity, reliability and accessibility of records during their lifespan.
- Store records efficiently, utilising appropriate storage methods as outlined in the retention schedule at all points in their lifecycle, and disposing of them appropriately when they are no longer required
- Use appropriate levels of security to prevent the unauthorised or unlawful use and disclosure of information. Paper records containing confidential information must be stored in locked cabinets or rooms when not in use, and access can only be provided to authorised staff. Computer screens should be locked when computers are left unattended. Any confidential data on removable hardware, such as a USB or CD, should be kept secure and protected from theft as well as encrypted or password protected
- Provide appropriate protection for records from unwanted environmental (fire, flood, infestation) or human impact (alteration, defacement, theft)
- Identify and protect records which would be vital to the continued functioning of SOAS in the event of a disaster (such as fire, flood, virus attack). These include records that would recreate SOAS’ legal and financial status, preserve its rights and ensure that it continues to fulfill its obligations to stakeholders
- Identify and make provision for the preservation of records of long term and historical value
- The Information Compliance Manager (ICM) has overall responsibility for Records Management. Operational responsibility is delegated to the Records Manager and Archivist (RMA) who is responsible for developing corporate records management policy, procedures and guidance, and promoting good practice and promoting compliance with the policy and procedures
- The Records Management Project Board is responsible for reviewing RM policies and procedures and recommending their approval to the relevant committee
- Executive Board are responsible for approving the Records Management Policy
- Directors and Deans are responsible for ensuring that adequate records of their directorate or faculty’s activities are maintained and that records possess ‘authenticity, reliability, integrity and usability’ (ISO 15489)
- The Governance and Compliance Directorate is responsible for providing an off-site storage service and arranging the transfer/return of records to the supplier, and retrieval of records from the supplier.
- Liaison Officers (LOs) of the Information Compliance and Records Management (ICRM) Network are responsible for communicating records management policy and procedures to their directorates/faculties and reporting on their implementation to the RMA
- Line managers are responsible for ensuring their staff are aware of the Records Management Policy
- The LOs are responsible for disseminating or circulating training given by the RMA to any staff within their department who require it.
- The RMA is responsible for providing records management training and procedures to LOs
- All SOAS staff are responsible for documenting their work and keeping records in line with SOAS policies and procedures, including retaining and disposing of records in line with records management procedures and the Corporate Retention Schedule
- The Director of Library and Information Services is responsible for ensuring that adequate technical provision is in place to support record keeping across the School to allow the School to comply with this policy
- The Director of Estates and Facilities is responsible for providing onsite storage for physical records, and to provide disposal services which follow compliant confidential waste disposal methods for physical records which are no longer required, to allow the School to comply with this policy
- Committee Secretaries are responsible for maintaining records of their committees and managing their disposition in line with the instructions provided in the SOAS Retention Schedule
- The Directorate is responsible for any historical administrative records of the School deemed to be of enduring historical value following appraisal and deposited in the School Archive
- Progress in implementing this policy will be reported by the Records Manager and Archivist to the Records Management Project Board
- The Records Manager and Archivist will carry out information surveys every three years to review compliance with the Policy and report back to the Records Management Project Board
The Records Management Policy will be reviewed at least every three years to ensure that it continues to fulfil the needs of SOAS.
What is a record?
A record is recorded information, in any form, created or received by SOAS or individual members of staff to support and show evidence of SOAS activities. It is important to differentiate between a record and a document. All records are documents, but not all documents are records. In effect, a document becomes a record when it forms part of a business activity.
An example of a document would be a blank form. If somebody completes and submits the form, it becomes a record, because it has participated in a business activity. Some documents will never (and should never) become records, due to their ephemeral nature. Examples include promotional literature received (unless it is relevant to a particular project or initiative ongoing or planned), junk mail (e-mail or otherwise) and other items of no more than passing significance.
Records need to be authentic, reliable, have integrity (be complete or unaltered, except under controlled conditions) and be useable. Records therefore need to be subject to controls that ensure these features are maintained.
What is records management?
The international standard on records management describes it as:
“[The] Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and [disposal] of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records” BS ISO 15489-1 Information and documentation – Records Management
Effectively, it is about applying the necessary controls to SOAS records to ensure authenticity, reliability, integrity and usability.
What are ICRM LOs
The Information Compliance and Records Management Liaison Officers (LOs) are representatives from each faculty and department across the School who are responsible for managing records within their section. The LOs meet every term to discuss any records management issues and receive any records management training required. The LOs are responsible for disseminating records management policies and procedures, best practice and training to their department
The records lifecycle
This is a model used by records managers to describe the stages through which a record progresses during its existence. It is helpful for planning records management activities, so that records can be maintained and stored efficiently.
Records are placed within files classed as ‘current’ until they are closed. Files then progress through a ‘semi-current’ phase, when staff may still access them regularly, but will not add any records. Often another phase, ‘non-current’, follows where a file needs to be retained, perhaps for legal reasons, but is rarely referenced. Once a file is no longer needed, it can be disposed of, either by transfer to the School Archive via the RMA if it is likely to be of historical significance, or by destruction
The retention schedule
This is a policy statement setting out what records SOAS holds and how long they will be retained before disposal. It can also be used to set out what needs to happen to records at different stages of their lifecycle to ensure that they are stored efficiently.
For more information, see the SOAS Retention Schedule December 2015 (pdf; 621kb)
What are vital records?
These are records without which SOAS could not function, and which would be impossible or prohibitively difficult to reconstruct in the event of a disaster. As part of the Records Management Project, the RMA will develop and update guidance on identifying, recording and protecting Vital Records.
Many pieces of legislation, regulations and standards include requirements for record keeping. The following are the most relevant to the SOAS Records Management Policy.
Legislation and regulations
- Data Protection Act 1998
- Environmental Information Regulations 2004
- Freedom of Information Act 2000
Standards and Codes of Practice
- BS ISO 15489-1, Information and documentation – Records management – Part 1: General
- BS ISO/IEC 27001: 2005, Information technology. Security techniques. Information security management systems. Requirements
- BS ISO/IEC 27002: 2005, Information technology. Security techniques. Information security management systems. Code of Practice
- BS 10008 Evidential weight and legal admissibility of electronic information - Specification
- BS 8470:2006, Secure destruction of confidential material. Code of practice
- BS 4783, Storage, transportation and maintenance of media for use in data processing and information storage
- The Lord Chancellor's Code of Practice on the Management of Records Issued under section 46 of the Freedom of Information Act 2000
- JISC Guidance on Records Management
Related SOAS strategies and policies
- An established network of ICRM Liaison Officers ensure that records management policies and procedures are communicated and implemented in directorates and faculties
- Information surveys will periodically be carried out across all departments in SOAS, in both professional services and academic faculties, to identify all main records series that are created, received and stored by, or on behalf of, SOAS
- The SOAS Corporate Retention Schedule outlining SOAS policy for retention and disposal of records will be reviewed by the RMA every three years. Staff within departments will be relied on to implement the schedule.
- Guidance and facilities for the appropriate disposal of records will be provided.
- Directorates/Faculties/Teams will ensure that their records are adequately controlled, through such methods as registration of files and use of actively managed shared areas on networks
- Records management guidance will be made available to SOAS staff, including guidance on such matters as security and access to records, document naming and version control, and appropriate storage at different stages of the records lifecycle
- Staff will receive training in records management appropriate to their role
- Records and information management risks will be identified in the School’s Risk Register
- Vital records will be identified and steps taken to ensure their survival in the event of a disastrous occurrence
- A strategy for the selection, preservation and use of records as a historical resource will be developed and implemented in time for the SOAS centenary in 2016
- Records management issues will be considered when planning or implementing new systems (electronic or otherwise) and during re-structuring or major changes to the School. A standard of records management requirements and desirables for procurement of any IT systems with a records management functionality will be produced and must be used for procurement of any IT systems with a records management functionality after this date.