Records Management Strategy
This document sets out the aims of the University of Glasgow in relation to records management and outlines the strategy for achieving those aims. The strategy is accompanied by an underlying records management policy.
Good records management practice is required across the University of Glasgow in order to comply with relevant legislative requirements and to meet organisational and business needs. The Data Protection Act 1998 (“DPA”), the Freedom of Information (Scotland) Act 2002 (“FOISA”) and the Environmental Information (Scotland) Regulations (“EIRS”), together with associated Codes of Practice issued by the Scottish Ministers, mean in practice that the University needs to be able to identify, locate and account for the disposal of information. In order to have effective records management, the University requires an overall strategy for records and risk management that must also address information security issues.
Records management facilitates the efficient running of a University. Good records management ensures that records are kept as evidence of decision making and of the day to day operations of the University - for example, student administration. The effective management of records ensures that sound decisions can be made based on full, accurate and up to date information, as well as ensuring that the rationale for and the impact of such decisions can be traced, scrutinised and justified as required
The aims of the University’s records management strategy are to ensure:
- A systematic and planned approach to records management covering records from creation to disposal. University record keeping systems should be easy to understand and efficient in terms of minimising staff time and storage space.
- Greater efficiency through improvements in the quality of information held in storage systems across the University. University records should be accurate and complete in order to meet legal and audit requirements.
- Compliance with relevant statutory requirements.
- Better awareness of the importance of records management and of the responsibilities of all members of staff. There should be a clear chain of managerial responsibility for all records created by the University of Glasgow.
- Improved security to restrict access to University records, where this is appropriate, but also ensuring swift access to records when they are required.
- The auditing of the performance of the University’s records management programme.
4.0 Role of the Data Protection and Freedom of Information Office
- The Data Protection and Freedom of Information Office has been allocated the task of setting the strategic direction for records management in the University of Glasgow.
- As a starting point, the Data Protection and Freedom of Information Office will conduct a University-wide information audit building on previous work by Archive Services. The information audit will cover both paper and digital records, and will also analyse the business processes and systems which currently create and use information in the University.
- The Data Protection and Freedom of Information Office, in conjunction with Archive Services, will devise a classification scheme and retention and disposal schedules for University records. The classification scheme will be a development from the previous JISC report and will take into account (a) Scottish legislative requirements and (b) extension into business areas not previously covered.
- The appropriate guidance, tailored to the various business areas of the University and displayed in a consistent format, will be made available on the University’s website.
- The Data Protection and Freedom of Information Office will provide training and guidance on responsibilities and good practice for all staff involved with records. Applying the records retention and disposal schedules, once devised, will require resource commitment from all organisational units of the University.
5.0 Role of University Staff
- Staff will have a direct role to play in implementing records management in the University. Heads of Department will have overall responsibility for the management of records in their organisational unit.
- All other staff will have responsibility for ensuring that the records they create are captured and managed in line with the University’s records management procedures.
6.0 Electronic Document and Records Management
Most organisational units across the University rely on maintaining physical records in conventional paper filing systems, by printing electronic records to paper. This methodology is not viable in the medium or long term due to the increasing volume of paper, the duplication across paper and electronic versions, and the lack of clarity in version control.
As electronic methods of working are increasing in extent and sophistication, the variety and incompatibility and functionality of these systems, and the types of information that such systems can process, across the University are increasingly unmanageable and breaking down.
The University’s records management strategy is to manage processes and transactions carried out electronically through the effective capture of formal corporate records. This will foster new ways of working by enabling faster access to higher quality information. Electronic records will be managed and maintained by electronic means using an Electronic Document and Records Management System (EDRMS). A key requirement for electronic document and records management will be version and security control.
7.0 Functional Approach to Records Management
A ‘function and activity model’ will be devised for the management of University records. This model will represent all University functions and activities in order to develop a corporate file plan by which all University files can be classified and organised.
When implementing the function and activity model, it will be made clear which sets of records the organisational units are responsible for managing. Departmental level records retention schedules will be devised for each business function and these will be published on both the Data Protection and Freedom of Information Office and departmental websites.
- Records management is the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records. (ISO 15489).
- A Record is information created, received, and maintained as evidence and information by an organisation or person in pursuance of legal obligations or in the transaction of business (ISO 15489)
- A Retention schedule define actions for the management, and dates for the disposal of records in a particular class determined on the basis of administrative; legal; fiscal and audit requirements.
- The Disposition defines the final action on a series of records, e.g. destroy, permanent preservation.
- Archives contain records selected for permanent preservation as part of the University’s corporate memory and as a resource for research.
- Functions are defined as what an organisation is responsible for doing in order to fulfil its role.
- Activities are what an organisation does in order to fulfil its functions.
This Strategy was approved by the Information Policy and Strategy Committee at its meeting on 4th December 2006.