Guidance on Managing Research Records

Guidance on Managing Research Records

Why do we need to manage research records?

Records of research projects should be retained and managed in order to:

  • Demonstrate that the information is accurate, authentic, credible and verifiable
  • Demonstrate compliance with information legislation (e.g. General Data Protection Regulation)
  • Demonstrate effective and auditable procedures and practices, ensuring compliance with the requirements of external funders and sponsors, regulatory professional bodies, internal and external auditors
  • Protect individual researchers and the University from allegations of professional or research misconduct

What are research records?

The records of a research project tend to cover four principal areas: the research process, research outcomes/products, research project management, and the research data itself. Examples of these areas include:

Research process
protocols, Standard Operating Procedures (SOPs), applications for regulatory approval.

Research outcomes/products
reports, monographs

Research project management
contracts, invoices, staff records, funding applications and budgetary information.

Research Data
questionnaires, notes, photographs, samples, databases, recordings (both audio and visual).

Who is responsible for managing research records?

While ultimate responsibility for research records lies with the Principal Investigator (PI), all staff involved in the research project must assume responsibility for ensuring the accuracy, completeness, and security of research data.  This includes student researchers and supervisors, as well as members of staff supporting the research process.

Keeping information secure

Due to the often sensitive and confidential nature of the information created and managed during research projects, it is imperative that appropriate security measures are in place and that all staff are aware of the need to keep information secure.  During the research project and on its completion, records and data must be stored in a secure and appropriate environment.  The selected store should be “fit for purpose” and provide adequate space, security, access control and environmental conditions.  Appropriate technical procedures should be established to ensure that instances of unauthorised access, loss or misuse of data do not occur. These procedures should apply to both on and off-campus activity, especially if staff work from home.  Access to all personal data should be controlled through the use of passwords, which must be changed on a regular basis (and always when a member of staff leaves the project).

Paper records

Records must be kept in locked cabinets and in locked offices or storage rooms. Access to cabinets, offices, and storage rooms must be restricted to authorised personnel only.

Information should be destroyed appropriately, either using a cross-cut shredder or by using the University’s confidential waste service. Please see our A to Z entry on disposal of records for further guidance.

Electronic records

  • Ensure that your PC is locked whenever you are away from your desk
  • Passwords should never be shared with other members of staff, and should be changed on a regular basis
  • Each study database should be password protected, with its own unique password and access to the password restricted to authorised personnel only
  • Where identifiable data is not a requirement of the research project, the data should be retained in an anonymised format

Further guidance

Contact the Data Protection & FOI Office for further DP or records-related questions.

JISC Legal has an extensive question and answer document which provides guidance on data protection and research records.

Our A to Z guide on research dealing with personal data also provides additional information and guidance.