Records Management Policy

Please find the Records Management Policy of the National Records of Scotland (NRS) below. You can also download this document:

Download the NRS Records Management Policy as a PDF file - Acrobat PDF 47KB, new window
Download the NRS Records Management Policy as a RFT file - Rich Text Format 728KB, new window

1. Introduction

1.1 National Records of Scotland (NRS) is a new organisation, created on 1 April 2011, following the merger of the National Archives of Scotland (NAS) and the General Register Office for Scotland (GROS).

1.2 The key functions of the organisation are:

1.2.1 Preserving the Past - through the preservation of record collections in our care in order to make them available for current and future generations. NRS also advises other bodies on the care and management of records, and maintains the National Register of Archives for Scotland, which keeps track of archives in private hands.

1.2.2 Recording the Present - through the management, operation and delivery of Scotland's Census as well as the registration of births, deaths, stillbirths, marriages and civil partnerships. NRS maintains a national register of divorces, a national register of adoptions, the Scottish Register of Tartans and the National Health Service Central Register.

1.2.3 Informing the Future - through the collection, analysis and publication of official demographic statistics, drawn from the Census and other sources, to inform government policy. NRS also provides onsite and online facilities for people researching all aspects of Scottish life, and is responsible for identifying records from public bodies and selected private organisations which are of ongoing historical value and are to be transferred to NRS for permanent preservation.

1.3 NRS recognises that the effective management of its records, regardless of format, is essential in order to support these core functions, to comply with legal, statutory and regulatory obligations, and to demonstrate transparency and accountability to all its stakeholders. Records are a vital information asset and a valuable resource for the organisation's decision-making processes, policy creation and operations, and must be managed effectively from the point of their creation until their ultimate disposal.

2. Purpose and Scope

2.1 The purpose of this policy is to demonstrate the importance of managing records effectively within the organisation, to outline key aims and objectives for NRS in relation to its recordkeeping, and to act as a mandate for the support and delivery of records management policies, procedures and initiatives across the organisation.

2.2 This policy relates to all teams, branches and divisions of NRS and all records created by its employees. It relates to the management of records as an internal, facilitative function of the organisation and covers the records created by the organisation, about its activities. It does not relate to the management of historical records and archive collections that have been transferred to, or purchased by, NRS, for permanent preservation. (including NRS's own records, once accessioned as archives).

2.3 The policy relates to all staff, including those who are mobile working, working off site and working within joint partnerships, including permanent and temporary employees, volunteers, contractors and those on secondment or work experience placements. It applies to all records regardless of format or medium, including paper, electronic, audio, visual, microform and photographic.

2.4 The policy is to be read in conjunction with the Records Management Strategy for NRS, which details the aims, objectives and priorities for NRS as well as the current recordkeeping practices in place within the organisation. Such aims include the improvement of business efficiency through less time spent searching for information, increased joined up working and improved communications across the organisation as a whole; the demonstration of compliance with statutory and regulatory recordkeeping obligations including the Public Records (Scotland) Act 2011, the Freedom of Information (Scotland) Act 2002, the UK Freedom of Information Act 2000 and the Data Protection Act 1998; and the promotion of openness, transparency, accountability and improved corporate governance, commensurate with the organisation's role as the national recordkeeping body.

2.5 The Public Records (Scotland) Act 2011 places an obligation on named authorities in Scotland to produce a records management plan which sets out their arrangements for the effective management of all records. NRS is a named authority as defined in the act. The creation of a records management policy statement is a mandatory element of the plan, and is necessary in order to identify the procedures to be followed in managing the organisation's public records.

3. What is Records Management?

3.1 Records management can be defined as the process whereby an organisation manages its records, whether created internally or externally and in any format or media type, from their creation or receipt, through to their destruction or permanent preservation.

3.2 Records management is about placing controls around each stage of a record's lifecycle, at the point of creation (through the application of metadata, version control and naming conventions), during maintenance and use (through the management of security and access classifications, facilities for access and tracking of records), at regular review intervals (through the application of retention and disposal criteria), and ultimate disposal (whether this be recycling, confidential destruction or transfer to the archive branch for permanent preservation). By placing such controls around the lifecycle of a record, we can ensure they demonstrate the key attributes of authenticity, reliability, integrity and accessibility, both now and in the future.

3.3 Through the effective management of the organisation's records, NRS can provide a comprehensive and accurate account of its activities and transactions. This may be achieved through the management of effective metadata (footnote 1) as well as the maintenance of comprehensive audit trail data.

3.4 We retain records that provide evidence of our functions, activities and transactions, for:

• Operational Use - to serve the purpose for which they were originally created, to support our decision-making processes, to allow us to look back at decisions made previously and learn from previous successes and failure, and to protect the organisation's assets and rights.
  
  
• Internal & External Accountability - to demonstrate transparency and accountability for all actions, to provide evidence of legislative, regulatory and statutory compliance and to demonstrate that all business is conducted in line with best practice.
  
  
• Historical and Cultural Value - to protect and make available the corporate memory of the organisation to all stakeholders and for future generations.
  

4. Why is Records Management Important?

4.1 Information and records are a valuable corporate asset without which we would be unable to carry out our functions, activities and transactions, meet the needs of our stakeholders, and ensure legislative compliance.

4.2 The benefits of implementing records management systems and processes include:

• Improved information sharing and the provision of quick and easy access to the right information at the right time;
• The support and facilitation of more efficient service delivery;
• Improved business efficiency through reduced time spent searching for information;
• Demonstration of transparency and accountability for all actions;
• The maintenance of the corporate memory;
• The creation of better working environments and identification of opportunities for office rationalisation and increased mobile working;
• Risk management in terms of ensuring and demonstrating compliance with all legal, regulatory and statutory obligations;
• The meeting of stakeholder expectations through the provision of good quality services.
  

5. Policy Statement and Commitment

5.1 It is the policy of NRS to maintain authentic, reliable and useable records, which are capable of supporting business functions and activities for as long as they are required. This will be achieved through the consolidation and establishment of effective records management policies and procedures, including:

• The development of a business classification scheme to reflect the functions, activities and transactions of NRS.
• The review and consolidation of the retention and disposal schedule to provide clear guidance regarding the management of NRS records.
• The review and consolidation of destruction arrangements to detail the correct procedures to follow when disposing of business information.
• The production of detailed archive transfer arrangements in order to provide advice and guidance on how to securely transfer records to the archive, define the appropriate access status for various records, and identify any relevant exemptions under the Freedom of Information (Scotland) Act 2002 and UK Freedom of Information legislation.
• The review and consolidation of information security policies and procedures in order to protect records and systems from unauthorised access, use, disclosure, disruption, modification, or destruction.
• The review and consolidation of data protection policies in order to demonstrate NRS' commitment to compliance with the Act and the safeguarding and fair processing of all personal data held.
• The establishment of a business continuity plan, encompassing strategies to ensure that vital records held by NRS remain accessible over time and that there are processes in place to monitor the integrity and usability of records.
• The review of audit trail mechanisms, the potential of existing systems, and the gap which exists between current provision and best practice, in order to produce a clear strategy for improving the capture and management of key events in a record's lifecycle (e.g. creation, access, editing, destruction or preservation).
• The identification of records management as a distinct stream within the organisation's training portfolio, with dedicated training provided to all staff.
• The completion of a self assessment review, following the implementation of the records management plan in order to ensure that the records management practices remain fit for purpose and continue to act as exemplars within the profession in Scotland.
  

6. Roles and Responsibilities

6.1 All staff have a responsibility to manage records effectively, through the documentation of all decisions and actions made by NRS; the effective maintenance of records throughout their lifecycle, including access, tracking and storage of records; the timely review of records and their ultimate disposal, whether this be transfer to Government Records Branch for permanent preservation, or confidential destruction or recycling.

6.2 The lead responsible officer for records management in NRS is the Head of Corporate Services Division. With the support of the Records Manager, they have responsibility for ensuring compliance with this records management policy.

6.3 All heads of division and heads of branch are responsible for approving a corporate approach to the management of records as defined within this policy, promoting a culture of excellent recordkeeping principles and practices in order to improve business efficiency, supporting records management through commitment and the provision of resources and recognising the importance of preserving NRS's corporate memory.

6.4 All branch representatives for records management are responsible for offering advice and guidance regarding records management to all staff within their branch, highlighting any records management issues or concerns to the Records Manager and transferring all records of historical value to Government Records Branch for permanent preservation.

6.6 All NRS colleagues are responsible for suitably maintaining all records so that they can be easily retrieved, retaining all records in line with the retention and disposal schedule, ensuring that all actions and decisions are properly recorded and adhere to this policy.

6.7 The Records Manager is responsible for ensuring that records management practices and procedures are established in line with all legal obligations and professional standards, issuing advice and guidance to all staff throughout NRS, establishing and liaising with branch representatives throughout NRS and meeting the aims and objectives as outlined in the records management strategy.

7. Legislative Framework

7.1 The management of NRS's records is done so in line with the following legislative, statutory and regulatory framework. Compliance with this policy will facilitate compliance with these acts, regulations and standards.

• Public Records (Scotland) Act 2011
• Equality Act 2010
• UK Statistics Authority - Code of Practice for Official Statistics 2009
• Statistics and Registration Service Act 2007
• Local Electoral Administration and Registration Services (Scotland) Act 2006
• The Environmental Information (Scotland) Regulations 2004
• Freedom of Information (Scotland) Act 2002
• Freedom of Information Act 2000
• Management of Health and Safety at Work Regulations 1999
• Human Rights Act 1998
• Data Protection Act 1998
• Audit Commission Act 1998
• Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995
• Value Added Tax Act 1994
• Prescription and Limitation (Scotland) Act 1973
• Health and Safety at Work etc. Act 1974
• Taxes Management Act 1970
• Public Records Act 1967
• Registration of Births, Death and Marriages (Scotland) Act 1965
• Population (Statistics) Act 1960
• Public Registers and Records (Scotland) Act 1948
• Public Records (Scotland) Act 1937
• Census Act 1920

7.2 NRS also aims to operate in accordance with the following best practice standards for recordkeeping:

• BS 10008:2008 - Evidential Weight and Legal Admissibility of Electronic Information
• BS ISO 27001: 2005 - Information Security
• BS ISO 15489: 2001 - Information & Documentation - Records Management (Parts 1 & 2)
  
  

8. Relationship to other NRS Policies

8.1 This policy forms part of NRS's overall framework but specifically relates to the following policies and procedures:

• Data Protection Policy
• Retention and Disposal Schedule
• Business Continuity Plan & Vital Records Policy
• Information Security Policy
• Information Risk Management Policy
• Incident Response Policy
• Access Control Policy
• Mobile Home Working Policy
• Protective Monitoring Policy
• Policy Statement on Disposal of Official Information
• Data Handling and Management Policy
• Secure Data Erasure Procedure
  

9. Training

9.1 A comprehensive training programme will be provided to all staff in order to highlight and increase awareness of their responsibilities in line with data protection, freedom of information and records management. Furthermore, core competencies and key knowledge and skills required by staff with operational responsibility for records management will be clearly defined to ensure that they understand their roles and responsibilities, can offer expert advice and guidance, and can remain proactive in their management of recordkeeping issues and procedures within NRS.

10. Monitoring & Review

10.1 Compliance with this Policy and related standards and guidance will be monitored by the Records Manager in consultation with Branch Representatives and the Head of Corporate Services Division. Regular reports will be submitted to the Departmental Planning Group and updates will be disseminated to all colleagues via the corporate intranet and email network.

10.2 This policy will be reviewed in March 2013 and then again in January 2014, when it is expected that the Keeper of the Records of Scotland will review NRS's compliance with the Public Records (Scotland) Act 2011. Further reviews of the policy will then take place at least every two years in order to take account of any new or changed legislation, regulations or business practices.

Footnotes:

1. Metadata can be defined in very general terms as 'data about data' and is necessary in order to understand the context, purpose, extent and location of a record. Examples of metadata can include information relating to a record's creator, creation date, receipt date, editor, access history and disposal. (back to text)