records management policy and retention guidelines management policy and retention guidelines ......

Download Records management policy and retention guidelines   management policy and retention guidelines ... 1.3 This document provides the policy framework through which ... meeting is dealing with confidential

Post on 04-May-2018

213 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • 1

    Records management policy and retention guidelines

    May 2018 Office use

    Published: May 2017

    Next review: May 2018 Updated May 2019

    Statutory/non: Non statutory

    Lead: Alison Elway Head of Governance

    Associated documents:

    GDPR Data Protection Policy including Privacy Notices for Staff and Students

    Photograph and Videography Policy

    Freedom of Information Policy

    Links to: https://irms.org.uk/general/custom.asp?page=SchoolsToolkit

  • 2

    Contents

    1 Introduction ................................................................................................................................ 3

    2 Scope of the policy .................................................................................................................... 3

    3 Responsibilities .......................................................................................................................... 3

    4 Relationship with existing policies ............................................................................................. 4

    Appendix A: Records management retention guidelines .................................................................. 5

  • 3

    1 Introduction

    1.1 The academies within Diverse Academies Learning Partnership recognise that by efficiently

    managing its records, it will be able to comply with its legal and regulatory obligations and to

    contribute to the effective overall management of the institution.

    1.2 Records provide evidence for protecting the legal rights and interests of the academy, and

    provide evidence for demonstrating performance and accountability.

    1.3 This document provides the policy framework through which this effective management can

    be achieved and audited. It covers:

    Scope

    Responsibilities

    Relationships with existing policies

    2 Scope of the policy

    2.1 This policy applies to all records created, received or maintained by staff of each academy

    in the course of carrying out its functions.

    2.2 Records are defined as all those documents which facilitate the business carried out by the

    academy and which are thereafter retained (for a set period) to provide evidence of its transactions

    or activities. These records may be created, received or maintained in hard copy or electronically.

    3 Responsibilities

    3.1 Each academy has a corporate responsibility to maintain its records and record keeping

    systems in accordance with the regulatory environment. The person with overall responsibility for

    this policy is the Principal of the Academy.

    3.2 The person responsible for records management in the academy (usually the Academy

    Operations Manager) will give guidance for good records management practice and will promote

    compliance with this policy so that information will be retrieved easily, appropriately and in a timely

    way. They will also monitor compliance with this policy by surveying at least annually to check if

    records are stored securely and can be accessed appropriately.

    3.3 Individual staff and employees must ensure that records for which they are responsible are

    accurate, and are maintained and disposed of in accordance with the academys records

    management guidelines.

  • 4

    4 Relationship with existing policies

    This policy has been drawn up within the context of:

    Freedom of Information policy

    Data Protection, General Data Protection Regulation (GDPR) policy

    and with other legislation or regulations (including audit, equal opportunities and ethics)

    affecting the academy.

  • 5

    Appendix A: Records management retention guidelines 1. Safe destruction of records

    All records containing personal information, or sensitive policy information should be made either

    unreadable or unreconstructable.

    Paper records should be shredded using a cross-cutting shredder

    CDs / DVDs should be cut into pieces

    (USB/Portable) Hard Disks should be destroyed prior to disposal

    Any other records should be bundled up and disposed of to a waste paper merchant or disposed of

    in other appropriate ways.

    Do not put records in with the regular waste or a skip.

    The majority of DALP academies use waste management removal companies to ensure that

    records are disposed of in an appropriate way. Any waste management company that is used must

    have confirmed that they are GDPR compliant prior to being appointed.

    Where an external provider is used it is recommended that all records must be shredded on-site in

    the presence of an employee. The organisation must also be able to prove that the records have

    been destroyed by the company who should provide a Certificate of Destruction.

    Staff working for the external provider should have been trained in the handling of confidential

    documents.

    The shredding needs to be planned with specific dates and all records should be identified as to

    the date of destruction.

    Where records are destroyed internally, the process must ensure that all records are recorded are

    authorised to be destroyed by a Senior Manager and the destruction recorded. Records should be

    shredded as soon as the record has been documented as being destroyed.

    2. Transfer of information to other media

    Where lengthy retention periods have been allocated to records, members of staff may wish to

    consider converting paper records to other media such as microform or digital media. The lifespan

    of the media and the ability to migrate data where necessary should always be considered.

    Consideration should also be given to the legal admissibility of records that have been converted

    from paper to electronic media. It is essential to have procedures in place so that conversion is

    done in a standard way. This means that organisations can prove that the electronic version is a

    genuine original and could not have been tampered with in any way. Reference should be made to

    British Standard 10008:2008 Evidential weight and legal admissibility of electronic information

    when preparing such procedures.

  • 6

    1.ManagementoftheacademyThissectioncontainsretentionperiodsconnectedtothegeneralmanagementoftheacademy.ThiscoverstheworkoftheLocalAcademyBoardthePrincipal/SeniorLeaderandtheseniormanagementteam,theadmissionsprocessandoperationaladministration.

    1.1AcademyBoard

    Basicfiledescription DataProtectionIssues StatutoryProvisions RetentionPeriod[Operational] Actionattheendoftheadministrativelifeoftherecord

    1.1.1 AgendasforAcademyBoardmeetings

    Theremaybedataprotectionissuesifthemeetingisdealingwithconfidentialissuesrelatingtostaff

    Onecopyshouldberetainedwiththemastersetofminutes.Allothercopiescanbedisposedof

    SECUREDISPOSAL1

    1.1.2 MinutesofAcademyBoardmeetings Theremaybedataprotectionissuesifthemeetingisdealingwithconfidentialissuesrelatingtostaff

    PrincipalSet(signed) PERMANENT

    InspectionCopies2 Dateofmeeting+3years Iftheseminutescontainanysensitive,personalinformationtheymustbeshredded.

    1.1.3 ReportspresentedtotheAcademyBoard

    Theremaybedataprotectionissuesifthereportdealswithconfidentialissuesrelatingtostaff

    Reportsshouldbekeptforaminimumof6years.However,iftheminutesreferdirectlytoindividualreportsthenthereportsshouldbekeptpermanently

    SECUREDISPOSALorretainwiththesignedsetoftheminutes

    1.1.4 Meetingpapersrelatingtotheannualparentsmeetingheldundersection33oftheEducationAct2002

    No EducationAct2002,Section33

    Dateofthemeeting+aminimumof6years

    SECUREDISPOSAL

    1InthiscontextSECUREDISPOSALshouldbetakentomeandisposalusingconfidentialwastebins,oriftheAcademyhasthefacility,shreddingusingacrosscutshredder. 2ThesearethecopieswhichtheclerktotheGovernormaywishtoretainsothatrequestorscanviewalltheappropriateinformationwithouttheclerkneedingtoprintoffandcollateredactedcopiesoftheminuteseachtimearequestismade.

    InformationManagementToolkitforSchoolsv501February2016www.irms.org.uk37

  • 7

    1.1AcademyBoard

    Basicfiledescription DataProtectionIssues StatutoryProvisions RetentionPeriod[Operational] Actionattheendoftheadministrativelifeoftherecord

    1.1.5 InstrumentsofGovernmentincludingArticlesofAssociation

    No PERMANENT TheseshouldberetainedintheDALPHeadOffice

    1.1.6 TrustsandEndowmentsmanagedbyDALP

    No PERMANENT TheseshouldberetainedintheDALPHeadOffice

    1.1.7 ActionplanscreatedandadministeredbytheAcademyBoard

    No Lifeoftheactionplan+3years SECUREDISPOSAL

    1.1.8 PolicydocumentscreatedandadministeredbytheAcademyBoard

    No Lifeofthepolicy+3years SECUREDISPOSAL

    1.1.9 RecordsrelatingtocomplaintsdealtwithbytheAcademyBoard

    Yes Dateoftheresolutionofthecomplaint+aminimumof6yearsthenreviewforfurtherretentionincaseofcontentiousdisputes

    SECUREDISPOSAL

    1.1.10 AnnualReportscreatedundertherequirementsoftheEducation(GovernorsAnnualReports)(England)(Amendment)Regulations2002

    No Education(GovernorsAnnualReports)(England)(Amendment)Regulations2002SI2002No1171

    Dateofreport+10years SECUREDISPOSAL

    1.1.11 ProposalsconcerningthechangeofstatusofamaintainedschoolincludingSpecialistStatusAcademyandAcademies

    No Dateproposalacceptedordeclined+3years

    SECUREDISPOSAL

    PleasenotethatallinformationabouttheretentionofrecordsconcerningtherecruitmentofPrincipals/SeniorLeaderscanbefoundintheHumanResourcessectionbelow.

    InformationManagementToolkitforSchoolsv501February2016

Recommended

View more >