If you are reading this page using a screenreader, we support ARIA landmarks for quick navigation too

Records management policy

Please tell us what you think about our website, we welcome your feedback.

Customer notice

Due to essential maintenance some of our web services will be unavailable between these times 7pm Friday 25 May and 5pm Sunday 27 May 2012.

In case of any emergencies please see our Facebook or Twitter pages.

What is it?

Effective records management is vital to the delivery of Wiltshire Council’s services, helping the organisation operate in an efficient and accountable manner. A good records management programme ensures that the right information is available to the right people, at the right place, at the right time, every time. It provides evidence of what we do and why, therefore protecting the interests of the council and its staff as well as those who interact with the organisation. Records, and the information they preserve, are recognised as an important corporate asset.

The council aims to balance its commitment to openness and transparency with the responsibilities it has to protect certain types of information. All employees therefore have a duty to create and manage records efficiently and responsibly, ensuring they are accessible to authorised people when necessary, stored and transferred securely and disposed of appropriately at the right time.

The Records Management Policy and supporting documentation details the Council’s expectations of its workforce in relation to records management, providing clear guidance on how to create and maintain accurate and reliable records.

Go straight to the section:

Who does it apply to?

This guidance applies to all Wiltshire Council employees and third party contractors who create, handle, process, review and dispose of records for or on behalf of Wiltshire Council.

When does it apply?

This policy applies to all records belonging to Wiltshire Council, including records relating to ex-district and ex-county functions. It is relevant to all records, regardless of whether they are physical or electronic in nature.

When does it not apply?

This policy applies at all times.

What are the main points?

1. What is a record?

The International Standard for records management is ISO 15489. This defines a record as:

‘information created, received and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business.’

A record can exist in any format. It may be physical, such as handwritten or printed documents, photographs, maps and microfilm. Alternatively, a record may be electronic, having been either born digital, such as an email or database, or digitised such as a scanned image of a letter or photograph.

2. What is the purpose of records management?

Records are the lifeblood of any organisation. They build the foundations on which decisions are made, services provided and policies developed and communicated. The aim of records management is to ensure that the council is supported in all of its functions by accurate and reliable record keeping. The records management framework must therefore:

  • Support the council’s business needs
  • Provide authoritative information about past actions and decisions for current business purposes
  • Facilitate the explanation and justification of past actions in the event of an audit, public enquiry or other investigation
  • Protect the legal and other rights of the organisation, its staff and stakeholders
  • Conform to the relevant legislation, regulations and standards
  • Provide storage facilities which keep records securely and protect them from accidental loss, and/or destruction
  • Identify and train staff in the management of records within their sphere of action or responsibility
  • Provide continuity in the event of a disaster by including records and information management in the corporate risk management framework.

3. What is the record lifecycle?

All records, whether physical or electronic, pass through identifiable stages in their lifecycle from initial creation to final disposal. At each phase of the cycle, records must be carefully managed to ensure they retain their integrity, authenticity and reliability. The following diagram represents the record lifecycle:

Record lifecycle: creation, use, retention, appraisal, disposal

Creation: the initial creation and capture of a record and its successful incorporation into a record keeping system

Use: the general day to day use of the document, including its distribution to any relevant parties

Retention: the process of assigning an appropriate retention and disposal regime to the record

Appraisal: reviewing the record in order to decide whether it should be preserved or destroyed

Disposition: the process of preparing records for transfer to archive for permanent preservation, or final deletion / destruction

4. How should records be stored?

Appropriate storage conditions ensure that records are protected, accessible and managed in a cost-effective manner for each stage of the record lifecycle. The purpose of the record, its format, value and use will dictate how the record should be stored.

To ensure that all records are adequately stored and protected, the storage facilities provided by the council will, as far as reasonably possible, provide the following:

  • A safe storage environment with all identified risks mitigated
  • A suitable range and stability of temperature and humidity levels
  • Adequate protection against fire, water, pests (e.g. insects or vermin) and contaminants (e.g. mould or toxins)
  • Security systems to facilitate controlled access and deter unauthorised entry

Requirements specific to physical records:

  • Shelving and storage equipment appropriate for the format of the records
  • Containers which are suitably robust to withstand handling, but which will not damage the records during storage.

Requirements specific to electronic records:

  • Backup systems to prevent loss of records through system failures, including regular back up schedules, multiple copies on a variety of media, dispersed storage locations and the ability to respond to both routine and urgent access to backup copies
  • Maintenance processes to prevent physical damage to the media
  • Preservation processes to manage the obsolescence of hardware, software and file formats

Where a third party is employed to store either physical or electronic records on behalf of the council, the contractor must show that they are able to meet the requirements outlined above. The Service Level Agreement must clearly state the rights and responsibilities of both the council and the contractor.

Should a storage facility managed by either the council or a third party fail to meet any of the requirements detailed above, prompt action must be taken to rectify the problem. Where necessary, records should be removed to an alternative location until such a time as the deficiencies are corrected.

5. How should records be created and maintained?

All staff and third party contractors are expected to abide by the following recommendations, working with any relevant internal or external parties to achieve the desired outcome:

  • Records must be full and accurate, authentic, reliable, complete, unaltered and usable. They should not include any irrelevant information.
  • Records should be created and captured in a timely manner by an appropriate officer at the correct level of authority
  • Records should be created, maintained and managed systematically
  • All users of record keeping systems must be fully trained in their use and procedures.
  • Records must adhere to any classification schemes issued
  • Each service must ensure that the records they manage can be identified and retrieved when required, within legislative timescales.
  • A contingency or business recovery plan must be in place for all records which are vital to the continued running of a service.

6. Characteristics of a records system

All records systems, regardless of whether they are associated with physical or electronic records, should adhere to the recommendations below.

Records systems should:

  • Routinely capture all records so as to accurately reflect the business activities of every service
  • Organise the records in a way that reflects the business processes of the services
  • Protect the records from unauthorised alteration, deletion, use or concealment
  • Provide authorised personnel with ready access to relevant records and where appropriate, their metadata
  • Provide the functionality to control and monitor access, user verification and record disposals
  • Contain complete and accurate representations of all transactions that occur in relation to a particular record. Such details may be documented as part of the metadata embedded in, attached to or associated with a specific record. Alternatively, they may be recorded as audit trails which should be kept at least as long as the document to which they relate is retained
  • Have the ability to track the movement of the record, in order to identify who has, or who has had custody of it.
  • Be able to prove a record’s integrity over a period of time. All systems should ensure that records remain accessible for the length of their recommended period of retention as stated in the Corporate Retention Policy.
  • Be managed in line with current regulatory requirements, as well as business need

When records are transferred from one records system to another, the transfer should be carried out in a way that preserves the key characteristics of the records. Such characteristics may include (but are not restricted to) the content of the records, their context, and where appropriate, their associated metadata.

7. Record retention and disposal

Record retention periods must be determined and recorded for all records created, received and maintained by the council. A complete listing of retention requirements can be found in the Corporate Retention Policy.

When a record reaches the end of its retention requirement, a decision must be made over whether the record should be archived or destroyed. This decision should be made in line with the Corporate Retention Policy and must be formally authorised and recorded by the information owner or an appropriate individual within their line management chain. This is true regardless of whether the record is physical or electronic in nature.

Records which are the subject of litigation or a request for information must not be destroyed until the litigation is resolved or the information request process (including all complaints and appeals) is complete.

Records which have long-term historical or research value are worthy of permanent preservation and must not be destroyed. Such records must be transferred to the county archive at the Wiltshire and Swindon History Centre.

Once completed, the Record Disposal Authorisation Form must be kept permanently. This is because it is a record in its own right and forms part of an important audit trail. The form demonstrates that specific records created and maintained by your team either no longer exist, or are no longer under your control. This enables the council to process information requests (such as those made under the Data Protection Act 1998) accurately and efficiently.

8. Monitoring and Auditing

Records systems should be monitored regularly to ensure they comply with all relevant policies, procedures and standards operated by the council. Performance monitoring should take into account the following:

  • Procedural responsibilities
  • Work quantity
  • Work quality
  • System security and integrity

A records system must be able to show that the council is compliant with all relevant legislation governing the management of records. If the integrity or authenticity of a record is called into question in court by suggestions of tampering, incompetence or system malfunction, the evidential weight or value of the record may be lost.

9. Training

Appropriate training must be provided for all employees, volunteers and third party contractors who create or maintain records for or on behalf of the council.

Roles and responsibilities

Employee responsibilities

1. You are responsible for ensuring that all information sources for which you have responsibility are maintained in line with corporate guidance. This applies to all electronic and hard copy information. In particular, you must make sure that sufficient time is spent on ensuring that information is kept accurate and up-to-date and stored in ways that promote findability. All redundant information must be archived, deleted or physically destroyed in accordance with the corporate Records Retention Policy.

2. You should also ensure that access permissions are maintained to limit access to sensitive information. You are responsible for maintaining the confidentiality of sensitive data, whether held electronically or in hard copy, and promptly reporting all breaches, or potential breaches, of our Information Security Policy to the Information Assurance Team. Line manager / team leader responsibilities

3. You are responsible for ensuring that all information sources for which your team has responsibility are created and maintained in line with corporate guidance. This applies to all electronic and hard copy information. In particular, you should allocate sufficient resource from within your team to ensure that information is kept accurate and up-to-date and stored in ways that promote findability. All redundant information must be archived, deleted or physically destroyed in accordance with the corporate Records Retention Policy. You are expected to liaise with the Information Management team as necessary to make sure that records management standards are met.

4. You should also ensure that access permissions are maintained to limit access to sensitive information. You are responsible for maintaining the confidentiality of sensitive data, whether held electronically or in hard copy, and promptly reporting all breaches, or potential breaches, of our Information Security Policy to the Information Assurance Team.

5. You are responsible for ensuring that your staff are trained in all aspects of records management throughout the record lifecycle, including adequate training in records management systems.

Heads of service

6. Heads of service must ensure that their service areas comply with all relevant policies, procedures and standards in the field of records management. They must advise their services and the Information Management team of any revisions to legislation or standards that impact upon records management practice.

The Information Management team

7. The Information Management team are responsible for establishing the records management policies, procedures and standards for the organisation. They are also responsible for communicating any relevant developments in the field of records management to the appropriate parties.

The team will provide council services with advice, practical guidance and training on good records management practice. They will act as a point of contact for any records management query.

9. The team will, as far as reasonably possible, ensure that any document and records management system employed by the council can:

  • Create appropriate records to support the relevant business area
  • Adequately manage records throughout their lifecycle
  • Maintain, store and preserve records for the period of their usefulness to the organisation
  • Dispose of records in accordance with a defined approval process

10. The Head of Information Management maintains lead responsibility for records management and for overseeing policy and programme implementation.

Legislation

  • Public Records Act 1958 and 1967
  • Local Government (Records) Act 1962
  • Local Government Act 1972
  • Local Government (Access to Information) Act 1985
  • Data Protection Act 1998
  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004

Standards and Guidelines

  • BS 4783 Storage transportation and maintenance of media for use in data processing and information storage
  • ISO 27002 Code of practice for information security management
  • ISO 15489 Information and Documentation – Records Management
  • PD 0008 Code of practice for legal admissibility and evidential weight of information stored on electronic document management systems
  • PD 0010 Principles of good practice for information management
  • Records Management Standard RMS 3.1: Storage of Semi-Current Records
  • Lord Chancellor’s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

Last updated: 20 July 2011

Skip to top

Actions

Search

This website