TRANSLINK RECORDS MANAGEMENT POLICY Version Status Revision date Document History Number 0.1 Draft February 2007 Document Created 0.2 Draft 20 th April 2007 External quality assured by consultants (C9074) 0.3 Draft 24 th April 2007 Approved by Executive Group 1.0 Final 9 th May 2007 Approved and Endorsed by NITHCo Board Version Drafts 0.1 0.3 Final 1.0 Authors David Laird Executive - Projects & IT Seamus Kane Head of IT And by NITHCO Board on 9 th May 2007 Page 1 of 12
TRANSLINK RECORDS MANAGEMENT POLICY 1. Translink is dependent on its records in order to operate efficiently and account for its actions. This policy defines a structure for Translink to ensure adequate records are maintained, managed and controlled effectively and at best value, commensurate with legal, operational and information needs. Background 2. Our organisation's records are our corporate memory, providing evidence of actions and decisions and representing a vital asset to support our daily functions and operations. They support policy formation and managerial decision-making, protect the interests of Translink and the rights of staff and members of the public who have dealings with Translink. They support consistency, continuity and efficiency and productivity and help us deliver our services in consistent and equitable ways. 3. Records management, through the proper control of the content, storage and volume of records, reduces vulnerability to legal challenge or financial loss and promotes best value in terms of human and space resources through greater coordination of information and storage systems. 4. All Translink records are Public Records under the Public Records Acts and must be kept in accordance with following statutory and Translink guidelines ( also see appendix A) And by NITHCO Board on 9 th May 2007 Page 2 of 12
The Data Protection Act 1998 Freedom of Information Act 2000 & Environmental Information Reg. 2005 Human Rights Act 1998 Controls Assurance framework - See Appendix B Guidance issued by PRONI, including the Northern Ireland Records Management Standard (NIRMS) http://proni.nics.gov.uk/nirms/edrm.htm The Lord Chancellor s Code of Practice on the Management of Records by Public Authorities and the transfer and review of public records under the Freedom of Information Act 2000, issues under Section 46 of Freedom of Information Act 2000 www.dca.gov.uk/foi/codemanrec.htm Scope 5. This policy relates to all operational records. Operational records are defined as information, created or received in the course of business, and captured in a readable form in any medium, providing evidence of the functions, activities and transactions. They include: Administrative records (including personnel, accounting records, contract records, litigation and records associated with complaint-handling) Photographs, slides, and other images Audio and video tapes, cassettes Records in all electronic formats And by NITHCO Board on 9 th May 2007 Page 3 of 12
They do not include copies of documents created by other organisations such as the Department of Regional Development, which are kept for reference and information only. 6. All records created in the course of the business of Translink are corporate records and are public records under the terms of the Public Records Acts 1958 and 1967. This includes email messages and other electronic records. Objectives 7. The seven main objectives of this policy are: - Accountability that adequate records are maintained to account fully and transparently for all actions and decisions in particular; To protect legal and other rights of staff or those affected by those actions To facilitate audit or examination To provide credible and authoritative evidence - Quality that records are complete and accurate and the information they contain is reliable and its authenticity can be guaranteed; - Accessibility that records and the information within them can be efficiently retrieved by those with a legitimate right of access, for as long as the records are held by the organisation; - Security that records will be secure from unauthorised or inadvertent alteration or erasure, that access and disclosure will be properly controlled and audit trails will track all use And by NITHCO Board on 9 th May 2007 Page 4 of 12
and changes. Records will be held in a robust format which remains readable for as long as records are required; - Retention and disposal that there are consistent and documented retention and disposal procedures to include provision for permanent reservation of archival records; - Training that all staff are made aware of their recordkeeping responsibilities through generic and specific training programmes and guidance; - Performance measurement that the application of records management procedures are regularly monitored against agreed indicators and action taken to improve standards as necessary: And by NITHCO Board on 9 th May 2007 Page 5 of 12
Implementation 8. This policy will be implemented by a series of programmes to include: Records creation - Creation of adequate records to document essential activities; - Structured information (content management, version control) to facilitate shared systems based on functional requirements; - Referencing and classification for effective retrieval of accurate information; - Documented guidelines on creation and use of record systems Records maintenance - Assignment of responsibilities to protect records from loss or damage over time; - Access controls to prevent unauthorised access or alteration of records; - Defined security levels for access to electronic records and procedures to amend access authorisations as appropriate when staff move - Tracking systems to control movement/audit use of records; - Identification and safeguarding key or vital records; - Arrangements for business continuity; - Training and guidance Records disposal - Systematic retention schedules and procedures for consistent and timely disposal; - Central storage systems for records requiring long-term retention to include electronic archiving systems; - Mechanisms for regular transfer of records designated for permanent preservation to appropriate archives And by NITHCO Board on 9 th May 2007 Page 6 of 12
Training and guidance - Inclusion of records management functions in job processes where appropriate; - Generic and specific guidance on record-keeping standards and procedures; - Training programmes Performance measurement - Development of effective indicators and review systems to improve records management standards - Annual audit of record management implementation to - ensure policy is being implemented - ensure retention and disposal guidelines are being adhered to. Responsibilities 9. The Chief Executive has overall responsibility for ensuring that records are managed responsibly within Translink. 10. The Head of Projects is responsible for co-ordinating records management in the organisation and identifying key corporate records and providing guidance and advice on their management and retention. 11. Divisional Executives are responsible for ensuring that the policy is implemented in their individual departments. They will nominate departmental representatives, who will liaise with the Head of Projects on the management of records in that directorate. 12. Records management responsibilities will be written into all accountable individuals job descriptions and clear procedures for retention of key records issued. It is the responsibility of all staff to ensure that they keep appropriate records of their work in Translink and manage those records in And by NITHCO Board on 9 th May 2007 Page 7 of 12
keeping with this policy and with any guidance subsequently produced by the Head of Projects. And by NITHCO Board on 9 th May 2007 Page 8 of 12
Appendix A Legislation and National Guidelines Controls Assurance Records Management is one of the Controls Assurance Standards developed by the DHSS. The standard requires a systematic and planned approach to the management of records to be in place so that Translink can ensure, from the moment a record is created until its ultimate disposal, it can control both the quality and quantity of information it generates; maintain that information in a manner that effectively services its needs and those of its stakeholders; dispose of the information appropriately when it is no longer required. (A list of the criteria set up to endorse that the standard is in place is attached in Appendix B and is based upon control assurance standards developed by DHSS ref. http://www.dhsspsni.gov.uk/records_05.pdf). The Data Protection Act 1998 The 1998 Data Protection Act places a statutory responsibility on all organisations to protect the personal data, which they hold. In relation to records management this means that organisations must implement measures to: - Maintain the accuracy of data held Protect the security of personal data Control access to personal data Make arrangements for secure disposal once the record is no longer required The Freedom of Information Act 2000 gives the public the right to access to information held by public bodies. The Act recognises that members of the public have the right to know how public services such as Translink are organised and run, i.e. How much they cost? And by NITHCO Board on 9 th May 2007 Page 9 of 12
What services are being provided? How to make a complaint? The targets that are being set. The standards that are expected and the results achieved. Section 19 of the Freedom of Information Act 2000 requires that some documents be released for public scrutiny pro-actively. This has been implemented by Translink by the posting of a Publication Scheme, which has been approved by the Information Commissioner, on the Internet. Members of the public can access this information on Translink s website (paper copies will also be available if required). Any person who makes a request to Translink for information, must be informed within 20 days whether Translink holds that information and if so, it must be supplied. A public interest test may be carried out to determine if the benefit in disclosure outweighs the public interest in non-disclosure. Freedom of Information relies on good record keeping including the creation of reliable records, which can be located when requested, and which are correctly disposed of, or selected for permanent preservation, at the appropriate time. Freedom of Information requires that there should be an audit trail to track the legal disposal of documents that are no longer required. Human Rights Act 1998 Translink must observe the right of individuals to respect for their private lives. Information should only be disclosed when the disclosure is authorised by law. In selecting information for disclosure Translink should make the least intrusion possible into an individual s private life. Other relevant standards British Standards Institution BSi DISC PD0008: 1999 Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically British Standards Institution BSi DISC PD0018: 2001 Code of Practice: Information Management Systems: Building Systems fit for Audit International Standards Organisation ISO 15489 Information and Documentation : Records Management, 2 vols. 2001 And by NITHCO Board on 9 th May 2007 Page 10 of 12
International Standards Organisation ISO 9001 : 2000 Quality management systems : Requirements MoREQ: Model requirements for Recordkeeping Public Record Office Publications (http://pro.gov.uk/recordsmanagement) including: Requirements for Electronic Records Management Systems. Volume1: Functional Requirements, Volume 2: Metadata Standards & Volume 3 Reference Document. Kew. Public Record Office. Data Protection Act 1998: A guide for record managers and archivists, PRO 2000. Management, appraisal and preservation of electronic records 2 vols., PRO, 1999. Manual of guidance on access to public records, PRO 2001. The Northern Ireland Records Management standard (as published by the Public Records Office for Northern Ireland, PRONI) Office of the e-envoy publications (http://e-envoy.gov.uk). e-government data standards catalogue, version 1, UK Office of the e-envoy, 2002 e-government interoperability framework [e-gif] version 4.0, UK Office of the e-envoy, April 2002. e-government metadata framework [e-gmf], UK Office of the e-envoy, 2001. e-government metadata standard [e-gms] version 1.0, UK Office of the e- Envoy, April 2002. e-government category lists [GCL], version 1.1, UK Office of the e-envoy, May 2002. e-government: a Strategic Framework for public services in the information age: Guidelines: Security, UK Office of the e-envoy, 2001. ISO 17799-2005: Information technology - Security techniques - Code of practice for information security management And by NITHCO Board on 9 th May 2007 Page 11 of 12
Appendix B Controls Assurance Standard RECORDS MANAGEMENT CRITERION 1 Executive responsibility for records management is clearly defined and there are clear lines of accountability for records management throughout the organisation, leading to the Board. CRITERION 2 There is an organisation-wide records management strategy, which is endorsed by the Board. CRITERION 3 A senior Executive is responsible for co-ordinating, publicising, implementing and monitoring the records management strategy and reporting on a regular basis to the Board. CRITERION 4 The organisation has a comprehensive records management programme which includes the cost-effective management of non-current as well as active records, the storage, tracking, retrieval, environmental control and destruction of records when no longer required, and which also takes account of the organisation s risk management policy and strategy. CRITERION 5 All managers ensure that staff are aware of their personal responsibilities for record keeping. This includes the creation, use, storage, security and confidentiality of records. CRITERION 6 Records management services and controls are included in the organisation s plans and strategies. CRITERION 7 Employees, including managers are provided with appropriate information, instruction and training on records management matters. CRITERION 8 Key indicators capable of showing improvements in records management and/or providing early warning of risk are used at all levels of the organisation, including the Board, and the efficacy and usefulness of the indicators is reviewed regularly. CRITERION 9 The systems in place for records management are monitored, audited and reviewed by management and the Board at least annually in order to make improvements to the systems. CRITERION 10 The Board seeks independent assurances that an appropriate and effective system of managing records is in place and that the necessary level of controls and monitoring are being implemented. And by NITHCO Board on 9 th May 2007 Page 12 of 12