Records Management Policy
Summary
Purpose and scopeThe policy lays out controls for the management of records at the University. These can be summarised as follows:
- The University will create timely and accurate records as evidence of its activities in compliance with regulations and laws.
- Records will be secured against loss and alteration to maintain integrity.
- Records will be accessible throughout their lifecycle.
- There will be appropriate security measures for records where relevant.
- Records of persistent value will be preserved in the University archives.
- At the end of their retention period records will be appropriately disposed in accordance with UEL's retention schedule.
- There will be adequate support and training for UEL staff to implement this policy.
Records Management Policy
pdf, 205.57 KB
Who does this apply to
UEL's records management policy applies to:
- all records
- created and held by UEL
- or by third parties on UEL's behalf
- across physical, electronic and digital formats
1.Purpose and Scope of the Policy
1.1 Purpose
1.1.1 The purpose of this policy is to define the records management practices of the University of East London (UEL) and set out the responsibilities of staff, students, and other stakeholders in relation to the creation, maintenance, use and disposal of records. The University is committed to managing its records in a consistent, systematic, and secure manner, and in compliance with relevant legislation, regulations, and standards.
1.1.2 Effective records management is critical to the success of the University of East London. It is essential to ensure that records are created, managed, and disposed of in accordance with legal, regulatory, and operational requirements.
1.1.3 The University will comply with all relevant legislation, regulations, and standards relating to records management, including but not limited to the General Data Protection Regulation (GDPR), the Data Protection Act 2018, the Freedom of Information Act 2000, and the Environmental Information Regulations 2004. The University will also comply with any applicable industry or sector-specific standards or guidelines.
1.1.4 This policy has been developed with consideration of other University policies and will be subject to any changes in Government legislation and sector-wide regulations.
1.2 Scope
1.2.1 This policy applies to all records, paper or electronic, regardless of format or medium, created or received by the University and its staff, students, contractors, and third-party suppliers while conducting University business.
2. Framework and Implementation
2.1 Creation, Retention and Maintenance of Records
2.1.1 Records will be created in a timely and accurate manner, in compliance with all relevant legislation, regulations, and standards.
2.1.2 Records will be complete, consistent, and reliable to enable effective retrieval and use.
2.1.3 Employees and contractors responsible for creating records will be trained and equipped with the necessary tools and resources to ensure quality and consistency.
2.1.4 A retention schedule will regulate how long records, including student records are retained.
2.1.5 Records will be maintained through the following activities:
- 2.1.5.1 Providing processes and infrastructure for secure, accessible, and organized management of records
- 2.1.5.2 Storage in appropriate physical and digital locations, with adequate security measures to prevent unauthorized access, modification, or destruction.
- 2.1.5.3 Regular reviews to ensure accuracy and relevance.
2.2 Access and Use of Records
2.2.1 Records may be accessed and used for legitimate University purposes only.
2.2.2 Access to records will be controlled based on the need-to-know principle, with appropriate levels of authorization and authentication.
2.2.3 Records containing confidential or sensitive information will be protected by appropriate security measures, such as encryption and access controls.
2.3 Permanent and long-term Preservation
2.3.1 UEL shall implement a systematic process for the selection and appraisal of records eligible for permanent and long-term preservation. This process shall consider factors such as research value, historical significance, cultural heritage, administrative importance, and insurance.
2.3.2 The Information Governance function and the Library and Archives Team shall identify and document the criteria and rationale for the selection of records to be retained permanently, in collaboration with relevant stakeholders.
2.3.3 The University shall provide appropriate storage facilities and infrastructure to safeguard long-term and permanent records from risks such as damage, loss, unauthorized access, and technological obsolescence.
2.4 Security and Disposal of Records
2.4.1 Records will be secured against loss, unauthorized access, alteration, or destruction. The University will implement appropriate physical, technical, and organizational measures to protect records, including backup and disaster recovery procedures.
2.4.2 Records containing personal or sensitive information will be protected by appropriate security measures, such as access controls, encryption, and data minimization.
2.4.3 Access controls will be managed in line with the Data Classification Policy of the University of East London.
2.4.4 Records that are no longer required for legal, operational, or historical purposes will be identified and disposed of promptly.
2.4.5 The University will maintain documentation of the disposal process.
2.4.6 Records will be disposed of in a secure and timely manner, in accordance with legal requirements and sectoral guidance.
3. Training and Awareness
3.1.1 The University will provide training to all employees, contractors, and third party suppliers on records management best practices and their responsibilities under this policy.
3.1.2 Staff responsible for assurance on information will complete records management training offered by the university and implement it in their role at the University.
4. Reviewing and Monitoring
4.1.1 The University will regularly review and monitor its records management practices to ensure compliance with this policy, government legislation, sectoral regulation, and associated procedures.
4.1.2 The University will implement a process for periodically reviewing and updating the University's retention schedule and associated procedures, considering changes to legal and regulatory requirements or changes to the University's operations.
4.1.3 The University will assess and evaluate the degree to which its departments comply with this policy and the University’s retention schedule and provide periodic updates to appropriate committees of the University.
5. Responsibilities
All University staff, students, contractors, and third-party suppliers will comply with this policy and any associated procedures.
University Secretary
The University Secretary is responsible for the oversight of records management, ensuring there are adequate resources available for management of records. The University Secretary is also responsible for the appointment of a qualified professional for the management of the University’s records.
Senior Management
Members of the University Management Board and University Executive Board have collective responsibility for ensuring that the records management policy is advocated for and adhered to throughout the University.
Records Manager
The Records Manager is responsible for the implementation of the records management policy and for ensuring that records are managed in compliance with the policy and statutory requirements.
Deans of Schools/Heads of Departments
Deans of School and Heads of Professional Departments are responsible for ensuring that records are created and managed in compliance with this policy. They are responsible for identifying records within their departments, ensuring that they are correctly classified and stored, and that they are disposed of in accordance with the retention schedule.
Director of IT
The Director of IT is responsible for ensuring that the University has oversight of the technical and organisational controls in place to manage records across the institution as part of the wider Information Assurance strategy. Where records contain confidential or commercially sensitive information, the Director of IT or delegated representative will provide advice and support to ensure that such data is appropriately secured against loss and unauthorised access and that the integrity of the data is maintained.
Data/Information Governance Groups
Local data or information governance groups or committees have the responsibility of implementing best practices in records management, in accordance with this policy and sector-specific regulations. They keep the records management function of the University updated on actions and decisions related to the management of information and records within their respective business areas.
University Archives
The Library and Archives team is responsible for managing the University's archival and special collections in compliance with this Policy. They are responsible for identifying, acquiring, and preserving records of historical and cultural significance to the
University Staff
All staff are responsible for creating, managing, and disposing of records in accordance with this Policy. Staff must be aware of their responsibilities for records management and must seek guidance if they are uncertain about the requirements or procedures.
6. Links to other Institutional Policies
This Policy is reviewed and approved by University Executive Board.
Version | Effective from | Amendments | Stakeholder Consultation | Author |
---|---|---|---|---|
2.0 | 8 November 2023 | Revised from 2018 Policy to :
| This policy has undergone stakeholder consultation with Strategic Planning, Library and Learning Services and IT. It has also been reviewed by the Senior Legal Counsel and the University Secretary. | Farah Yameen, Records Manager |