Records Management Policy
Contents
Purpose and scopeThe policy lays out controls for the management of records at the University. These can be summarised as follows:
- The University will create timely and accurate records as evidence of its activities in compliance with regulations and laws.
- Records will be secured against loss and alteration to maintain integrity.
- Records will be accessible throughout their lifecycle.
- There will be appropriate security measures for records where relevant.
- Records of persistent value will be preserved in the University archives.
- At the end of their retention period records will be appropriately disposed in accordance with UEL's retention schedule.
- There will be adequate support and training for UEL staff to implement this policy.
1.1 Purpose
1.1.1 The purpose of this policy is to ensure that Gen AI technologies are utilised in a manner consistent with UEL's values and ethical principles in order to achieve our Vision 2028 goals.
1.2 Scope and definition
1.2.1 Scope: The policy applies to all staff, students, third-party suppliers, partners, and affiliates of UEL who engage in the development, deployment, or use of Gen AI technologies.
1.2.2 Definition: For the purposes of this policy, Generative Artificial Intelligence (Gen AI) refers to algorithms and models that generate new content based on learned patterns from existing data (often mimicking human creativity). These outputs can be in a range of formats including (but not limited to) text, images, sound, video, code, simulations, designs, animations, music compositions, data tables, synthetic data, diagrams, and charts.
1.Purpose and Scope of the Policy
1.1 Purpose
1.1.1 The purpose of this policy is to ensure that Gen AI technologies are utilised in a manner consistent with UEL's values and ethical principles in order to achieve our Vision 2028 goals.
1.2 Scope and definition
1.2.1 Scope: The policy applies to all staff, students, third-party suppliers, partners, and affiliates of UEL who engage in the development, deployment, or use of Gen AI technologies.
1.2.2 Definition: For the purposes of this policy, Generative Artificial Intelligence (Gen AI) refers to algorithms and models that generate new content based on learned patterns from existing data (often mimicking human creativity). These outputs can be in a range of formats including (but not limited to) text, images, sound, video, code, simulations, designs, animations, music compositions, data tables, synthetic data, diagrams, and charts.
2. 2 Policy Statement and Principles
2.1 Creation, Retention and Maintenance of Records
2.1.1 Records will be created in a timely and accurate manner, in compliance with all relevant legislation, regulations, and standards.
2.1.2 Records will be complete, consistent, and reliable to enable effective retrieval and use.
2.1.3 Employees and contractors responsible for creating records will be trained and equipped with the necessary tools and resources to ensure quality and consistency.
2.1.4 A retention schedule will regulate how long records, including student records are retained.
2.1.5 Records will be maintained through the following activities:
- 2.1.5.1 Providing processes and infrastructure for secure, accessible, and organised management of records
- 2.1.5.2 Storage in appropriate physical and digital locations, with adequate security measures to prevent unauthorised access, modification, or destruction.
- 2.1.5.3 Regular reviews to ensure accuracy and relevance.
2.2 Access and Use of Records
2.2.1 Records may be accessed and used for legitimate University purposes only.
2.2.2 Access to records will be controlled based on the need-to-know principle, with appropriate levels of authorization and authentication.
2.2.3 Records containing confidential or sensitive information will be protected by appropriate security measures, such as encryption and access controls.
2.3 Permanent and Long-term Preservation
2.3.1 UEL shall implement a systematic process for the selection and appraisal of records eligible for permanent and long-term preservation. This process shall consider factors such as research value, historical significance, cultural heritage, administrative importance, and insurance.
2.3.2 The Information Governance function and the Library and Archives Team shall identify and document the criteria and rationale for the selection of records to be retained permanently, in collaboration with relevant stakeholders.
2.3.3 The University shall provide appropriate storage facilities and infrastructure to safeguard long-term and permanent records from risks such as damage, loss, unauthorised access, and technological obsolescence.
2.4 Security and Disposal of Records
2.4.1 Records will be secured against loss, unauthorised access, alteration, or destruction. The University will implement appropriate physical, technical, and organizational measures to protect records, including backup and disaster recovery procedures.
2.4.2 Records containing personal or sensitive information will be protected by appropriate security measures, such as access controls, encryption, and data minimization.
2.4.3 Access controls will be managed in line with the Data Classification Policy of the University of East London.
2.4.4 Records that are no longer required for legal, operational, or historical purposes will be identified and disposed of promptly.
2.4.5 The University will maintain documentation of the disposal process.
2.4.6 Records will be disposed of in a secure and timely manner, in accordance with legal requirements and sectoral guidance.
3. Compliance
3.1.1 The University will provide training to all employees, contractors, and third-party suppliers on records management best practices and their responsibilities under this policy.
3.1.2 Staff responsible for assurance on information will complete records management training offered by the university and implement it in their role at the University.
4. Policy review
4.1.1 The University will regularly review and monitor its records management practices to ensure compliance with this policy, government legislation, sectoral regulation, and associated procedures.
4.1.2 The University will implement a process for periodically reviewing and updating the University's retention schedule and associated procedures, considering changes to legal and regulatory requirements or changes to the University's operations.
4.1.3 The University will assess and evaluate the degree to which its departments comply with this policy and the University’s retention schedule and provide periodic updates to appropriate committees of the University.
5. Ownership and Implementation
All University staff, students, contractors, and third-party suppliers will comply with this policy and any associated procedures.
University Secretary
The University Secretary is responsible for the oversight of records management, ensuring there are adequate resources available for the management of records. The University Secretary is also responsible for the appointment of a qualified professional for the management of the University’s records.
Senior Management
Members of the University Management Board and University Executive Board have collective responsibility for ensuring that the records management policy is advocated for and adhered to throughout the University.
Records Manager
The Records Manager is responsible for the implementation of the records management policy and for ensuring that records are managed in compliance with the policy and statutory requirements.
Deans of Schools/Heads of Departments
Deans of Schools and Heads of Professional Departments are responsible for ensuring that records are created and managed in compliance with this policy. They are responsible for identifying records within their departments, ensuring that they are correctly classified and stored and that they are disposed of in accordance with the retention schedule.
Director of IT
The Director of IT is responsible for ensuring that the University has oversight of the technical and organisational controls in place to manage records across the institution as part of the wider Information Assurance strategy. Where records contain confidential or commercially sensitive information, the Director of IT or delegated representative will provide advice and support to ensure that such data is appropriately secured against loss and unauthorised access and that the integrity of the data is maintained.
Data/Information Governance Groups
Local data or information governance groups or committees have the responsibility of implementing best practices in records management, in accordance with this policy and sector-specific regulations. They keep the records management function of the University updated on actions and decisions related to the management of information and records within their respective business areas.
University Archives
The Library and Archives team is responsible for managing the University's archival and special collections in compliance with this Policy. They are responsible for identifying, acquiring, and preserving records of historical and cultural significance to the
University Staff
All staff are responsible for creating, managing, and disposing of records in accordance with this Policy. Staff must be aware of their responsibilities for records management and must seek guidance if they are uncertain about the requirements or procedures.
6. Related Policies and Procedures
This Policy is reviewed and approved by University Executive Board.
Version | Effective from | Amendments | Stakeholder Consultation | Author |
---|---|---|---|---|
2.0 | 8 November 2023 | Revised from 2018 Policy to :
| This policy has undergone stakeholder consultation with Strategic Planning, Library and Learning Services and IT. It has also been reviewed by the Senior Legal Counsel and the University Secretary. | Farah Yameen, Records Manager |