Home > About Us > Who we are and what we do > Strategies, policies and procedures > Records Management Policy

1          Introduction

North Yorkshire Fire and Rescue Service (hereafter known as ‘the Service’), recognises that its records are an important corporate asset and effective records management is necessary to support all its business functions. NYFRS recognises the requirement to comply with legal and statutory obligations such as: the Data Protection Act 2018, the Human Rights Act 1998 (HRA), the Freedom of Information Act 2000 (FOI), Protection of Freedoms Act 2012 and the Copyright, Designs and Patent Act 1988.

2          Purpose

The effective management of fire records supports the Police, Fire and Crime Commissioners’ Police, Fire and Crime Plan and contributes to achieving fire service priorities and service standards. Records are a valuable corporate resource, providing the organisational memory. Accurate records provide evidence of past actions, decision making, audit trail and accountability.

 

The purpose of the Records Management Policy is to ensure that full and accurate records of all activities and decisions of the Service are created, managed and retained or disposed of appropriately, in accordance with relevant legislation and good practice.

This policy defines a framework and outlines the responsibilities for effective records management across the Service, ensuring all legal and statutory requirements are met.

3          Scope

A record is defined as information, in any form, created, received, processed, used, maintained, stored, or destroyed by the Service, its elected members, employees, or those acting as its agents in the course of any business activity.

Everyone acting on behalf of the Service must comply with this policy, associated records management standards and procedures in their conduct of business.  This policy applies to records in all formats, during their life cycle, from creation until destruction or permanent preservation.

4        Aims of Records Management Systems

The aims of a Records Management System are to ensure that:

  • Records created – are accurate, authentic and reliable;
  • Records can be accessed – records and the information within them can be located and displayed in a way consistent with its initial use, and that the current (i.e. most up to date) version is identifiable where multiple versions exist;
  • Records are available when needed – from which the Service is able to form a reconstruction of activities or events that have taken place;
  • Records history – the history of the record can be understood: who created or added to the record and when, during which business process, and how the record is related to other records;
  • Records tracking – systems are to be put in place to enable tracking and location of records;
  • Records can be trusted – the record reliably represents the information that was actually used in, or created by, the business process, and its integrity and authenticity can be demonstrated;
  • Records can be maintained through time – the qualities of availability, accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite changes of format;
  • Records are secure – from unauthorised or inadvertent alteration or erasure, whilst access and disclosure are properly controlled and audit trails will track all use and changes. Records are held in a robust format which remains readable for as long as records are required;
  • Records are retained and disposed of appropriately – using consistent and documented retention and disposal procedures, which include provision for appraisal and the permanent preservation of records with archival value; and
  • Staff are trained – so that all staff are made aware of their responsibilities for record-keeping and record management.

5          Definitions

Record: A record is defined as “information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business.” (BS ISO 15489: 2001 Information and documentation – Records Management Part 1: General).

Records, if well kept, are a reliable source of evidence and information.

An evidential record is a document or piece of information that can be used, to prove that an activity has taken place or explain how a decision or conclusion has been reached.  No evidential record should be modified.

Not all the documents and information created, collected or held by the Service will be evidential records and therefore do not need to be kept. and can be routinely destroyed in the normal course of business.  These types of record are defined as ‘non-evidential’ as they are duplicate, unimportant or only of short-term value, Examples include:

  • Catalogues and trade journals;
  • Telephone message slips;
  • Trivial electronic mail messages or notes that are not related to business activities;
  • Requests for stock information such as maps, plans or advertising material;
  • Out-of-date distribution lists;
  • Superseded stationery and forms (unless controlled);
  • Reference copies of annual reports; or
  • Working papers that lead to a final report.

Format: A record can be in any format including (but not limited to): paper files, email, audio/visual, electronic documents (including SharePoint and MS Teams), systems data, databases, digital images and photograph,

Records management: The control of records during their lifetime, from creation to storage and retention until eventual archival preservation or destruction.

Records creator: The person that produces and receives records and then keeps them in its record keeping system.

Record keeping system: System or procedures by which the records are created, captured, secured, maintained and disposed of.

Records declaration: The process through which records are identified as such and distinguished by other information that is not to be regarded as recorded information.

Official copy: The official copy of a record is the copy intended to give evidence of the activity supported by the record and therefore, if need be, is the one to be submitted to public authorities and other stakeholders and partners.

Convenience copy: A convenience copy of a record is a copy created for the convenience of the records creator or of someone working for the records creator e.g. to give him/her quicker access to the information contained in the record.

Primary responsibility: The primary responsibility over a record identifies which section/person is in charge of keeping the official copy of a record and deciding about specific issues concerning its management.

Vital records: Records without which an organisation would be unable to function, or to prove that a key activity has taken place.

EDRMS: Electronic Documents and Records Management System.  The EDRMS may be made up of one or more IT platforms.

Metadata: is information about information. For example, the title and author of a book is metadata.  Metadata can be many kinds of information (or columns within a SharePoint Library) — a location, a date, or a catalogue item number. When you use SharePoint products, you can manage the metadata centrally. You can organise the metadata in a way that makes sense in your business and use the metadata to make it easier to find what you want.

Within the Data Protection Act the following terms are defined as:

Data subject means an individual who is the subject of personal data.

Data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

6          Duties

All staff play a vital role ensuring compliance against the Data Protection Principles and protecting the Service’s information and assets.  The key governance roles applicable to records management are;

The Risk and Assurance Group

Oversight and monitoring of risk registers shall be undertaken at Risk & Assurance Group with specific matters raised to TLT and SLT by exception. Other meetings in the governance structure shall have a “risk” item as part of the standing agenda.

Senior Information Risk Owner

The Senior Information Risk Owner (SIRO) has overall responsibility for ensuring that information risks are managed accordingly.

Records Compliance Manager

The Records Compliance Manager is responsible for:

  • Raising staff awareness of records management;
  • Providing advice and guidance;
  • Ensuring compliance with the records management policy and associated standards;
  • Maintaining the retention schedule;
  • Developing, maintaining and documenting the Service’s disposal activity;
  • Ensuring that procedures and guidance are in place to support the records management policy.

Information Asset Owners

The Information Asset Owners (IAO) (and delegates) are responsible for information assets in terms of:

  • Identifying the assets and risks associated with them;
  • Managing and operating the asset in compliance with policies and standards;
  • Ensuring their team and those interacting with the asset understand information security and are confident they know how to handle information;
  • Ensuring controls manage all risks appropriately; and
  • Updating the Information Asset Register.

The Function Heads are the named Information Asset Owners (IAO) who take the lead on records management issues within their function and are responsible for the day to day management of the information risks of their assets.

They will;

  • Act as a communication point and support the implementation of the corporate records management programme in their respective sections;
  • Monitor that their respective sections manage records in accordance with this policy and associated policies, procedures, guidelines and standards;
  • Coordinate retention and disposal activities and liaise with the Records Compliance Manager and the Compliance team in order to ensure the correct execution of the activities;
  • Provide advice and guidance to the staff members of their sections on records management procedures;
  • Provide assurance statements to the SIRO regarding the information within their department and;
  • Undertake an e-learn IAO training module every two years.

All Staff

All staff who receive, create, maintain or delete records shall be responsible for ensuring that they do so in accordance with the Service’s records management policy, standards and procedures.

External People and Organisations

Contractors, consultants, volunteers, secondees, elected members, partners, suppliers and stakeholders accessing or managing the Service’s records shall be responsible for ensuring they do so in accordance with the Service’s records management policy, standards and procedures.

External organisations operating as ‘Data Processors’ on behalf of the Service will be contacted on an annual basis to provide assurances that Service information is being handled in accordance with Data Protection legislation.

7          Records Management

7.1        Elements of Records Management

The Service has formally adopted the principles of the Lord Chancellors Code of Practice on Records Management, issued under section 46 of the Freedom of Information Act 2000 as embodying good practice.  The Service recognise that arrangements for managing records may vary, according to statutory or practical requirements and whilst maintaining this flexibility, it is committed to complying with good practice.

Record creation and keeping – Each section should have in place adequate Record Keeping Systems (RKS) (physical and/or electronic) for documenting its activities which take into account the legislative and regulatory environments specific to them.  Systems should ensure:

  • Accurate, authentic and reliable records are created and kept;
  • Records are arranged and indexed in such a way that they can be retrieved quickly and efficiently;
  • Procedures are in place for keeping records up to date;
  • Metadata is held to enable the understanding of records, support efficient operation of the system and maintain the Service’s Publication Scheme;
  • Procedures and guidelines are in place for document control, which are easily understood and assist the efficient retrieval of information;
  • The ability to cross reference electronic and paper records; and
  • Training is provided on how to use the system supported by appropriate documentation.

Records maintenance and monitoring – Record keeping systems must be maintained in order that records are properly stored and protected whilst being able to be easily located and retrieved.  This will include:

  • Ensuring records are stored in an environment that provides the requisite levels of security and protection to prevent unauthorised access, damage or loss, whilst allowing maximum accessibility to the information appropriate with its frequency of use;
  • Monitoring and controlling the movement and location of records to ensure that they can be easily retrieved at any time, outstanding issues can be dealt with, and an audit trail is held;
  • Identifying vital records and applying appropriate protection, including business resilience planning to ensure continued functioning of the Service;
  • Identifying records no longer required for the conduct of current business, and if appropriate transferring them to designated storage in line with the retention schedule to optimise the economical and efficient use of office storage; and
  • Ensuring electronic and digital records are refreshed, replicated or migrated when new storage devices or media are being installed or when degradation is identified.

Record retention and disposal – With increasing public access to our records, it is important that the disposal or transfer of evidential records is undertaken in accordance with clearly established policies and supported by appropriate documentation.  The Service must have in place clearly defined arrangements for the appraisal and selection of records for disposal and enforced by properly authorised officers.  This system should ensure that:

  • Procedures are in place for the appraisal and disposal (destruction or transfer to an appropriate archive) of records in accordance with the Service’s Retention Schedule;
  • Disposal activities will be documented and retained in accordance with statutory requirements;
  • The destruction of records is undertaken using approved methods appropriate to their protective marking classification;
  • Wherever possible, information on the intended disposal of electronic records should be included in the metadata when the record is created;
  • Records selected for preservation and no longer in regular use by the Service are transferred as soon as possible to an appropriate archive; and
  • Should the Service receive a complaint or appeal about access to information, all records known to be the subject of a request for information will not be destroyed until either disclosure has taken place or, if the Service has decided not to disclose the information, until the complaint and appeal provisions of the Freedom of Information Act or appropriate legislation have been exhausted.

Access to The Service’s records and information – Records must be available to all authorised employees, their successors and those acting on behalf of the Service that require access for business purposes relevant to the context of their responsibilities.  Public access to the Service’s records will be in accordance with current legislation.  Our Publication Scheme lists the documents and information publicly available and provides information on how they can be obtained from and any related charges.  Information not listed in the Publication Scheme or Local Government Transparency Code may be available on request under the relevant legislation. The Service must ensure that any decisions made regarding access to records under the Data Protection Act, Freedom of Information Act or Environmental Information Regulations are documented so that they are consistent and can be explained and referred to.

7.2        Official Copies of Records

There shall be only one official copy of each record.  If two records identical to each other need to be kept in order to give evidence of two different processes they shall be considered as two different records, each one associated with its specific features.  For example, employee performance reports kept both in the personal record file of the employee and in a grievance file involving the employee.

7.3        Accessing Records

Records shall only be accessed by staff for a business purpose and in line with the Information Security and Handling Policy

7.4        Storing Records

Records shall be kept in a condition so as to ensure continuing authenticity, accessibility, retrievability, intelligibility and usability throughout their whole lifecycle (including, for those selected for long-term or permanent retention, the period when they are kept in the archives).

7.5        Retention and Disposal

Records shall be associated with its relevant retention schedule.  The retention schedule complies with all relevant UK statutory provisions currently in force and will be modified as appropriate.

The retention schedules shall identify the type of record held; the length of time each record is retained; and the way each record is to be disposed of.

Where current legislation does not dictate a retention period, the IAO should decide on the retention duration for their corporate records.  Advice should be sought from the Records Compliance Manager where the IAO is unable to define suitable retention periods.

7.6        Information Asset Owners

IAO’s have primary responsibility over the records and therefore are required to authorise a change to the retention or disposal schedule following the expiration of a record if the change is contrary to the original retention schedule.

Legal provisions shall take precedence over proposed modifications.

7.7        Destruction of Records

If provided by the retention schedule, records are to be destroyed when their retention periods expire.

Before destroying any record, it is necessary to verify that there are no specific circumstances that may prevent the destruction, such as legal holds (issued by a Court) or new business needs e.g. the record might be useful to support either legal defence or another corporate activity.

Destruction of records shall be authorised and recorded on the destruction log.

Paper records are to be destroyed by using confidential waste bags or by shredding the record.

Confidential waste bags are to be held and secured at all times to prevent unauthorised access.

Microfiches, microfilms and non-digital photos must be kept separate from paper records and placed in confidential waste bags for destruction.

Electronic records kept within a corporate IT application shall be deleted using the functionality within the application.

7.8        Convenience Copies of Records

Corporate retention and disposal schedules do not apply to convenience copies, which are to be destroyed as soon as they are no longer needed to facilitate the work of the person who has produced them.

8          Record Keeping System (RKS)

There shall be an adequate and appropriate allocation of resources by the Service to maintain its corporate records.

The Service will ensure that records are arranged and identified through the use of a corporate filing system, which also associates them with the relevant retention end date from the Retention Schedule.

The Service will ensure records kept are protected from damaging elements such as water, light, temperature, humidity, fire, infestation, digital viruses, power failures, information leakages and security breaches.

Any off-site storage system shall be considered to be part of the global corporate RKS. Records kept in off-site storage systems shall be managed in compliance with the provisions of this policy.

published on this website 28 June 2024

Share: