Records management policyPublished: 30 December 2022
Freedom of information class: How we manage our resources
Table of contents
Purpose and scope
This policy sets out the commitment of the Keeper of the Registers of Scotland (RoS) to exercise best-practice in the management of records.
This policy governs all records created, collected and managed by RoS as evidence of its functions and activities. Whilst this does not include its registers themselves, which are governed separately by statute, it does include records which facilitate the completion of registers, and which evidence the organisation’s wider corporate functions and commercial activities. RoS therefore applies best practice by default when managing records.
Records are recorded information, in all formats and media, which:
- evidence strategic and operational decision-making, or
- evidence corporate governance, accountability and statutory or regulatory compliance, or
- constitute the corporate memory of the organisation
RoS will create and manage authentic, reliable and useable records; to achieve this, RoS will ensure that its records are:
- managed appropriately throughout their lifecycle
- created and used in ways which ensure their quality and value as evidence
- accessible to those who need them, and in an efficient manner
- protected appropriately from unauthorised access, loss or damage
- retained for the appropriate amount of time
- destroyed securely and definitively or transferred to a suitable location for long-term preservation
RoS therefore undertakes to:
- operate effective procedures and controls to ensure policy is reflected in practice
- support colleagues, customers and stakeholders
- meet applicable standards, guidelines and legal requirements
- monitor and regularly review performance
RoS will ensure that its staff understand their roles and responsibilities for records management and that they possess the knowledge and skills required to discharge these effectively.
Where customers and stakeholders have a role in helping RoS to achieve effective records management, it will communicate appropriately and proportionately with them to help them understand and meet its expectations.
Law, regulation and standards
This policy complements the following relevant law, regulation, and standards with which RoS complies, principally:
Public Records (Scotland) Act 2011
UK General Data Protection Regulation and Data Protection Act 2018
Freedom of Information (Scotland) Act 2002 & Section 61 Code of Practice on Records Management
ISO 27000 series, Information Security Management Systems (ISMS) standards
Roles and responsibilities
All RoS staff and contractors have responsibilities for records management, are bound by the commitments of this policy, and are required to effectively operate the various operational procedures which facilitate its fulfilment in practice.
Area Information Managers (AIMs) will be supported by the Risk and Information Governance function to promote effective records management and improvement locally.
The Head of Information Governance acts as Records Manager for RoS and has operational responsibility for records management within RoS. The Records Manager is responsible for ensuring that the procedures and training which support the fulfilment of the policy are operated effectively.
The RoS Accountable Officer has strategic oversight and overall accountability for records management within RoS. She works with RoS Executive Management Team to ensure that the commitments given in this policy are met, and that the records management function is appropriately resourced and accounted for within the wider governance of the organisation.
Approval and Review
This policy will be reviewed and approved by the RoS Information Assurance Group at two year intervals, unless earlier review is appropriate.
|Author||Head of Information Governance|
|Reviewed||Head of Risk & Information Governance|
Information Assurance Group
|Approval date||25 Nov 2021|
|Policy version||Version 3.0|
|Review responsibility||Information Assurance Group||Review date||25 Nov 2023|
|Email to email@example.com|