Records management policy

Published: 30 December 2022
Freedom of information class: How we manage our resources

Purpose and scope

This policy sets out the commitment of the Keeper of the Registers of Scotland (RoS) to exercise best-practice in the management of records.

This policy governs all records created, collected and managed by RoS as evidence of its functions and activities. Whilst this does not include its registers themselves, which are governed separately by statute, it does include records which facilitate the completion of registers, and which evidence the organisation’s wider corporate functions and commercial activities. RoS therefore applies best practice by default when managing records.

Records are recorded information, in all formats and media, which:

  • evidence strategic and operational decision-making, or
  • evidence corporate governance, accountability and statutory or regulatory compliance, or
  • constitute the corporate memory of the organisation

Policy statement

RoS will create and manage authentic, reliable and useable records; to achieve this, RoS will ensure that its records are:

  • managed appropriately throughout their lifecycle
  • created and used in ways which ensure their quality and value as evidence
  • accessible to those who need them, and in an efficient manner
  • protected appropriately from unauthorised access, loss or damage
  • retained for the appropriate amount of time
  • destroyed securely and definitively or transferred to a suitable location for long-term preservation

RoS therefore undertakes to:

  • operate effective procedures and controls to ensure policy is reflected in practice
  • support colleagues, customers and stakeholders
  • meet applicable standards, guidelines and legal requirements
  • monitor and regularly review performance

Awareness

RoS will ensure that its staff understand their roles and responsibilities for records management and that they possess the knowledge and skills required to discharge these effectively.

Where customers and stakeholders have a role in helping RoS to achieve effective records management, it will communicate appropriately and proportionately with them to help them understand and meet its expectations.

Law, regulation and standards

This policy complements the following relevant law, regulation, and standards with which RoS complies, principally:

Public Records (Scotland) Act 2011
UK General Data Protection Regulation and Data Protection Act 2018
Freedom of Information (Scotland) Act 2002 & Section 61 Code of Practice on Records Management
ISO 27000 series, Information Security Management Systems (ISMS) standards

Roles and responsibilities

All RoS staff and contractors have responsibilities for records management, are bound by the commitments of this policy, and are required to effectively operate the various operational procedures which facilitate its fulfilment in practice.

Area Information Managers (AIMs) will be supported by the Risk and Information Governance function to promote effective records management and improvement locally.

The Head of Information Governance acts as Records Manager for RoS and has operational responsibility for records management within RoS. The Records Manager is responsible for ensuring that the procedures and training which support the fulfilment of the policy are operated effectively.

The RoS Accountable Officer has strategic oversight and overall accountability for records management within RoS. She works with RoS Executive Management Team to ensure that the commitments given in this policy are met, and that the records management function is appropriately resourced and accounted for within the wider governance of the organisation.

Approval and Review

This policy will be reviewed and approved by the RoS Information Assurance Group at two year intervals, unless earlier review is appropriate.

AuthorHead of Information Governance
ReviewedHead of Risk & Information Governance
ClearedDirector of People
Approval

Information Assurance Group

Approval date 25 Nov 2022
Policy version Version 3.0
Review responsibilityInformation Assurance Group Review date 25 Nov 2023
Publication scheme Yes
Email to contactdataprotection@ros.gov.uk