beta

You're viewing our new website - find out more

Publication - Publication

Records management plan

Published: 29 Nov 2017
Part of:
Economy, Public sector
ISBN:
9781788514576

Sets out our records management policy and retention schedules as well as plans to digitise our records.

Contents
Records management plan
Records Management Plan

Records Management Plan

Summary

The Scottish Government is fully committed to compliance with the requirements of the Public Records (Scotland) Act, which came into force on the 1st January 2013. The Scottish Government will therefore follow procedures that aim to ensure that all employees, contractors, agents, consultants and other trusted third parties who have access to any information held within the Government, are fully aware of and abide by their duties under the Act.

About the Public Records (Scotland) Act 2011

The Public Records (Scotland) Act 2011 (the Act) came into force on the 1st January 2013, and requires The Scottish Government to submit a Records Management Plan ( RMP) to be agreed by the Keeper of the Records of Scotland. This document is the Records Management Plan of the Scottish Government and was submitted to the Keeper of the Records of Scotland on 25 June 2015.

About the Scottish Government

The Scottish Government was known as the Scottish Executive when it was established in 1999 following the first elections to the Scottish Parliament. The current administration was formed after elections in May 2011.

The Scottish Government is the devolved government for Scotland which is responsible for most of the issues of day-to-day concern to the people of Scotland, including health, education, justice, rural affairs, and transport.

The Government’s purpose is to focus government and public services on creating a more successful country, with opportunities for all of Scotland to flourish, through increasing sustainable economic growth.

Who is included in the Scottish Government Records Management Plan

The Scottish Governments Records Management Plan covers all Departments covered under the heading of Scottish Ministers. The plan also includes the following Agencies and other bodies who have been named separately in the Act but use our Records Management Services:

  • Chief Dental Officer
  • Chief Inspector of Prisons
  • Chief Inspector of Fire and Rescue
  • Chief Medical Officer
  • Drinking Water Quality Regulator for Scotland
  • HM Inspectorate of Constabulary
  • Inspector of Anatomy
  • Parole Scotland
  • Safeguarders Panel
  • Scottish Agricultural Wages Board

Even though the following bodies fall under Scottish Ministers they have chosen to submit their own Records Management Plans:

  • Community Justice Scotland – Executive Non-Departmental Public Body who came into being on 1 April 2017
  • Education Scotland – plan has been signed off by the Keeper
  • Historic Scotland – have been given an extension until the restructuring with RCHAMS has been completed and will no longer fall under the responsibility of Scottish Ministers
  • Independent Living Fund – public body who came into being in 2015
  • Risk Management Authority – plan has been signed off by the Keeper
  • Scottish Land Commission – Executive Non-Departmental Public Body who came into being on 1 April 2017
  • Scottish Prison Service – plan has been signed off by the Keeper
  • Scottish Public Pensions Agency – plan has been signed off by the Keeper
  • Scottish Roadworks Commissioner – plan has been signed off by the Keeper

Review

This plan will be reviewed every year (or sooner if new legislation, codes of practices or national standards are to be introduced).

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 1: Senior management responsibility:

Identify an individual at senior level who has overall strategic accountability for records management.

Section 1(2)(a)(i) of the Act specifically requires a RMP to identify the individual responsible for the management of the authority’s public records. An authority’s RMP must name and provide the job title of the senior manager who accepts overall responsibility for the RMP that has been submitted.

It is vital that the RMP submitted by an authority has the approval and support of that authority’s senior management team. Where an authority has already appointed a Senior Information Risk Owner, or similar person, they should consider making that person responsible for the records management programme. It is essential that the authority identifies and seeks the agreement of a senior post-holder to take overall responsibility for records management. That person is unlikely to have a day-to-day role in implementing the RMP, although they are not prohibited from doing so.

As evidence, the RMP could include, for example, a covering letter signed by the senior post-holder. In this letter the responsible person named should indicate that they endorse the authority’s record management policy (See Element 3).

Further explanation and guidance on Element 1

The Director General Organisational Development and Operations Sarah Davidson, has senior responsibility for all aspects of Records Management, and is the corporate owner of this document.

Sarah Davidson is also the Senior Information Risk Owner ( SIRO) for the Scottish Government.

The bodies who are named in the act but do not fall under Scottish Ministers and have been included within the Scottish Government plan have all confirmed they only use the SG eRDM system for filing information and are happy that our SIRO has signed off the plan.

Also included is a link to an article that includes a statement from the SIRO showing a strong commitment to robust records management.

E01: Records Management policy

No additional actions have been identified in relation to the Senior management responsibility.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 2: Records manager responsibility :

Identify individual within the authority, answerable to senior management, to have day-to-day operational responsibility for records management within the authority.

Section 1(2) (a)(ii) of the Act specifically requires a RMP to identify the individual responsible for ensuring the authority complies with its plan. An authority’s RMP must name and provide the job title of the person responsible for the day-to-day operation of activities described in the elements in the authority’s RMP. This person should be the Keeper’s initial point of contact for records management issues. It is essential that an individual has overall day-to-day responsibility for the implementation of an authority’s RMP. There may already be a designated person who carries out this role. If not, the authority will need to make an appointment. As with element 1 above, the RMP must name an individual rather than simply a job title. It should be noted that staff changes will not invalidate any submitted plan provided that the all records management responsibilities are transferred to the incoming post holder and relevant training is undertaken. This individual might not work directly for the scheduled authority. It is possible that an authority may contract out their records management service. If this is the case an authority may not be in a position to provide the name of those responsible for the day-to-day operation of this element. The authority must give details of the arrangements in place and name the body appointed to carry out the records management function on its behalf. It may be the case that an authority’s records management programme has been developed by a third party. It is the person operating the programme on a day-to-day basis whose name should be submitted.

Further explanation and guidance on Element 2

Our existing records management policies have Craig Sclater the Scottish Government’s Deputy Corporate Records Manager as having day to day operational responsibility for records management. Craig reports to Maxine Reid, Head of Knowledge and Information Management Branch.

Overall responsibility for Records Management sits with our Senior Information Risk Officer ( SIRO) Sarah Davidson.

E01: Records Management Policy

No additional actions have been identified in relation to Records Manager responsibility.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 3: Records management policy statement:

A records management policy statement underpins effective management of an authority’s records and information. It demonstrates to employees and stakeholders that managing records is important to the authority and serves as a mandate for the activities of the records manager.

The Keeper expects each authority’s plan to include a records management policy statement. The policy statement should describe how the authority creates and manages authentic, reliable and useable records, capable of supporting business functions and activities for as long as they are required. The policy statement should be made available to all staff, at all levels in the authority . The statement will properly reflect the business functions of the public authority. The Keeper will expect authorities with a wide range of functions operating in a complex legislative environment to develop a fuller statement than a smaller authority. The records management statement should define the legislative, regulatory and best practice framework, within which the authority operates and give an overview of the records management processes and systems within the authority and describe how these support the authority in carrying out its business effectively. For electronic records the statement should describe how metadata is created and maintained. It should be clear that the authority understands what is required to operate an effective records management system which embraces records in all formats.

The records management statement should include a description of the mechanism for records management issues being disseminated through the authority and confirmation that regular reporting on these issues is made to the main governance bodies. The statement should have senior management approval and evidence, such as a minute of the management board recording its approval, submitted to the Keeper. The other elements in the RMP, listed below, will help provide the Keeper with evidence that the authority is fulfilling its policy.

Further guidance and explanation on Element 3

A consolidated and a revised Records Management Policy, reflective of the record keeping arrangements in place for The Scottish Government has been established .

The Scottish Government is committed to a systematic and planned approach to the management of records within the organisation, from their creation to their ultimate disposal or archive. This approach will ensure that the Scottish Government can:

  • Control the quality, quantity and security of the information that it generates;
  • Maintain the information in an effective manner whilst ensuring compliance with our legislative requirements.

It has been approved by the Senior Information Risk Owner in the Scottish Government.

E01: Records Management Policy

No additional actions have been identified in relation to Records Manager responsibility.

However, the policy will regularly be reviewed in order to ensure that it continues to reflect the organisational position in relation to record keeping.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 4: Business classification

A business classification scheme describes what business activities the authority undertakes – whether alone or in partnership.

The Keeper expects an authority to have properly considered business classification mechanisms and its RMP should therefore reflect the functions of the authority by means of a business classification scheme or similar.

A business classification scheme usually takes the form of a hierarchical model or structure diagram. It records, at a given point in time, the informational assets the business creates and maintains, and in which function or service area they are held. As authorities change the scheme should be regularly reviewed and updated.

A business classification scheme allows an authority to map its functions and provides a structure for operating a disposal schedule effectively.

Some authorities will have completed this exercise already, but others may not. Creating the first business classification scheme can be a time-consuming process, particularly if an authority is complex, as it involves an information audit to be undertaken. It will necessarily involve the cooperation and collaboration of several colleagues and management within the authority, but without it the authority cannot show that it has a full understanding or effective control of the information it keeps.

Although each authority is managed uniquely there is an opportunity for colleagues, particularly within the same sector, to share knowledge and experience to prevent duplication of effort.

All of the records an authority creates should be managed within a single business classification scheme, even if it is using more than one record system to manage its records. An authority will need to demonstrate that its business classification scheme can be applied to the record systems which it operates.

Further explanation and guidance on Element 4

The Scottish Government Business Classification scheme is the keystone of the records management function within the Scottish Government. The Business Classification Scheme aims to provide the framework for managing the records and information.

The Business Classification Scheme has been adapted from the Integrated Sector Vocabulary Scheme ( IPSV) and Government Category List. The scheme has four levels of classification, the first three levels are subject based and the fourth level describes the activity undertaken.

Every file that is created has a file type attached this tells you the type of file that is being created and what the retention and disposal is on that file.

The eight non Scottish Ministers bodies are included within this Business Classification and evidence has been proved to show where they sit in the structure.

We have also provided evidence of where Student Awards Agency for Scotland sit within the Business Classification as well.

The Scottish Government do contract some of their functions to third parties and I have attached the contracts which contain details of what should happen to information that they produce.

E04: Scottish Government Standard File type guidance

E05: Scottish Government Casework File type guidance

The SG are in the middle of a project to upgrade the current eRDM system. The SG are considering the Business Classification Scheme as part of this project.

Once a decision has been made on the Business Classification Scheme the Records Management Plan will be updated to reflect any changes.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 5: Retention schedules

A retention schedule is a list of records for which pre-determined disposal dates have been established.

Section 1(2) (b)(iii) of the Act specifically requires a RMP to include provision about the archiving and destruction or other disposal of the authority’s public records.

An authority’s RMP must demonstrate the existence of and adherence to corporate records retention procedures. The procedures should incorporate retention schedules and should detail the procedures that the authority follows to ensure records are routinely assigned disposal dates, that they are subsequently destroyed by a secure mechanism (see element 6) at the appropriate time, or preserved permanently by transfer to an approved repository or digital preservation programme (See element 7).

The principal reasons for creating retention schedules are:

  • to ensure records are kept for as long as they are needed and then disposed of appropriately
  • to ensure all legitimate considerations and future uses are considered in reaching the final decision.
  • to provide clarity as to which records are still held by an authority and which have been deliberately destroyed.

“Disposal” in this context does not necessarily mean destruction. It includes any action taken at the agreed disposal or review date including migration to another format and transfer to a permanent archive.

A retention schedule is an important tool for proper records management. Authorities who do not yet have a full retention schedule in place should show evidence that the importance of such a schedule is acknowledged by the senior person responsible for records management in an authority (see element 1). This might be done as part of the policy document (element 3). It should also be made clear that the authority has a retention schedule in development.

An authority’s RMP must demonstrate the principle that retention rules are consistently applied across all of an authority’s record systems.

Further explanation and guidance on Element 5

The Scottish Government has a detailed, Retention and Disposal’ Policy. This is based on the key record types held by the organisation as well as their recommended minimum retention periods, in line with statutory and legislative obligations, as well as business needs.

The retention and disposal schedules have been mapped to file types which are then used against the files created within in eRDM. These are the standard retention schedules that all SG and non ministerial bodies use.

The standard records schedule is used for the retention and disposal of old paper legacy files.

Before the introduction of eRDM divisions and branches in the SG could also draw up their own branch/divisional specific retention schedule to help the SG reviewing team . These are still used to review pre- eRDM records.

At the moment we do not use retention and disposal schedules on shared drives, pst files and public folders, but we have started a project to look at applying these to our information that does not form part of our corporate record. NRS are part of the board that has been set up for this project.

We have also attached a policy document which has been agreed as the retention and disposal for the shared drives which holds our non corporate information.

E04: Scottish Government Standard File type guidance

E05: Scottish Government Casework File type guidance

E06: Scottish Government Paper Records Retention Schedule pre- eRDM

When considering the current Business Classification Scheme we will also look at our current retention and disposal schedules to make sure they are still appropriate to Business needs.

The current NRS selection policy will also be reviewed in conjunction with NRS, to reflect any changes made to the Business Classification Scheme and retention and disposal schedules.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 6: Destruction arrangements

It is not always cost-effective or practical for an authority to securely destroy records in-house. Many authorities engage a contractor to destroy records and ensure the process is supervised and documented.

Section 1(2) (b)(iii) of the Act specifically requires a RMP to include provision about the archiving and destruction, or other disposal, of an authority’s public records.

An authority’s RMP must demonstrate that proper destruction arrangements are in place.

A retention schedule, on its own, will not be considered adequate proof of disposal for the Keeper to agree a RMP. It must be linked with details of an authority’s destruction arrangements. These should demonstrate security precautions appropriate to the sensitivity of the records. Disposal arrangements must also ensure that all copies of a record – wherever stored – are identified and destroyed.

Further explanation and guidance on Element 6

All paper records are subject to secure disposal under contract to Shred-It:

  • The contract details ISO accreditation, insurance certificate and employer’s liability.
  • Shred-It dispose of confidential documents directly from offices.

Click to go to the Shred-It site

  • The Scottish Government has implemented retention schedules on all electronic records and regularly review these.
  • When records are destroyed on eRDM we are left with a stub for the file name, document name and metadata that was attached.
  • Computer media is disposed of securely and through approved procedures.

E04: Scottish Government Standard File type guidance

E05: Scottish Government Casework File type guidance

As part of the eRDM upgrade project we will make sure that the functionality we currently have in respect of destroying files will be maintained in the upgraded system.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 7: Archiving and transfer arrangements

This is the mechanism by which an authority transfers records of enduring value to an appropriate archive repository, specifying the timing of transfers and other terms and conditions.

Section 1(2)(b)(iii) of the Act specifically requires a RMP to make provision about the archiving and destruction, or other disposal, of an authority’s public records.

An authority’s RMP must detail its archiving and transfer arrangements and ensure that records of enduring value are deposited in an appropriate archive repository. The RMP will detail how custody of the records will transfer from the operational side of the authority to either an in-house archive, if that facility exists, or another suitable repository, which must be named. The person responsible for the archive should also be cited.

Some records continue to have value beyond their active business use and may be selected for permanent preservation. The authority’s RMP must show that it has a mechanism in place for dealing with records identified as being suitable for permanent preservation. This mechanism will be informed by the authority’s retention schedule which should identify records of enduring corporate and legal value. An authority should also consider how records of historical, cultural and research value will be identified if this has not already been done in the retention schedule. The format/media in which they are to be permanently maintained should be noted as this will determine the appropriate management regime.

Further explanation and guidance on Element 7

Scottish Government records which are identified as being of historical interest are transferred to the National Records of Scotland for permanent preservation.

A formal Service Level Agreement between the Scottish Government and the National Records of Scotland which covers our legacy paper files.

eRDM is covered with the NRS selection policy which identifies the electronic records that NRS will be interested for permanent preservation.

The Scottish Government use Enterprise Vault to archive emails from all employees mailboxes.

We have started an archiving project that is looking at information which currently does not form part of the corporate record but needs to be managed better through retention and disposal.

We have begun a process to commence digitising our legacy paper files in line with the Digital First Agenda.

E75: Digitisation of Legacy Paper Files

Regular contact is to be kept with NRS with regards to record transfers

Review the current iTECS- NRS Service Level Agreement with NRS to bring more into line with current procedures.

Work with NRS to develop an Electronic Archiving process for transfer of SG records to NRS

An outcome of the Archiving project will be a Scottish Government Archiving Policy will be developed to cover all types of records.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 8: Information Security

Information security is the process by which an authority protects its records and ensures they remain available. It is the means by which an authority guards against unauthorised access and provides for the integrity of the records . Robust information security measures are an acknowledgement that records represent a risk as well as an asset. A public authority should have procedures in place to assess and contain that risk.

Section 1(2) (b)(ii) of the Act specifically requires a RMP to make provision about the archiving and destruction or other disposal of the authority’s public records.

An authority’s RMP must make provision for the proper level of security for its public records.

All public authorities produce records that are sensitive. An authority’s RMP must therefore include evidence that the authority has procedures in place to adequately protect its records. Information security procedures would normally acknowledge data protection and freedom of information obligations as well as any specific legislation or regulatory framework that may apply to the retention and security of records.

The security procedures must put in place adequate controls to prevent unauthorised access, destruction, alteration or removal of records. The procedures will allocate information security responsibilities within the authority to ensure organisational accountability and will also outline the mechanism by which appropriate security classifications are linked to its business classification scheme.

Information security refers to records in all or any format as all are equally vulnerable. It refers to damage from among other things: computer viruses, flood, fire, vermin or mould.

Current or semi-current records do not normally require archival standard storage. Physical records will however survive far better in a controlled environment. In broad terms the environment for current records should not allow large changes in temperature or excess humidity (as increased high temperatures and humidity are more likely to cause mould). If records are not adequately protected then the risk that the records could be damaged and destroyed is potentially higher and could lead to significant reputational and financial cost to the business.

Further explanation and guidance on Element 8

The Scottish Government has a number of well-established information security policies and procedures which all staff are required to comply with. The policies are approved and are reviewed on a regular basis.

The Scottish Government is pro-active in its approach to information risk through the corporate risk register.

All Information Asset Owners (“ IAOs”) have been briefed and have been provided with guidance on the role.

All employees are required to undertake Protecting Information training alongside specific Data Protection e-learning training. This annual awareness training reminds employees of the importance of data security and associated risks.

The Scottish Government are responsible for ensuring that adequate physical controls are put in place to ensure the security and confidentiality of all business sensitive data whether held manually or electronically.

No action as these polices are reviewed regularly

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 9: Data protection

An authority that handles personal information about individuals has a number of legal obligations to protect that information under the Data Protection Act 1998.

The Keeper will expect an authority’s RMP to indicate compliance with its data protection obligations. This might be a high level statement of public responsibility and fair processing.

If an authority holds and process information about stakeholders, clients, employees or suppliers, it is legally obliged to protect that information. Under the Data Protection Act, an authority must only collect information needed for a specific business purpose, it must keep it secure and ensure it remains relevant and up to date. The authority must also only hold as much information as is needed for business purposes and only for as long as it is needed. The person who is the subject of the information must be afforded access to it on request.

Further explanation and guidance on Element 9

The Scottish Government has in-place wide-ranging data protection controls including high-level procedures, mandatory staff data protection training and guidance for specific activities.

The Scottish Governments Data Protection Policy is a statement of public responsibility and demonstrates the organisation’s commitment to compliance with the Act and the safeguarding and fair processing of all personal data held.

In addition to a specific DPA elearning package for all staff, ‘Protecting Information’ e-learning training packages are directed at three different levels of management.

All the eight non ministerial authorities fall under the Scottish Government Data Protection registration under their Director General name so I have provided screenshots to show which DG they fall under.

Scottish Government Staff will continue to undertake “Protecting Information” refresher on an annual basis

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 10: Business continuity and vital records

A business continuity and vital records plan serves as the main resource for the preparation for, response to, and recovery from, an emergency that might affect any number of crucial functions in an authority .

The Keeper will expect an authority’s RMP to indicate arrangements in support of records vital to business continuity. Certain records held by authorities are vital to their function. These might include insurance details, current contract information, master personnel files, case files, etc. The RMP will support reasonable procedures for these records to be accessible in the event of an emergency affecting their premises or systems.

Authorities should therefore have appropriate business continuity plans ensuring that the critical business activities referred to in their vital records will be able to continue in the event of a disaster. How each authority does this is for them to determine in light of their business needs, but the plan should point to it.

Further explanation and guidance on Element 10

The Scottish Government has a number of Business Continuity and disaster recovery plans in place. The Information and Technology Services ( iTECS) Business Continuity Plan includes the records management function and is reviewed annually.

All records and data held on the Scottish Government network are subject to regular back up and associated recovery procedures.

The Business Continuity Plans to be reviewed regularly.

The eRDM Business Continuity Plan will need to be reviewed for the upgrade of the eRDM System.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 11: Audit trail

An audit trail is a sequence of steps documenting the movement and/or editing of a record resulting from activities by individuals, systems or other entities.

The Keeper will expect an authority’s RMP to provide evidence that the authority maintains a complete and accurate representation of all changes that occur in relation to a particular record. For the purpose of this plan ‘changes’ can be taken to include movement of a record even if the information content is unaffected. Audit trail information must be kept for at least as long as the record to which it relates.

This audit trail can be held separately from or as an integral part of the record. It may be generated automatically, or it may be created manually.

Further explanation and guidance on Element 11

The eRDM system provides electronic audit trails as evidence of viewing, modifying and deletion of records and the files that the records are contained in. IT systems and databases provide audit logs that record usage and update to records.

Paper records are maintained on site and are identified within the Legacy Paper Filing System, which tracks the movements of the records, if files have been destroyed or if the files have been passed to NRS for permanent preservation. This is also kept in eRDM now so an audit trail on who is updating these records is kept as well. The spreadsheets also show where the files are in the SG and if they have been transferred to NRS for permanent preservation, these are identified by an NRS reference number.

No further action required

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 12: Competency framework for records management staff

A competency framework lists the core competencies and the key knowledge and skills required by a records manager. It can be used as a basis for developing job specifications, identifying training needs, and assessing performance.

The Keeper will expect an authority’s RMP to detail a competency framework for person(s) designated as responsible for the day-to-day operation of activities described in the elements in the authority’s RMP. It is important that authorities understand that records management is best implemented by a person or persons possessing the relevant skills.

A competency framework outlining what the authority considers are the vital skills and experiences needed to carry out the task is an important part of any records management system. If the authority appoints an existing non-records professional member of staff to undertake this task, the framework will provide the beginnings of a training programme for that person.

The individual carrying out day-to-day records management for an authority might not work for that authority directly. It is possible that the records management function is undertaken by a separate legal entity set up to provide functions on behalf of the authority, for example an arm’s length body or a contractor. Under these circumstances the authority must satisfy itself that the supplier supports and continues to provide a robust records management service to the authority.

The authority’s RMP must confirm that it is satisfied by the standard of the records management provided by the supplier and name the organisation that has been appointed to carry out records management on the authority’s behalf.

Where an authority’s records management system has been put in place by a third party, but is operated on a day-to-day basis by a member of staff in the authority, it is the competencies of that member of staff which should be confirmed, not those of the third party supplier of the system.

Further explanation and guidance on Element 12

Core competencies, key knowledge and skills required by staff with responsibilities for Records Management have been clearly defined within the Records Management Competency Framework, ensuring that staff understand their roles and responsibilities and can offer expert advice and guidance. The Records Management Competency Framework has identified that the Records Manager will have a degree or post graduate level qualification in information/records management or be working towards such a professional qualification.

‘Protecting Information’ training has been rolled out to all staff and is mandatory . In addition specific DPA training for all staff has been rolled-out and is mandatory.

eRDM Training is mandatory for all Scottish Government staff before they get access to the system. eRDM Training is mandatory for all non-ministerial bodies that use eRDM as well.

Non completion of training means no access to the system.

Identify training for current Records Manager so they can work towards obtaining a professional qualification

Look at developing training for SG to give them a better understanding of the Public Records (Scotland) Act ( PRSA) and their records management responsibilities.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 13: Assessment and review

Regular self-assessment and review of records management systems will give an authority a clear statement of the extent that its records management practices conform to the Records Management Plan as submitted and agreed by the Keeper.

Section 1(5) (i)(a) of the Act says that an authority must keep its RMP under review.

An authority’s RMP must describe the procedures in place to regularly review it in the future.

It is important that an authority’s RMP is regularly reviewed to ensure that it remains fit for purpose. It is therefore vital that a mechanism exists for this to happen automatically as part of an authority’s internal records management processes.

A statement to support the authority’s commitment to keep its RMP under review must appear in the RMP detailing how it will accomplish this task.

Further explanation and guidance on Element 13

Each of the policies and procedures produced in line with the requirements of the Public Records (Scotland) Act 2011 have been done so in consultation with colleagues across the organisation.

Each policy has been reviewed in detail in order to ensure compliance with all business as well as legal obligations.

The Corporate Records Manager will be responsible for overseeing the Records Management Plan and making sure that the supporting documentation is kept up to date. It forms part of the Corporate Records Manager’s objectives and if documentation is required to be updated it will be updated by the Corporate Records Manager or they will ask the relevant area in the Scottish Government to review and update.

The reviews of the Records Management Plan will be reported to the Head of Knowledge and Information Management and any updates will be signed off by the SIRO.

All policies and procedures will be reviewed annually to ensure the Records Management Plan is kept up to date and current.

The Records Management Plan will also be reviewed if we replace or upgrade the current eRDM system which has been installed within the Scottish Government.

RMP Element Description

Scottish Government Statement

Evidence

Further Development

Element 14: Shared Information

Under certain conditions, information given in confidence may be shared. Most commonly this relates to personal information, but it can also happen with confidential corporate records.

The Keeper will expect an authority’s RMP to reflect its procedures for sharing information. Authorities who share, or are planning to share, information must provide evidence that they have considered the implications of information sharing on good records management.

Information sharing protocols act as high level statements of principles on sharing and associated issues, and provide general guidance to staff on sharing information or disclosing it to another party. It may therefore be necessary for an authority’s RMP to include reference to information sharing protocols that govern how the authority will exchange information with others and make provision for appropriate governance procedures.

Specifically the Keeper will expect assurances that an authority’s information sharing procedures are clear about the purpose of record sharing which will normally be based on professional obligations. The Keeper will also expect to see a statement regarding the security of transfer of information, or records, between authorities whatever the format.

Element 14: Shared Information (Cont)

Issues critical to the good governance of shared information should be clearly set out among parties at the earliest practical stage of the information sharing process. This governance should address accuracy, retention and ownership. The data sharing element of an authority’s RMP should explain review procedures, particularly as a response to new legislation.

Further explanation and guidance on Element 14

The Scottish Government shares data in accordance with the Data Protection Act and Freedom of Information (Scotland) Act. The organisation has a guide to information approved by the Scottish Information Commissioner. This outlines and links to the information the organisation will routinely publish and make available.

In addition to undertaking the training on Protecting Information, all SG staff are provided with guidance concerning the procedures and considerations for electronic and hard copy distribution of information.

A standard data access agreement template is also in existence which can be modified to reflect the specific requirements and circumstances for sharing information.

No action


Contact