Records Management Policy

Introduction: The Importance of Records Management

1. The term ‘record’ can refer to any recorded information held by an organisation. The
focus of records management is the longer-term storage and managing of information.

2. Good records management is essential to ensure that corporate information is:

2.1 Kept for as long as required to meet our legal obligations and regulatory, financial,
and business needs.

2.2 Stored in a way which prevents information being lost or destroyed.

2.3 Organised in such a way that it can be retrieved when required (for example, to
respond to a Freedom of Information request or to a public inquiry).

2.4 Kept only, if necessary, particularly if the information contains personal data.

3 We also have a duty to preserve some records in the long term for the benefit of those
with an interest in our history. Thus includes the history of our predecessor organisations
and the history of the professions we regulate.

Scope of this policy

4. The focus of records management and the scope of this records management policy is
the long-term storage and managing of information.

5. The policy applies to the managing of all documents and corporate information in all
formats or media held by us.

6. Records management is one activity within the larger sphere of information

management. Other aspects of information management such as data quality
management, data protection and information security are out of the scope of this policy.
However, this policy refers to areas where this overlap between records management
and other relevant policies and areas of information management activity.

Approved by the Information Governance and Security Board September 2020

Reviewed: February 2023. Next review: March 2024

1
Aims of the policy

7 This policy sets out our commitment to achieving high standards in records
management. It also:

7.1 Sets out roles and responsibilities for records management.

7.2 Sets out our policy on archiving and digital preservation for the long-term storage
of records kept for historical research purposes.

8 The policy is supported by procedures and guidance for the information and records
management team. It is also supported by guidance and training for colleagues which
explain the practical steps we all need to take to ensure good records management.

Roles and responsibilities

9 The Chief Executive and Registrar has overall accountability for records management.

10 The Senior Information Risk Owner (SIRO) has overall responsibility for managing
records management risk.

11 Directors are responsible for approving this policy and may delegate responsibility for
approving this policy and any amendments to it to the Information Governance and
Security Board (IGSB).

12 Information asset owners are responsible for making decisions about information assets
including corporate records. For example, asset owners decide how long specific records
will be kept. A list of information assets and their owners is recorded on the information
asset register. The full responsibilities of information asset owners are set out in our
guide for Information asset owners.

13 The Information and Records team is responsible for managing the electronic document
and records management system (TRIM). This includes providing training and guidance
on records management, and managing our physical archived records including
archived Fitness to Practise case material.

14 All colleagues have a responsibility for good records management and are expected to
follow our records management training and guidance.

Approved by the Information Governance and Security Board September 2020

Reviewed: February 2023. Next review: March 2024

2
Compliance

15 All those working for us must comply with this policy.

16 Any alleged breach of this policy may result in an investigation. This may result in action
being taken by us up to and including dismissal; removal from office; or termination of a
contract for services. We’ll cooperate with law enforcement authorities if a criminal
violation is suspected. We reserve the right to claim compensation from individual(s)
through normal lawful processes if we suffer damage.

Policy statements
Achieving good records management

17 We are committed to achieving high standards in records management. To achieve this,

colleagues are expected to follow the records management training and guidance
provided by the information and records team.

18 The Information and Records management team provides training and guidance, which
explains the steps we all need to take to ensure good records management. This covers
appropriate use of our records management system, where and how to store records of
different types, how to organise information and version control.

Records retention

19 Records will be kept for the retention periods set out in the corporate information
retention schedule. They will be kept in the formats and locations set out in the schedule.
The retention schedule also sets out the rationale for keeping information for the stated
timeframes.

20 The information retention schedule will be regularly reviewed. Significant changes to the
retention schedule are approved by the Information Governance and Security Board.

Disposal and permanent deletion of records

21 Records will be permanently disposed of or deleted when they meet the end of their
retention period as set out in the information retention schedule. Further authorisation
for records disposal or deletion is not required from asset owners when disposal or
deletion is in line with the information retention schedule. Some IT systems automatically
delete data when it reaches the end of its retention period.

Approved by the Information Governance and Security Board September 2020

Reviewed: February 2023. Next review: March 2024
3
22 Where the record type is not listed in the retention schedule further approval is required.
The information and records team will therefore obtain approval from the asset owner or
an assistant director before the records are permanently destroyed or deleted. This also
applies if there is an intention to dispose of records in a timeframe different from that set
out in the retention schedule.

Information security and records management

23 All information assets, including our repositories of corporate records, are listed on our
asset register which forms part of our information security management system.

24 Corporate records are given security classifications as set out in our Information
Classification and Handling policy.

25 Electronic records will be backed up as set out in our data and systems backup policy.

26 Control of access to records will comply with our Information access control policy

27 Final versions of all electronic corporate records will be stored in our Electronic
Document and Records Management System.

28 When confidential records are disposed of, they will be disposed of in a way which is
compliant with our confidential waste destruction policy.

Business continuity and records management: vital records

29 Vital records are records that are essential for our ongoing business, and which enable us
to operate during a disaster.
30 As part of business continuity planning, each directorate will:
30.1 Identify and keep a list of its vital records.
30.2 Store vital records in a location and format which ensures they remain available
to use in the event of a disaster.
30.3 List any vital records in their directorate business continuity plan.

Approved by the Information Governance and Security Board September 2020

Reviewed: February 2023. Next review: March 2024

4
Preservation of long-term records and archives

31 Some of the records we hold are of long-term historical value and need permanent
preservation. This is in accordance with our duty to be an open, transparent, and
accountable organisation. Maintaining a record of our past actions and decisions also
acts as our long-term memory. In addition, it provides research materials that will meet
the needs of the academic and research communities as well as the public in future
years.

32 Examples of records to be selected for permanent archiving include committee papers,

annual reports, and documents about major changes within the organisation.

33 The information retention schedule lists those records that will be permanently kept for
their long-term historical value.

34 Digital records will be managed throughout their lifecycle to ensure their long-term
preservation and reliability. This will be achieved by capturing both the record content
and record properties at the point when the record is created. It will also be done by
ensuring that record properties are retained with the digital record.

Management of FtP case material

The guidance on the retention and archiving of FtP case records supplements this corporate
records management policy. It sets out practical guidance for the storage, retention, and
destruction of case-related information.

Approved by the Information Governance and Security Board September 2020

Reviewed: February 2023. Next review: March 2024
5
Related documents

Document Trim reference

Information security policy 1643317

Data Protection policy 5679526

Information access control policy 2563199

Confidential waste destruction policy 2555084

Information classification and handling policy 1403395

Data and systems back-up policy 6353805

Information asset register 5180950

Guidance for information asset owners 2546689

Guidance on the retention and archiving of FtP case records 7021872

Information and records management team procedures and 17/2486

guidance 20/1992

Records management guidance for colleagues 20/2204

Corporate business continuity documents 18/225

Approved by the Information Governance and Security Board September 2020

Reviewed: February 2023. Next review: March 2024