For more information, please see our University Websites Privacy Notice. The University of Connecticut is an agency of the State of Connecticut. As a state agency, the University is, and therefore its employees are, required to conform to state regulations and statutes. Under Section a of the Connecticut General Statutes the University has the obligation to handle, maintain, retain, dispose of and in cases destroy records in a certain manner, following specific processes and schedules.
The purpose of this policy is to provide guidance and reference for University employees regarding the retention, disposition, storage and destruction of official University records, in all formats.
The physical characteristics of non-record materials are the same as record materials. The differences between a non-record and a record are the reasons for keeping the information and how the information is used.
Non-records are not covered by this Records Management policy and therefore do not need to be retained, stored, disposed of or destroyed in accordance with procedures create under this policy and state law. Record Series — A group of similar or related records that are normally used and filed as a unit and can be evaluated as a unit for determining the record retention period.
All of the records that make up a record series must have the same retention periods.
You cannot break up a record series into individual records and give each record a different retention period. Records Retention Schedules — A comprehensive list of record series which indicates for each series the length of time it is to be maintained until it is reviewed for destruction or archival retention. It also indicates retention in active and inactive storage areas.
All employees of the University of Connecticut are required to be aware of the fact that records management procedures exist, and to ensure that records are maintained, retained, stored, disposed of and, as appropriate, destroyed only in accordance with such procedures and the Records Retention Schedules.
Employees may also contact the University Archivist at for further information. UConn A-Z. Informational copies of correspondence and other papers on which no documented administrative action is taken. Duplicate copies of documents maintained in the same file. Requests from the public for basic information such as manuals and forms that do not have any administrative retention requirements. Transmittal letters that do not add information to that contained in the transmitted material.
Reproduced or published material received from other offices which requires no action and is not required for documentary purposes. The originating agency is required to maintain the record copy. Catalogs, trade journals, and other publications or papers received which require no action and are not part of a case upon which foreseeable action will be taken.Records Management 101 training (Oregon State Archives)
Library or museum material collected for informational or exhibition purposes. Stocks of publications, forms, or other printed documents which become obsolete or outdated due to revision. The originating agency should maintain a record copy. Working papers, preliminary drafts, or other material summarized in final or other form and which have no value once action has been taken.
Policy Statement All employees of the University of Connecticut are required to be aware of the fact that records management procedures exist, and to ensure that records are maintained, retained, stored, disposed of and, as appropriate, destroyed only in accordance with such procedures and the Records Retention Schedules.Keeping good records helps companies protect institutional memory as well as maintain evidence of activities, transactions, and decisions.
In this article, you will find everything you need to know about records management: learn the basis of a good records management program, how to implement one, why it should be a part of any company, and who should be involved in the process. RM includes everything from the creation of a record to its disposal. Essentially, it comprises anything that is part of a business transaction.
Some people use the term information governance IG when talking about records management. It includes the structure, policies, procedures, and processes necessary to manage all the information stored within an organization. What makes something a record? The answer is somewhat complicated. The International Organization for Standardization ISO is an independent, non-governmental international organization that develops international standards to be implemented globally throughout its national standards bodies.
The ISO defines records as "information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. Together, the two parts provide an outline for a comprehensive records management program.
Essentially, a record is content that documents a business transaction. A record usually does not include drafts, duplicates, or convenience copies of documents. For example, a final response to a proposal is a record, but the drafts, comments about the drafts, and correspondence about the proposal might not be. Personnel files are records, as are social media posts and instant messages therefore, records management does not just involve paper documents.
According to The Global Trade Association for Information Management Companies PRISMcourts consider all of the following to be records: doodles on a paper napkin, core samples from oil exploration, a pipe with a part number on it, and sections of frozen tissue samples. A record serves as evidence of an event. Therefore, you can often take a record into a court of law to prove authenticity, reliability, integrity, and usability. Records can provide necessary documentation for an audit, court case, or other official uses.
A record can also be anything that includes personally identifiable information PII. Companies that are in the financial services, health, government, or legal sectors must be particularly aware of this kind of record.
Document management is part of records management since many documents are records. However, not all records are documents. Document management concerns more of the day-to-day activities involving physical or digital files, like capturing, storing, modifying, or sharing them. Forms management can be an important part of records management. For many organizations, the largest volume of records consists of printed or electronic forms.
This lifecycle covers everything from the creation of a record to its disposal. Different policies and procedures exist at each phase. Think of the records lifecycle as a life span that begins with creation and ends with disposal or preservation. Different programs, software, and educational materials may use different names for the phases, but they are basically fixed and operate concurrently and in continuum.
Ensure that you create records correctly, which means including the right information and using the proper format. As people use and modify a record, it continues as a record, and you must maintain and protect it from several things, including unauthorized access and damage.
Those who need records on a regular basis must have easy access to them. Different organizations follow different policies about how long they must keep a record. Active records are those that are in current use and often within close physical proximity to the people using them. An inactive record is one that a company no longer uses for current business but that you still must maintain until it reaches the end of its retention period.Below is a template for a records management policy.
To use it for your organization, you need to fully understand the rules and laws that apply to your organization and modify the sample text accordingly. For example, the retention periods listed might not comply with the regulations your organization is subject to. If your organization has multiple records policies e. In that situation, the individual policies would reference the corporate records policy and include only the sections relevant to the scope of the individual policy.
This sample records management policy is designed for financial records, but it includes all components for other types of policies. Financial records were chosen for this example because they are a type of record that all organizations must manage.
This section is a collection of the key information for the records policy. You should structure it so readers can readily identify all relevant information. Choose a name for the policy that clearly identifies its scope, especially if your organizations has multiple policies. Specify the version of the policy. Clearly indicate if this is a draft version that is still under review. Provide the name and official role or title of the person who provided the final approval. Typically this is be the CEO, the General Counsel or the person with ultimate responsibility for records policies.
List is the date that the policy expires. This is typically filled in only after the version has been approved. This field is optional. In this section, you should outline the purpose of the policy and detail the business drivers for creating it. Detail any specific rules and regulations your organization is meeting by implementing this policy and any additional considerations.
Records Management Regulations, Policy, and Guidance
The purpose of this policy is to provide guidance and direction on the creation and management of information and records and to clarify staff responsibilities.
The records management program is intended to maintain, protect, retain and dispose of records in accordance with operational needs; federal, state, and local government regulations; fiscal and legal requirements; historical value; and business reference purposes. For internal operational needs, all financial records need to be retained for the purpose of performing financial analysis of the company over time.
As such, all financial records should be retained for a minimum of five years. For historical purposes, all public quarterly and annual financial reports should be retained as permanent records. The Sarbanes-Oxley Act of requires that all financial reviews and audit material be retained for five years. The IRS states that all financial records need to be retained for up to seven years depending upon the filing conditions. There are no additional requirements from state or local authorities.
Regulatory links [link to both internal and external references by name and when possible, a direct link]. Indicate the business applications and systems the policy covers email, electronic records, etc.
Indicate if the policy covers the entire organization, a specific division or defined geographic area. This policy applies to all finance staff across the entire organization. It covers information and records stored in all formats, including:.To establish processes to manage the University's records and Information management environment throughout the Information Lifecycle. This procedure applies across the University and is supported by local processes. This procedure outlines the responsibilities of University Members and provides processes to assist in the implementation of the Records and Information Management Policy.
All Employees, contractors and consultants must make and keep full and accurate records of business activities Public Records Act All University Records and Information, with the exception of short term or transitory value records, must be captured in a compliant records management system or a University supported business system. The system s used should have regard for the Information Lifecycle and the minimum Retention Periods provided in the authorised Retention and Disposal Schedules.
University Records and Information should not be maintained archived in email folders, private accounts, personal drives or external storage media as these lack the necessary records management functionality. The University is required by the relevant Regulatory Compliance Instruments to retain all records and Information for the minimum Retention Period specified in the authorised records Retention and Disposal Schedules issued by Queensland State Archives.
The timely and authorised destruction of records and Information is essential for ongoing and effective management refer to Section 4. Ownership of all University business records and Information is vested in the University - refer to s. Under this procedure the University reserves the right to access any University business record or Information, created or received in the ordinary course of business, irrespective of its Format or storage location. In the University's ongoing transition from a paper-based to digital recordkeeping environment, records born-digital should be managed-digital.
Enterprise Information Management Services maintains an extensive suite of local processes to assist and support Employees, contractors and consultants in the management of the University's records and Information refer to Section 7. The University and all Employees, contractors and consultants are required to comply with the provisions of the relevant Regulatory Compliance Instruments. The responsibilities of these roles are listed in the following table:.
Table 1: Roles and responsibilities. Ensure the University makes and keeps full and accurate records of its activities according to the relevant Regulatory Compliance Instruments Public Records Acts. Provides executive oversight of recordkeeping across the organisation, including leadership and strategic advice through the interpretation, carriage and management of the compliance regimes relating to records and Information management, Right to Information, Administrative Access Scheme and Legal Discovery third party.
Authorised to approve disposal of University Records as specified in relevant Regulatory Compliance Instruments. Implements relevant Regulatory Compliance Instruments and provides appropriate records and Information management training, support and documented processes. Ensure Employees under their supervision are aware of their recordkeeping responsibilities and undertake training to ensure records are created and managed appropriately.
Personally responsible for the records and Information, created or received by them, in the performance of their duties and under their control, including the disposal of University Records and Information refer Section 4.
Where possible, records and Information management requirements should be considered and embedded within University Policy and Procedures by the Accountable Officer.
Further advice can be provided by Enterprise Information Management Services. All University Employees are able to access appropriate records and Information management training and support to the level of their individual responsibilities under this procedure refer to Section 4. Enterprise Information Management Services is responsible for the ongoing development, delivery and maintenance of appropriate records and Information management training and support programs, and other related resources for all University Employees.
In accordance with relevant Regulatory Compliance Instruments refer to Section 7 the University is required to maintain a robust records and Information Security environment. There is an expectation that all University Employees, contractors and consultants who create, receive, use, store or access University Records and Information, including users of the University's records management system, will adhere to relevant University Policy refer to Section 7 including, but not limited to, the management of confidential and sensitive Information, copyright, intellectual property and Information Security.
A number of University-supported business systems with varying levels of recordkeeping capability are available for the capture and management of University Records and Information.This policy establishes the framework under which official records of the University are created and managed.
This Policy is applicable to all University staff including sessional staff, researchers and research staff. It also applies to individuals who undertake work on behalf of the University, but are not employed by the University including:. Data about data. Provides context to a record allowing it to be found, understood and used by others within the organisation. A set of mandatory principles reflecting best practice methodology that Victorian Government agencies must comply with in order to meet the legislative requirements of the Public Records Act.
University records are to be managed, captured, accessed, stored and disposed of in accordance with University procedures and guidelines to ensure compliance with the Public Records Act and other regulatory instruments, including Public Record Office Victoria PROV Standards. Records created, received or used by University staff in the normal course of business are the property of the University, unless otherwise agreed.
This includes reports compiled by external consultants commissioned by the University. Corporate records assist the University in making better informed decisions and improving business practice by providing an accurate record of previous activities.
All University staff, including sessional staff, researchers and research staff, as well as individuals who may perform work on behalf of the University, including:. The Vice Chancellor, as head of the University, is responsible for ensuring the University complies with legislative requirements for recordkeeping, including the Public Records Act and other regulatory instruments, including PROV Standards. The University Registrar, as the Vice Chancellor's delegate, has the responsibility for overseeing compliance of the University's Records Management Program.
The University Registrar may, as and when required, delegate this authority to another senior officer. University staff in a supervisory capacity are responsible for monitoring and supporting staff to ensure they understand and comply with records management policies and procedures.
Managers and Supervisors should encourage and support positive recordkeeping practices within their business area. All University staff including sessional staff, researchers and research staff, as well as individuals who may perform work on behalf of the University including:.
All staff are responsible for creating and capturing complete and accurate records as part of their University duties, in accordance with this policy and associated recordkeeping procedures. All electronic records must be captured in an approved corporate business system.
Records that are created by an approved corporate business system should be stored in that system. This includes but is not limited to email correspondence, word, excel and PowerPoint documents, video, audio, social media posts and telephone conversations through recordings or file notes. The University must not make or amend records such that they are not accurate. Where the University identifies, through its continuous improvement processes or otherwise, the need to amend a record, the University must take steps to document the amendments such that a reasonable person could ascertain the nature of and rationale for the amendment s in a straightforward way.
For more information on capturing full and accurate records, refer to the Records Management Procedure — Capturing and Classifying University Records. Access to University records is only permitted by authorised University employees who require access for University business. Under no circumstances are records to be accessed or used for non-university related business.
Personal information held on corporate records must only be used for the purpose with which it was collected and must only be disclosed to authorised persons.
How To Create An Effective Records Management Program in 8 Steps
Records containing personal information must be captured, stored, accessed, and disposed of in line with the requirements of relevant legislation including, but not limited to the Information Privacy Act, Freedom of Information Act and Public Records Act. Hard copy records stored within business areas must be secured to avoid possible theft, misuse or inappropriate access .
All hard copy records created or received by the business area are to be stored in PROV compliant storage areas within the business area while the record is being used for daily business activities.
It is the responsibility of staff in a supervisory capacity to ensure hard copy files within their unit are stored securely and are only accessible by authorised persons.
Records are not permitted to be stored offsite at other non-university approved storage facilities. Transfer of inactive records must be completed as outlined in the Records Management Procedure — Retention and Disposal of University Records.As a public institution the University is bound by the Public Records Act Records received or created by University staff are deemed to be Public Records under the Act.
University staff including sessional staff, researchers and research staff are required to capture full and accurate records and manage and dispose of these records according to the authorised standards and records authorities issued by the Public Record Office Victoria PROV. Individuals who undertake work on behalf of the University, but are not employed by the University including. These procedures have been developed to provide guidance for the identification, capture, use, storage, security and disposal of records to ensure a consistent approach to records management across the University.
This procedure applies to all University staff and individuals who may perform work on behalf of the University, including:.
For a full list of relevant definitions, please refer to the Records Management Policy. A public record is any information created by or received by an officer at the University that is evidence of a business transaction or activity.
A Public Record records an action, policy, decision or decision making process, renders the organisation accountable or commits the organisation to an action. This information may be any hard copy, digital, email, sound or video recording that is evidence of a business transaction or activity. Examples include but are not limited to :.
To comply with mandatory PROV Standards and relevant legislation, it is the responsibility of all University staff to consistently create, capture, access, store and manage records as part of normal business practice. Corporate records must be handled, stored and disposed of in accordance with all relevant legislation. The systematic capture of records in compliant systems ensures authentic, reliable and useable records are maintained as evidence of the University's business activities and transactions, allowing for better decision making, transparency and accountability.
All electronic records must be captured in an approved corporate business system. Records that are created by an approved corporate business system should be stored in that system.
This includes but is not limited to email correspondence, word, excel and PowerPoint documents, video, audio, social media posts and telephone conversations through recordings or file notes.
It is the responsibility of the Officer capturing the record to ensure sufficient metadata is included to enable other staff to easily understand when, how, where, why and by whose authority actions took place and decisions were made. Staff must not store records on network drives, laptops, temporary storage devices, portable drives, CDs, DVDs as these do not comply with recordkeeping requirements.
Staff must not use cloud technologies for the storage of corporate records. There are many risks associated with the use of the cloud for storing records including security, privacy, legislative compliance etc. Staff wanting to utilise cloud storage should contact Central Records and Mailroom services for advice. Hard copy records must be placed on hard copy files and stored as per the Records Management Procedure - Security and Access of University Records.
For physical documents put a line through and correct the data, for digital records keep a record of the amendment, including reason and who requested the change on file in Student HQ. Only business related emails should be captured in ECM. Business related emails are not to be archived using email client archive functionality or other archive management systems.
Business related emails must not be stored on network drives. Emails created and sent using University systems must be professional at all times regardless of whether or not the email is considered to be business related or of an ephemeral nature.
Emails which discuss University business are corporate records and may be required to be used in evidence for example - appeals. Staff should ensure when creating email records they adhere to the requirements of the University's Use of Computing and Communication Facilities Policy. To ensure full and complete records are created, emails received by the University that contain attachments must be captured as a single record, that is the email message including the attachment must be registered into ECM.
University employees must not register the attachment without the email message as this contains metadata which would be lost if discarded.
Hard copy records which have been scanned using a University MFD and sent as an attachment to the registering officer for registration purposes can be registered separately and the email message discarded. This rule applies as the email message contains no relevant metadata to provide history or context to the attachment, and is purely a mechanism for delivery.
Emails of short term value used to facilitate University business, but are of an incidental nature or of such short-term value that they do not support or contribute to a business transaction, do not need to be captured and should be managed within personal email accounts.Making sure that your company records are maintained and stored properly is a project that could be the most important day-to-day work for your business.
It is critical to ensure that you are retaining and shredding the right documents at the right time, all handled by an employee with sufficient knowledge to do so. Although there are intermediary steps like offsite document storage that can increase workflow and productivity, developing and maintaining a complete records management program will have a size-able impact for your company. With the right program in place, your company will have a road-map that tracks and files all your records leading to a more efficient work environment.
You have to consider the size of your office, the laws and regulations that your company has to follow, and the type of management system that makes sense for how you interact with your data. By doing a complete inventory of all the records you want to manage, you will be able to implement processes that coincide with your business and your data management needs of your team.
Once you have determined the way you want to manage your records, you need to determine two things:. A records retention program provides for the review, retention and destruction of records received or created in the course of regular business activities.
This outlined schedule will help eliminate the risk of older documents causing legal problems and will cut costs by reducing storage needs of old and unneeded documents.
All their documents are scanned and indexed, making them easier to manage and find. Other companies prefer to utilize a hard-copy storage system through a records management company and secure off-site records storage to manage their papers.
This allows them to have access to their documents any time they need them, and still maintain hard-copy records for legal or regulatory purposes. By creating a thorough procedure for your new records management plan, you can verify that the proper steps are taken in the future and can distribute this knowledge throughout the workplace. Keeping everyone on the same page with their records management eliminates any mistakes that can lead to inefficiency or loss of data.
Accidents and natural disasters happen so make sure you have a disaster recovery plan in place to help eliminate any issues in case of a natural disaster, fire, or flood.
A solid backup plan will give you the peace of mind in knowing your data is recoverable in the case of any emergencies. Training your employees after implementation of your new records management plan is the next step.
By selecting the right team and ensuring you have well-defined processes and procedures, your records management will be a success.
Maintaining a regular process update and audit procedure will ensure that you correct any problems as quickly as possible. About Us Partners Login. Here are the 8 steps that we believe are the mainstays of a solid records management program. Step 1: Complete inventory of all records Before you put a new process in place, you should understand the scope of your project.
Step 2: Determine who is going to manage the process and records Once you have determined the way you want to manage your records, you need to determine two things: Who is going to manage each step of the process? What steps of the process need to be managed? Step 5: Create and document proper procedures By creating a thorough procedure for your new records management plan, you can verify that the proper steps are taken in the future and can distribute this knowledge throughout the workplace.
Step 6: Create a disaster recovery plan Accidents and natural disasters happen so make sure you have a disaster recovery plan in place to help eliminate any issues in case of a natural disaster, fire, or flood.
Step 7: Training and implementation Training your employees after implementation of your new records management plan is the next step.