Records Management Standard for the New Zealand Public Sector: requirements mapping document
Size: px
Start display at page:

Download "Records Management Standard for the New Zealand Public Sector: requirements mapping document"

Transcription

1 Records Management Standard for the New Zealand Public Sector: requirements mapping document Introduction This document maps the requirements in the new Records Management Standard to the requirements in the four current recordkeeping standards. In sections 1 through 4 it maps the requirements in each of the current standards forward to those in the new standard. In section 5, it maps the requirements in the new standard back to those in the current ones. Old and new requirements are related in one of several ways: one-to-one translation, with minor wording changes or slight changes in emphasis amalgamation of duplicated requirements amalgamation of requirements from different standards relating to similar products or procedures eg policies, tracking documents, monitoring systems amalgamation of requirements that can reasonably be assumed to be part of a coherent process eg disposal procedures include checking that any approved disposal authority is valid amalgamation of requirements, where one can reasonably be assumed to imply the other eg maintaining the link between records and metadata assumes doing so during migration between systems; regular disposal implies appraisal has taken place opening out of a few very high level requirements, particularly in Create and Maintain, and making them more specific. Several requirements from the Storage Standard and the Electronic Recordkeeping Metadata Standard have been downgraded. See below. 1

2 1. Create and Maintain vs Records Management Standard Current requirement New requirement CM 1 CM 2 CM 3 CM 4 CM 5 CM 6 CM 7 CM 8 (capture/systems) CM 9 CM 10/19 (metadata) Responsibility for recordkeeping compliance must be assigned and endorsed by the administrative head. Organisations must have a defined, documented and implemented policy for recordkeeping, which is regularly reviewed. Organisations must have defined, documented and implemented procedures for recordkeeping which are regularly reviewed. Recordkeeping responsibilities and resources must be defined, supported and assigned. A programme of internal recordkeeping, monitoring and compliance must be developed and implemented. The functions and business activities of an organisation must be identified and documented, including any functions contracted out. Records of business decisions and transactions must be created. All records of business activity must be captured routinely into an organisation-wide recordkeeping framework. Staff must receive appropriate, and regular, training for organisational recordkeeping responsibilities. Records must be authentic: organisations must accurately document their creation, receipt, and transmission. 7.1 Records management responsibilities must be assigned 7.4, , , 7.2, , , 7.1 through 7.8 Principles 2-7 define the outline of a recordkeeping framework 7.2, 7.3 Policy for records management must be set and documented Records management policies and processes must be implemented, monitored and regularly reviewed Records management policies and processes must be implemented, monitored and regularly reviewed Records management activities must be documented Records management responsibilities must be assigned Staff must be trained to create and maintain records Records management must be resourced Records management objectives must be defined and documented Records management policies and processes must be implemented, monitored and regularly reviewed Internal requirements and external obligations to create and maintain records of business activity must be identified and documented Records must be created and maintained to meet internal requirements and external obligations Records must be created in a timely manner Principle 7 (manage records systematically) 3.1 through 3.4 Principle 3 (metadata) Staff must be trained to create and maintain records Trained staff must be assigned to carry out records management functions and activities 2

3 CM 11 CM 12/18 (access) CM 13 CM 14 CM 15 (systems) CM 16 CM 17 (systems/storage) CM 18/12 (access) CM 19/10 (metadata) CM 20 (disposal) Records must have reliability and integrity and must be maintained unaltered. Records must be useable, retrievable and accessible. Records must be complete, recording the content and contextual information necessary to document an activity. Records must be comprehensive and provide authoritative evidence of all business activities. Records must be identified and captured within a recordkeeping framework. Records must be organised according to a business classification scheme. Records must be reliably maintained over time within a recordkeeping framework. Records must be useable, accessible and retrievable for the entire period of their retention Records contextual and structural integrity must be maintained over time. Retention and disposal actions must be applied systematically. 1.5, 6.1 The content of records must be fixed Records must be secure 4.1 through 4.4 Principle 4 (access) 1.3, Principles 2-7 define the outline of a recordkeeping framework through through 6.7 The content and structure of records must fit their purpose and audience Records must be classified and organised according to a business classification scheme The content and structure of records must fit their purpose and audience Principles through 4.4 Principle 4 (access) 3.1 through 3.4 Principle 3 (metadata) 5.1 through 5.6 Principle 5 (disposal) Records must be classified and organised according to a business classification scheme Principle 7 (manage records systematically) Principle 6 (maintain integrity) 3

4 2. Electronic Recordkeeping Metadata Standard vs Records Management Standard Current requirement New requirement ERMS 1 ERMS 2 ERMS 3 ERMS 4 ERMS 5 Records and information management policies and procedures must specify the role of recordkeeping metadata in ensuring authenticity, reliability, and integrity. Responsibility for: creating, maintaining and altering an organisation s recordkeeping metadata schemas and encoding schemes attribution and verification of point of capture recordkeeping metadata must be assigned, documented, communicated and regularly reviewed. Rules relating to changing recordkeeping metadata must be defined. Metadata schema and encoding schemes must be maintained, documented and communicated. Metadata in all business-critical systems/applications which create records must be mapped to the recordkeeping metadata schema established in the accompanying Technical Specifications. 7.6, , 7.1, , 7.6, Downgraded recommended in 3.2 Records management policies and processes must be implemented, monitored and regularly reviewed Records management activities must be documented Metadata management tools must be developed and maintained, and changes made to them must be tracked and documented Records management responsibilities must be assigned Trained staff must be assigned to carry out records management functions and activities The disposal of records management metadata must be managed systematically Records management policies and processes must be implemented, monitored and regularly reviewed Records management activities must be documented Metadata management tools must be developed and maintained, and changes made to them must be tracked and documented It may be more efficient for agencies to map systems directly to each other 4

5 Current requirement New requirement ERMS 6 ERMS 7 ERMS 8 Recordkeeping metadata must be assigned to or associated with all record objects and aggregations. Organisations must document their decisions about the attribution of recordkeeping metadata. At point of capture of a record object, the following minimum recordkeeping metadata must be attributed: a unique identifier a name date of creation who created the record what business is being conducted creating application and version The following minimum records management metadata must be assigned to records and aggregations of records (see also requirement 5.6): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the name and version of the software application used to create digital records the subsequent actions, if any, carried out on the record, such as accessing, modifying or disposing the identification of the persons or systems carrying out those actions, and the dates those actions were carried out. Records management policies, processes and activities must be documented The following minimum records management metadata must be assigned to records and aggregations of records (see also requirement 5.6): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the name and version of the software application used to create digital records the subsequent actions, if any, carried out on the record, such as accessing, modifying or disposing the identification of the persons or systems carrying out those actions, and the dates those actions were carried out. 5

6 Current requirement New requirement ERMS 9 ERMS 10 ERMS 11 ERMS 12 ERMS 13 ERMS 14 For each action undertaken on a record object the following minimum recordkeeping process metadata must be maintained: the date of the action the identification of the person or system undertaking the action what action was undertaken. Organisations must identify where requirements to extend the recordkeeping metadata exist. Recordkeeping metadata must be persistently linked with a record object for its entire period of retention. Recordkeeping metadata must accompany record objects being transferred from their original creating environment or system. Recordkeeping metadata must be subject to appraisal decisions prior to its disposal. Recordkeeping metadata must be protected from unauthorised disposal. 3.1 Downgraded recommended in The following minimum records management metadata must be assigned to records and aggregations of records (see also requirement 5.6): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the name and version of the software application used to create digital records the subsequent actions, if any, carried out on the record, such as accessing, modifying or disposing the identification of the persons or systems carrying out those actions, and the dates those actions were carried out. Agencies will do this where there are obvious benefits. Records management metadata must be persistently linked to records and aggregations of records Records management metadata must be persistently linked to records and aggregations of records The disposal of records management metadata must be managed systematically The disposal of records management metadata must be managed systematically 6

7 Current requirement New requirement ERMS 15 After authorised disposal actions on a record are implemented (including transfer and destruction), the following minimum recordkeeping metadata must be retained for as long as is required by the business: point of capture metadata including a unique identifier, a name, date of creation, who created the record, what business is being conducted, and the creating application and version the date the disposal action took place the authority governing the record s destruction the person/role undertaking the disposal action. 5.6 The following minimum metadata must be generated or captured during the disposal process, and retained for as long as required to account for the disposal of records (see also requirements 3.1 and 3.4): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the date of disposal the authority governing the disposal of the records, and the person/role carrying out the disposal. 7

8 3. Disposal Standard vs Records Management Standard Current requirement New requirement DS 1 DS 2 DS 3 DS 4 DS 5 DS 6 Disposal of public records and local authority protected records must be authorised by the Chief Archivist, in accordance with the Public Records Act Disposal of records must be approved by the controlling organisation. Disposal of records must be undertaken using a disposal authority that is current and relevant. Organisations must have policies and procedures for the disposal of records. Disposal of records must be undertaken on a regular and routine basis. Appropriate protection and preservation of records of archival value must be planned , 7.7 The correct statutory process for disposing of records must be followed A systematic internal process for disposing of records must be set up and followed A systematic internal process for disposing of records must be set up and followed Records management policies and processes must be implemented, monitored and regularly reviewed Records management activities must be documented 5.5 Records must be disposed of regularly 4.4, 5.4 (and Principle 6) Risks to the accessibility of records must be identified and mitigated A systematic internal process for disposing of records must be set up and followed Principle 6 (maintain integrity) 8

9 Current requirement New requirement DS 7 Disposal of records must be documented. 5.6, 7.7 The following minimum metadata must be generated or captured during the disposal process, and retained for as long as required to account for the disposal of records (see also requirements 3.1 and 3.4): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the date of disposal the authority governing the disposal of the records, and the person/role carrying out the disposal. Records management policies, processes and activities must be documented Records management policies and processes must be implemented, monitored and regularly reviewed DS 8 Disposal activities must be regularly monitored and reviewed. Disposal activities must be carried out by personnel who have appropriate skills and knowledge. Methods used to dispose of records must comply with any privacy and security requirements. Everything necessary and practical must be done to ensure that the destruction of records is complete. 7.6 DS Trained staff must be assigned to carry out records management functions and activities DS , 6.1 Access to records must be managed appropriately Records must be secure DS A systematic internal process for disposing of records must be set up and followed 9

10 4. Storage Standard vs Records Management Standard Current requirement New requirement or technical specification 7.6, but this sits across a range of different principles and requirements SS 1 Records must be identified and registered in a system which controls the records and allows efficient retrieval. Records management policies and processes must be implemented, monitored and regularly reviewed SS 2 Records must be arranged in an orderly manner, and well managed so that order is maintained. 6.6 Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. SS 3 Procedures must be in place for retrieving, handling and reshelving records, and for returning records to off-site storage

11 Current requirement New requirement or technical specification SS 4 Inactive records of archival value must be identified so that they can be stored appropriately. 6.7 Inactive physical records and inactive digital records held on removable media must be identified and stored in a dedicated storage area Inactive physical records and inactive digital records held on removable media must be identified and stored in a dedicated storage area Access to records must be managed appropriately Records must be accessible when required SS 5 Records that are not in active use must be stored in a dedicated storage area. 6.7 SS 6 Storage areas must allow ongoing access to the records by authorised users. Records must be stored in locations which reflect the characteristics of their format and their retention period. 4.1, 4.2 SS Records must be stored on appropriate media or hardware, and in suitable containers and locations SS 8 The building in which records are stored must comply with the New Zealand Building Code that applied at the time of construction and associated codes and standards, and be appropriate for use in storing records. 6.6 Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. 11

12 Current requirement SS 9 The building in which records are stored must have adequate drainage systems to prevent flooding. New requirement or technical specification 6.8 Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. 12

13 Current requirement SS 10 The storage area must be insulated from the climate outside New requirement or technical specification 6.8 Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. 13

14 Current requirement SS 11 Storage areas must be protected against internal hazards. New requirement or technical specification 6.8 Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. 14

15 Current requirement New requirement or technical specification SS 12 A building maintenance programme must be in place. 6.8 Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. Records must be protected from natural and man-made hazards SS 13 Records are located as far as possible from natural and man-made hazards. A disaster management plan and procedures must be in place, kept current, and known to staff. Staff who are responsible for records must be trained in emergency procedures to protect and salvage the records. 6.2 SS Business continuity and disaster management planning must address the protection and salvage of records SS , 7.3 Records management responsibilities must be assigned Trained staff must be assigned to carry out records management functions and activities 15

16 Current requirement SS 16 SS 17 SS 18 There must be a comprehensive fire protection system and equipment for the building, in compliance with the New Zealand Building Code. Records which contain sensitive or classified information must be identified and protected. Access to records storage areas must be controlled and restricted to authorised staff. New requirement or technical specification Records must be secure Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. 4.1 Access to records must be managed appropriately 16

17 Current requirement New requirement or technical specification SS 19 Storage areas must be intruder resistant and have an intruder alarm system. 6.8 Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. SS 20 Records must be stored using shelving or equipment appropriate to the format and size of the items

18 Current requirement SS 21 Inactive records of archival value must be packaged in containers which are clean, in good condition and appropriate to the format and retention period of the records. SS 22 Records must be stored away from light. 6.6 SS 23 Magnetic media must be stored away from magnetic fields. New requirement or technical specification Records must be stored on appropriate media or hardware, and in suitable containers and locations Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. 18

19 Current requirement SS 24 Storage areas must be kept clean. 6.8 SS 25 SS 26 SS 27 SS 28 Records of short-term value must be stored in conditions which ensure preservation until they are no longer required. Inactive records of archival value must be stored in conditions where the relative humidity is never above 60% or below 30%. Inactive records of archival value must be stored in conditions where the temperature is never above 25 degrees centigrade. Archives must be stored in conditions where the relative humidity does not fluctuate by more than 10% in a 24 hour period, or 20% in a year. New requirement or technical specification 6.3 Downgraded Downgraded Downgraded Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. Records must be stored on appropriate media or hardware, and in suitable containers and locations 19

20 Current requirement New requirement or technical specification SS 29 Archives must be stored in conditions where the temperature does not fluctuate by more than 4 degrees centigrade over a 24 hour period or 10 degrees centigrade over a year. Downgraded SS 30 Environmental conditions for records of archival value must be regularly monitored, and records of monitoring must be kept. Downgraded 20

21 5. Records Management Standard vs current standards New requirement Current requirement Internal requirements and external obligations to create and maintain records of business activity must be identified and documented Records must be created and maintained to meet internal requirements and external obligations The content and structure of records must fit their purpose and audience CM 6 CM Records must be created in a timely manner CM The content of records must be fixed CM Business activities must be documented in a business classification scheme Records must be classified and organised according to a business classification scheme CM 13, CM 14 CM 6 CM 13, CM 16; SS 2 The functions and business activities of an organisation must be identified and documented, including any functions contracted out. Records of business decisions and transactions must be created. Records must be complete, recording the content and contextual information necessary to document an activity. Records must be comprehensive and provide authoritative evidence of all business activities. All records of business activity must be captured routinely into an organisation-wide recordkeeping framework. Records must have reliability and integrity and must be maintained unaltered. The functions and business activities of an organisation must be identified and documented, including any functions contracted out. Records must be complete, recording the content and contextual information necessary to document an activity. Records must be organised according to a business classification scheme. Records must be arranged in an orderly manner, and well managed so that order is maintained. 21

22 New requirement Current requirement The following minimum records management metadata must be assigned to records and aggregations of records (see also requirement 5.6): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the name and version of the software application used to create digital records the subsequent actions, if any, carried out on the record, such as accessing, modifying or disposing the identification of the persons or systems carrying out those actions, and the dates those actions were carried out. Metadata management tools must be developed and maintained, and changes made to them must be tracked and documented CM 10, CM 19; ERMS 6, ERMS 8, ERMS 9 CM 10, CM 19; ERMS 2, ERMS 4 Records must be authentic: organisations must accurately document their creation, receipt, and transmission. Records contextual and structural integrity must be maintained over time. Recordkeeping metadata must be assigned to or associated with all record objects and aggregations. Records must be authentic: organisations must accurately document their creation, receipt, and transmission. Records contextual and structural integrity must be maintained over time. Metadata schema and encoding schemes must be maintained, documented and communicated. Responsibility for: o creating, maintaining and altering an organisation s recordkeeping metadata schemas and encoding schemes o attribution and verification of point of capture recordkeeping metadata must be assigned, documented, communicated and regularly reviewed. 22

23 New requirement Current requirement Records management metadata must be persistently linked to records and aggregations of records The disposal of records management metadata must be managed systematically Access to records must be managed appropriately CM 10, CM 19; ERMS 11, ERMS 12 CM 10, CM 19; ERMS 3, ERMS 13, ERMS 14 CM 12, CM 18; SS 1, SS Records must be accessible when required CM 12, CM 18; SS 1, SS 6 Records must be authentic: organisations must accurately document their creation, receipt, and transmission. Records contextual and structural integrity must be maintained over time. Recordkeeping metadata must be persistently linked with a record object for its entire period of retention. Recordkeeping metadata must accompany record objects being transferred from their original creating environment or system. Records must be authentic: organisations must accurately document their creation, receipt, and transmission. Records contextual and structural integrity must be maintained over time. Rules relating to changing recordkeeping metadata must be defined Recordkeeping metadata must be subject to appraisal decisions prior to its disposal. Recordkeeping metadata must be protected from unauthorised disposal. Records must be useable, retrievable and accessible. Records must be useable, accessible and retrievable for the entire period of their retention Records must be identified and registered in a system which controls the records and allows efficient retrieval. Storage areas must allow ongoing access to the records by authorised users. Records must be useable, retrievable and accessible. Records must be useable, accessible and retrievable for the entire period of their retention Records must be identified and registered in a system which controls the records and allows efficient retrieval. Storage areas must allow ongoing access to the records by authorised users. 23

24 New requirement Current requirement 4.3 The use of records must be promoted 4.4 Risks to the accessibility of records must be identified and mitigated CM 12, CM 18; SS 6, SS 7 underpin this idea, but it is a slight change in emphasis from current guidance CM 12, CM 18; SS 6, SS 7; DS The value of records must be appraised CM 20; DS 5 (implied) Retention periods and disposal actions for records must be defined and documented The correct statutory process for disposing of records must be followed CM 20; DS 5 (implied) CM 20; DS 1; ERMS 13, ERMS 14 Records must be useable, retrievable and accessible. Records must be useable, accessible and retrievable for the entire period of their retention Records must be identified and registered in a system which controls the records and allows efficient retrieval. Storage areas must allow ongoing access to the records by authorised users. Records must be useable, retrievable and accessible. Records must be useable, accessible and retrievable for the entire period of their retention Records must be identified and registered in a system which controls the records and allows efficient retrieval. Storage areas must allow ongoing access to the records by authorised users. Appropriate protection and preservation of records of archival value must be planned Retention and disposal actions must be applied systematically. Disposal of records must be undertaken on a regular and routine basis. Retention and disposal actions must be applied systematically. Disposal of records must be undertaken on a regular and routine basis. Retention and disposal actions must be applied systematically. Disposal of public records and local authority protected records must be authorised by the Chief Archivist, in accordance with the Public Records Act Recordkeeping metadata must be subject to appraisal decisions prior to its disposal. Recordkeeping metadata must be protected from unauthorised disposal 24

25 New requirement Current requirement 5.4 A systematic internal process for disposing of records must be set up and followed CM 20; DS 2, DS 3, DS 6, DS Records must be disposed of regularly CM 20; DS The following minimum metadata must be generated or captured during the disposal process, and retained for as long as required to account for the disposal of records (see also requirements 3.1 and 3.4): a unique identifier a name the date of creation the business activity documented by the record the creator (person or system) of digital records the date of disposal the authority governing the disposal of the records, and the person/role carrying out the disposal. CM 20; ERMS 15; DS 7 Retention and disposal actions must be applied systematically. Disposal of records must be undertaken using a disposal authority that is current and relevant. Disposal of records must be approved by the controlling organisation. Disposal of records must be undertaken using a disposal authority that is current and relevant. Appropriate protection and preservation of records of archival value must be planned. Everything necessary and practical must be done to ensure that the destruction of records is complete. Retention and disposal actions must be applied systematically. Disposal of records must be undertaken on a regular and routine basis. Retention and disposal actions must be applied systematically. After authorised disposal actions on a record are implemented (including transfer and destruction), the following minimum recordkeeping metadata must be retained for as long as is required by the business: o point of capture metadata including a unique identifier, a name, date of creation, who created the record, what business is being conducted, and the creating application and version o the date the disposal action took place o the authority governing the record s destruction o the person/role undertaking the disposal action. Disposal of records must be documented. 25

26 New requirement Current requirement 6.1 Records must be secure CM 17; DS 10; SS Records must be protected from natural and man-made hazards Records must be stored on appropriate media or hardware, and in suitable containers and locations At-risk records must be identified and managed appropriately Business continuity and disaster management planning must address the protection and salvage of records CM 17; SS 13 CM 17; SS 7, SS 21, SS 25 CM 17. This is a general requirement which emphasises the importance of storing records appropriately SS requirements. CM 17; SS 14: slight extension to include business continuity planning Records must be reliably maintained over time within a recordkeeping framework. Methods used to dispose of records must comply with any privacy and security requirements. Records which contain sensitive or classified information must be identified and protected Records must be reliably maintained over time within a recordkeeping framework. Records are located as far as possible from natural and manmade hazards. Records must be reliably maintained over time within a recordkeeping framework. Inactive records of archival value must be packaged in containers which are clean, in good condition and appropriate to the format and retention period of the records. Records must be stored in locations which reflect the characteristics of their format and their retention period. Records of short-term value must be stored in conditions which ensure preservation until they are no longer required. Records must be reliably maintained over time within a recordkeeping framework. Records must be reliably maintained over time within a recordkeeping framework. A disaster management plan and procedures must be in place, kept current, and known to staff. 26

27 New requirement Current requirement Physical records and digital records held on removable media must be stored in conditions that ensure their safe care and custody. These records must be: stored in buildings with fire protection systems and equipment compliant with the New Zealand Building Code stored above floor-level using shelving or equipment appropriate to the format of the records or the size of the storage media stored away from sunlight and artificial light stored away from magnetic interference, if they are digital records held on removable media arranged in an orderly manner, and retrieved, handled and reshelved in accordance with set procedures. Inactive physical records and inactive digital records held on removable media must be identified and stored in a dedicated storage area SS 16 SS 3 SS 20 SS 22 SS 23 SS 2 CM 17; SS 4, SS 5 There must be a comprehensive fire protection system and equipment for the building, in compliance with the New Zealand Building Code. Procedures must be in place for retrieving, handling and reshelving records, and for returning records to off-site storage. Records must be stored using shelving or equipment appropriate to the format and size of the items. Records must be stored away from light. Magnetic media must be stored away from magnetic fields. Records must be arranged in an orderly manner, and well managed so that order is maintained. Records must be reliably maintained over time within a recordkeeping framework. Inactive records of archival value must be identified so that they can be stored appropriately. Records that are not in active use must be stored in a dedicated storage area 27

28 New requirement Current requirement Dedicated storage areas for inactive physical records or for inactive digital records held on removable media must ensure the survival of those records in a usable form. These storage areas must: be located in buildings which comply with the provisions of the New Zealand Building Code in force at time of construction and with any associated codes and standards have adequate floor loading capacity have drainage systems adequate to prevent flooding or must be located in buildings with drainage systems adequate to prevent flooding be insulated from the outside climate be protected from internal hazards be maintained over time in accordance with a documented maintenance programme be intruder resistant and have an alarm system or be located within buildings that are intruder resistant and have an alarm system, and be kept clean and free of pests such as rodents and insects. Records management responsibilities must be assigned Staff must be trained to create and maintain records CM 17 SS 8 SS 9 SS 10 SS 11 SS 12 SS 19 SS 24 CM 1, CM 4 CM 4, CM 9 Records must be reliably maintained over time within a recordkeeping framework. The building in which records are stored must comply with the New Zealand Building Code that applied at the time of construction and associated codes and standards, and be appropriate for use in storing records. The building in which records are stored must have adequate drainage systems to prevent flooding. The storage area must be insulated from the climate outside Storage areas must be protected against internal hazards. A building maintenance programme must be in place. Storage areas must be intruder resistant and have an intruder alarm system. Storage areas must be kept clean. Responsibility for recordkeeping compliance must be assigned and endorsed by the administrative head. Recordkeeping responsibilities and resources must be defined, supported and assigned. Recordkeeping responsibilities and resources must be defined, supported and assigned. Staff must receive appropriate, and regular, training for organisational recordkeeping responsibilities. 28

29 New requirement Current requirement Trained staff must be assigned to carry out records management functions and activities Policy for records management must be set and documented Records management objectives must be defined and documented Records management policies and processes must be implemented, monitored and regularly reviewed CM 9; SS 15; DS 9; ERMS 2 CM 2 CM 5 CM 2, CM 3, CM 5; DS 4; ERMS 1, ERMS 3 Staff must receive appropriate, and regular, training for organisational recordkeeping responsibilities. Staff who are responsible for records must be trained in emergency procedures to protect and salvage the records. Disposal activities must be carried out by personnel who have appropriate skills and knowledge. Responsibility for: o creating, maintaining and altering an organisation s recordkeeping metadata schemas and encoding schemes o attribution and verification of point of capture recordkeeping metadata must be assigned, documented, communicated and regularly reviewed. Organisations must have a defined, documented and implemented policy for recordkeeping, which is regularly reviewed. A programme of internal recordkeeping, monitoring and compliance must be developed and implemented. Organisations must have a defined, documented and implemented policy for recordkeeping, which is regularly reviewed. A programme of internal recordkeeping, monitoring and compliance must be developed and implemented. Recordkeeping responsibilities and resources must be defined, supported and assigned. Organisations must have policies and procedures for the disposal of records. Records and information management policies and procedures must specify the role of recordkeeping metadata in ensuring authenticity, reliability, and integrity. Rules relating to changing recordkeeping metadata must be defined. 29

30 New requirement Current requirement 7.7 Records management activities must be documented 7.8 Records management must be resourced CM 4 CM 3; ERMS 1, ERMS 3, ERMS 7; DS 4, DS 7 A programme of internal recordkeeping, monitoring and compliance must be developed and implemented. Records and information management policies and procedures must specify the role of recordkeeping metadata in ensuring authenticity, reliability, and integrity. Rules relating to changing recordkeeping metadata must be defined. Organisations must have policies and procedures for the disposal of records. Disposal of records must be documented. Recordkeeping responsibilities and resources must be defined, supported and assigned. 30

Similar documents

Terms in the glossary are listed alphabetically. Words highlighted in bold are defined in the Glossary.

Terms in the glossary are listed alphabetically. Words highlighted in bold are defined in the Glossary. Glossary 2010 The Records Management glossary is a list of standard records terms used throughout CINA s guidance and training. These terms and definitions will help you to understand and get the most

More information

APPENDIX TWO RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES

APPENDIX TWO RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES APPENDIX TWO RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES National Screening Unit Version 3 April 2012 Prepared by SWIM Ltd 2012 1 Table of Contents 1 What is a retention and disposal schedule?

More information

GUIDELINES FOR RECORDS STORAGE FACILITIES

GUIDELINES FOR RECORDS STORAGE FACILITIES GUIDELINES FOR RECORDS STORAGE FACILITIES Physical Control of Records in a Repository Main Things to Remember about Managing Records in a Records Storage Facility Establish how long the records need to

More information

EDRMS Document Migration Guideline

EDRMS Document Migration Guideline Title EDRMS Document Migration Guideline Creation Date 23 December 2016 Version 3.0 Last Revised 28 March 2018 Approved by Records Manager and IT&S Business Partner Approval date 28 March 2018 TABLE OF

More information

APPENDIX THREE RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES FOR NSU PROVIDERS

APPENDIX THREE RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES FOR NSU PROVIDERS APPENDIX THREE RETENTION AND DISPOSAL SCHEDULE IMPLEMENTATION GUIDELINES FOR NSU PROVIDERS National Screening Unit Version 3 April 2012 Prepared by SWIM Ltd 2012 1 Table of Contents 1 What is a retention

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018 DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018 A. OVERRIDING OBJECTIVE 1.1 This Directive establishes the framework for information management of the Asian Infrastructure Investment

More information

PRINCIPLES AND FUNCTIONAL REQUIREMENTS

PRINCIPLES AND FUNCTIONAL REQUIREMENTS INTERNATIONAL COUNCIL ON ARCHIVES PRINCIPLES AND FUNCTIONAL REQUIREMENTS FOR RECORDS IN ELECTRONIC OFFICE ENVIRONMENTS RECORDKEEPING REQUIREMENTS FOR BUSINESS SYSTEMS THAT DO NOT MANAGE RECORDS OCTOBER

More information

Archive and Records Management Policy

Archive and Records Management Policy Archive and Records Management Policy Rationale This Policy is to enable Thomas Carr College to create and maintain accurate and complete records that support and provide evidence of the College s business

More information

Have Records Management Fundamentals Changed with the Revision of ISO 15489?

Have Records Management Fundamentals Changed with the Revision of ISO 15489? Have Records Management Fundamentals Changed with the Revision of ISO 15489? Richard Jeffrey-Cook FIRMS CITP MBCS 17 th May 2016 IRMS Conference, Brighton Have Records Management Fundamentals Changed with

More information

Chain of Preservation Model Diagrams and Definitions

Chain of Preservation Model Diagrams and Definitions International Research on Permanent Authentic Records in Electronic Systems (InterPARES) 2: Experiential, Interactive and Dynamic Records APPENDIX 14 Chain of Preservation Model Diagrams and Definitions

More information

Management: A Guide For Harvard Administrators

Management: A Guide For Harvard Administrators E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered

More information

,!1.,,,. Uni^rig. Document Migration Guideline. ECM Document Migration Guideline 23 December 2016 I.O. Approved by Approval date.

,!1.,,,. Uni^rig. Document Migration Guideline. ECM Document Migration Guideline 23 December 2016 I.O. Approved by Approval date. ,!1.,,,. Uni^rig ^. in Australia, Syiiod of NSW & ACT EC Document Migration Guideline Title Creation Date Version Last Revised Approved by Approval date ECM Document Migration Guideline 2 December 2016

More information

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

RECORDS AND INFORMATION MANAGEMENT AND RETENTION RECORDS AND INFORMATION MANAGEMENT AND RETENTION Policy The Health Science Center recognizes the need for orderly management and retrieval of all official records and a documented records retention and

More information

ISO TC46/SC11 Archives/records management

ISO TC46/SC11 Archives/records management ISO TC46/SC11 Archives/records management GUIDANCE FOR IMPLEMENTING DOCUMENTED INFORMATION CLAUSE USING PROCESSES AND CONTROLS OF ISO 30301:2011 Management system for records EXPLANATORY PAPER NOVEMBER

More information

Australian Standard. Records Management. Part 1: General AS ISO ISO

Australian Standard. Records Management. Part 1: General AS ISO ISO AS ISO 15489.1 2002 ISO 15489-1 AS ISO 15489.1 Australian Standard Records Management Part 1: General [ISO title: Information and documentation Records management Part 1: General] This Australian Standard

More information

4.2 Electronic Mail Policy

4.2 Electronic Mail Policy Policy Statement E-mail is an accepted, efficient communications tool for supporting departmental business. As provided in the Government Records Act, e-mail messages are included in the definition of

More information

ISO INTERNATIONAL STANDARD. Information and documentation Records management Part 1: General

ISO INTERNATIONAL STANDARD. Information and documentation Records management Part 1: General Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO 15489-1 First edition 2001-09-15 Information and documentation Records management Part 1: General Information et documentation «Records management»

More information

ELECTRONIC RECORDS MANAGEMENT SYSTEMS - SYSTEM SPECIFICATIONS FOR PUBLIC OFFICES

ELECTRONIC RECORDS MANAGEMENT SYSTEMS - SYSTEM SPECIFICATIONS FOR PUBLIC OFFICES ELECTRONIC RECORDS MANAGEMENT SYSTEMS - SYSTEM SPECIFICATIONS FOR PUBLIC OFFICES VERSION 3 NATIONAL ARCHIVES OF MALAYSIA 2011 CONTENTS 1. INTRODUCTION 1.1 Background 1.2 Scope 1.3 Purpose 1.4 Audience

More information

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo. Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third

More information

TRICARE Operations Manual M, April 1, 2015 Records Management (RM) Chapter 9 Section 1

TRICARE Operations Manual M, April 1, 2015 Records Management (RM) Chapter 9 Section 1 Records Management (RM) Chapter 9 Section 1 Revision: 1.0 POLICY 1.1 This chapter implements the Department of Defense (DoD) Records Management (RM) Policy and Defense Health Agency (DHA) Records Retention

More information

Electronic Records Management the role of TNA. Richard Blake Head of the Records Management Advisory Service

Electronic Records Management the role of TNA. Richard Blake Head of the Records Management Advisory Service Electronic Records Management the role of TNA Richard Blake Head of the Records Management Advisory Service What records management has to address Accountability & records as evidence Standards & controls

More information

RELATIONSHIP BETWEEN THE ISO SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012

RELATIONSHIP BETWEEN THE ISO SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: 1. Records processes and controls 2012 RELATIONSHIP BETWEEN THE ISO 30300 SERIES OF STANDARDS AND OTHER PRODUCTS OF ISO/TC 46/SC 11: Records processes and controls White paper written by ISO TC46/SC11- Archives/records management Date: March

More information

General Disposal Authority 7

General Disposal Authority 7 General Disposal Authority 7 Facilitative, Transitory, and Short-Term Value Records [DA 576] Introduction This General Disposal Authority (hereafter GDA) has been developed for the use of public offices

More information

Preservation. Records Management Factsheet 07. Introduction. Contents. Paper records. Version 3.0 August 2017

Preservation. Records Management Factsheet 07. Introduction. Contents. Paper records. Version 3.0 August 2017 Version 3.0 August 2017 Preservation Records Management Factsheet 07 Introduction To ensure a department can operate efficiently, it must preserve its records for as long as access to them is required.

More information

DEPARTMENT OF HOMELAND SECURITY RECORDS MANAGEMENT HANDBOOK

DEPARTMENT OF HOMELAND SECURITY RECORDS MANAGEMENT HANDBOOK DEPARTMENT OF HOMELAND SECURITY RECORDS MANAGEMENT HANDBOOK V. 2 January 2005 0550 Publication Table of Contents CHAPTER 1: OVERVIEW...1 CHAPTER 2: DEFINITIONS...8 CHAPTER 3: ELECTRONIC MAIL RECORDS...9

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

Information and documentation Records management. Part 1: Concepts and principles AS ISO :2017 ISO :2016

Information and documentation Records management. Part 1: Concepts and principles AS ISO :2017 ISO :2016 ISO 15489-1:2016 AS ISO 15489.1:2017 Information and documentation Records management Part 1: Concepts and principles This Australian Standard was prepared by Committee IT-021, Records and Document Management

More information

Corporate Information Security Policy

Corporate Information Security Policy Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed

More information

Managing Official Electronic Records Guidelines

Managing Official Electronic Records Guidelines Application and Scope of Guidelines Managing Official Electronic Records Guidelines These guidelines are meant to assist Government Institutions in understanding responsibilities and concerns that must

More information

TOPIC 3 THE LIFE CYCLE & CONTINUUM CONCEPT OF RECORDS MANAGEMENT. Dr. M. Adams I N T R O D U C T I O N T O R E C O R D S M A N A G E M E N T

TOPIC 3 THE LIFE CYCLE & CONTINUUM CONCEPT OF RECORDS MANAGEMENT. Dr. M. Adams I N T R O D U C T I O N T O R E C O R D S M A N A G E M E N T TOPIC 3 THE LIFE CYCLE & CONTINUUM CONCEPT OF RECORDS MANAGEMENT RECORDS LIFE CYCLE The theory of this concept is that records are born (creation), it lives (maintenance & use) and it dies (disposition).

More information

Procedure re-written. (i.e. All staff with responsibility for the creation, use and management of organisational responsibility)

Procedure re-written. (i.e. All staff with responsibility for the creation, use and management of organisational responsibility) Standard Operating Procedure Title of Standard Operation Procedure: Corporate Records Management Procedure Reference Number: ECT002863 Version No: 2.0 Supersedes Versions No: 0.1 Amendments Made: Procedure

More information

Records Retention 101 for Maryland Clerks

Records Retention 101 for Maryland Clerks International Institute of Municipal Clerks Region 2 Conference Records Retention 101 for Maryland Clerks Kathryn Baringer Director, Appraisal and Description Maryland State Archives Overview Maryland

More information

LESSONS LEARNED FROM THE INDIANA UNIVERSITY ELECTRONIC RECORDS PROJECT. How to Implement an Electronic Records Strategy

LESSONS LEARNED FROM THE INDIANA UNIVERSITY ELECTRONIC RECORDS PROJECT. How to Implement an Electronic Records Strategy LESSONS LEARNED FROM THE INDIANA UNIVERSITY ELECTRONIC RECORDS PROJECT Philip Bantin Indiana University Archivist Director of the IU Project bantin@indiana.edu How to Implement an Electronic Records Strategy

More information

This document is a preview generated by EVS

This document is a preview generated by EVS INTERNATIONAL STANDARD ISO 15489-1 Second edition 2016-04-15 Information and documentation Records management Part 1: Concepts and principles Information et documentation Gestion des documents d activité

More information

Request the Creation and Changes to Security Access Groups

Request the Creation and Changes to Security Access Groups Electronic Records Management System (ERMS) ERMS Process Guide 5 Request the Creation and Changes to Security Access Groups 1. Purpose This Process Guide describes the process for requesting the creation

More information

Clearing Out Legacy Electronic Records

Clearing Out Legacy Electronic Records For whom is this guidance intended? Clearing Out Legacy Electronic Records This guidance is intended for any member of University staff who has a sizeable collection of old electronic records, such as

More information

Managing Records in Electronic Formats. An Introduction

Managing Records in Electronic Formats. An Introduction Managing Records in Electronic Formats An Introduction Jefferson County Public Schools Archives and Records Center November 2012 Managing Records in Electronic Format As we create and use more and more

More information

Physical and Environmental Security Standards

Physical and Environmental Security Standards Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...

More information

Recordkeeping Standards Analysis of HealthConnect

Recordkeeping Standards Analysis of HealthConnect Recordkeeping Standards Analysis of HealthConnect Electronic Health Records: Achieving an Effective and Ethical Legal and Recordkeeping Framework Australian Research Council Discovery Grant, DP0208109

More information

Information Security Data Classification Procedure

Information Security Data Classification Procedure Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

DATA INTEGRITY (EMA AUGUST 2016)

DATA INTEGRITY (EMA AUGUST 2016) Data integrity Data integrity enables good decision-making by pharmaceutical manufacturers and regulatory authorities.it is a fundamental requirement of the pharmaceutical quality system described in EU

More information

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES RECORDS MANAGEMENT DEPARTMENT OF THE TREASURY, DIVISION OF REVENUE AND ENTERPRISE SERVICES, RECORDS MANAGEMENT SERVICES RECORDS MANAGEMENT SERVICES Records Management Services, Division of Revenue and

More information

Made In Hackney Data Protection Policy Last Updated:

Made In Hackney Data Protection Policy Last Updated: Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection

More information

ISO Information and documentation Digital records conversion and migration process

ISO Information and documentation Digital records conversion and migration process INTERNATIONAL STANDARD ISO 13008 First edition 2012-06-15 Information and documentation Digital records conversion and migration process Information et documentation Processus de conversion et migration

More information

Agenda. Bibliography

Agenda. Bibliography Humor 2 1 Agenda 3 Trusted Digital Repositories (TDR) definition Open Archival Information System (OAIS) its relevance to TDRs Requirements for a TDR Trustworthy Repositories Audit & Certification: Criteria

More information

Records Information Management

Records Information Management Information Systems Sciences Records Information Management Region V Spring Conference March 26, 2015 Was I supposed to keep that 1 Where did we store that 2 Space Issues. Need storage space for a classroom

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:

More information

Records Retention Policy

Records Retention Policy June 21, 2017 Table of Contents 1 Introduction...3 1.1 Purpose...3 1.2 Scope...3 1.3 Review Cycle...3 1.4 Document Owner...3 1.5 Definitions...3 2 Policy...4 2.1 Records and Record Storage...4 2.2 Applicable

More information

Records Management at MSU. Hillary Gatlin University Archives and Historical Collections January 27, 2017

Records Management at MSU. Hillary Gatlin University Archives and Historical Collections January 27, 2017 Records Management at MSU Hillary Gatlin University Archives and Historical Collections January 27, 2017 Today s Agenda Introduction to University Archives Records Management at MSU Records Retention Schedules

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Toucan Telemarketing Ltd.

Toucan Telemarketing Ltd. Toucan Telemarketing Ltd. GDPR Data Protection Policy Introduction Toucan Telemarketing is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data

More information

Ambition Training. Privacy Policy

Ambition Training. Privacy Policy Ambition Training Privacy Policy Privacy Protection Ambition Training is a Registered Training Organisation with responsibility for delivering vocational education and training. Ambition Training collects

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced

More information

Electronic Records management (ERM)

Electronic Records management (ERM) Electronic Records management (ERM) An Introduction Presentation: Staff Development Programme Centre for Development Administration (CARICAD) By: Emerson O. Bryan Research Assistant (TASF) ebryan@caricad.net

More information

ERMS Folder Development and Access Process

ERMS Folder Development and Access Process Electronic Records Management System () Process Guide 3 Folder Development and Access Process 1. Purpose The Folder Development and Access Process outlines the actions required to create folders, provide

More information

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION Introduction The IFFO RS Certification Programme is a third party, independent and accredited

More information

Records Management and Retention

Records Management and Retention Records Management and Retention Category: Governance Number: Audience: University employees and Board members Last Revised: January 29, 2017 Owner: Secretary to the Board Approved by: Board of Governors

More information

Session Two: OAIS Model & Digital Curation Lifecycle Model

Session Two: OAIS Model & Digital Curation Lifecycle Model From the SelectedWorks of Group 4 SundbergVernonDhaliwal Winter January 19, 2016 Session Two: OAIS Model & Digital Curation Lifecycle Model Dr. Eun G Park Available at: https://works.bepress.com/group4-sundbergvernondhaliwal/10/

More information

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore

More information

Fundamental Issues for Electronic Records

Fundamental Issues for Electronic Records Fundamental Issues for Electronic Records David Bearman Archives & Museum Informatics Belo Horizonte, Brazil November 7, 2007 Overview Policy for Electronic Records Management Functional Requirements for

More information

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide Last Updated 8 March 2016 Contents Introduction... 2 1 Key point of contact... 2 2 Third Part IT Specialists... 2 3 Acceptable use of Information...

More information

Putting It All Together:

Putting It All Together: Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,

More information

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant. GDPR and BMC Clubs Lawful basis for Processing Personal Data This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

More information

Developing procedures to transfer born digital records to NRS. Susan Corrigall 12 May 2015

Developing procedures to transfer born digital records to NRS. Susan Corrigall 12 May 2015 Developing procedures to transfer born digital records to NRS Susan Corrigall 12 May 2015 PRSA 2011 Archiving & Compulsory element Transfer records will normally be removed from operational systems and

More information

Southington Public Schools

Southington Public Schools 3543 POLICY REGARDING RETENTION OF ELECTRONIC RECORDS AND INFORMATION I.POLICY The Board of Education (the Board ) complies with all state and federal regulations regarding the retention, storage and destruction

More information

Key definitions. May Part of the Department of Internal Affairs

Key definitions. May Part of the Department of Internal Affairs Key definitions May 2018 Part of the Department of Internal Affairs Document details Document Identifier: 16/F17 Version Date Description Revision due 0.1 Mar 2016 Development Draft 1.0 Jul 2016 Publication

More information

Introduction to SURE

Introduction to SURE Introduction to SURE Contents 1. Introduction... 3 2. What is SURE?... 4 3. Aim and objectives of SURE... 4 4. Overview of the facility... 4 5. SURE operations and design... 5 5.1 Logging on and authentication...

More information

UNIVERSITY OF NOTTINGHAM LIBRARIES, RESEARCH AND LEARNING RESOURCES

UNIVERSITY OF NOTTINGHAM LIBRARIES, RESEARCH AND LEARNING RESOURCES UNIVERSITY OF NOTTINGHAM LIBRARIES, RESEARCH AND LEARNING RESOURCES Digital Preservation and Access Policy 2015 Contents 1.0 Document Control... 3 2.0 Aim... 5 2.1 Purpose... 5 2.2 Digital Preservation

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

Sparta Systems TrackWise Digital Solution

Sparta Systems TrackWise Digital Solution Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities

More information

Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors

Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors (Rev.0 July 2009) (Rev.1 Sep 2012) (Rev.2 Nov 2014) Procedure for the Selection, Training, Qualification and Authorisation of Marine Management Systems Auditors Note: 1. This procedural requirement applies

More information

iii) Activity Definitions

iii) Activity Definitions iii) Activity Definitions A0, Preserve Electronic Records Under the control of Archival and Institutional Requirements, and limited by the possibilities available within the State of the Art of Information

More information

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule

More information

Washington State Archives Public Records Management for Conservation Districts

Washington State Archives Public Records Management for Conservation Districts Washington State Archives Public Records Management for Conservation Districts Presented by: Scott Sackett Electronic Records Management Consultant, Eastern WA scott.sackett@sos.wa.gov 509-413-3296 June

More information

Trust Services Principles and Criteria

Trust Services Principles and Criteria Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access

More information

RTO Policy 9: Issuing Qualifications

RTO Policy 9: Issuing Qualifications RTO Policy 9: Issuing Qualifications 2 RTO POLICY 9: ISSUING QUALIFICATIONS OWNERSHIP This policy is the responsibility of CPA Australia s Registered Training Organisation () working group ( Working Group).

More information

Information Services IT Security Policies L. Network Management

Information Services IT Security Policies L. Network Management Information Services IT Security Policies L. Network Management Version 1.1 Last updated: 11th August 2010 Approved by Directorate: 2nd July 2009 Review date: 1st August 2011 Primary owner of security

More information

SOP-QA-32 V2. Document History Version Description of update Date Effective 1 Change of number for Q-Pulse

SOP-QA-32 V2. Document History Version Description of update Date Effective 1 Change of number for Q-Pulse Title: Effective Date: 1-4-17 Review Date: 1-4-20 Author: Gary Cooper, Named Archivist QA Approval: Richard Cowie, QA Manager Approver: Prof Maggie Cruickshank, R&D Director Approved by QA: N/A Document

More information

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Policy and Procedure: SDM Guidance for HIPAA Business Associates Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide Gatekeeper Public Key Infrastructure Framework Information Security Registered Assessors Program Guide V 2.1 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work is copyright.

More information

Version 1/2018. GDPR Processor Security Controls

Version 1/2018. GDPR Processor Security Controls Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in

More information

Local Government Management Association

Local Government Management Association Local Government Management Association Records Management Policy November 2016 Policy Rationale The purposes of this policy are to: (a) identify all documents in order to improve efficiency and productivity;

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

Information Security BYOD Procedure

Information Security BYOD Procedure Information Security BYOD Procedure A. Procedure 1. Audience 1.1 This document sets out the terms of use for BYOD within the University of Newcastle. The procedure applies to all employees of the University,

More information

Severn Trent Water. Telecommunications Policy and Access Procedure

Severn Trent Water. Telecommunications Policy and Access Procedure Severn Trent Water Telecommunications Policy and Access Procedure Contents STW Telecommunications Policy: 5-12 Health and Safety: 13-18 Access Procedures:19-30 2 STW LSH Sites Access Policy [Controlled

More information

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 2 1. Introduction The

More information

Transferring vital e-records to a trusted digital repository in Catalan public universities (the iarxiu platform)

Transferring vital e-records to a trusted digital repository in Catalan public universities (the iarxiu platform) Transferring vital e-records to a trusted digital repository in Catalan public universities (the iarxiu platform) Miquel Serra Fernàndez Archive and Registry Unit, University of Girona Girona, Spain (Catalonia)

More information

ADIENT VENDOR SECURITY STANDARD

ADIENT VENDOR SECURITY STANDARD Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational

More information

Digital Preservation at NARA

Digital Preservation at NARA Digital Preservation at NARA Policy, Records, Technology Leslie Johnston Director of Digital Preservation US National Archives and Records Administration (NARA) ARMA, April 18, 2018 Policy Managing Government

More information

How Long to Keep Records & Legally Dispose of Them. Virginia Fritzsch Public Records Archivist Wisconsin Historical Society

How Long to Keep Records & Legally Dispose of Them. Virginia Fritzsch Public Records Archivist Wisconsin Historical Society How Long to Keep Records & Legally Dispose of Them Virginia Fritzsch g Public Records Archivist Topics Background: municipal clerks & WHS Public Records law Six basic steps in managing records Legally

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

PCI Compliance and records management

PCI Compliance and records management EX36.9 REPORT FOR ACTION PCI Compliance and records management Date: June 29, 2018 To: Executive Committee From: City Clerk, Chief Information Officer, Treasurer Wards: All Wards SUMMARY The City must

More information

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of

More information

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As

More information

Data Protection Policy

Data Protection Policy Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance

More information

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C.

Common approaches to management. Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C. Common approaches to email management Presented at the annual conference of the Archives Association of British Columbia, Victoria, B.C. Agenda 1 2 Introduction and Objectives Terms and Definitions 3 Typical

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback