Records are created, received, and used in the conduct of business activities at the Royal College of Obstetricians and Gynaecologists (RCOG or the College) and the Records Management Policy (the Policy), together with supporting procedures, applies to the management of these records, in all technical or physical formats or media, created or received by the RCOG in the conduct of its business activities.
This policy applies to all employees of the RCOG (both permanent and temporary), contractors and consultants who have access to records, wherever these records may be located. The policy aims to ensure that all staff are aware of what they must do to manage records in an effective and efficient way.
This policy is part of the RCOG Data Security and Protection Policy Framework that includes:
- Data Protection
- Data Security and Protection Incident Handling
- Information Governance
- Information Security
The purpose of this Policy is to establish a framework for the creation, maintenance, storage, use and disposal of records, to support continuous improvement in its core activities of teaching and research, to provide evidence of corporate governance, and to facilitate compliance with statutory requirements.
- Roles and responsibilities
- Appendix A: Glossary of Terms
The objectives of this policy are to:
- support the continuing conduct of business
- comply with the regulatory environment
- provide necessary accountability
- create and maintain authentic, reliable and useable records and
- protect the integrity of those records for as long as required.
The RCOG aims to be compliant with BS ISO 15489 Information and documentation — Records management. The benefits of compliance are:
- RCOG business is conducted in an orderly, efficient and accountable manner, preserving accurate and authentic business records
- RCOG services are delivered in a consistent and equitable manner with understanding of previous completion of transactions
- A reliable knowledge base is preserved
- Business evidence of organisational activities is captured to provide consistency, continuity and productivity
- Vital records are identified to provide continuity in the event of a disaster
- Legislative and regulatory requirements are met with retention and provision of access to records
- RCOG maintains corporate memory through capturing evidence of business activity
- Current and future research and development activities are supported through documentation.
A record is recorded information, in any form (it may be an electronic file or e-mail, or a paper document), created or received by the organisation or individual members of staff to support and show evidence of its activities. Also referred to as an “information asset”.
Although not an exhaustive list, examples of items that can constitute records include:
- documents (including written and typed documents and annotated copies)
- computer files (including word processor files, databases, spreadsheets and presentations
- paper based files
- electronic mail messages
- Intranet and Internet Web pages.
More detailed definitions of a record and other related terms are provided in Appendix A.
Roles and responsibilities
The RCOG has a responsibility to ensure that its records are managed well. Different staff have different roles in relation to records management and these responsibilities are defined below.
Executive Committee has high level responsibility for ensuring compliance with this policy lies with the Chief Executive Officer. Individual Executive Directors and Directors have responsibility for ensuring:
- their teams develop their own procedures and guidance which comply with the records management policy and procedures
- adequate records of their directorate’s activities are maintained
- their staff comply with College-wide records management policy and procedures
- their staff attend the necessary IG training available via the Learning and Development Programme.
Information Governance Management Group (IGMG) has responsibility for ensuring that the RCOG's record keeping supports Information Governance compliance.
Information Governance (IG) team is made of the Head of Research and Information Services who is the RCOG Deputy SIRO and the IGO (see below) who are responsible for the maintaining and implementing the Records Management policy, including management of the off-site storage for non-active and archive paper records.
Information Governance Officer (IGO) has the responsibility of:
- ensuring that the records management policy and procedures, guidance and training are kept up to date and relevant
- raising staff awareness of records management
- providing advice and guidance to all staff
- developing and maintaining retention and disposal schedules and documenting disposal activity.
Information Asset Officers (IAOs) across the College has been delegated to Directors who are responsible for enabling effective IG within their respective areas and teams, such as s making decisions about how information is processed e.g. what’s collected, how it’s used, who it’s shared with, when it’s deleted, and whether information risks are mitigated further or accepted by us. They must
- understand what information assets their team(s) process(es)
- understand its value to the College and the related approach, appetite and capacity for risks and opportunities in conjunction with the College’s risk management standards
- make sure the information is managed according to this and all relevant IG, Data Security and Protection Policies
- nominate a local Information Governance Lead (IG Lead) provide senior management support to IG Lead in discharging their role, and
- identify, oversee and support the work of information asset administrators within their areas of responsibility.
Information Asset Administrators (IAAs) individuals nominated by Information Asset Owners to assist with the operational responsibility for information asset management within their respective service areas. This involves the:
- application of IG rules
- identification of information assets to the IG Team, and
- up-dating RCOG records and information to ensure data integrity and quality.
In some departments, the IG Lead is also the IAA.
Information Governance (IG) Leads are staff who have been nominated by the Information Asset Owners and must:
- champion IG, including data protection and records management, within their departments
- be the first point of contact on all IG related matters, including data protection and records management, within their departments
- raise and monitor awareness of good IG practice within their departments, especially the processing of personal data, and
- contribute to the annual DSPT audit, submission and improvement plan
- to act as a contact point with the IGO concerning the retention, disposal and transfer of records
- to assess the records management procedures as they relate to each function
- to assist staff on team records management procedures.
Director of IM&T is responsible for ensuring that adequate technical provision is in place to support record keeping across the organisation.
Building Manager is responsible for providing adequate and appropriate storage and disposal facilities to support record keeping across the organisation.
Corporate Governance Team and Personal Administrators are responsible for maintaining records of their committees and managing their disposition in line with the instructions provided in the Retention Schedule.
All Staff that create, receive, maintain or delete records are responsible for ensuring that they do so in accordance with the RCOG's records management policy and procedures.
The RCOG values its information and records as essential assets fundamental to the delivery of its strategic aims and owns those created in the course of working for the RCOG.
The RCOG is committed to the efficient and effective management of its records to maximise the benefit they bring to the College as they are its corporate memory and necessary for:
- good corporate governance
- to be accountable
- to comply with legal requirements
- to provide evidence of decisions and actions, and
- to provide information for future decision-making.
The RCOG recognises the importance of this essential resource and undertakes to:
- manage records effectively in line with this policy
- comply with legal obligations that apply to its records (see the RCOG Data Protection Policy)
- exercise best practice in the management of records, as outlined in the implementation section below
- encourage effective access to and use of records as a corporate source of information
- keep records electronically where appropriate, where possible putting in place provision to ensure their reliability
- store records efficiently, utilising appropriate storage methods at all points in their lifecycle, and disposing of them appropriately when they are no longer required
- provide appropriate protection for records from unwanted environmental (fire, flood, infestation) or human impact (alteration, defacement, theft)
- safeguard records necessary for the continuity and regeneration in the event of a disastrous occurrence
- identify and make provision for the preservation of records of long term and historical value
- maintain the following data quality standards:
- accuracy – all data must be sufficiently accurate for its intended purposes
- validity – all data must be recorded and used in compliance with College requirements
- reliability – all data must be stable and, wherever possible, use consistent data collection processes across
- timeliness – all must be captured as quickly as possible and available for use as per the College’s Retention Schedule
- relevance – all data captured must be relevant to a specified purpose(s)
- completeness – all data processed must be regularly monitored for missing, incomplete or invalid records in order to indicate data quality.
This policy is supported by the following records management procedures and ways of working which are required across the RCOG. They have been designed according to the requirements of the international standard for records management BS ISO 15489:
- The Records Management Toolkit
- Guidance documentation will be developed to advise staff on:
- what constitutes a record
- define the classification of records and how they must be managed – e.g. review the Corporate File Plan
- Naming Conventions – this document advises on how to consistently name documents and folders with appropriate and version control to ensure ease of access and the application of the Retention Schedule
- Retention Schedule – this document advises how long records should be kept and when they should be destroyed or archived
- Guidance documentation is available from the IG Team on how to manage records throughout its lifecycle from creation, use, retention and disposal or archival – e.g. transferring records between the following Active, Semi-Active and Archive phases of their lifecycle
- A new SOP is being developed to assist you in the consignment and recall of Semi-Active and Archive records held in offsite storage
- Guidance documentation will be developed on how to ensure all new or upgraded IT systems comply with this policy and the three RM principles in the General Data Protection Regulation 2016 (GDPR)
- Annual update of the Information Asset Register, led by the RCOG network of IG Leads, and extend to include identifying “vital” records to ensure business continuity or recovery following an emergency or disaster
- Learning and Development
- NEW Records Management training module, including tips on how to meet the College’s data quality standards and how to report/resolve errors
- Staff lunchtime briefing: “How to Marie Kondo your information”.
For further advice concerning any aspect of this policy, please contact the Information Governance (IG) Team by email at email@example.com or call +44 20 7772 6200.
Appendix A: Glossary of Terms
Active Record: is one that is in “active” use or open, e.g. records created and used throughout an individual’s membership with or employment at the College and stored on the following systems:
- Open Engage
- Corporate file plan.
Archive Record: is a record that has reached the end of its retention period (as per the College Retention Schedule - see below) and is permanently because of its continuing business, evidential, historical or informational value to the College, e.g. minutes from Board of Trustees meetings.
File: a collection of records stored in one unit, identified by a filename. It can be a document, picture, audio or video stream, data library, application, or other collection of data.
File Plan: is a governance tool that classifies RCOG records in terms of function and activity; it acts as the baseline to connect this policy, and its related guidance and procedures, to the business processes that create, manage, use and dispose of College records.
Information Asset: a body of information defined and managed as a single unit or aggregate so it can be understood, shared, protected and exploited effectively. Information assets have recognisable and manageable value, risk, content and lifecycles.
RCOG Records: are defined as;
- recorded information in any format (including paper, microform, electronic and audio-visual formats);
- which are created, collected, processed, and/or used by RCOG staff, Trustees, Council, Officers, FMTs and other stakeholders when undertaking RCOG business, predecessor bodies (e.g. Velindre NHS Trust, RC Psych) or contractors performing an RCOG function or service; and
- are then kept as evidence of that business.
Records management: processes and practices that ensure RCOG records are systematically controlled and maintained, covering the creation, storage, management, access, and disposal of records, in compliance with best practice, legal obligations and policy requirements.
Retention Schedule: contains the categories of records held by an organisation, the start and end of the time (or “retention”) period that record is to be held for and what triggers the beginning of the retention period.
Semi-Active Record: is a record that is no longer in “active” use and has triggered the beginning of its retention period as per the College Retention Schedule.