The University Executive Committee is responsible for all matters associated with the development and management of the university.
Last updated: 9 February 2022
1.1 The University of Gloucestershire (the ‘University’) Records Management Policy has been produced
to improve the management of information and to support compliance Data Protection legislation the Freedom of Information Act 2000 (FOIA) and associated legislation.
1.2 Effective records management ensures information can be retrieved more efficiently, can provide evidence of business activities, support decision-making, ensure the appropriate disposal of records, make better use of physical and server space and support compliance with the University’s legal and regulatory obligations.
2.1 The University’s records are important corporate assets that demonstrate its accountability, transparency and legal compliance by providing evidence of its actions and decision-making. They are an important source of administrative, evidential and historical information vital to the University’s current and future operations.
2.2 The University is committed to creating, distributing, retaining, storing, managing and disposing of its records appropriately.
2.3 Efficient management of University information and records is pivotal to support its core functions and maintain compliance with its legal and regulatory obligations.
2.4 This policy applies to all staff at the University. This includes temporary, casual or agency staff and contractors, consultants and suppliers working for, or on behalf of, the University.
2.5 This policy underpins the process by which the University manages its information and records throughout their life from the point of creation or receipt, through to disposal. The University’s Records Retention Schedule governs the period of time that record will be retained.
2.6 This policy covers all University records, regardless of format or media.
3.1 The policy provides a framework for managing the University’s records, and seeks to inform and assist staff across the University in fulfilling their obligations and responsibilities under records management.
3.2 Through the effective management of records, the University aims to:
3.2.1 create and capture authentic and reliable records to demonstrate evidence of accountability and information about the University’s decisions and activities; and to protect and safeguard information, in particular confidential and sensitive data;
3.2.2 secure maintenance and preservation of access to the records, as long as they are required to support University operations;
3.2.3 have in place systems that enable records to be stored and transferred securely, and retrieved as necessary;
3.2.4 retain its records in accordance with agreed retention schedules and be guided by the generic Higher Education schedule compiled by the Joint Information Systems Committee (JISC)
3.2.5 where appropriate, securely dispose of confidential records and in accordance with the University’s Record Retention Schedule;
3.2.6 adhere to all legal obligations, specifically those relating to Data Protection legislation, the Freedom of Information Act 2000, and the Public Records Act 1958;
3.2.7 achieve and maintain standards of best practice;
3.2.8 promote University staff awareness of records management and related issues.
4.1 All staff, including third parties employed by the University, must ensure the records for which they are responsible for are:
4.1.1 authentic, accurate and reliable;
4.1.2 maintained and disposed of in accordance with this policy, Records Retention Schedule, and the University’s IT policies
4.1.3 held on the most appropriate and secure medium for the task they perform;
4.1.4 identified as vital to the operation of the University and preserved appropriately;
4.1.5 reviewed periodically for those that have been identified for permanent archive;
4.1.6 managed in accordance with staff understanding and adhering to policies relevant to their work;4.1.7 accessible to appropriate members of staff in times of absence or annual leave.
4.2 The Registrar’s Directorate is responsible for the development and maintenance of records management policies and procedures. Furthermore, the promotion, implementation, maintenance and monitoring of all records management activity is governed by Registrar’s Directorate in
consultation with relevant University staff.
4.3 Responsibility for adherence to the policies and procedures, including Data Protection and Freedom of Information obligations, lies with Directors, Heads of School, and Heads of Professional Department. Senior management responsibility for records management lies with the University Executive.
5.1 The implementation of records management is achieved through the development and proactive use of the University’s Records Retention Schedule.
5.2 Establishing retention periods ensures that records are not mistakenly deleted too soon or kept for too long.
5.3 Schools and Professional Services Departments will contribute to thedevelopment and implementation of the Records Retention Schedule, by ensuring the following:
5.3.1 that the Records Retention Schedule is applied to records within their areas of responsibility, including oversight for the archiving and destruction of records in accordance with this policy, and the Data Protection Policy
5.3.2 that the Records Retention Schedule is reviewed annually to ensure records are current,
appropriate and accurately reflect activities in their areas;
5.3.3 effective manual and electronic filing systems are in place to enable timely and efficient access to data upon request, including Subject Access Requests submitted under Data Protection legislation.
5.4 The Registrar’s Directorate will provide appropriate guidance and support for members of staff to understand and adhere to the policy, raise awareness of the legal obligations and to effectively implement the method of managing information. The policy reinforces the process of managing
information and records appropriately throughout their lifecycle.
6.1 Schools and Professional Departments are required to keep and maintain accurate records during their lifecycle and ensure records are disposed of appropriately and in accordance with the specified retention timescales.
6.2 The Records Retention Schedule assists staff to confidently dispose of records when they are no longer required and to ensure that records are disposed of consistently, no matter where they are held.
6.3 Retaining records for longer than necessary creates liabilities due to the need to respond to information requests made under Data Protection legislation (Subject Access Requests) and the FOIA. Furthermore, retaining personal data for longer than the purpose for which it was collected does not comply with Data Protection legislation.
6.4 The Lord Chancellor’s Code of Practice on the management of records issued under Section 46 of the FOIA, forms a requirement to establish records management systems and procedures. Whilst the provisions of the Code are not mandatory, failure to comply may be seen as indicative of failure to comply with the rest of the FOIA.
7.1 It is frequently necessary to control access to information, therefore, personal, commercially sensitive or otherwise confidential information must be held securely, and in accordance with IT policies, and the Data Protection Policy.
8.1 This policy will be updated as necessary to reflect best practice and to ensure compliance with any changes or amendments to relevant legislation.
8.2 This policy was last reviewed in May 2018. The policy was approved by the University Executive Committee in May 2018.