Assessment report: King’s Printer for Scotland – 20 May 2025

Home
Publications
Assessment report: King’s Printer for Scotland – 20 May 2025

Share this page

Click here to share this page on Facebook. Click here to share this page on LinkedIn. Click here to share this page on X (formerly known as Twitter).

Contents

Public Records (Scotland) Act 2011
Executive Summary
Authority Background
Assessment Process
Model Plan Elements: Checklist
Keeper’s Summary
Keeper’s Determination
Keeper's Endorsement

1. Public Records (Scotland) Act 2011

The Public Records (Scotland) Act 2011 (the Act) received Royal assent on 20 April 2011. It is the first new public records legislation in Scotland since 1937 and came fully into force on 1 January 2013. Its primary aim is to promote efficient and accountable record keeping by named Scottish public authorities.

The Act has its origins in The Historical Abuse Systemic Review: Residential Schools and Children’s Homes in Scotland 1950-1995 (The Shaw Report) published in 2007. The Shaw Report recorded how its investigations were hampered by poor record keeping and found that thousands of records had been created, but were then lost due to an inadequate legislative framework and poor records management. Crucially, it demonstrated how former residents of children’s homes were denied access to information about their formative years. The Shaw Report demonstrated that management of records in all formats (paper and electronic) is not just a bureaucratic process, but central to good governance and should not be ignored. A follow-up review of public records legislation by the Keeper of the Records of Scotland (the Keeper) found further evidence of poor records management across the public sector. This resulted in the passage of the Act by the Scottish Parliament in March 2011.

The Act requires a named authority to prepare and implement a records management plan (RMP) which must set out proper arrangements for the management of its records. A plan must clearly describe the way the authority cares for the records that it creates, in any format, whilst carrying out its business activities. The RMP must be agreed with the Keeper and regularly reviewed.

2. Executive Summary

This report sets out the findings of the Keeper’s assessment of the RMP of Social Security Scotland by the Public Records (Scotland) Act 2011 Assessment Team following its submission to the Keeper on 10th July 2023.

The assessment considered whether the RMP of Social Security Scotland was developed with proper regard to the 15 elements of the Keeper’s statutory Model Records Management Plan (the Model Plan) under section 8(3) of the Act, and whether in this respect it complies with it and the specific requirements of the Act.

The outcome of the assessment and the Keeper’s decision on whether the RMP of Social Security Scotland complies with the Act can be found under section 7 of this report with relevant recommendations.

3. Authority Background

The King's Printer for Scotland (KPS) is responsible for overseeing the publication of Scottish legislation, and for the management of Crown copyright in information they produce. The KPS was established under section 92 of the Scotland Act 1998. The KPS was specified a non-ministerial office-holder and member of the staff of the Scottish Administration with effect from 1 July 1999. The Scotland Act states that the office of King’s Printer for Scotland shall be held by the King’s Printer for Acts of Parliament. These offices are held by the Keeper of Public Records, the Chief Executive of The National Archives (UK). Unusually for a Scottish Public Authority, the functions of the KPS are carried out from within The National Archives in London.

King's Printer for Scotland - gov.scot

4. Keeper’s Assessment Process

The RMP was assessed by the Public Records (Scotland) Act Assessment Team on behalf of the Keeper. Assessors used the checklist elements listed in section 5, to establish whether Strathclyde Partnership for Transport’s RMP was developed with proper regard to the elements of the Model Plan and is compliant with the Act. The assessment also considered whether there was sufficient supporting evidence of such compliance.

Key

The Keeper agrees this element of an authority’s plan.

The Keeper agrees this element of an authority’s plan as an ‘improvement model’. This means that he is convinced of the authority’s commitment to closing a gap in provision. He will request that he is updated as work on this element progresses.

There is a serious gap in provision for this element with no clear explanation of how this will be addressed. The Keeper may choose to return the RMP on this basis.

5. Model Plan Elements: Checklist

Explanation: All public records of the King’s Printer for Scotland are held on the systems of The National Archives (UK) (TNA) and, as this is the case, KPS must adopt the records management provision of TNA. This is made clear in the Records Management Plan (for example ‘Overview’ section 1) and in a Covering Letter from the Chief Executive of TNA (see element 1) which confirms this arrangement.

“The Scotland Act states that the office of King’s Printer for Scotland shall be held by the King’s Printer for Acts of Parliament. These offices are held by the Keeper of Public Records, the Chief Executive of The National Archives. The functions of the KPS are carried out from within The National Archives.” (RMP Overview).

Uniquely, the King’s Printer for Scotland is a Scottish public authority embedded in, and staffed by, a UK public authority based outside Scotland. The Keeper has, of course, not agreed a records management plan from TNA as that organisation is not scheduled under PRSA. However, they are willing to accept that the records management provision of TNA is adequately robust and that the public records of KPS are managed by that provision as appropriate. The Keeper has been provided with evidence of KPS engagement with TNA systems. This is described under the relevant elements below.

Element	Present	Evidence	Notes
1. Senior Officer	G	G	The Public Records (Scotland) Act 2011 (the Act) requires that an individual senior staff member is identified as holding corporate responsibility for records management in a public authority. The King’s Printer for Scotland have identified Jeff James, the King's Printer for Acts of Parliament, the Keeper of Public Records (UK) and Chief Executive of The National Archives (TNA), as the individual with overall responsibility for records management in the organisation. The Keeper is aware that, since the RMP was submitted for agreement, Mr James has left this role and has been replaced by Saul Nassé. The King’s Printer for Scotland have supplied a separate letter from Mr Nasse confirming this change and restating their overall responsibility for the implementation of the RMP. The Keeper can accept that all references to Mr James in the plan and supporting evidence package now apply to Mr Nassé. For clarification of the arrangement between the King’s Printer for Scotland and TNA see ‘explanation’ above. The identification of the CEO to this role is supported by a Covering Letter from Mr James (see under General Comments below) which in 2025 was reconfirmed by Mr Nassé. In that letter the CEO of TNA endorses both the RMP and the Corporate Information Management Policy (see element 3).
2. Records Manager	G	G	The Act requires that each authority identifies an individual staff member as holding operational responsibility for records management and that this staff member has appropriate corporate responsibility, access to resources and skills. The King’s Printer for Scotland have identified Michael Appleby, Information Manager, as the individual with day-to-day responsibility for implementing the RMP. The identification of the Information Manager to this role is supported by a Covering Letter from Jeff James, Chief Executive of TNA (see element 1). It is also supported by the Information Manager Objectives document provided to the Keeper. This includes an objective to lead on “Respond to QPS [sic] RMP.” The Information Manager has an objective to "Complete minimum project for RM in M365 (configure labels, apply labels to existing files, set up process for applying labels to future files; provide requirements for and test scripts; engage with supplier and infrastructure; develop documentation and agree processes)" (see element 4). The Information Manager is the author of the RMP. The Information Manager is responsible for the review of the RMP (see element 13). In the King’s Printer for Scotland, the Information Manager is part of The National Archives Knowledge and information Management (KIM) Team (see under General Comments below). Due to the nature of their work, the King’s Printer is a small authority embedded in a much larger one and the Keeper would not expect that the person identified under this element would be a full-time professional records manager working entirely unsupported by the records management team in the larger organisation (TNA). At several points in both the RMP and in the supporting evidence the access to support from the larger KIM Team is emphasised. The Keeper notes that the Information Manager is supported by the King’s Printer information asset owner (IAO) (see Local Records Management under General Comments below). The Keeper agrees that the King’s Printer for Scotland have identified an appropriate individual to this role as required by the Act.
3. Policy	G	G	The Act requires an authority to have an appropriate policy statement on records management. The records management provision of the King’s Printer for Scotland is entirely reliant on that of The National Archives (TNA). For more on this arrangement see ‘explanation’ above. With this in mind, the King’s Printer have adopted the Corporate Information Management Policy of TNA, last updated in 2023. The Policy is developed by the TNA’s KIM Team. The individual identified with having responsibility for the implementation of the King’s Printer’s RMP (see element 2) is a member of the KIM Team. This arrangement is confirmed by a statement supplied as supporting evidence to the RMP where the King's Printer state: "The National Archives Corporate Information Management Policy applies to KPS staff and those carrying out functions in a KPS role. It applies to all information created or processed during KPS work, including office documents, electronic data, paper files, email, and intranet and internet web pages." The Keeper agrees that the adoption of TNA policies, including the Information Management Policy, is appropriate and there is no need for the King’s Printer to have their own stand-alone document. The TNA Information Management Policy is specifically endorsed by the individual identified against element 1 in a separate Covering Letter provided to the Keeper with the RMP submission. The King’s Printer for Scotland has provided evidence that King’s Printer staff can access the Corporate Information Management Policy and other records management policy documents, through a screenshot of the KIM Team intranet landing page containing links, and screenshots of policies on the intranet The Keeper agrees that the King’s Printer for Scotland have a formal records management policy statement as required by the Act.
4. Business Classification	G	G	The Keeper of the Records of Scotland (the Keeper) expects that the public records of an authority are known and are identified within a structure. The King’s Printer for Scotland recognises this. They state: “Good records management ensures that the correct information is captured, stored, maintained, retrieved, shared, reused, and destroyed or preserved in accordance with business need, statutory and legislative requirements.” (RMP Overview section 2). The King’s Printer relies, for its records management, on systems provided by the National Archives (see ‘explanation’ above). The Keeper has been provided with a Covering Letter from the Chief Executive of TNA which includes the same statement. The Corporate Information Management Policy (see element 3) commits the King's Printer (as part of the TNA) as follows: "to deliver successfully the business of The National Archives, we need to be able to: Create the right information...keep it where we can find and use it again.” The King’s Printer operates an Information Asset Register where they describe all the record types it creates as it undertakes the activities required to pursue its function. This has been provided to the Keeper. It shows record type, sensitivity, owner and the system in which the record is managed. The King’s Printer for Scotland operates a hybrid system with the majority of its records created digitally while still being responsible for legacy paper files. The RMP explains that records are managed in : “A corporate document and records management system, which is SharePoint Online. Specialised applications and databases that process records for specific functions, e.g. legislation amendments In addition, KPS has a very small quantity of legacy paper files. These are no longer regularly needed for business purposes and are in secure storage”. The King’s Printer’s digital records are held on the TNA M365 cloud records management solution. The Keeper is familiar with the functionality of M365 and agrees it is a suitable system for management of public authority records. There is a dedicated SharePoint site for the King’s Printer’s records. The RMP includes an explanation of how the King’s Printer forms part of the larger TNA iteration of the M365 platform. The Keeper acknowledges that she has been provided with a detailed explanation of how the M365 site is set up. The Corporate Information Management Policy supports the systems explained here under ‘Information Management Processes’. The King’s Printer for Scotland have provided the Keeper with a screen-shot showing a sample of their public records on the TNA M365 system. Line of Business Systems: However, as noted above, the authority acknowledge that some record types are not included in the M365 platform such as those on line-of-business systems. On this the RMP states that “Records are stored within the corporate document management system (SharePoint) and according to the file plan, unless required to be in other specific systems.” (RMP Overview). The ‘legislation amendments’ mentioned above is an example of this. These line-of-business systems sit outside M365, but the Keeper can agree that they are likely to allow the appropriate management of records within a structure as required. Physical: as noted above the King’s Printer for Scotland manage some records in hard-copy format and TNA also contract storage space for a ‘very small quantity’ of the King’s Printer’s corporate records through a third-party storage supplier. The legacy nature of physical records is confirmed elsewhere in the RMP and in the evidence package. It is clear that physical records are appropriately considered in the RMP and in the supporting evidence for example RMP (section 4) or Corporate Information Management Policy Information Management Processes section. On the issue of physical records, the RMP states: “There are a very small number of legacy KPS paper files, which are stored in a secure location together with The National Archives’ business records and archival records. These paper files also come within the governance remit of the KPS Information Asset Owner. They are subject to a separate, historical classification scheme, which is recorded separately.” The Keeper has seen a sample of this historical classification scheme. Email: The Corporate Information Management Policy, which the King’s Printer for Scotland has adopted, acknowledges the risks around the management of email. For example at the ‘Key Principles’ section. There is an automatic retention applied to emails. OneDrive: TNA staff, and therefore King’s Printer staff, are provided with a limited One Drive account for personal or transitory use. It is clear in the Corporate Information Management Policy that the One Drive should not be used for the management of the authority’s corporate information. There is an automatic retention applied to the One Drive. If the Keeper agrees that the King’s Printer for Scotland has a business classification in place that reflects the records created throughout the authority.
5. Retention schedule	G	G	The Keeper expects an authority to have allocated retention periods to its public records and for those records to be retained and disposed of in accordance with a Retention Schedule. The RMP notes that "Records are disposed of in accordance with approved Records Retention Schedules" (RMP Overview). This is supported by the Corporate Information Management Policy (see element 3 – ‘Information Management Processes’ section) Retention applied to the public records created and managed by the King’s Printer for Scotland is applied by the systems of TNA (see explanation above). Retention is applied and is monitored by the TNA KIM Team (see under General Comments below). The application of retention is explained in detail in the RMP (section 5). The RMP generally explains “KPS uses the retention schedule developed by The National Archives to determine how long our records should be kept. This is a functional schedule, derived from a mix of legal requirements and judgements by business units about how long specific types of records should be kept.” The Keeper has not, of course, formally agreed the retention schedule of TNA, but can be confident that it is liable to be suitable for the management of public records. The Keeper has been provided with a copy of the King’s Printer Disposal Schedule spreadsheet. This document explains to record creators how long a particular record type will remain available before being destroyed (see element 6). The Keeper agrees that the King’s printer for Scotland has a schedule providing retention decisions for the record types created while pursuing its functions.
6. Destruction Arrangements	G	G	The Act requires that public records are destroyed in a timely, controlled and secure manner. The King’s Printer for Scotland recognises this. They state: “Good records management ensures that the correct information is captured, stored, maintained, retrieved, shared, reused, and destroyed or preserved in accordance with business need, statutory and legislative requirements.” (RMP Overview section 2). The King’s Printer relies, for its records management, on systems provided by the National Archives (see ‘explanation’ above). The Keeper has been provided with a Covering Letter from the Chief Executive of TNA confirming this. The RMP notes that "Records are disposed of in accordance with approved Records Retention Schedules" (RMP Overview) Appropriate destruction of records is supported by the Corporate Information Management Policy (see element 3) in the ‘What do we need to do to manage our information?’ section. Records held on the TNA’s M365 Cloud system are automatically destroyed following the retention schedule leaving a metadata stub. The Keeper acknowledges the benefits of logging what has been destroyed. The RMP explains “The KIM team destroy records in SharePoint in line with the applied retention schedules. For objects with a record label, destruction bypasses the recycle bin, thereby preventing recovery. Disposal schedules can only be applied by KIM team” (RMP section 6). Line-of-Business digital records are destroyed according to the processes of the particular system. The Keeper can agree that line-of-business systems are liable to have deletion functionality. Physical records are destroyed at the TNA on-site destruction facility. King’s Printer staff have been provided with a Secure Disposal Procedures guidance document. The Keeper has also been provided with a copy of this guidance. The Keeper agrees that detailed information about the procedure is provided in this document. The RMP explains that TNA operates a secure on-site destruction facility for the destruction of paper files. All record destruction is logged. This is commended. The Keeper acknowledges that they have received a separate statement from the King’s Printer regarding the deletion of records from hardware (desktops laptops etc.) when they reach the end of their business use. Furthermore, the Keeper also acknowledges a statement around the irretrievable destruction of back-up copies. TNA, quite properly, have access to back-up copies of records for business continuity purposes (see element 10). It is important that King’s printer staff know how long a record may be recovered from back-up once deleted from the digital record-keeping system. It is clear that this is understood. The Keeper agrees that the King’s Printer for Scotland has properly considered the irretrievable destruction of records in all formats and the hardware upon which these records may be kept
7. Archiving and Transfer	G	G	The Act requires that all Scottish public authorities identify a suitable repository for the permanent preservation of any records considered suitable for archiving. A formal arrangement for transfer to that repository must be in place. The King’s Printer for Scotland recognises this. They state: “Good records management ensures that the correct information is captured, stored, maintained, retrieved, shared, reused, and destroyed or preserved in accordance with business need, statutory and legislative requirements” and that "Records that are identified as of historical significance are permanently preserved" (RMP Overview). The King’s Printer relies, for its records management, on systems provided by the National Archives (see ‘explanation’ above). The Keeper has been provided with a Covering Letter from the Chief Executive of TNA stating the same. In fact, the designated archive for the King’ Printer for Scotland is TNA where the authority is based: https://www.nationalarchives.gov.uk/ TNA is an accredited archive: Archive Service Accreditation - Archives sector that conforms to the to the Keeper’s Supplementary Guidance on Proper Arrangements for Archiving Public Records. As, for practical purposes, the King’s Printer for Scotland is treated as a TNA department (although legally they are entirely separate) there is no formal transfer archive agreement between the Printer and TNA. The Keeper agrees this is acceptable in this particular case. The situation where a Scottish public authority has identified an archive outwith Scotland for the permanent preservation of its historical records is unique to the King’s Printer for Scotland. However, in 2014 the then Keeper agreed that, in this case, the identification of TNA was reasonable and the current Keeper is content to continue to agree this arrangement. Web Archive: It should be noted that the King’s Printer for Scotland publishes information on the Scottish Government website: King's Printer for Scotland - gov.scot These pages will be automatically archived by the National Records of Scotland (NRS) as part of their routine capture of the Scottish Government site. The compliance text in the RMP, refers to the transfer of a single document to NRS for preservation. It has now been confirmed that this information has been superseded during the assessment process. The Keeper is happy to ignore this statement, but recommends that it is removed from the RMP at the next review (see element 13). The Printer has agreed to do this (April 2025). The Keeper agrees that the King’s Printer for Scotland has arrangements in place to properly archive records when appropriate.
8. Information Security	G	G	The Act requires that public records are held in accordance with information security compliance requirements. The King’s Printer for Scotland acknowledge this and state in their RMP that “Records are a valuable resource and must be secured, used, shared and managed appropriately" and a commitment that "Records are appropriately secured and protected" (RMP Overview). The Corporate Information Management Policy (see element 3) states “In order to deliver successfully the business of The National Archives, we need to be able to:...Protect it in the right way” and goes on to provide detail in a ‘protecting’ section. The King’s Printer for Scotland is based in TNA and their public records are held either on the TNA records management system, M365 Azure cloud services, or in hard-copy format in TNA storage. Security on the Cloud platform is the responsibility of the TNA IT Operations department. For more on the records management systems see element 4 above. Due to the arrangement explained under ‘explanation’ above, the King’s Printer for Scotland must adhere to TNA information security policies. The TNA ISO 27001 Information Security Management System (ISMS) Policy Statement (version dated 12 September 2022) has been supplied to the Keeper in evidence. TNA have a formal commitment to the ISO27001 standard: https://www.iso.org/standard/27001 As with element 3 above, the Keeper has been provided with adequate evidence that staff can access this key policy document. The RMP confirms this arrangement: “KPS uses The National Archives' policies and procedures to ensure the confidentiality, integrity and availability of our records. As such, KPS complies with the Government Security Policy Framework, which includes information security” (RMP section 8). As noted under element 4, a small section of the King’s Printer for Scotland’s records are not physically held in TNA. These legacy paper files are protected by the security systems adopted by the third-party storage company. The storage contractor operates to BS5454 standard: BS 5454 - Recommendations for the storage and exhibition of archival documents The security of physical records is a commitment of the Procedure for Secure Disposal of Paper Waste document which has been provided to the Keeper (see element 6). The RMP explains at section 8 that the TNA KIM Team (see under General Notes below) liaises regularly with the Chief Information Security Officer. The King's Printer's Information Manager (see element 2) is a member of the KIM Team. The Corporate Information Management Policy provides a commitment to “A clearly-communicated set of security policies and procedures, which reflect business objectives to support good risk management.” Training for staff on information security appears on the TNA intranet. A screen-shot showing the style and some of the content of this training has been provided to the Keeper (see element 12). The Keeper agrees that the King’s Printer for Scotland have procedures in place to appropriately ensure the security of their records as required by the Act.
9. Data Protection	G	G	The Keeper expects a Scottish public authority to manage records involving personal data in compliance with data protection law. The King’s Printer for Scotland is not separately registered with the Information Commissioner as a data controller. The RMP states “A review in 2020 led to the determination that KPS is not a data controller. This is on the basis that it does not employ staff, enter into contracts, nor process data beyond the content of legislation.” That said, the King’s Printer for Scotland has committed to follow the data protection procedures of TNA (see Element 8 above). For more on this see ‘explanation’ above. The King’s Printer’s Data Protection Officer (DPO) is the TNA DPO. The Data Protection Officer sits on the TNA information security committee, which is chaired by the Chief Information Security Officer, who is a member of The National Archives’ Executive Team. Links to the National Archives' Privacy Policy and Data Protection policies have been supplied Members of the public are made aware of their rights and how they can make a subject access request from the privacy page. Data protection training for staff is carried out through the TNA intranet. A screen-shot has been supplied to indicate how this is done. Data protection is specifically supported by the Information Management Policy (see element 3) for example under ‘key principles’. The Keeper agrees that the King’s Printer for Scotland have arrangements in place that should allow them to properly comply with data protection legislation.
10. Business Continuity and Vital Records	G	G	The Keeper expects that record recovery, prioritising vital records, is an integral part of the authority’s business continuity planning. The King’s Printer for Scotland is based in TNA and their public records are managed on TNA’s digital records system (Microsoft cloud which features full recovery of record keeping systems in an emergency) or, in physical format, either in TNA premises or in third-party storage contracted by TNA. KPS records are additionally backed up by TNA to a third party private cloud both in the UK and in Iceland. As noted above, TNA provides the King’s Printer with a repository for those record identified as suitable for permanent preservation. This arrangement is confirmed by a Covering Letter from the Chief Executive of TNA that has been supplied to the Keeper. The Keeper accepts that the King’s Printer for Scotland is reliant on the record recovery processes of TNA. The relevant record recovery procedures of TNA have been provided to the Keeper’s Assessment Team. The Keeper understands that business continuity plans or similar emergency procedures may contain sensitive information that should not be shared outside the authority. As such the Keeper is content that the shared business continuity documentation is not permanently kept on the King’s Printer case file and that the review carried out by the assessment team, to confirm that record recovery is appropriately embedded in the recovery process, will suffice. As with other elements, the Keeper has been provided with a screen-shot showing that staff can access the TNA record recovery arrangements. The Keeper agrees that the King’s Printer for Scotland have arrangements in place that should allow them to properly recover public records in an emergency.
11. Audit trail	G	G	The Keeper expects an authority to have processes in place to track public records in such a way that their location is known and changes recorded. The King’s Printer for Scotland recognises this. They state: “Good records management ensures that the correct information is captured, stored, maintained, retrieved, shared, reused, and destroyed or preserved in accordance with business need, statutory and legislative requirements.” and that "Records are accessible, usable and understandable for as long as they are required". (RMP Overview section 2). The King’s Printer relies, for its records management, on systems provided by the National Archives (see ‘explanation’ above). The Keeper has been provided with a Covering Letter from the Chief Executive of TNA providing the same statement as quoted above. The Corporate Information Management Policy (see element 3) requires the King's Printer to "Keep it [information] where we can find and use it again", and asks "Make sure you know what you have got and where it is. Can you easily find all the business information you have stored" See element 4 for the structure of the King’s Printer for Scotland’s record management provision. Digital: The majority of the public records of the King’s Printer are created and managed in digital format. As explained above, digital records of the King’s Printer are managed on a dedicated SharePoint site that is part of the larger M365 cloud platform operated by TNA. Version control is automatically applied by the M365 platform. M365 also provides a powerful search functionality, but, to take full advantage of this, records creators should name records consistently. The Corporate Information Management Policy (which was, of course, developed for TNA generally) states: “All corporate information should be ‘findable’ by any user with permission. This means that it must be saved in the relevant business area of the file plan, must be named logically and clearly, and must have a minimum of metadata to enable discovery by others.” Separate to the RMP, the King’s Printer have provided a staff guidance statement on this issue in which it is clear that the Printer’s staff are given guidance on naming conventions. The Keeper acknowledges that the RMP gives a detailed description of the management of digital records (section 11). Physical: In order to track the location and movement of paper records the King’s Printer operate a file registry system. This is operated by TNA and monitored by the KIM Team (see under General Comments below). The Corporate Information Management Policy supports this arrangement and the RMP states (section 11): “The paper registry files are tracked in a spreadsheet, which includes whose possession they are in.” The Keeper has been provided a sample from this registry. Line-of-Business systems: As noted under element 4 the King’s Printer for Scotland manage certain records on systems that are not part of the main SharePoint site. The Keeper can agree that these systems are liable to include adequate records management functionality to allow the location and identification of a record to be captured. The Keeper agrees that the King’s Printer for Scotland has procedures in place that will allow them to locate their records and assure themselves that the located record is the correct version.
12. Competency Framework for records management staff	G	G	The Keeper expects staff creating, or otherwise processing records, to be appropriately trained and supported. The staff of the King’s Printer for Scotland, including the individual identified at element 2 of the RMP, are employed and manged by TNA (see ‘explanation’ above). The King’s Printer is a small single function authority and, as such, the Keeper does not expect them to employ a full-time professionally qualified records manager. However, the RMP makes it clear that, as the authority is embedded in TNA and uses the TNA records management provision, the King’s printer has full access to the services of TNA's central Knowledge and Information Management (KIM) team, which includes a full-time records manager with ARA accredited post-graduate qualifications. The Information Manager allocated to the King’s Printer is a member of this KIM Team. However, the Keeper must be confident that the officer assigned the records management role in the King’s Printer has access to suitable training opportunities and that records management is considered a business task separate from general office management. The King’s Printer Information Manager (see element 2) has specific responsibility for information and records management. This is clear from the Record Manager Performance Objectives document which has been provided to the Keeper. These objectives specifically mention the implementation of the RMP. The Keeper acknowledges that the King’s Printer Information Manager has attended several training events, including some arranged by the PRSA Team and has fully engaged with the PRSA process. All staff working with the public records of the King’s Printer complete mandatory training in Information Management (see element 3), Data Protection (see element 9), and Information Security (see element 8). This latter training is a formal requirement of the Information Security Policy Statement. “Topics include staff responsibilities over appropriate handling of information in line with our policies, awareness and procedures for DPA and FOI, and risks such as phishing.” (RMP section 12). Staff must also complete training on the use of the SharePoint site (see element 4). There is specific training, provided by the TNA KIM Team, for Information Asset Owners (see Local Records Management below). The Keeper has been provided with a screen-shot showing how King’s Printer staff access training modules. The Keeper agrees that the individual identified at element 2 has the appropriate responsibilities, resources and skills to implement the records management plan. Furthermore, she agrees that the King’s Printer for Scotland consider information governance training for staff as required.
13. Assessment and Review	G	G	Section 1(5)(i)(a) of the Act says that an authority must keep its RMP under review. The Keeper has been provided with a Covering Letter from the Chief Executive of TNA who is identified in the RMP as having overall responsibility for the implementation of records management in the King’s Printer for Scotland (see element 1). In this Letter the CEO provides the following instruction to the King’s Printer’s Information Manager “Please would you review the plan two months after its acceptance by the Keeper, to ensure it is functioning as intended. You should then keep the plan under continuous review going forward, and report back to me again one year later to ensure that it remains appropriate to KPS' business needs, and that it has properly responded to any significant changes in circumstance that might have occurred. Please also report on what other steps have been taken to improve records management in KPS and to mitigate any associated risks. Thereafter, you should report to me in similar terms on an annual basis.” The Keeper agrees that this commits the authority to an appropriate review schedule and clearly identifies who is responsible for this review. The RMP (section 13) itself confirms this review schedule and that the Information Manager will then report back to the TNA CEO annually “to ensure that it remains appropriate to business needs and that it has properly responded to any significant changes in circumstance that might occur. The report will also identify any other steps that have been taken to improve records management in KPS and to mitigate any associated risks.” (RMP section 13). The annual review will take the form of a collation of local reports from the King’s Printer staff principally through a face-to-face meeting between the Information Manager and the King’s Printer Information Asset Owner (see Local Records Management under General Notes below). The Keeper agrees that, for a small authority based in single site, this is appropriate. The Information Asset Owner reporting system (which was itself reviewed and updated in 2023) is described in the RMP (section 13). It is important that policies and Guidance supporting the implementation of an RMP are also reviewed routinely. This recognised and is a requirement of the Corporate Information Management Policy (see element 3) and the Information Security Policy (see element 8) for example Corporate Information Management Policy 'Information Management Governance clause e. The King’s Printer uses TNA's policies and procedures to ensure robust management of their public records (see ‘explanation’ above). As this is the case, KPS relies on the monitoring and review processes put in place by TNA, for example TNA completes annual information security ‘health checks’ (RMP section 8). It is clear that the King’s Printer Information Manager is kept updated on any relevant changes to TNA information governance policies and guidance through his role in the TNA KIM Team (see under General Notes below). The Keeper agrees that The King’s Printer for Scotland have made a firm commitment to review their RMP as required by the Act and have explained who will carry out this review and by what methodology. Furthermore he agrees that supporting policy and guidance documents have appropriate review periods allocated through TNA review schedules and that the King’s Printer’s Information Manager is aware of the outcome of these reviews.
14. Shared Information	N/A	N/A	The Keeper expects a Scottish public authority to ensure that information sharing, both within the authority and with other bodies or individuals, is necessary, lawful and controlled. The King’s Printer for Scotland recognises this. They state: “Good records management ensures that the correct information is captured, stored, maintained, retrieved, shared, reused, and destroyed or preserved in accordance with business need, statutory and legislative requirements.” and that "Records are a valuable resource and must be secured, used, shared and managed appropriately" (RMP Overview section 2). The King’s Printer relies, for its records management, on systems provided by TNA (see ‘explanation’ above). The Keeper has been provided with a Covering Letter from the Chief Executive of TNA making the same statement. With this in mind, the King’s Printer for Scotland have committed to adopt the information sharing processes of TNA. These require that information sharing protocols will be used particularly in circumstances in which personal data will be shared (although the King’s Printer is not in fact a separate data controller). In these situations information sharing protocols would be arranged through TNA. The RMP includes a commitment for the authority to follow TNA policies including those explained in the Corporate Information Management Policy ‘Information Management Processes’ section (see element 3). Considering the compliance text of the RMP and the supporting evidence package it appears that these commitments are in place to ensure information governance would be put in place should an information sharing programme be implemented by the King’s Printer. It does not immediately appear that information sharing with third-parties is currently part of the activities of the authority. For this reason, while acknowledging the statements above, the Keeper considers that this element does not apply to the King’s Printer for Scotland. The activities undertaken in pursuit of their functions do not routinely require the authority to share information with third parties. However she acknowledges that the authority understands the requirement to consider this aspect of records management and have set out appropriate commitments should the need for such information sharing occur.
15. Public records created or held by third parties	N/A	N/A	The Public Records (Scotland) Act 2011 (PRSA) makes it clear that records created by third parties when carrying out the functions of a scheduled authority should be considered ‘public records’ - PRSA Part 1 3 (1)(b). This is acknowledged in the RMP (Overview paragraph 4). The King’s Printer for Scotland address this in the text of their RMP (section 15): “Certain KPS services may be contracted, such as publication of Scottish legislation through legislation.gov.uk, but KPS retains responsibility and governance. Contracts with suppliers handling KPS data are made by The National Archives. They include clauses relating to data handling, security, availability, monitoring, and exit. This is in line with our IT Security Policy on project risks and accreditation, which includes supplier management.” The RMP goes on to detail examples of the work these ‘suppliers’ provide. The Keeper has determined that these are services contacted-in rather than functions contracted-out (for example a third-party provides a document storage service). The King’s Printer has also provided a sample contract which is also for the provision of a service (IT services: consulting, software development). As there is no suggestion that any of the functions of the King’s Printer for Scotland are contracted out, the Keeper can agree this element does not apply to this authority.

General Notes on submission

This assessment is on the Records Management Plan (RMP) submitted by the King’s Printer for Scotland, for the Keeper of the Records of Scotland’s (the Keeper) agreement, on 30th May 2023. This is RMP version 2023.

The RMP submission was supported by an appropriate evidence package and by a separate letter of support from the Chief Executive of The National Archives (TNA) (see element 1 and explanatory text at top of assessment), to the Corporate Information Manager (see element 2), in which he endorses the RMP and the Corporate Information Management Policy (see element 3).

This is the second RMP from the King’s Printer for Scotland assessed by the Keeper. Their first Records Management Plan was agreed by the then Keeper on 8th April 2014. At that point the authority was the Queen’s Printer for Scotland: Keeper Agreement Report Queen's Printer for Scotland

The RMP mentions compliance with the Public Records (Scotland) Act 2011 and is set out in the structure of the Keeper’s 15 element Model Plan: Model Records Management Plan | National Records of Scotland (nrscotland.gov.uk)

The Introduction to the RMP (page 3) states:

“The records of KPS are vital assets which make it possible to deliver the strategic aims and daily functions of the KPS, and to protect the interests and rights of staff and members of the public who have dealings with it. The records constitute an auditable account of KPS activities, providing evidence of our business, actions, decisions and policies, and supporting efficiency, consistency, quality and continuity of service delivery.” The Keeper fully agrees this statement.

The King’s Printer recognise public records as a business asset that must be appropriately managed (for example the RMP quote above or Corporate Information Management Policy ‘3 Key Principles’ section). This is an important recognition and the Keeper welcomes it.

Local Records Management The King’s Printer has an identified Information Asset Owner (IAO) responsible for the public records of the authority as they are managed on TNA systems. The IAO has special access and special additional responsibilities. They are provided with additional training (see element 12).

The IAO liaises with the TNA KIM Team (see below) on records management issues. For example, the IAO is responsible for liaising with the KIM team around any new record types required by the King’s Printer. The IAO must be consulted if there is a need to save restricted information in SharePoint and to be informed of any new risk to information. Decisions on how to describe information assets, and how long they should be kept, are made by local business teams (the IAO), while the KIM team allocate functional retention schedules to each asset. The IAO is given the opportunity to verify, at folder/aggregation level, that the correct retention has been applied to their records.

IAOs report on their use of cloud services in biannual reporting (see element 13).

The RMP notes that “The balance between central [KIM] and local [IAO] control ensures a tightly managed structure but one which remains usable, flexible and relevant to KPS business.” The Keeper agrees this sentiment.

TNA Knowledge and Information Management (KIM) Team: The records management provision of the King’s Printer for Scotland is fully embedded in TNA and, as this is the case, they must rely on the TNA KIM Team for much of the RMP (see ‘Explanation’ above). The individual identified at element 2, who has day-to-day responsibility for implementing the RMP, is a member of the KIM Team and has a specific role to support the IAO (see above).

The KIM team work within the framework of the UK Government Knowledge and Information Management profession.

KIM sits within the portfolio of the Chief Operating Officer, who fulfils the role of Chief Information Security Officer (CISO).

The TNA Corporate Information Management Policy (see element 3) is 'owned' by the KIM Team. Policy updates are managed via KIM team.

Decisions on how to describe information assets, and how long they should be kept, are made by the King’s Printer business team (see elements above), while the TNA KIM team allocate functional retention schedules to each asset. The KIM Team is responsible for providing system access to new-starts to the King’s Printer’s business area and for removing access from leavers.

6. Keeper’s Summary

Elements 1 - 15 that the Keeper considers should be in a public authority records management plan have been properly considered by the King's Printer for Scotland. Policies and governance structures are in place to implement the actions required by the plan.

7. Keeper’s Determination

Based on the assessment process detailed above, the Keeper agrees the RMP of the King's Printer for Scotland.

The Keeper recommends that the King's Printer for Scotland should publish its agreed RMP as an example of good practice within the authority and the sector.

This report follows the Keeper’s assessment carried out by,

Pete Wadley
Public Records Officer

Liz Course
Public Records Officer

8. Endorsement of Report by the Keeper of the Records of Scotland

The report has been examined and is endorsed under the signature of the Keeper of the Records of Scotland as proof of compliance under section 1 of the Public Records (Scotland) Act 2011, and confirms formal agreement by the Keeper of the RMP as submitted by the King's Printer for Scotland. In agreeing this RMP, the Keeper expects the King's Printer for Scotland to fully implement the agreed RMP and meet its obligations under the Act.

Laura Mitchell
Deputy Keeper of the Records of Scotland

File downloads

Assessment Report King’S Printer For Scotland – 20 May 2025

File type: PDF,
File size: 363.78 KB

Was this page helpful? *

Yes

Yes, but

Your comments