Model Plan Guidance to Element 10
Model Plan Guidance to Element 10
As a result of changes to the Keeper’s Model Plan, this guidance is currently being reviewed. We hope to have this completed by the end of 2019. In the meantime, if you have any queries about the guidance, please contact the Assessment team.
Business continuity and vital records
A business continuity and vital records plan serves as the main resource for the preparation for, response to, and recovery from, an emergency that might affect any number of crucial functions in an authority.
In line with the Keeper of the Records of Scotland's (The Keeper) obligations under the Public Records (Scotland) Act 2011 (the Act) the following guidance is issued to support authorities with regard to business continuity and vital records.
It is recommended that public authorities have a business continuity plan and that they can identify key records that facilitate the operation of the authority.
This applies whether the records kept are paper based, electronic or, most likely, a hybrid of the two.
It is important to note that the Keeper will not want to see any information, policy documents or other material that might compromise the security of a public authority. If you have any concerns regarding this please submit redacted samples only, perhaps accompanied by a short explanation of why you have taken this decision.
The JISC InfoNet has this to say about a disaster plan:
In essence it is about pre-planning to recover the business of the institution in whole or in part if the worst happens, whether fire, flooding, accident, bomb or any other hazard. The main task is to prepare a disaster recovery plan and test it. It is usually an institution wide exercise and involves technical expertise of buildings, systems and controls as well as records management. It is not a one-off exercise but one that has to be up-dated regularly. It is likely that the records manager will be a member of the core recovery team but it would be unusual for this person to have responsibility for the whole plan. [footnote 1]
And about vital records:
With very few exceptions vital records should be duplicates and should be stored away from areas where the originals are being used. If these take the form of computerised records then they should be up-dated regularly as part of the normal back-up process and stored outwith the main processing and network areas.
Some vital records will be identified as part of the Information Audit but it really requires a distinct programme to bring the elements together fully. The objectives are: To define the vital records; to ensure Senior Management buy-in; identify potential hazards; designate appropriate protection methods; select appropriate storage sites and methods; develop operating procedures; bench Test programme procedures. [footnote 2 ]
Potential evidence for this element might include a 'disaster plan' or similar, and a policy, approved by the senior accountable officer, identifying records that are vital to the operation of the authority and explaining how they should be retained.
It is possible that vital records will be identified in a comprehensive business classification scheme (Element 4) or under the authority's retention scheduling procedures (Element 5). If this is the case an authority would not be required to submit a separate vital records policy. However, even in such a case, reference should still be made to business continuity in the authority's RMP.
If an authority is genuinely unable to provide evidence of their business continuity/disaster plan or vital records policy because to do so would, for example, compromise the authority's security, a statement from the senior accountable officer explaining that this is the case would be perfectly acceptable to the Keeper under the spirit of the Act.
Specific guidance regarding vital records
Complete Guidance Documents
If you encounter difficulties opening linked websites, PDF documents and RTF documents listed on this page, please contact us at firstname.lastname@example.org.