The location of records is known and changes recorded.
In line with the Keeper of the Records of Scotland’s (The Keeper) obligations under the Public Records (Scotland) Act 2011 (the Act), the following guidance is issued regarding audit trails:
It is considered good practice that the whereabouts of records should be known at all times, and that movement of files around an electronic system or between physical storage areas should be logged.
This Element is principally concerned with an authority’s ability to locate the record they are looking for. This means being able to discover a record and to be confident in identifying the correct version. This Element may also include evidence of the ability to track changes to a record, although this may be considerably harder to do in some systems (such as Network Drives) than in others.
This Element is NOT about ‘auditing’ records management processes; these should be covered under Element 13.
The Keeper would expect each record-keeping system described in Element 4 to be considered under this Element. For example, the processes in place to track a hard-copy file would be different from tracking something held digitally. Similarly, the procedures around locating a hard-copy file held internally will differ from those in place for recalling files from a third-party record store.
Digital records should be subject to an audit trail mechanism that registers the movement of records within an authority’s record-keeping system. Electronic Document and Records Management Systems (EDRMS) and cloud platforms (such as M365) usually offer this functionality, as well as allow for the creation of audit reports and other tracking functionality.
In most cases the efficient operation of a digital document-tracking system depends on a record being searched by name. Digital record-keeping systems can be expected to search through the whole system to locate a record including, in some cases, where records can be saved in different file formats. For example, the M365 e-discovery tool can locate a record by name whether it is saved in SharePoint or in Exchange (e-mail). This makes the correct naming of records very important as the emphasis in these systems is on tracking a record by title rather than browsing through a particular container, as might have been done in a more traditional network file structure. Despite this improved tracking functionality, it is still best practice that records should be subject to an authority-wide policy that promotes efficient management of records through a logically organised and structured hierarchical filing system, and through using appropriately named folders.
Records held on physical media, such as paper or microform, should be subject to an authority’s registry system recording the movement of records around the organisation. Evidence of this might be a description of a ‘paper trail’ from retrieval request to return of a document to store. Such a system should ensure that the whereabouts of a particular record are known at all times.
For all records, in whatever format, a mechanism that monitors their movement and any changes to their content helps authorities ensure the records’ authenticity and legal admissibility. The Keeper therefore wishes to see reference under public authority Records Management Plan (RMP) to any audit provisions, either in place or being developed, to manage record movement and version control. In many systems, version control is applied automatically, but the authority should be clear about how this automated system operates in order to remain compliant with this Element.
Some systems routinely offer functionality that allows all access to records to be logged. Where this access does not result in editing, deletion or movement of records, the Keeper will not require evidence of such access. Under the Keeper’s Model Plan, Element 11 is concerned with the best practice need for authorities to know where their records are at any given time and to be aware of the need for robust version control. It is not concerned with routine business access to records that does not lead to changes or movement of records.
For certain record classes, such as adoption records, access restrictions may, however, be of primary importance. This sort of access control is properly part of Element 8 (Information Security).
British Standard 10008 states:
This audit trail information is needed to enable the working of the system to be demonstrated, as well as the progress of information through the system, from receipt to final deletion. Audit trails need to be comprehensive and properly looked after, as without them the integrity and authenticity, and thus the evidential weight, of the information stored in the system could be called into question
BS 10008 Evidential Weight and Legal Admissibility of Information Stored Electronically 2.15 page 79.
Evidence
The Keeper requires evidence that an authority can locate its records and that it can confidently declare these records to be true and authentic. S/he should also be confident that an authority can follow a public record through its lifecycle with all changes, movements and final disposition tracked.
The degree of audit trails required will vary according to the legislative and regulatory framework in which an authority operates.
Depending on the situation in a particular authority, potential evidence might include some of the following: a description of the search system used to locate electronic records or the paper records location system; sample ‘paper’ document movement logs version controls followed; or details of audit trails included in an EDRMS or a cloud-based system.
The Keeper understands that for some authorities a comprehensive audit trail system may not be fully functional for all of the systems explained in Element 4. However, the Keeper would require to know that authorities are working towards implementing appropriate tracking system for all records held throughout its entire operation. Evidence of any improvement project should be approved by the senior accountable officer.
For digital records held on an EDRM, cloud platform or similar, the Keeper would need confirmation that there is a ‘search’ function, and that staff have instructions how to name records in such a way that the search can be used. This is liable to require the authority to provide a naming convention document.
For digital records held on Network Drives or similar, the Keeper would need both a naming convention and a version control document (or a single document that has both). Network Drives do not automatically register a new version when a document is updated.
For hard-copy records held internally, the Keeper would be looking for evidence of some type of file registry, and an explanation of how files are appropriately annotated when they are updated (for example, a cover sheet).
For hard-copy records held externally, the Keeper would need to see evidence of tracking/retransmission arrangements. This may be a clause in the original contract.
For ‘line-of-business’ systems (see guidance to Element 4 for more on line of business), the Keeper would expect a statement to the effect that the authority is confident that the functionality of these systems allows the appropriate tracking of the records created/held.
Sample Tracking Documents
The following sample retention schedules might give you an idea what such a document should include and how it might be styled.
Any samples should not be taken to represent the current procedures operational in the authority that provided the sample; they are for ‘inspiration’ only.
It is of fundamental importance in any records management system that records, once created, can be retrieved in an efficient manner, including the ability to determine the correct version of a document that may have been edited. To ensure this can be done the Keeper would expect a public authority to provide staff with instructions in how to save records consistently and to apply version control where this is not done automatically. Below are some examples from a public authority:
And similar from a local authority:
