Records Management arrangements are regularly and systematically reviewed, with actions taken when required.
In line with the Keeper of the Records of Scotland’s (The Keeper) obligations under the Public Records (Scotland) Act 2011 (the Act) the following guidance is issued regarding self-assessment and review:
Section 1(5)(i)(a) of the Act says that an authority must keep its Records Management Plan (RMP) under review.
With this requirement in mind, the Keeper considers that it is a fundamental part of an RMP that it is reviewed
- shortly after implementation to determine whether it is operating as expected
- on a regular basis thereafter (to check that it still appropriate to the business needs of the organisation and has properly responded to the changes in circumstance that occur over time)
It is important to schedule these reviews from the outset. The Keeper expects to see provision for review in an authority’s RMP.
As it is important that an authority’s records management provision is properly assessed before and after the implementation of a plan, the Keeper would suggest that public authorities consider implementing a self-assessment survey of their level of records management development in advance of updating and submitting an RMP for submission. It is worth noting that the creation of this sort of ‘baseline’, while good practice, is not a requirement of the Act.
Under the provisions of the Act (section 5.2), the Keeper has the authority to ask a scheduled public authority to review their records management plan and submit this for (re)assessment after five years have passed since the previous review. However, it is hoped that this review will be done more frequently by the authority itself as part of a regular scheduled review.
The Keeper should be notified of any changes made to an authority’s RMP, including those made as the result of a scheduled review. Internal assessment of an RMP might be facilitated by a user evaluation exercise. Larger organisations might consider the establishment of a review group.
Evidence
Evidence that an authority appreciates the importance of periodic review of its records management procedures may be detailed under the formal records management policy (Element 3).
Alternatively, evidence that this element is being properly considered may be submitted separately. This can be in the form of details of the self-assessment mechanism used with reports from assessments undertaken or underway.
An authority will be expected to explain four components of the review process in its RMP:
- When will the RMP be reviewed?
- Who is responsible for the review?
- How will the results of the review be reported up to senior management for action?
- What form will this review take? What is the methodology?
The final component might cause authorities the most difficulty when first submitting an RMP. If the authority identifies that they must select a review methodology, but have not done so at time of submission (where review may be more than a year away), the Keeper will agree this element as an Amber ‘improvement plan’ if. The Keeper will insist that the other components (such as responsibility for review) are in place at the outset.
Evidencing the methodology component may be also be problematic as, by definition, a review will not have taken place at the time of a first submission.
Some authorities have overcome this difficulty by providing samples of other, similar reviews that have taken place (for example many authorities created reviews for management of their GDPR preparedness in 2017/18). A statement accompanying a first submission explaining that the authority will conduct their review in a similar style to an earlier review, supported by evidence of that review, might be strong enough for the Keeper’s agreement.
For subsequent submissions the Keeper should expect to see evidence of reviews taking place in the years since original agreement.
Evidence of review might include a template staff survey regarding records management operations in their local business area; reports to management;
objectives in the responsible officer’s work plan to carry out a review; or
an internal audit action plan.
Finally, you should note that while the Keeper’s Progress Update Review (PUR) process is clear evidence that an authority understands the need to keep its RMP under review, it is not in itself a formal review process. PUR is a reporting mechanism; it does not suggest how an authority should carry out a review (self-assessment module, staff survey, internal audit etc.).
It is likely that a formal Records Management Plan review process will map the established review procedures in the authority. However, here are two examples of a records management self-assessment ‘dashboard’ used by Scottish public authorities. If not restricted to already existing systems, you could consider setting up something similar to record the review of your RMP.
File 01 - Care Inspectorate maturity model screenshot
File 02 - NHS Forth Valley maturity model
