The authority has an appropriate policy statement on records management.
The Act specifically requires authorities to have a ‘records management policy statement’. This is probably best achieved by developing a formal records management policy which can be published, at least to staff, and probably online. There are several examples of what a records management policy might look like below.
The policy should be used in an authority to govern the creation and management of authentic, reliable and useable records, capable of supporting business functions and activities, for as long as they are required.
The policy should be a key component of an authority’s corporate governance. It will help foster an appropriate culture within the authority, and it will help demonstrate to stakeholders that it is committed to undertaking its business activities in a diligent and accountable manner.
The policy should reflect the size and complexity of the authority, and confirm that the policy is owned by senior management. Authorities with a wide range of functions, operating in a complex legislative environment, will require a fuller policy document than a smaller authority.
The policy should define the legislative, regulatory and best practice framework within which the authority operates, and demonstrate how the authority aims to ensure that its records remain accessible, authentic, reliable and useable through any organisational or system change. A good records management policy should make records management roles clear and commit the authority to appropriate training.
A good records management policy should also include a description of the mechanism for records management issues being disseminated through the organisation, and confirmation that regular reporting on these issues is made to the main governance bodies.
Although the Public Records (Scotland) Act 2011 is ‘technology blind’ and refers to records created in any format, an authority’s formal policy may, if appropriate, differentiate between the processes in place for paper records, and for those held electronically.
The policy must be approved by senior management and should be made available to all staff at all levels in the organisation.
The policy statement is a compulsory element of a RMP according to the Act (1 2(b)(i). It must be approved by a senior accountable officer in the authority and submitted to the Keeper.
Evidence
The Keeper will expect to be provided with a copy of the records management policy and of any supplementary guidance that accompanies it. If the authority has other high level documents, such as an information governance strategy, these should also be submitted under element 3. It would be useful if the Chief Executive, or the person named at element 1, could provide endorsement of the records management policy in a covering letter. The Keeper will be looking for evidence that the policy is understood at the highest levels of an authority.
