深夜亚洲福利久久

Records Management Policy

Version 1.0

For PDF see: Record Management Policy

1 Purpose

深夜亚洲福利久久 College Cork (鈥榯he 深夜亚洲福利久久鈥�) is committed to the proper and effective management of the records and data it creates, receives, captures, maintains, or otherwise processes, in all formats, in the course of its operations, academic and administrative, in a manner which:

• is transparent, consistent, and accountable;
• meets legal, regulatory, and audit requirements;
• supports the efficient conduct of its business;
• protects the security and integrity of Records and Data, including Personal Data;
• ensures the preservation of Archives documenting its history and development.

The 深夜亚洲福利久久 recognises that records management is a collaborative process, which calls for the support and active participation of management and staff at all stages, including design, implementation, compliance, and review. Engagement is essential to achieving the purposes of this Policy.

It is acknowledged that the greater part of the 深夜亚洲福利久久鈥檚 records is now held in digital formats, including records comprised of data within digital systems. The 深夜亚洲福利久久 commits itself to ensuring its record systems, for both digital and hard copy records, support records management processes and the purposes of this Policy.

Particular recognition is given to the 深夜亚洲福利久久鈥檚 obligations as a data controller and processor towards data subjects under the 深夜亚洲福利久久鈥檚 Data Protection Policy and Data Protection legislation, and to the special and limited derogations given under that legislation for processing data for research and statistical purposes, and for archival purposes in the public interest.

Records management processes will respect the 深夜亚洲福利久久鈥檚 principles of academic freedom.

In seeking to manage its records and to preserve its digital archives and associated metadata appropriately, the 深夜亚洲福利久久 will have regard to ISO 15489, the International Standard for Records Management, and to the principles of ISO 14721, the reference model for an Open Archival Information System (OAIS).

2 Scope

This Policy applies to all records, in all formats, created, received, maintained or otherwise processed in the course of the activities of the 深夜亚洲福利久久 including, without limitation, hard copy and digital records.

Personal records unrelated to 深夜亚洲福利久久 activities are not within the scope of this policy. Staff are advised to avoid maintaining such records within 深夜亚洲福利久久 systems (eg, email servers, network folders), as doing so may place them within the scope of legislation such as Freedom of Information.

Research Data is subject to the 深夜亚洲福利久久鈥檚 Research Data Management Policy.

3 Policy Requirements

3.1 All Processing Activities

All Users processing records or data created in the course of the 深夜亚洲福利久久鈥檚 activities must ensure that they do so in a manner that safeguards and protects the integrity, confidentiality and availability of the data at all times. They must comply with the relevant policies of the 深夜亚洲福利久久 (as may be amended from time to time) and with all applicable legal requirements, particularly in relation to data protection and copyright.

3.2 Records Retention Schedules

Records Retention Schedules (RRS) have been developed through collaboration with Staff in each Functional Area, have been agreed with management, have been approved by Data Owners, and must be applied to the management of records in each area.

Changes to RRS

Changes to RRS, including for example the addition of new records series, changes to disposal periods or actions, may only be made by the 深夜亚洲福利久久 Archivist, who is responsible for maintaining the master set of RRS.

Staff, Students, and Other Users should bring questions and information about potential or required changes to RRS to the 深夜亚洲福利久久 Archivist鈥檚 attention. Changes made must be approved by the relevant Data Owner. These processes are subject to a change control procedure.

Exceptions to disposal actions in RRS

Where records liable for destruction or deletion are relevant to an ongoing or pending formal process, such as an appeal, an audit, an investigation, a formal information request, or legal proceedings, disposal action must be suspended until that formal process has terminated.

Intentionally destroying or altering a record relevant to such a process may be an offense in law.

Staff should notify their Head of Functional Area in writing of the suspension of disposal action, the reason for it, and, subsequently, its termination, in line with an exceptions procedure.

3.3 Day-to-Day Recordkeeping Process

Records and data are to be named, saved, and stored in a manner consistent with the records series[1] set out in the RRS applicable in one鈥檚 area, so that it may be clear to which series a record belongs. For example, the filing tree structure on an area鈥檚 main network drive may mirror the records series set out in the retention schedule.

Staff must follow all 深夜亚洲福利久久 Records Management procedures and be aware of related guidelines, and should, where relevant, inform Students and Other Users of their responsibilities under this Policy.

Functional Areas must also have in place local procedures and standard operating procedures, for systems and practices specific to their area. They must ensure that local procedures are consistent with this Policy and its underlying procedures, and with related 深夜亚洲福利久久 policies and procedures.

[1] A records series is a defined grouping of related records subject to the same retention/disposal actions, as set out in a records retention schedule

3.4 Digital Records Systems: Archival Preservation, Records Management, and Data Transfers

The ongoing preservation requirements of records identified as being of archival or permanent value must be addressed at all stages of the records鈥� life-cycle. Regular back-ups, system audits, and controlled migration and conversion of data and supporting metadata during upgrades and systems changes, are all essential steps.

Staff involved in the procurement, development, upgrading, or termination of enterprise and other systems used for digital records must consider the records management implications of these processes, and must ensure that the purposes of this Policy are met. It is recommended that IT Services be consulted at the planning stage.  Other offices including the Procurement Office, the 深夜亚洲福利久久 Archives, and the Information Compliance Office may also be consulted where relevant.

Processes involving the transfer of personal and commercially sensitive data across networks and copying to other media must safeguard their confidentiality and integrity, eg, through encryption.

The removal off-site of personal or commercially sensitive data, or records containing such data, must be authorised by the Data Owner, and must similarly be carried out in a manner which safeguards against the risk of theft, loss, or data breach.

The Data Custodian (eg IT Services) can advise on data security and safeguarding measures.

3.5 Version Control and Minimisation of Duplication

Effective version control has been identified by the 深夜亚洲福利久久 as best practice, supporting data quality, reducing uncontrolled distribution, and allowing for deletion of earlier versions once superceded where permissible under the RRS (see Guideline on version control)

Minimisation of duplication is a key component of the 深夜亚洲福利久久鈥檚 records management processes. Master records and data sets are to be held by relevant areas as identified in the RRS. Other areas should not generally hold copies of such records and data. Where they need to do so, the records and data concerned should be held for a limited time and stated purpose, consistent with procedure and the relevant RRS.

3.6 Staff Leaving the 深夜亚洲福利久久

Staff leaving the 深夜亚洲福利久久, or changing positions within it, must leave all 深夜亚洲福利久久 records for the use of staff and successors within the relevant area.

4 Roles and Responsibilities

深夜亚洲福利久久 Management Team (UMT) endorse this Policy and take institutional responsibility for ensuring implementation and compliance.

All staff are responsible and accountable for creating and keeping accurate and complete

records of their business activities. This includes records and data created in the course of carrying out or contributing to research (see Research Records Management procedure).

Staff must ensure that the records and data for which they are responsible are securely managed in a manner which is compliant with this Policy, related 深夜亚洲福利久久 policies, and relevant procedures, including the Data Protection Policy, IT Security Policy, Data Classification Procedures, and External Hosting Policy.

The processing of personal data is subject to data protection legislation. The obligations of those processing such data in the course of 深夜亚洲福利久久 business are set out in the 深夜亚洲福利久久鈥檚 Data Protection Policy.

Designated staff members may be appointed by Data Owners to take day-to-day responsibility for records management processes (eg, security, transfer, disposal), to support other staff in performing such processes, to report to management, and to liaise with the 深夜亚洲福利久久 Archivist.

The identity of designated records management staff members should be recorded and known to all staff in the relevant unit. The general functions of designated records management staff are set out in a guideline.

Data Owners are generally the most senior person in a functional area, and are responsible for the records and data processed in or on behalf of their area. Examples of Data Owners include the Registrar (student records), the Bursar (financial records), and Director of HR (human resources records). The Data Owners for each records series are set out in Records Retention Schedules (RRS) (see also appendix below).

Data Owners have overall and operational responsibility for records management implementation and compliance within their functional area or area of work. This includes the following:

• authorising access to and processing of records and data and assigning responsibilities;
• ensuring adequate training and guidance is given and facilitated;
• managing risk and ensuring appropriate security and recovery arrangements are in place;
• approving actions as required under records management procedures and RRS;
• ensuring standard and local procedures, eg, for digital systems used in their area, are applied, and developed where necessary;
• ensuring processing activities carried out on their behalf (see below) comply with this Policy and other relevant 深夜亚洲福利久久 policies, all applicable legal requirements, and any applicable contract or agreement.

Where processing activities are carried out on behalf of the Data Owner by Data Custodians or Data Processors[1], all parties must provide each other with any information necessary to fulfilling their responsibilities. The Data Owner retains overall responsibility for the records or data concerned.

Where a Data Controller engages a Data Processor to carry out processing on its behalf, there is a statutory requirement that a contract in writing between the parties be entered into, governing those processing activities.

Data Custodians and Data Processors who process records or data on behalf of a Data Owner have certain responsibilities, including the following:

• ensuring that they protect the integrity, confidentiality, and security of records and data entrusted to them;
• ensuring that access and processing is restricted to what is authorised by the Data Owner

Where Students and Other Users process and/or gain access to records and data created in the course of 深夜亚洲福利久久 activities, they are subject to the requirements of this Policy relating to All Processing Activities (above). Attention is directed to relevant guidelines.

 The 深夜亚洲福利久久 Archivist is responsible for maintaining and reviewing this Policy and records retention schedules, and for promoting a culture of good records management practice.

[1] See 鈥楧efinitions鈥� (below)

5 Non-compliance with Policy

Failure to comply with this policy is a breach of 深夜亚洲福利久久 regulations and may be the subject of disciplinary action in accordance with the 深夜亚洲福利久久鈥檚 disciplinary procedures.

6 Supporting Documentation

The Policy should be read in conjunction with the following 深夜亚洲福利久久 policies, procedures and guidelines.  Staff must ensure their compliance with these policies and procedures in addition to this policy.

• Data Protection Policy
• Data Classification Policy
• IT Security Policy
• Acceptable Usage Policy
• Externally Hosted Personal Data Policy
• Records Management Procedures
• Records Management Guidelines
• Data Protection Procedures and Guidelines
• This Policy is subject to the 深夜亚洲福利久久鈥檚 Principal Statute and to the 深夜亚洲福利久久's Policy Framework.

7 Further Information

Queries regarding this Policy or Records Management at the 深夜亚洲福利久久 should be directed to the 深夜亚洲福利久久 Archivist: archives@ucc.ie.; Tel. +353 (0)21 4902753; 深夜亚洲福利久久 Archivist, UCC, 6 Elderwood, College Road, Cork, T12 VH39.

8 Disclaimer

The 深夜亚洲福利久久 reserves the right to amend or revoke this policy at any time without notice and in any manner in which the 深夜亚洲福利久久 sees fit at the absolute discretion of the 深夜亚洲福利久久 or the President of the 深夜亚洲福利久久. 

9 Definitions

In the context of this Policy, capitalised terms used throughout shall have the following meanings:

深夜亚洲福利久久:

鈥淭he 深夜亚洲福利久久鈥� means 深夜亚洲福利久久 College Cork 鈥� National 深夜亚洲福利久久 of Ireland, Cork

 Policy

鈥淧olicy鈥� means this Records Management Policy

 Functional Area

鈥淔unctional Area鈥� means area of 深夜亚洲福利久久 operations ordinarily headed by a member of the 深夜亚洲福利久久 Management Team, specifically the Vice-Presidents, Heads of Colleges, the Bursar, the Corporate Secretary, and senior Directors, as set out in the 深夜亚洲福利久久鈥檚 organisational structure.

 Heads of Functional Areas

鈥淗eads of Functional Areas鈥� are ordinarily members of the 深夜亚洲福利久久 Management Team (UMT) and are the most senior person in their functional areas, as set out in the 深夜亚洲福利久久鈥檚 organisational structure.

Data Owner

鈥淒ata Owner鈥� ordinarily means the most senior person in the functional area within which the data is created or stored unless this role has been explicitly and formally delegated to someone else by the most senior person in the aforementioned areas. The Data Owner for each records series is set out in records retention schedules.

Data Custodian

鈥淒ata Custodian鈥� means an internal 深夜亚洲福利久久 service (eg, IT Services), team, or individual to which records or data are entrusted on behalf of the Data Controller (the 深夜亚洲福利久久) or a Data Owner for the purposes of storage and/or processing.

 Data Processor

鈥淒ata Processor鈥� means a person who processes personal data on behalf of a data controller but does not include an employee of a data controller who processes such data in the course of his or her employment. This includes, eg, service providers storing or hosting records or data.

 Data Processors, as external third parties processing 深夜亚洲福利久久 records and data, are subject to the 深夜亚洲福利久久鈥檚 Data Protection Policy and Data Hosting Policies, and to data protection legislation.

Staff

鈥淪taff鈥� means all full-time and part-time employees of the 深夜亚洲福利久久, staff funded externally but under contract to the 深夜亚洲福利久久, including seconded staff, and researchers under contract to the 深夜亚洲福利久久.

Students

鈥淪tudents鈥� means all full-time and part-time registered students of the 深夜亚洲福利久久.

Other Users

鈥淥ther Users鈥� covers third parties (all the 深夜亚洲福利久久鈥檚 subsidiary companies, contractors, service providers, visitors and/or any other parties) who process records created in the course of the 深夜亚洲福利久久鈥檚 activities, parties to whom such data is disclosed (recipients), and all persons who are granted access to the 深夜亚洲福利久久鈥檚 IT Resources.

All Users

鈥淎ll Users鈥� covers Staff, Students, and Other Users, as defined above.

Records Retention Schedule (鈥淩RS鈥�)

Control document that defines the length of retention and the disposition actions that are authorised for specified records, grouped into records series. The 深夜亚洲福利久久鈥檚 retention schedules include a business classification scheme, linking records to the context of their creation, and other supporting information, including the Data Owner and access classification for each records series.

10 Appendix: Data Owners Table

The Data Owner for each records series is set out in records retention schedules. The present table outlines in general terms the Data Owner for the main categories of records and data held.

11 History and Approval

Revision History

Consultation History

Approval

This document requires the following approvals:

This policy shall be reviewed regularly by the 深夜亚洲福利久久 Archivist in light of any legislative or other relevant developments.