Solved

Record policy - UK

Posted on 2011-03-08
4
306 Views
Last Modified: 2012-08-14
What are the realistic risks to an organisation who dont have a records management policy and information classifacation policy? And on the flipside what are the benefits to an organisation to have such policies?

In the UK now their is a drive to have such policy for freedom of information legislation, but I dont really see how the 2 link together. FOI is basically where member of public requests informationm about the company and the company has to respond within 20 days. So where does not having a records management policy affect that and hamper the ability to respond in 20 days, and same for information classifacation, what does having such a policy help in the way of FOI, and what does not having such a policy affect in being able to respond in 20 days.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Thibault St john Cholmondeley-ffeatherstonehaugh the 2nd earned 125 total points
ID: 35075396
>FOI is basically where member of public requests informationm about the company
I thought it was that the company has to reply with all the information it holds on that individual, not about itself. For this reason we used, at my old workplace, to have to be very careful with any comments that were entered against a customers record. Records of phone conversations, contacts and interdepartmental comments all could be seen by the customer if they asked.

To qualify for industry standard certification your company needs to pass audits and some of these checks will include proving that these records can be obtained within the time allotted. Not having a policy in place means you won't get the certificate and this may affect your ability to trade as companies you deal with might need to prove compliance of any subcontractors they use.
0
 
LVL 3

Author Comment

by:pma111
ID: 35080679
I think you mean data protection subject access requests
0
 
LVL 17
ID: 35086057
It did involve the data protection act, the bit about the comments against customers' records.

The latter  bit about proving compliance might be more relevant to you. It certainly has relevance with health and safety and with liability insurance and so I can imagine soomething similar is in place over records policies. This can include records of staff training and qualifications. All very necessary if you use the services of another company.
0
 
LVL 22

Assisted Solution

by:8080_Diver
8080_Diver earned 125 total points
ID: 35086069
"So where does not having a records management policy affect that and hamper the ability to respond in 20 days"

My take on that would be that, without a records management policy:
How do you know whether you even have records that need to be supplied?
Given that you do have records, how long do you ned to retain them?  (For instance, some records in the US have to be maintained for 5, 7, or 10 years, others are in the "forever and always" category, and still others are "only as long as we see fit" category)?
Given that you know that you have had records and that they have been maintained for some period of time, how long do you search for them before declaring that they have previously been destroyed?

As for information classification, I should think that the classifications would largely involve the retention period as well as the "public", "confidential", and "secret" levels of classification.  In other words, is it something you would post on a web site, something you might post on a web site but password protect, or something that you keep locked up somewhere?  

Audits may also include whether or not you classify (or, even more stringently, properly classify) documents.  This, too, can be important in dealing with other companies.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access is a place to store data within tables and represent this stored data using multiple database objects such as in form of macros, forms, reports, etc. After a MS Access database is created there is need to improve the performance and…
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question