Solved

Record policy - UK

Posted on 2011-03-08
4
301 Views
Last Modified: 2012-08-14
What are the realistic risks to an organisation who dont have a records management policy and information classifacation policy? And on the flipside what are the benefits to an organisation to have such policies?

In the UK now their is a drive to have such policy for freedom of information legislation, but I dont really see how the 2 link together. FOI is basically where member of public requests informationm about the company and the company has to respond within 20 days. So where does not having a records management policy affect that and hamper the ability to respond in 20 days, and same for information classifacation, what does having such a policy help in the way of FOI, and what does not having such a policy affect in being able to respond in 20 days.
0
Comment
Question by:pma111
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Thibault St john Cholmondeley-ffeatherstonehaugh the 2nd earned 125 total points
ID: 35075396
>FOI is basically where member of public requests informationm about the company
I thought it was that the company has to reply with all the information it holds on that individual, not about itself. For this reason we used, at my old workplace, to have to be very careful with any comments that were entered against a customers record. Records of phone conversations, contacts and interdepartmental comments all could be seen by the customer if they asked.

To qualify for industry standard certification your company needs to pass audits and some of these checks will include proving that these records can be obtained within the time allotted. Not having a policy in place means you won't get the certificate and this may affect your ability to trade as companies you deal with might need to prove compliance of any subcontractors they use.
0
 
LVL 3

Author Comment

by:pma111
ID: 35080679
I think you mean data protection subject access requests
0
 
LVL 17
ID: 35086057
It did involve the data protection act, the bit about the comments against customers' records.

The latter  bit about proving compliance might be more relevant to you. It certainly has relevance with health and safety and with liability insurance and so I can imagine soomething similar is in place over records policies. This can include records of staff training and qualifications. All very necessary if you use the services of another company.
0
 
LVL 22

Assisted Solution

by:8080_Diver
8080_Diver earned 125 total points
ID: 35086069
"So where does not having a records management policy affect that and hamper the ability to respond in 20 days"

My take on that would be that, without a records management policy:
How do you know whether you even have records that need to be supplied?
Given that you do have records, how long do you ned to retain them?  (For instance, some records in the US have to be maintained for 5, 7, or 10 years, others are in the "forever and always" category, and still others are "only as long as we see fit" category)?
Given that you know that you have had records and that they have been maintained for some period of time, how long do you search for them before declaring that they have previously been destroyed?

As for information classification, I should think that the classifications would largely involve the retention period as well as the "public", "confidential", and "secret" levels of classification.  In other words, is it something you would post on a web site, something you might post on a web site but password protect, or something that you keep locked up somewhere?  

Audits may also include whether or not you classify (or, even more stringently, properly classify) documents.  This, too, can be important in dealing with other companies.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now