[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Record policy - UK

Posted on 2011-03-08
4
Medium Priority
?
311 Views
Last Modified: 2012-08-14
What are the realistic risks to an organisation who dont have a records management policy and information classifacation policy? And on the flipside what are the benefits to an organisation to have such policies?

In the UK now their is a drive to have such policy for freedom of information legislation, but I dont really see how the 2 link together. FOI is basically where member of public requests informationm about the company and the company has to respond within 20 days. So where does not having a records management policy affect that and hamper the ability to respond in 20 days, and same for information classifacation, what does having such a policy help in the way of FOI, and what does not having such a policy affect in being able to respond in 20 days.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Thibault St john Cholmondeley-ffeatherstonehaugh the 2nd earned 500 total points
ID: 35075396
>FOI is basically where member of public requests informationm about the company
I thought it was that the company has to reply with all the information it holds on that individual, not about itself. For this reason we used, at my old workplace, to have to be very careful with any comments that were entered against a customers record. Records of phone conversations, contacts and interdepartmental comments all could be seen by the customer if they asked.

To qualify for industry standard certification your company needs to pass audits and some of these checks will include proving that these records can be obtained within the time allotted. Not having a policy in place means you won't get the certificate and this may affect your ability to trade as companies you deal with might need to prove compliance of any subcontractors they use.
0
 
LVL 3

Author Comment

by:pma111
ID: 35080679
I think you mean data protection subject access requests
0
 
LVL 17
ID: 35086057
It did involve the data protection act, the bit about the comments against customers' records.

The latter  bit about proving compliance might be more relevant to you. It certainly has relevance with health and safety and with liability insurance and so I can imagine soomething similar is in place over records policies. This can include records of staff training and qualifications. All very necessary if you use the services of another company.
0
 
LVL 22

Assisted Solution

by:8080_Diver
8080_Diver earned 500 total points
ID: 35086069
"So where does not having a records management policy affect that and hamper the ability to respond in 20 days"

My take on that would be that, without a records management policy:
How do you know whether you even have records that need to be supplied?
Given that you do have records, how long do you ned to retain them?  (For instance, some records in the US have to be maintained for 5, 7, or 10 years, others are in the "forever and always" category, and still others are "only as long as we see fit" category)?
Given that you know that you have had records and that they have been maintained for some period of time, how long do you search for them before declaring that they have previously been destroyed?

As for information classification, I should think that the classifications would largely involve the retention period as well as the "public", "confidential", and "secret" levels of classification.  In other words, is it something you would post on a web site, something you might post on a web site but password protect, or something that you keep locked up somewhere?  

Audits may also include whether or not you classify (or, even more stringently, properly classify) documents.  This, too, can be important in dealing with other companies.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
What we learned in Webroot's webinar on multi-vector protection.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question