Companies House Records Management

Companies House Records Management Policy

1. INTRODUCTION

'Companies House will document its business activities with Records that are complete, authentic, reliable, secure and accessible and manage those records in accordance with all applicable legislative requirements throughout their lifecycle'

A record is:

"...all those documents in whatever medium, received or created by an organisation in the course of its business, and retained by that organisation as evidence of its activities or because of the information contained."

Records are repositories of our organisations accumulated knowledge about itself, its suppliers and its customers. Properly managed, records can be mined as a rich vein of information.

A records management policy is essential for good corporate governance. Companies House is committed to implementing best records management practices and systems to ensure the creation, maintenance and protection of accurate and reliable records.

Companies House will aim to establish a culture that values information and seeks to optimise the use of existing information by capturing records within corporate records management systems. Staff will be trained and encouraged to follow good practice in record management to ensure the creation of reliable and authentic evidence of Companies House decisions and activities.

All work undertaken by Companies House is eventually documented in some form, and every member of staff contributes to this process. Information is a critical asset to Companies House and it must be managed carefully for a number of reasons:

to meet our business needs and the needs of our stakeholders
to find information quickly no matter where it is located
to ensure that we always have the latest information
to share information with colleagues
to monitor and control how information is created and used
to record the changes made to information and who made the changes
legal admissibility, providing evidence of our decisions and activities
to comply with the requirements of the Freedom of Information Act
to contribute to business efficiency through the creation of useable and reliable records

This policy recognises that record management is in a period of transition from paper-based to electronic and therefore covers the move from predominantly paper-based records to electronic record creation and management. However, given the volume of current paper records within Companies House, there will continue to be a requirement to manage a hybrid collection for a considerable time.

Any queries about the policy or about record management issues generally should be addressed to the Departmental Records Officer – Debbie Richards.

2. ABOUT THE POLICY

2.1 Purpose

The purpose of this policy is to establish a framework for the creation and management of records within CH. CH is committed to establishing and maintaining records management practices that meet its business needs, accountability requirements and stakeholder expectations.
The policy aims to:

inform staff and management of the importance of effective records management
ensure best practice is achieved for the creation and management of reliable and useable records to support the business activities of Companies House
assist in the transition from the current “print to paper” policy of preserving key documents in paper format on registered files to the position where most records are stored and retrieved electronically within a corporate electronic document and records management system (EDRMS).
define roles and responsibilities including the responsibility of individuals to document their actions and decisions in reliable records, and to dispose of records in conjunction with approved disposal schedules.

2.2 Scope

Records Management is about managing information from the moment it is received or created, until it is destroyed or transferred to another organisation e.g. The National Archives.

This policy:

applies to all staff within CH
applies to all business-related information created, received or maintained by Companies House during business transactions
applies to all business applications used to create records including email (GroupWise), database applications (Lynx), paper (CR Files, case files), audio or videotape, microfilm or some other media.
provides the overarching framework for any other corporate recordkeeping policies, practices or procedures.

The policy does not cover the ‘Company Information’ that is received and held by the Registrar under the Companies Registration process, as legislation governing the management of these records is already laid down in the Companies Acts.

2.3 Legislative framework

All CH records are Public Records under the Public Records Acts and must be kept in accordance with following statutory and legislative guidelines:

Public Records Acts 1958 and 1967 - records of historical value which must be transferred to the Public Record Office for permanent preservation when they are thirty years old.
Data Protection Act 1998 - all records must adhere to procedures under the DP Act 1998 (this affects records containing any personal data or information about individuals).
Freedom of Information Act 2000 - all records must adhere to procedures under the Freedom of Information Act 2000 and the associated Code of Practice on the Management of Records under section 46 of the Act.

Corporate business records will also be required to meet other standards and policies within Companies House:

Companies House e-Business Strategy and Business Plans - records will underpin e-business providing records for evidential, informational and historical use within the organisation and in facilitating new transactions.
Audit Policy - records and the systems used to create, access and manage them will have to meet audit requirements.
Information Security Policy - all records forming part of Companies House corporate memory are subject to the measures outlined in any security policies and must be protected in accordance with the sensitivity of the record in question. Consideration must be given to the rights established under the Data Protection Act 1998 and the Freedom of Information Act 2000.
Companies House Protective Marking Policy – sensitive records must be protected from unauthorised compromise or loss through the use of recognised classification markings and descriptors.
Companies House Email Management Policy – Dependant on content, some emails generated or received by members of the organisation are corporate records and are therefore subject to Companies House records management policies and procedures.

2.4 Responsibility

The policy is owned by the Companies House Departmental Record Officer (DRO), on behalf of the organisation.

The formulation, implementation and ongoing maintenance of this Policy require that roles and responsibilities are defined to ensure everyone clearly understands their individual duties and means are established for ensuring that these responsibilities are undertaken.

The Departmental Record Officer (DRO) will:

own, develop and maintain the Record Management Policy;
produce and maintain the procedures and working practices that effect the implementation of the Record Management Policy;
monitor levels of compliance to the Record Management Policy and associated procedures;
communicate the Record Management Policy and Procedures by all appropriate means;
arrange appropriate record management training for all Companies House staff to ensure Record Management Policy and relevant procedures are included in all induction courses;
ensure requirements relating to Data Protection and Freedom of Information are incorporated into Record Management Policy and Procedures.

The Chief Executive will:

authorise and implement the policy.
oversee appropriate arrangements for review and assurance.

Heads of Directorates will:

ensure that their directorate complies with legislative requirements regarding its records.

Line Managers will:

make decisions and guide staff about which documents and records are required for the operation of the business;
ensure that staff induction includes familiarisation with record-keeping procedures.
support and monitor staff recordkeeping practices and the creation of records, as defined by this policy, as part of normal business practices.

System Administrators will:

maintain the technology for the Electronic Document and Records Management Systems (EDRMS).
maintain the integrity and authenticity of records stored within the EDRMS.

All staff will:

create and maintain complete, accurate, reliable up-to-date evidence of their business transactions, in the form of corporate documents and record;
work within the agreed policies for record-keeping expressed in the policy and any consequent guidance;
attend training courses appropriate to their records management responsibilities.

2.5 Policy implementation and communication

This policy will be made readily available to staff at all levels of the organisation through publication on the Intranet, and will be explained to staff through briefings, training and user workshops to ensure understanding of the benefits of Records Management within our organisation and to provide guidance on adhering to best practice.

Development needs arising from this will, where necessary, be incorporated into Companies House training and development plans and into personal development reviews.

3. GENERAL PRINCIPLES

3.1 Information Management

The Record Management function is a specific corporate function in which all Companies House staff have some measure of responsibility for the preservation of records for as long as they are required. Records created and received in the course of Companies House business are the property of Companies House and not of the employee, agent or contractor who created or received them. This is the case regardless of the physical location of the record, whether it is held in an individual’s office or computer or, off the premises, including within a service provider’s computer or other systems.

Record management procedures will be implemented which ensure that records of official business are:

reliable, authentic and complete irrespective of the medium;
created in line with the needs of the creating department and of the wider organisation;
captured into authorised systems which make them readily accessible to everyone with a legitimate need to use them;
maintained, stored and preserved for the period of their usefulness to the business unit and, if appropriate, to external stakeholders;
disposed of in accordance with a defined and approved retention / disposal process.

3.2 Documents and Records

Many documents are produced in the course of our business, with varying degrees of value and longevity and in various stages from rough notes to final reports.

Any of these documents can serve as a record of an activity or decision. In order to ensure that Companies House has reliable evidence of its activities, it will capture and maintain significant documents as official records that are accurate and authentic.

For the purposes of this policy, a record is defined as any piece of information created or received by any individual, employed by or contracted, by Companies House that:

relates to Companies House business
may be in any medium or form (including electronic documents and email as well as traditional paper)
has potential administrative, legal, financial, accountability or historical value.

3.3 Creation of Records

The decision to register a document as a formal record will be based on the significance and importance of the document to the delivery of the business. To ensure that they are reliable as evidence, records need to be authentic. Authenticity requires that records are captured, managed and preserved in an organised system, which maintains their integrity and context.

The following documents will almost certainly become records:

Ministerial submissions and advice
Policy development documents
Minutes of significant meetings (i.e. where significant decisions are made)
Business plans/business cases
Project Initiation documents (e.g. strategy; requirements, PID, sign off, project review)
Procurement records (e.g. contracts)
Financial records

All business systems used by Companies House must be capable of capturing, maintaining and providing evidence of its business activities over time to satisfy our record-keeping needs. Every organisation irrespective of their unique business activities, require systems that can capture full and accurate records and perform processes for managing those records over time. In order to be full and accurate, records must be authentic, reliable, complete, unaltered and useable and the systems that support them must be able to protect their integrity over time.

3.4 Security and Access

CH will take all reasonable steps to ensure that records are secure from accidental or wilful damage, destruction or misuse.

To achieve this we will:

not seek to put a blanket restriction on access to informationif only certain records are sensitive. Unless there is specific reason (e.g. confidentiality or sensitivity), Companies House will use access controls to allow records to be viewed by all authorised individuals
enforce version control, so that a changed document is registered as a new version
ensure that there is an audit trail reflecting the history of modification (and, if necessary, use) of the document, as a measure of authenticity

Additionally in electronic records systems:

setting user passwords and lockouts to enforce access restrictions
training staff to use relevant metadata (data about data) for consistency, context and control
introducing strict back-up cycles with updates for new records and metadata, ensuring that any destroyed or transferred records are also promptly physically cleaned from the back-ups.

The use of protective markings on information created within the organisation should be in line with the Companies House Protective Marking Policy. Advice on protection of records and other assets can be obtained from the Records Management Team.

All records in whatever medium and with whatever level of classification are subject to the Public Records Act 1958 and the Records Management Team will be given access to all records for the purpose of establishing their historical value.

In making records available outside Companies House, the Registrar will comply with the Data Protection Act, the Freedom of Information Act, and Code of Practice on Access to Government Information. Where access to Companies House records under these Acts has been denied, the reasons for withholding or masking information within a record or record series will be recorded.

3.5 Maintenance

Once a document is filed as a record, responsibility for its maintenance as part of Companies House’s information resource will pass from the individual creator to the organisation.

Records will be preserved through changes in:

The structure of the organisation (including transfers of function to other government departments or bodies or private sector service providers)
Technology
Storage medium
Classification.

When transferring records to The National Archives (TNA), Companies House will ensure that full supporting documentation and metadata (data about data) is supplied to enable future users to access the records.

3.6 Retention, Review and Disposal

No records will be retained on an indefinite basis. All records will be subject to retention schedules specifying the period for which they will be maintained. Companies House will apply model schedules issued by TNA (available via the Intranet). For areas not covered by TNA model retention schedules, the Records Management Team will develop disposal schedules in consultation with the record users. The Records Management Team will keep an index of all retention schedules for Companies House electronic and non-electronic records.

The business unit responsible must show that records are being retained for the minimum period required, meeting business requirements and any relevant legal provisions. When the agreed retention period expires, records will be reviewed and, if merited, transferred to The National Archives for permanent preservation or destroyed without further consideration.

Records scheduled for destruction will be destroyed promptly when their retention period has ended in order to keep the volume of records in store to the minimum, consistent with effective and efficient operations.

Records identified (at review) as suitable for permanent preservation will be transferred to TNA or other approved archive as soon as they are no longer required by Companies House and no later than 30 years after their creation.

When departments need to retain records for more than the 30 year period laid down by the TNA, for operational or security reasons, they will supply the Records Management Team with details of the records and the justification for continuing to hold them. The Records Management Team will seek to obtain the necessary approval for further retention from the Lord Chancellor via the TNA.

All records not required by Companies House or TNA will be destroyed.

Responsibility for the disposal of non-registered documents rests with the user. Documents held on personal drives and in e-mail folders are to be destroyed promptly and regularly by all staff.

3.7 Permanent Preservation of Historical Records

Companies House will meet its obligation to identify and safeguard records worthy of permanent preservation for historical reasons by:

operating a system of regular review to identify records of historical value;