About Us

Main Functions and History

Companies House Board and Management

Supplying Companies House

International Relations

Companies House Agency Records Management Summary Corporate Policy Statement - Summary

This abbreviated policy statement sets out our corporate policy on the management of electronic records. You should read this carefully and refer to the full version if you are in any doubt about its content.

Click here to view the full version of this document

1. Electronic records within Companies House will be treated in the same way that we treat registered files, policy papers, project documents. We will seek to ensure that:

the record is present
the record can be accessed
the record can be interpreted
the record can be trusted
the record can be maintained through time

2. Electronic records require careful control, we will ensure that the systems and processes that deal with electronic records and potential electronic records are able to:

maintain them so that the record nature remains intact;
provide the records for registration, transfer or disposal
keep the records secure and monitor access
have regard for Data Protection and Freedom of Information legislation.

3. We will monitor electronic records and potential electronic records during the transitional period to ensure that:

records that should be captured are being processed electronically if they do not appear in the paper record
we do not duplicate paper and electronic records
a distinction is made between the electronic documents which are printed, printed records that reside in the paper record systems and other original documents that are retained as electronic records;
an inventory of record collections is created to look at the nature and type of records and potential records within collections;
there is a good level of control of the record creating systems and that the records nature is preserved appropriately in the transitional period.

4. We will manage our electronic recordsin accordance with requirements of:

Freedom of Information legislation
Data Protection Act
Existing Records Policy - in relation to paper records
Audit policy

5. We will ensure that our registration procedures will support:

identification of the originator of the document;
identification of the owner or manager of the documents;
keeping track of when the document was created and last modified
determining the status of a document in terms of draft, final etc.
identification of the components of the document that are saved and managed as separate documents, and the relationship between those components;
ensuring that the documents relationship to others is maintained;
ensuring that a document is meaningfully titled, described and classified;
managing the document security in accordance with needs for access
ensuring that the document is stored and is able to be exchanged.

6. We will preserve electronic records during any change in the infrastructure so that they still satisfy the original policy requirements, and ensure that records remain accessible over time as technology changes.

7. We will make unrestricted records available to CH staff subject to proper controls so that information is not lost. To achieve this we will:

allow the document owner to specify who can read and/or copy it;
subject to these controls, make the documents accessible to all who need them;
enforce version control, so that a changed document is registered as a new version;
ensure that there is an audit trail reflecting the history of modification.

8. We will ensure that once the electronic records are recorded and registered, the processes dealing with them are secure.

We will:

train staff to use the records management systems to ensure consistency in record registration
offer solutions to rectify mistakes or accommodate better ways of working;
set up business continuity plans to ensure a constant service is maintained;
enforce access restrictions with user IDs and passwords, setting user lockouts;
maintain full disaster recovery plans;
implement strict back-up cycles with updates for new records and, ensure that any destroyed or transferred records are physically cleaned from the back-ups;
label the replicated records as a replica set and making sure these cannot be used as the master set, unless the original has been destroyed.

9. We will carry out an initial review within six months of the introduction of the policy, to assess how it is being put into practice. This will be followed by an annual review to indicate if the policy needs to be amended, as changes occur in the organisational structure or workflow. The review will seek to:

identify areas of operation that are covered or not covered by the policy and to identify which procedures and/or guidance should adhere to the policy;
follow a mechanism for adapting the policy to cover missing areas, if these are crucial to the creation and use of electronic records, and use a subsidiary development plan if there are major changes to be made;
set requirements by implementing new procedures, including obtaining feedback where the procedures do not match the desired activity;
highlight where the procedures are not being applied and suggest a tightening of controls and adjustment to related procedures such as security and access.

Annex A

Companies House Agency Records Management Electronic Records Corporate Policy Statement

1. Introduction

1.1 Companies House, like many other organisations, still stores the majority of its information on paper. However, with the introduction of computers and in particular our GroupWise system, more and more documents are not only being created and stored on computer, but are also being transmitted electronically within our organisation, and in some cases also to external customers. They may thus spend their entire lifetime in electronic form. It is vital that we have a policy in place for managing such documents.

1.2 This policy aims to meet the requirements of good records management, to cover all the electronic record collections and planned electronic records of Companies House. It summarises our aspirations for electronic records management by 2004, and provides a framework which can be applied in progressive stages to specific areas of electronic records activity within our organisation. This framework will guide newly developing information systems and records-creating processes at the same time as drawing current practice within its scope. We have aimed to identify general principles which can be applied to varying situations, taking different operational and technical needs into account, yet still achieve a common standard across the organisation.

2. Records Management Requirements

2.1 Electronic records within Companies House will be clearly identified. They will follow a pattern of treatment similar to the way that we treat registered files, policy papers, project documents, papers relating to contracts - in short, any information which provides evidence of the business transactions of our organisation. We will endeavour at all times to ensure that:

the record is present We have the information that is needed to form a reconstruction of activities or transactions that have taken place.
the record can be accessed It is possible to find and access the information, using appropriate software and hardware, and to display it in a way that reflects its initial form.
the record can be interpreted It is possible to establish the context of the record: who created the document, during which business process, and its integrity and authenticity can be demonstrated
the record can be trusted The record reliably represents the information that was actually used in or created by the business process, and its integrity and authenticity can be demonstrated
the record can be maintained through time These qualities of accessibility, interpretation and trustworthiness can be maintained for as long as the record is needed, perhaps permanently, despite migration between hardware, digital media, or software formats.

3. Process Requirements

3.1 Companies House has previously addressed its records management policy largely at the management of paper files. These techniques are now to be extended to the management of electronic documents. Electronic records are an asset requiring careful control. We therefore need to ensure that the systems and processes that deal with electronic records and potential electronic records:

identify whether they deal with records, electronic records or potential electronic records;
maintain them so that the record nature remains;
provide the records for registration, transfer or disposal according to our electronic records management guidance;
keep the records secure and monitor access in accordance with our electronic records management guidance;
have regard to legal requirements such as Data Protection, Freedom of Information and copyright legislation.

4. Transitional Requirements

4.1 Whilst we move towards full electronic records management, we need to distinguish clearly whether the record is electronic or in the paper file. During this transitional period we will monitor electronic records and potential electronic records to ensure that:

records that should be captured are being processed electronically if they do not appear in the paper record;
there is no unwarranted duplication between the paper and electronic record collections;
there is a distinction made between the electronic documents which are printed, printed records that reside in the paper record systems and other original documents that are retained as electronic records (possibly to be passed to an electronic record keeping system);
we create an inventory of record collections to ascertain the nature and type of records and potential records within collections;
care is taken to ensure a good level of control of the record creating systems and that the records nature is preserved appropriately in the transitional period.

5. Linked Policies

5.1 Electronic records will be managed in accordance with relevant codes of practice for records management:

Freedom of Information Electronic records will adhere to procedures under the Freedom of Information legislation and the associated Lord Chancellor's Code of Practice on Management of Records
Data Protection Electronic records will adhere to procedures under the Data Protection Act 1998.
Existing records policy (that is, paper-based policies in relation to our registered file system)
Audit policy Electronic records will meet audit requirements.

6. Registration Policy

6.1 An effective registration process and adequate registration information are essential for managing all documents, whether paper or electronic. All relevant registration information and links between documents will be maintained and managed over time. We will ensure that our registration procedures support:

identifying the originator of the document;
identifying the owner or manager of the document;
keeping track of when the document was created and last modified, for each version of the document;
determining the status of a document in terms of draft, final etc. for each version of the document;
identifying the components of the document that are saved and managed as separate documents, and the relationship between those components;
ensuring that the document's relationship to other like documents is maintained;
ensuring that a document is meaningfully titled and described in context, and classified;
managing the document security with respect to organisational policy and access provisions for various types of documents such as personal, group, corporate, public and archival; and
ensuring that the document is stored and is able to be exchanged.

7. Preservation Policy

7.1 Access to electronic records for both short and long term business requirements is important. We will ensure that standards are in place, which will make these records accessible over time as technology changes. These records need to be migrated across future changes in hardware and software to ensure that they are accessible in a form as close as possible to that in which they were created. Companies House will preserve electronic records during any change in the infrastructure so that they still satisfy the original policy requirements.

8. Access Policy

8.1 Unless restricted, we will make records readily available within our organisation. We will ensure that s taff who have a need to view this information, are able to gain access. As stated in the registration policy, we will adopt common format and naming conventions to help staff to identify what documents are available. We will ensure that access is controlled, so that this information is not lost. To achieve this we will:

allow the owner of a document to specify, at registration time, who can read and/or copy it;
subject to these controls, make the documents accessible to all who need them;
enforce version control, so that a changed document is registered as a new version;
ensure that there is an audit trail reflecting the history of modification (and, if necessary, use) of the document, as a measure of authenticity.

9. Security policy

9.1 Security in relation to electronic documents means maintaining their availability, integrity and confidentiality by minimising the risk of loss, corruption and unauthorised access. We will therefore ensure that once the electronic records are recorded and registered, the processes dealing with them are secure. We will:

train staff to use the records management systems for an accurate representation of the records, thereby ensuring consistency in record registration without loss of context and control;
offer solutions to rectify mistakes or altering the procedures to accommodate better ways of working;
ensure a constant service is maintained in spite of any technical or strategic hitches that may occur;
enforce access restrictions with user Ids, passwords, and user lockouts;
maintain disaster recovery plans that include replicating electronic records on a physically secure back-up and safeguarding the information from technical failures;
implement strict back-up cycles with updates for new records and, ensure that any destroyed or transferred records are also promptly physically cleaned from the back-ups;
label the replicated records as a replica set and making sure these cannot be used as the master set, unless the original has been destroyed accidentally or following a disaster.

10. Policy review

10.1 This policy will be accompanied by an electronic records strategy which will support the policy by setting out the current situation and showing what we aim to achieve.

10.2 We will carry out an initial review within six months of the introduction of the policy, to assess how it Is being put into practice. This will be followed by an annual review to see if the policy needs to be amended, as changes occur in the organisational structure or workflow.

10.3 The review will:

identify areas of operation that are covered or not covered by the policy and to identify which procedures and/or guidance should adhere to the policy;
follow a mechanism for adapting the policy to cover missing areas, if these are crucial to the creation and use of electronic records, and use a subsidiary development plan if there are major changes to be made;
set requirements by implementing new procedures, including obtaining feedback where the procedures do not match the desired activity;
highlight where the procedures are not being applied and suggest a tightening of controls and adjustment to related procedures such as security and access.

Companies House
September 2001