Retention of Records Procedure
1. Purpose and Scope
This procedure provides guidance on the retention and disposal of records within the legislative, regulatory and best-practice requirements. The procedure applies to all records created, received, maintained and held and in all formats by persons carrying out activity on behalf of ICNARC.
The document applies to all ICNARC employees.
Records are defined as documents, regardless of format, which facilitate the operations of the organisation and which are thereafter retained for a set period to provide evidence of its activities, transactions and compliance.
3. Roles and Responsibilities
The Information Governance Officer (IGO) is responsible for ensuring that records are regularly reviewed by Information Asset Owners to determine whether any retention period applying to records have expired.
The Head of Operations is responsible for the procurement and arrangement of facilities for off-site archiving and the physical disposal of records in a confidential manner.
All records must have an owner allocated that is responsible for the appropriate retention and disposal.
Line managers are responsible for ensuring staff are aware of this procedure and comply with its requirements. When a member of staff leaves line managers must ensure that responsibility for their records is transferred to another person.
Records must only be kept for as long as is required to meet operational, business and legal needs.
It is a legal requirement under the General Data Protection Regulation to only retain records containing personal data for as long as is strictly necessary, organisations can be subject to enforcement action for failing to comply.
The organisation’s Records Retention Schedule is intended to provide guidance to all business units and information areas regarding appropriate retention periods for different categories of record. It promotes consistency and the retention of the minimum volume of records while accounting for requirements imposed by legislation and regulation.
Information Asset Owners must agree retention periods for the information assets which they are responsible for, using the Records Retention Schedule, and these must be set out in the Information Asset Register.
Once the retention period has expired, relevant action must be taken.
The Records Retention Schedule includes the following information:
- Record description - the type of record or asset, applying to all formats of record
- Retention Period– the recommended length of time for which the records should be kept by the organisation
- Action at the end of retention period – There are three potential disposal outcome for a record at the end of its retention period:
- Permanent preservation / send to archive
- Record Owner – The business unit within ICNARC that owns the record and the Information Asset Owner that is responsible for the retention and disposal of the record.
When a record reaches the end of its retention period a decision must be taken on its disposal, with the possible outcomes:
- send to archive for a specified archive period
- Permanent preservation
Before action is taken to permanently preserve or destroy a record at the end of its retention period, a reappraisal of any need to retain it for present functions should be undertaken, but it should only be necessary on rare occasions.
Some records may need to be retained permanently for legislative requirements but some may be retained permanently for long term evidential or historical value. The following records are examples of items that may be considered in need of permanent preservation:
- Records that show the development of the organisation
- Records that show evidence of important decisions or precedent
- Records documenting the organisation relationship with external parties and stakeholders and the organisation’s place in the national and international community
- Papers relating to the organisation’s governance such as Agendas and minutes.
The Information Asset Owner is responsible for ensuring that arrangements are in place for records to be destroyed in a timely and secure manner and that the business unit manager is aware that the destruction is taking place. All copies held in any format must be destroyed at the same time.
Destruction must be carried out in a way that takes full account of the confidentiality of the record, ensuring there no existing duplicates in different formats.
For potentially significant information a record should be kept of what has been disposed of and who authorised it. This will ensure there is a transparent audit trial detailing evidence of records that have been destroyed.
All disposal of IT equipment must be done by the organisation’s approved supplier and Certificates of Destruction kept for permanent record.
Document owner and approval
The SIRO is the owner of this document and is responsible for ensuring that this policy is reviewed in line with the review requirements of the DSP Toolkit.
This policy was reviewed and approved by the Board Information Governance Committee and signed off by the SIRO on 05/02/2020.
The current version of this document is available to all members of staff on Confluence.
Change history record
Description of change
Date of issue
As per Board of Information Governance Committee Review
Refer to confluence.icnarc.org for the latest version of this document
Any other copy (printed or electronic) of this document is uncontrolled