Embed Size (px)
Citation preview
September 2019 Ministry of Housing, Communities and Local Government
Departmental records and information management policy
© Crown copyright, 2019
Copyright in the typographical arrangement rests with the Crown.
You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. To view this licence visit http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
This document/publication is also available on our website at www.gov.uk/mhclg
If you have any enquiries regarding this document/publication, complete the form at http://forms.communities.gov.uk/ or write to us at:
Ministry of Housing, Communities and Local Government Fry Building 2 Marsham Street London SW1P 4DF Telephone: 030 3444 0000
For all our latest news and updates follow us on Twitter: https://twitter.com/mhclg
September 2019
3
Contents 1. Introduction 6
1.1 Definitions 6
1.2 Relevant legislation 7
2. Roles and responsibilities 7
2.1 Executive Board 7
2.2 Departmental Records Officer 8
2.3 Information Management 8
2.4 Line managers 8
2.5 Project managers 9
2.6 Individuals 9
3. Storage principles 9
3.1 Approved corporate storage 9
3.2 Physical storage 10
3.3 Account-specific storage 10
3.4 Device storage 10
4. Access principles 11
4.1 Internal sharing and access controls 11
4.2 External sharing 11
4.3 Joiners/movers leavers 12
5. Retention and disposal principles 13
5.1 Departmental retention and disposal schedule 13
4
5.2 Records received following ALB closures 13
5.3 Records received or transferred following MOG changes 14
5.4 Record destruction 14
6. Physical information and records – specific policy 14
6.1 Paper files 14
6.2 Non-paper items and digital continuity 15
6.3 Personal papers 15
6.4 Physical SECRET and TOP SECRET information 15
7. Digital information and records – specific policy 16
7.1 Digital records 16
7.2 Personal digital files 16
7.3 One Drives 16
7.4 Personal mailboxes 17
7.5 Enterprise Vault data 17
7.6 Ministerial and Permanent Secretary mailboxes 18
7.7 PST files 18
7.8 Instant messaging 18
7.9 Social media and external platforms 18
7.10 Digital SECRET and TOP SECRET information 19
8. Specific collections 19
8.1 Private office records 19
8.2 Special advisor records 21
8.3 Records of significant interest 21
8.4 Deposited documents 21
5
9. System audit 22
9.1 Creation of SharePoint/Teams sites 22
9.3 Notifications to KIM admin account 22
6
1. Introduction This document sets out the Ministry of Housing, Communities and Local Government (MHCLG, ‘the department’) policy on the storage, access, retention and disposal of information and records. It applies to all information and records, regardless of format, held by the department, or transferred to the department, for example following the closure of Arm’s Length Bodies (ALBs), machinery of government (MOG) changes or the course of current business. This policy defines where information should be stored, how access to it should be managed, and how long information and records should be retained before they are either destroyed or transferred to The National Archive (TNA) for permanent preservation. It sets out the responsibilities of Information Management and the Departmental Records Officer, and the expectations on staff in fulfilling their duty to manage records under the Civil Service Codei. The policy should be read along with the Department’s Deletion policy, which sets out how the destruction process takes place. Effective date: September 2019 Last review date: September 2019 Approved by: Departmental Records Officer 1.1 Definitions The following terms are used in this policy:
• “Records” are defined as information created, received and maintained as evidence and information by an organisation or person in pursuance of legal obligations or in the transaction of businessii • “Information” is defined as all records, plus ephemeral content, that is created, received or held as part of the department’s work, regardless of whether it is designated a record
• “Physical” information and records are anything that is in a tangible physical format, including for example (but not limited to) paper, magnetic tapes, microfiche and DVDs
• “Digital” information and records are anything that exists in a digital or electronic media, e.g. computer files, emails, database contents. It includes both ‘born digital’, which were created in digital formats, and digital versions of physical documents (e.g. scans)
• “Retention” usually means the length of time for which records are to be kept. It normally represents and will be expressed as a disposal period
7
• “Disposal” includes any action taken or yet to be taken to determine the fate of records including destruction and transfer to a permanent archive
• “Review” indicates that a record which has not yet been assigned a disposal action will be considered at a specific point in the future to determine its final disposal
• “Site” refers to an MS SharePoint or MS Teams site set up for the storage and sharing of digital data and collaborative working.
1.2 Relevant legislation The department will comply with legal and regulatory requirements, including the following:
• Public Records Acts 1958 and 1967 • Constitutional Reform and Governance Act 2010, including the Civil Service Code • Freedom of Information Act 2000 • Freedom of Information Act section 46 Code of Practice • Data Protection Act 2018, including the General Data Protection Regulations • Inquiries Act 2005
MHCLG also follows the records management guidance outlined in ISO 15489 Part 1 and ISO 15489 Part 2.
2. Roles and responsibilities All permanent and temporary employees, contractors, consultants and secondees who have access to MHCLG’s records, working on behalf of MHCLG on MHCLG business are responsible for managing MHCLG records, wherever these records are and whatever form they are in. MHCLG owns all records created by employees carrying out MHCLG business related activities. Unless the originator asserts ownership, records received by MHCLG staff are also owned by MHCLG. Individual employees do not own records, but are responsible for managing them. 2.1 Executive Board Members of MHCLG’s Board Executive have overall responsibility for our records management policy and standards, and for supporting their application throughout the organisation.
8
Significant changes to records management policy and standards, requiring corporate sign-off, will be presented to the Audit and Risk Committee, chaired by the departmental Senior Information Risk Owner (SIRO), for approval. 2.2 Departmental Records Officer The Departmental Records Officer (DRO) is responsible on behalf of the Permanent Secretary for:
• developing and managing an organisation-wide records management programme that meets the requirements of the Public Records Acts;
• providing advice on records management issues and promoting best information/records management practice;
• ensuring the records management policy complies with the Government’s Security Policy Framework; and
• regulating who has access to MHCLG’s records
2.3 Information Management The Information Management team, part of Digital Directorate, are responsible for:
• making sure that departmental records are stored securely • making sure that the lifecycle of records is managed appropriately • making sure that the records management policies are kept up to date and relevant
to the needs and obligations of the Department, consulting and working with MHCLG staff and the appropriate external regulatory and customer bodies
• informing staff about the records management policy, and for ensuring that all staff are aware of their responsibilities for managing records
• giving records management advice and guidance to line managers, or their delegated records management staff
• taking over management of MHCLG records for which there is no clear responsible business area
• ensuring the appropriate disposal, destruction and dispersal of records belonging to Arm’s Length Bodies and Agencies that MHCLG sponsors
2.4 Line managers Managers at all levels are responsible for:
• working with Information Management to develop suitable records management procedures, covering both electronic and hard copy records, that:
o are efficient and fit for purpose; and o comply with our records management policy and standards;
• operating records management procedures • ensuring that appropriate resources exist within their business unit to fulfill the
responsibilities for managing records; • communicating local records management procedures;
9
• ensuring that local records management processes and procedures are in line with central policies;
• ensuring that staff follow procedures for the offsite storage of hard copy records; • ensuring that staff follow procedures for the management and storage of electronic
records, including when they leave the department; and • creation and maintenance of retention schedules
2.5 Project managers Project records are the responsibility of the project manager, who is responsible for:
• identifying project related records and liaising with relevant local contacts • ensuring that the records are managed efficiently and comply with our records
management policy and standards; • ensuring that there are appropriate resources within the project for fulfilling the
responsibilities for managing records; • quality assurance of records management processes and procedures within the
project; and • ensuring the appropriate disposition of project records
2.6 Individuals In accordance with the Civil Service code, all staff are required to ‘keep accurate official records’. Therefore, staff that receive, create, maintain or delete records are responsible for making sure that they do so in accordance with MHCLG’s records management procedures.
3. Storage principles
3.1 Approved corporate storage All departmental records must be stored in approved corporate storage locations. This means:
• Registered paper files • MHCLG SharePoint/Teams sites • Centrally-owned archive storage
Information that does not form part of the record, or is not of ongoing business value, should be deleted as soon as it is no longer required.
10
3.2 Physical storage All registered paper files should be stored by Information Management, either on site or with Information Management’s off-site storage contractor. Only registered paper files or registered boxes containing paper material will be accepted for storage without separate agreement from the Departmental Records Officer or Deputy Departmental Records Officer. If business areas have requirements for storing information on other physical media (e.g. magnetic tapes), they should first speak to Information Management. Registered files held temporarily by staff must be stored in a suitably secure location, according to the security classification of the information and be returned to Information Management when not required for immediate business use. 3.3 Account-specific storage Departmental information should not be stored in account-specific storage, i.e. Outlook and OneDrive. OneDrives should be used for storing business-related personal documents, e.g. documents relating to the performance management cycle. Documents of business value (including drafts) must be saved to a corporate storage location, to ensure that business continuity can be maintained. Outlook should be used for short-term storage of communications and ephemeral information. Records of business decisions stored in emails should be transferred to a corporate storage location. All data in account specific storage remains searchable by and accessible to the Departmental Records Officer. The process for searches is set out in the department’s search policy. 3.4 Device storage Devices issued to users (laptops, tablets and phones) come with a small amount of local storage. This should only be used for temporary storage of information when no other storage location is available. Where it is necessary to save to the device, for example in the case of some downloaded data, it must be transferred to corporate storage as soon as possible and the copy on the device deleted. Device storage is unmanaged, is not backed up, and is inaccessible for business continuity purposes, but remains potentially disclosable under Freedom of Information and Data Protection legislation. Individuals may be required to search data stored on their devices, as set out in the search policy. Personal devices should not be used to store departmental information. However, as with devices issued by the department, any work information that is stored in these locations
11
remains potentially disclosable under Freedom of Information and Data Protection legislation, regardless of the ownership of the device.
4. Access principles
4.1 Internal sharing and access controls Sites set up in SharePoint and MS Teams enable staff to share information and conversations within a set group of people. Staff should save all their work, including drafts, to shared areas, where colleagues can access it if there is a need to do so. Access restrictions should be managed using the permissions features built into Office 365. Where there is a need to restrict access to a set of data to a limited group of people, a new site should be set up, giving only those individuals access. This simplifies the management of individual permissions within sites. Passwords must not be used to protect documents, as these are unique to the creator and do not allow for business continuity or for the department to meet statutory requirements such as FOI and the Public Records Act. If you feel you have a business requirement to use password protection, you should contact the Information Management team for advice. Staff can share sites, folders, and individual documents with other members of the department. It is the responsibility of the site owner to monitor what is being shared, and to manage and, where appropriate, remove access permissions. Staff are responsible for regularly reviewing which documents have been shared and removing permissions where there is no longer a requirement for their access to continue. This includes, but is not limited to, when a project closes or when staff move post. 4.2 External sharing Information should only be shared externally where there is a clear business need to do so, and where the contents and security classification of the information make it appropriate to be shared. Consideration should always be given to privacy and security, and sharing must consider the implications of the information being made available outside of the department. Where information needs to be shared outside the department, it should be placed on a dedicated private site, accessible only to named users, and the external parties should be given access to that site as guest users. The owner of the site is responsible for ensuring that all members of the site are aware of who can access the content and making sure that
12
they do not add content that is not appropriate for external sharing. External parties must never be invited to view public sites, as this could enable inappropriate access to all the department’s internally public sites. Granting external access to private sites ensures that the data remains within the managed environment of the department, and that access is only available to those with guest accounts. External parties should not be given access to information stored in One Drives. The option to share files so that they allow access to anyone with a link has been disabled. This option enables access by unknown users, without a guest account, and exposes the department to the risk of information being shared inadvertently, e.g. through forwarded emails. Links can be shared with users with guest access to a site. Email should not be used for sharing significant amounts of data outside of the department, where it is possible to use a site. Outlook calendars may be opened externally to allow people outside the department to see when an individual is free or busy, but not the contents of that appointment. This feature must be used appropriately, and permissions must be removed when the access is no longer needed by the external person. Staff are responsible for regularly reviewing which documents have been shared and removing permissions where there is no longer a requirement for their access to continue. This includes, but is not limited to, when a project closes, when external users no longer require access to information, or when staff move post.
4.3 Joiners/movers leavers When a member of staff joins a team or leaves it either to move within the department or to leave the department, it is the site owner’s responsibility to ensure that all permissions are updated. When a member of staff leaves temporarily and does not require access in the interim, their permissions will be revoked and reinstated on their return. When a member of staff leaves the department, their Office 365 licence will be revoked. If the member of staff has any corporate information saved on their One Drive or in their email account, they must transfer this to corporate storage before they leave.
13
5. Retention and disposal principles
5.1 Departmental retention and disposal schedule The department does not keep most information indefinitely. Records will be kept for as long as there is a business or legislative need to do so. This will vary from 2 years up to 20 years. In a limited number of circumstances, records may need to be held for longer, including the lifetime of an asset. Legal authority is required for the department to hold records for longer than 20 years. In these cases, the department will apply for a retention instrument from the appropriate authority, providing justification of the need to retain the information. The table in the Departmental record retention schedule shows the general retention periods used by the department based on detailed TNA guidance on the subject. Each business area is responsible for agreeing, in consultation with Information Management (IM), the retention period of all its records. In circumstances where either individual business areas are unsure of the retention period of a record, or where there is no clear owner to advise, the default will be taken to be 8 years. 5.2 Records received following ALB closures Where records, either in paper or digital format, are received from Arm’s Length Body (ALB) closures their retention period will be automatically set at 8 years starting from the date they are formally transferred to the department. In exceptional cases where the records need to be kept longer, a maximum 20-year retention period will be used. HR and pension records will have standard MHCLG retention periods applied. All remaining ALB records will remain the responsibility of the MHCLG sponsoring business area, except where a separate agreement is made with the Departmental Records Officer by the ALB’s equivalent officer or the sponsoring business area. If legacy responsibility for an ALB transfers to a new business area, the new business area must inform IM of the change. The business area that has responsibility for the files will also have responsibility to action any requests to access the information.
14
5.3 Records received or transferred following MOG changes Where records, either in paper or digital format, are formally transferred to the department following any machinery of government (MOG) changes, a transfer agreement should be drawn up with the relevant business area, setting out ownership, retention periods and related considerations (e.g. data protection). This should be agreed and signed by the transferring and the receiving parties and the Departmental Records Officer. Where digital records are transferred to another government department, the data will be deleted once the transfer has been confirmed as completed. Backup data may be retained for its full lifecycle.
5.4 Record destruction
The processes for the destruction of paper and digital records are set out in the Deletion policy.
6. Physical information and records – specific policy
6.1 Paper files Information Management (IM) are responsible for maintaining the departmental records catalogue of registered paper files. All paper records are either identified for destruction or for review for potential historical value according to their retention period, as set out in the Departmental record retention schedule. Paper records that become due for destruction (which depends on their retention category) are destroyed either:
• by the department’s offsite file storage provider on receipt of a destruction request from IM, or
• by IM on site Paper records identified as being of potential historical value are reviewed by IM in order to decide if they are of historical value. If they are of historical value, they are transferred to TNA, or another place of deposit; if not, they are destroyed. Records are generally not kept for longer than 20 years. If there is a requirement to do so then an application for a Retention Instrument is made by IM.
15
Personnel records are kept until a member of staff reaches 100 years of age in accordance to TNA guidance on the retention of employee records. IM check biannually which personnel records can be destroyed based on staff age. Different retention periods may apply to temporary staff. 6.2 Non-paper items and digital continuity Physical items other than paper should not be put into off-site storage without first consulting with the Deputy Departmental Records Officer. Information Management have a contract which allows us to store certain materials (e.g. tapes) in appropriate climate-controlled storage and will be able to advise on the best way to store these materials. Physical media for storing electronic data (e.g. CDs, DVDs) changes over time, and can become obsolete and inaccessible. These media will not be accepted as part of a registered file, as Information Management are unable to guarantee continued access to the data. Where it is necessary to include physical media with a deposited document, the business unit will be required to sign to accept responsibility for ensuring that the media can continue to be read as storage formats change and become outdated. Retention periods for non-paper physical items will be agreed with business units in the same way as paper files. 6.3 Personal papers Individuals are responsible for managing their own personal work notes and papers and are allocated a locker for this purpose. Files should not be permanently stored in personal lockers. 6.4 Physical SECRET and TOP SECRET information SECRET and TOP SECRET files must be kept in appropriate secure cabinets and never in personal lockers or ordinary cabinets. The Departmental Security Officer should be aware of all SECRET and TOP SECRET files and the approved storage for them around the building. Checks will be regularly undertaken to ensure that these files are being stored appropriately.
16
7. Digital information and records – specific policy
7.1 Digital records Where held digitally, records are to be deleted by Information Management in accordance with disposal agreements agreed with business areas. Where no agreement exists, digital records will be considered for deletion once they reach 7 years of age. Where retention periods have been applied, a report is run at the start of each calendar year to identify any material that has reached the end of its retention period. This material is subsequently deleted. Digital records not marked for review will not be reviewed before being disposed of. IM will regularly identify any digital ‘review’ records that have reached the end of their retention period. These records will be first reviewed by IM to see if they are of historical value. Any that are will be transferred to TNA or other place of deposit; all that are not will be permanently deleted. All SharePoint and Teams sites have KIM admin as a secondary owner. This allows the KIM team to ensure that the lifecycle of each site is fully managed. An automated process is in place to ensure that, if removed, KIM admin is re-added as an owner. 7.2 Personal digital files Purely personal files should not be stored on MHCLG IT. This includes (but is not limited to) personal photos and other media files, personal documents unrelated to work and documents relating to any external business commitments individuals may have. Any documents stored temporarily on MHCLG IT must be reviewed regularly by the owner and deleted. Work-related personal documents (e.g. PMRs) should be saved to account-specific storage (One Drive). Any purely personal files identified on the network may be deleted on sight. Whilst stored on the network they may be identified as part of routine searches for Freedom of Information requests, inquiries and other search activity. 7.3 One Drives One Drives are account-specific storage provided as part of Office 365. Although each One Drive is linked to a named user, they remain held by the department, and the contents are subject to the same statutory requirements as other parts of the department’s information, including Freedom of Information and data protection legislation.
17
All information stored in One Drives is potentially accessible to the Departmental Records Officer, Data Protection Officer and Departmental Security Officer, where there is a legitimate need to access it. The process for searching these is set out in the department’s search policy. One Drives are to be used for storing work-related personal documents, such as performance management documents. Line managers must comply with the department’s privacy notice for staff. It is the account owner’s responsibility to manage their own personal data, including deleting copies from their One Drive prior to leaving the department. One Drives should not be used for storing data which may need to be accessed by an individual’s team, including draft documents. These should be saved to the appropriate site so that others in the team can access them and continue work if necessary, and the One Drive copy deleted to prevent duplication of records.
7.4 Personal mailboxes Mailboxes on Outlook are not recognised as part of the official departmental record keeping system. It is the responsibility of staff to ensure that any emails relating to business activity are saved in approved corporate storage locations, and then deleted from the mailbox. The retention schedule for emails, including rules on who is responsible for keeping emails and where they should save them, is in Retention of emails and calendar appointments. It is the responsibility of the individual holding the account, or in their absence their line manager, to ensure that all business-related emails within the mailbox are transferred to an appropriate site before the individual leaves the department. 7.5 Enterprise Vault data The department previously used an electronic email archive, Enterprise Vault, to store older emails. Email ‘stubs’ containing links to items in the archive were retained in the original mailbox. As part of the 2019 IT migration project, emails were restored to accounts at the point where the Enterprise Vault ‘stub’ resided. Some ‘stubs’ were no longer in the original email account. Some have been transferred to shared drives or Team sites as part of the department’s corporate memory, however many were deleted by users as part of day-to-day mailbox management, with the assumption that this action would also delete the corresponding email from the Enterprise Vault, which was not the case. All emails without corresponding ‘stubs’ in the original mailbox have been restored to a residual storage facility which can be accessed by the Information Management (IM) team. Due to the unstructured nature of this residual storage there is no easy or cost-effective way to distinguish between those emails that should be retained and those intended for deletion. The IM team will undertake a project to identify and extract the emails to be
18
retained, either because the ‘stub’ has been saved to a shared storage area or because the information is otherwise deemed to be relevant for retention, for example for ongoing public inquiries. Once this process is complete, the remaining information will be deleted in line with the department’s destruction policy. 7.6 Ministerial and Permanent Secretary mailboxes The mailboxes of ministers and permanent secretaries will be disabled for 120 days following their departure. After 120 days, the contents of the mailbox will be deleted. The digital calendar attached to the mailbox will be archived and kept by the Departmental Records Officer according to the Private Office records retention schedule, and will then be deleted.
7.7 PST files Personal Storage table (pst) files (archived emails – a feature in MS Outlook) are not an approved form of records management and must not be used. They are not supported by the department, and any pst files discovered on MHCLG IT may be subject to deletion. 7.8 Instant messaging Instant messages fall into two types, both of which are covered by the Freedom of Information Act and may be considered for disclosure:
• Chat messages are private messages between two or more individuals. The retention period on these records is the minimum set by Microsoft. Currently this is 30 days; this is in the process of being reduced to weekly deletion when the option becomes available, meaning chats will be retained for not longer than 8 days. Any chat messages that need to be retained as part of the official record must be copied into another format and saved (e.g. as a Word file saved to the site).
• Conversations are messages that can be seen within a Teams site by any
members of that site. Conversations are currently kept for the same length of time as the rest of the site. Conversations will be treated as part of the entire team record.
7.9 Social media and external platforms The department does not recognise social media (e.g. Twitter, WhatsApp) or external web-based platforms (e.g. Trello, Google Docs, DropBox) as record-keeping systems. As far as possible, the features of Office 365 should be used to replace these services, particularly for internal business activities. Work conducted on external applications is covered by the Freedom of Information Act and may be considered for disclosure.
19
Where there is a business need to conduct business on an external platform, the staff using it are responsible for ensuring that personal and sensitive data are adequately protected and handled in line with any relevant legislation. Staff must ensure that a copy or screenshot of any information that needs to be kept as a record is saved to MHCLG IT, either ongoing or at the end of a project. Staff are also responsible for ensuring that information is deleted regularly from these platforms where possible. 7.10 Digital SECRET and TOP SECRET information Digital SECRET and TOP SECRET information must not be stored on MHCLG IT. Information at these classifications must only be stored digitally on approved systems. Staff with a requirement to handle electronic information at these security classifications should contact Information Management.
8. Specific collections
8.1 Private office records Private office records are defined as those of the offices of Ministers and the Permanent Secretary, in line with TNA and Cabinet Office guidance. In keeping private office records, MHCLG follows ‘Model 2’ of the TNA guidance. This means it is the responsibility of policy areas to keep full and accurate official records of their interaction with private offices. Records should be created to cover, among other things:
• ministerial diaries, which must be updated to show the actual appointments that took place;
• responses to policy areas and others noting the Minister’s decisions and/or views,
on official business;
• written correspondence, meetings or telephone conversations concerning substantive issues between:
o Ministers and other Ministers; o Ministers and officials, including Special Advisers; o officials and other officials; o other government departments; o dignitaries, foreign or otherwise; o lobby groups; o MPs (other than party political); o private sector organisations
20
Some meetings will be purely informal or social, and no record needs to be created. This includes:
• regular management meetings with the Minister’s private office team;
• briefing sessions, for example, in relation to Parliamentary Questions and debates, Select Committee appearances, official speeches etc.;
• telephone conversations or meetings that do not constitute a formal discussion on
matters of departmental or government policy, but which allow Ministers or officials a confidential space within which to develop ideas or respond to fast moving situations;
• party political meetings and/or telephone conversations; • • meetings and/or telephone conversations to commission work that is actioned
immediately so that, in effect, the result of the action (for example a press statement) becomes the record;
• goodwill visits/hospitality where no policy decisions arise and where the fact of the meeting taking place suffices; and
• presentations/seminars where no policy decisions arise.
In general, records should be created of all meetings/events which take place with Ministers and/or officials present where either:
• decisions are taken on departmental or government policy and there is follow up actioned required, or
• where views are expressed which would be helpful to the work of those not present.
Following the ‘Model 2’ approach, private offices do not need to capture records of their interactions with policy areas, as this is delegated to the relevant policy area. Private Office may choose to retain copies of records for administrative convenience along with other records that they need to keep. For this purpose, the Private Office records retention schedule sets out the agreed retention schedule relating to private office records. In the event of an FOI request requiring a search of private office material, Information Management will be responsible for searching:
• all private office paper records that have been deposited with IM • all archived digital ministerial and permanent secretarial calendars
Private office staff will be responsible for FOI searches for all other information in any format, including (but not limited to) information held on SharePoint and Teams sites.
21
8.2 Special advisor records Where Special Advisors have a wider role in the department and have an impact on official business the records originated by a Special Advisor, regardless of format, will be retained by the department. If Special Advisor records only mirror those existing elsewhere in the department there is no reason for them to be kept as part of the official record. All papers that are concerned with party or parliamentary business should be kept separately and managed by the Special Advisor. 8.3 Records of significant interest All records created or identified (digital and/or physical) that relate to any significant sensitive matter or to ongoing investigations must be notified as soon as possible to the Departmental Records Officer. The Departmental Records Officer will then assess the most appropriate retention that should apply to these records. The decision regarding what is of significant interest rests with the Departmental Records Officer. Subjects are set out at a broad level and include all variations on spelling and specific references within the general area. Subjects currently flagged as significant are:
• Material related to current inquiries • Evidence of criminality • Child abuse, child pornography, Paedophilia (following a recommendation
from the Wanless-Whittam independent review that all records relating to child abuse are marked as significant and the Home Office informed.)
8.4 Deposited documents Deposited documents are legal documents and are not appropriate to be placed onto registered files. Examples of deposited documents are:
• Compulsory Purchase Orders • Deeds • Leases • Transfer Schemes • Statutory Appointments and Instruments (except those subject to Parliamentary
process and temporary) • By-laws • Sealed Planning Orders • Official Seals of any of our Arm’s Length Bodies that have been closed
Owing to the content of deposited documents, the department keeps them in perpetuity.
22
9. System audit The Departmental Records Officer is accountable for the management of information in the department. They may, therefore, require audit reports to be run and retained showing activity on the network. 9.1 Creation of SharePoint/Teams sites A log is kept of all sites created on MHCLG. 9.3 Notifications to KIM admin account The KIM admin account is an owner of all sites set up on MHCLG IT. This allows for business continuity and ongoing lifecycle management of the information the site contains. The KIM admin account receives notification of all departmental leavers. This allows the department to monitor and ensure that information in account-specific storage is being appropriately stored, accessed and deleted. Access to the KIM admin account is monitored by the Departmental Records Officer.
