Neil joined the Arena Group in 2006 and has almost 20 years of experience in the electronic document management industry, working with both private and public sector customers. Neil sits on Arena’s board of directors and manages the delivery operations of Arena’s EDM business. His team spend their time developing software, implementing solutions for customers and providing after-sales software support services, both in the UK and internationally.
The 7th principle of the Data Protection Act (1998) is quite clear on the obligations with regard to data security and risk: "Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
The IRMS Toolkit makes the very valid point that: "In the event of a major incident, your school should be able to stay open and will at least have access to its key administrative and teaching records."
Clearly, compliance with this legislation requires on-going management of the risks to your information stores and how these risks will be mitigated.
E-mail has become the communication tool of choice for most office workers. It’s quick and cheap, with the convenient benefit that the recipient of your message doesn’t have to be available when you are.
But even though e-mail, like a letter or a memo, is just another way to pass on a message, somehow we treat it differently. For starters, e-mails tend to be written using less formal language, and most people spend less time on the layout of an e-mail than they would if sending the same message in a letter.
Information stored by schools has a fairly fixed working life - but relevant data may be required to be held for a considerable period after a particular student has left the school. This can be for all sorts of purposes, including confirmation of attainment and a whole host of legal matters. Obviously, this means that there is a considerable storage burden which is borne by the final school which a given student has attended – a burden which may persist for many years, in some cases until the former student has reached 30 years of age.
Two key pieces of legislation come into play with regard to the long term retention of student files (and any other information generated by the school).
The protection of information relating to children is clearly a key responsibility, yet it is an obligation that is shrouded in layers of legislation.
It is tempting to think that locking away your information and restricting access is the best way forward but this can slow down and frustrate day-to-day work. Some information, such as medical records, must be both quickly available and restricted only to those who need to see it. It is therefore paramount that information access and security are considered together and in balance.
Information is generally accepted to be a key asset in any organisation and should be managed with the same care as more tangible assets such as money, buildings and classroom equipment.
Effective information management is all about keeping information secure and getting it to the right people at the right time. The IRMS toolkit rightly states that an information audit is a key step to achieving these aims.
Simply put, the information audit is a survey of the records being used and held by the organisation. It’s a structured process of finding out what you have, where it is kept and how it is used. The IRMS toolkit suggests a step-by-step process which encompasses the same principles that Arena has used extensively in both the education and wider public/commercial sectors.
The Information and Records Management Society (IRMS) curates a regularly updated “Records Management Toolkit” written specifically to assist UK public sector schools in their compliance with the Freedom of Information Act 2000. In a series of articles, Arena Group’s Neil Maude looks at the practical application of the principles described in this toolkit, using his 20+ years of experience in the provision of document management solutions within and outside of the education sector.
Before we get into the detail of records management and the practical elements of implementing a policy, there is a fairly obvious first question to ask. Most schools have been around for a while – some for a very long while – and already have processes in place to manage documents in line with legislation and sector best practice. So is there really a need to change?