Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
42 views4 pages

Document and Record Control Procedures

Uploaded by

Nikade Confidence
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views4 pages

Document and Record Control Procedures

Uploaded by

Nikade Confidence
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

PUBLIC

Document and Record Control


Procedures

V11.0 Derbyshire County Council Document and Record Control Procedures

1
PUBLIC

1 Version History details and author

1.0 30/08/2013 Approved by Information Governance Group Jo White


2.0 27/09/2013 Changes detailing version control and requirements for
EDRM printing. Jo White
3.0 13/10/2014 Reviewed by Information Governance Group Jo White
4.0 16/11/2015 Reviewed by Information Governance Group. Jo White
5.0 05/12/2016 Reviewed by Information Governance Group. No changes.
Jo White
6.0 11/09/2017 Reviewed by Information Governance Group. Amended to
separately define records and documents and combine procedures. Jo White
7.0 08/10/2018 Reviewed by Information Governance Group. No changes.
Jo White
8.0 06/11/2019 Reviewed by Information Governance Group. Clarify
difference between documents and records. Jo White
9.0 08/12/2020 Reviewed by Information Governance Group. No changes.
Jo White
10.0 07/12/2021 Reviewed by Information Governance Group. No changes.
Jo White
11.0 10/01/2023 Reviewed by Information Governance Group. Definitions
aligned with Corporate Records Management Policy. Jo White

This document has been prepared using the following ISO27001:2013 standard
controls as reference:
ISO control A.8.2 - Information classification
ISO control A.7.2.2 - Information security awareness, education and training
ISO control A.18.1.1 - Identification of applicable legislation and contractual
requirements
ISO control A.18.1.3 - Protection of records
ISO control A.18.1.4 - Privacy and protection of personally identifiable information

V11.0 Derbyshire County Council Document and Record Control Procedures

2
PUBLIC

2 Introduction
Derbyshire County Council recognises that documents and records must be securely
maintained, and kept accurate and available. Maintaining a consistent approach to
the management of documents and records will help to ensure the availability and
accuracy of the Council’s information and data.

3 Purpose
The purpose of this procedure is to describe the Council’s methodology for document
and records control across all Council departments. Documents and records are
likely to be revised, redrafted and amended over time and a consistent approach for
recording this activity is required.

4 Definitions
The Corporate Records Management Policy defines a document as a a self-
contained unit of information that can be understood on its own or using other
information sources.

The ISO 15489-1 standard defines records as information “created, received, and
maintained as evidence and as an asset by an organisation or person”.

Not all information needs to be maintained as evidence. It follows that not all
documents are records. Examples of records include:
• Completed forms
• Reports
• End of year accounts
• Letters and emails that have been sent
• Finalised and approved policies and procedures

Records do not include documents such as:


• Blank forms
• Information being prepared for use in a report
• Draft accounts
• Draft letters and emails
• Draft policies and procedures

5 Procedure
It is important that documents and records control is applied systematically and
consistently across the Council. It is accepted that many departments already have
established methods of control, however, there must be a common approach applied
throughout:

1. The creation of all new documents (and records where appropriate) must include
a version history which contains the following and is clearly identified using the
title ‘Version History’ and placed at the beginning of each document/record:

• Version – An incremental numbering scheme should be used – with the


number being incremented when a change has been made.e.g 1.0, 2.0 -
series increments such as 1.1, 1.2 etc are typically used for minor changes.
Major changes typically involve a full number increment e.g from 1.0 to 2.0
etc.
Departments using existing version numbering systems should continue to
incorporate this into the version control methodology outlined in this procedure.
V11.0 Derbyshire County Council Document and Record Control Procedures

3
PUBLIC

• Date – the date by which any newly created documents, changes, reviews or
approvals have been made.
• Detail – a short explanation as to the reason for the version change/activity.
• Author – the name of the person with author ownership of the version
change.

2. All changes to documents must go through an appropriate approval process


(wherever one has been agreed).
3. All documents must be labelled and classified appropriately – in accordance with
the Council’s Information Classification & Handling Policy
4. Where hardcopy documents exist, electronic copies should be made wherever
possible, which maintain the same version/s as the original copies in order for
them to be stored and backed-up in accordance with the Council’s Information
Backup and Restore Policy.
5. Departmental Management Teams must notify relevant managers, staff and
suppliers when new versions of key documents such as policies and procedures
have been published and ask that all previous versions are removed/ destroyed
as necessary.
6. Records must be maintained and stored in line with relevant retention policies,
legal regulations and/or statutory requirements.
7. Where there is no longer a requirement to retain records and documents,
appropriate document disposal and removal procedures must be carried out in
accordance with the Council’s:
• Data Protection and Storage Media Handling Procedures
• Record Disposal Procedures
8. All records of significant security incidents must be kept as part of the Council’s
ISMS
9. All Information Security Management System (ISMS) documents will be reviewed
annually and approved by the Council’s Information Governance Group (IGG).
The Information Security Manager will initiate documents to be reviewed
throughout the annual cycle. Each member of the IGG will review the documents.
The Information Security Manager will collate the responses and present the final
version to the IGG for approval.
10. All documents must be approved prior to issue for adequacy and that relevant
versions of documents are available at points of use.

N.B - Departments may develop a ‘localised’ Document and Record Control


procedure which outlines and describes the methods by which version control has
been applied in their department – particularly where a rationale exists which is
specific to the department or is determined by unique working practices, however,
any ‘local’ procedures must be in accordance with these procedures.

The Council’s Electronic Document Records Management (EDRM) system is not


capable of applying or printing version control and/or document classification
markings and so, version controls and classifications must continue to be manually
applied to all documents and records wherever they are stored or maintained in
accordance with this procedure and the Council’s Information Classification &
Handling Policy.

This document is owned by the Information Governance Group and forms


part of the Council's ISMS Policy and as such, must be fully complied with.

V11.0 Derbyshire County Council Document and Record Control Procedures

You might also like