Information is managed

Each resource below is listed by type, and details the resource name, owner (in brackets), brief description and link.

This resource base is intended to be a ‘living document’. If you wish to contribute a resource or comment on the accuracy of any of these resources please email: information.management@nationalarchives.gsi.gov.uk

Legislation

The Public Records Act 1958/1967 (Ministry of Justice/The National Archives) – The legislation governing the selection and transfer of public records.

The Freedom of Information Act 2000 (Ministry of Justice/Information Commissioner’s Office) – UK government legislation defining what information public sector organisations are obliged to provide on request. To meet the obligations of the Act, public bodies must have effective information and records management processes in place; there is a code of practice on records management under section 46 of the Act.

The Data Protection Act 1998 (Ministry of Justice/Information Commissioner’s Office) – Provision for the regulation of the processing of information relating to individuals, including obtaining, holding, use or disclosure of such information.

Environmental Information Regulations 2004 (Defra) – The Environmental Information Regulations (EIRs) give the general public certain rights of access to environmental information. The definition of environmental information in the EIRs is very wide and includes information that might not be considered environmental at first glance. EIRs only cover environmental information – Freedom of Information covers all information held by public authorities.

Guidance (records and information management)

The Cabinet Manual (Cabinet Office) – The Cabinet Manual sets out the main laws, rules and conventions affecting the conduct and operation of government, section. Chapter 11 covers records management (referencing the section 46 code of practice) and access to information.

The Civil Service Code (Civil Service) – The Civil Service Code, first published in 1996, sets out the core Civil Service values and the standards of behaviour expected of all civil servants in upholding these values. It establishes the importance of providing advice based on evidence and of keeping accurate official records.

Managing Information Risk (The National Archives) – A guide for accounting officers, board members and Senior Information Risk Owners (SIROs) on managing information risk; part of the guidance from the Cabinet Office Review of Data Handling Procedures in Government. Download the document below

Information Lifecycles (JISC) – JISC has a number of useful resources and toolkits covering information lifecycles, information management and records management.

Section 46 Code of Practice on the Management of Records (Ministry of Justice) – The Lord Chancellor’s Code of Practice issued under section 46 of the FOI Act 2000 defines the outcomes that FOI bodies should be meeting in the management of their records and information.

Information and records management resources (The National Archives) – The National Archives hosts many resources related to general issues in information and records management, from appraisal of Public Records through to disposal.

Guidance on the Management of Private Office Papers (The National Archives/Cabinet Office, PDF, 0.90Mb) – Records management policies and practices, including procedures specific to Private Offices. This includes accreditation regimes giving assurance in relation to the integrity and availability of information. Download this guidance below:

Guidance on Information and Records Management for Public Inquiries (The National Archives) – Specific guidance for Inquests and Inquiries on the management of their records and information.

Guidance on Information and Records Management During the Reform of Public Bodies (The National Archives) – Gudiance on making arrangements for the transfer of information, records and knowledge as part of any Machinery of Government change.

Guidance (information assurance)

The Data Handling Review (Cabinet Office) – The review into data handling procedures and its recommendations; contains mandatory standards and timelines for central government to manage the risks of creating, using and storing data and information.

HMG Security Policy Framework (Cabinet Office) – The Security Policy Framework (SPF) provides central internal protective security policy and risk management for government.

The Information Assurance Maturity Model (CESG) – To assist SIROs in putting in place an effective change programme to improve information and records management an Information Assurance (IA) Maturity Model has been created underpinned by an IA Assessment Framework (IAAF). The IAAF can be used by departments that wish to conduct IA self-assessments, either by themselves, or with some limited support from CESG staff.

CESG Claims Tested Mark (CESG) – The Commercial Product Assurance (CPA) certifies commercial security products for use by government, the wider public sector and industry and consolidates previous CESG schemes to provide simplified, certificate-based assurance of security products for use in lower threat environments.

Privacy Impact Assessments (ICO) – The handbook is designed to be a practical and comprehensive guide, aimed at organisations who are developing projects that might have implications for people’s privacy. It will help organisations assess and identify any privacy concerns (a Privacy Impact Assessment) and address them at an early stage, rather than leaving the solutions as an expensive afterthought.

Best practice

The Management of Police Information (National Policing Improvement Agency) – MoPI is about making information relevant and accessible; ensuring that all police operational information is managed effectively. MoPI covers the whole of the information life cycle, through collection and recording, evaluation, sharing and review, retention and disposal.

JSP 747 – Defence Information Management Policy (Ministry of Defence) – This information management policy is issued by the Chief Information Officer (CIO) and applicable across Defence. It tries to demystify information management and help improve our collective ability to manage and exploit information more effectively.

Two examples of information governance documentation and best practices from health (Department of Health) – www.isb.nhs.uk/use/baselines/ig and www.nigb.nhs.uk/

MoReq 2010 (DLM Forum) – MoReq2010® aims to provide a comprehensive, but simple and easily understood set of requirements for a records system that is intended to be adaptable and applicable to divergent information and business activities, industry sectors and types of organisation. It avoids a ‘one size fits all’ approach to implementing a records management solution.

Standards

Information and documentation – Records management – Part 1: General (BS ISO 15489-1:2001) – This standard applies to the management of records, in all formats or media, created or received by any public or private organisation in the conduct of its activities, or any individual with a duty to create and maintain records. It provides guidance on determining the responsibilities of organisations for records and records policies, procedures, systems and processes; records management in support of a quality process framework to comply with ISO 9001 and ISO 14001; and the design and implementation of a records system.

Information technology. Security techniques. Information security management systems. Requirements (BS ISO/IEC 27001: 2005 ) – The standard covers all types of organisation, including government agencies. It specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system (ISMS) within the context of the organisation’s overall business risks. It specifies requirements for the implementation of security controls customised to the needs of individual organisations.

Information technology. Security techniques. Information security management systems. Code of Practice (BS ISO/IEC 27002: 2005) – Code of practice to help ensure compliance with BS ISO/IEC 27001:2005 (above).

Information security management systems. Guidelines for information security risk management (BS 7799-3:2006) – This standard gives guidance to support the requirements given in BS ISO/IEC 27001:2005 regarding all aspects of an information security management system risk management cycle. This includes assessing and evaluating the risks, implementing controls to treat the risks, monitoring and reviewing the risks, and maintaining and improving the system of risk controls. The focus of this standard is effective information security through an ongoing programme of risk management activities. This focus is targeted at information security in the context of an organisation’s business risks.

Evidential weight and legal admissibility of electronic information – Specification (BS 10008) BS 10008 ensures that any electronic information required as evidence of a business transaction is afforded the maximum evidential weight. The process is based on the specification of requirements for planning, implementing, operating, monitoring and improving the organisation’s information management systems.

Code of Practice for legal admissibility and evidential weight of information stored electronically (BIP 0008:2004) – The Section 46 Code of Practice on Records Management states: ‘Authorities should seek to conform to the provisions of BSI’s BIP 0008 Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically (2nd edition) – especially for those records likely to be required as evidence.’ This document provides good practice guidance for the electronic creation, storage and retrieval of information.

Secure destruction of confidential material. Code of practice (BS 8470:2006) – The standard makes recommendations for managing and controlling the collection, transportation and destruction of confidential material to ensure that such material is disposed of securely and safely. The recommendations apply to an organisation’s main business premises and any holding sites.

Knowledge management (PAS 2001:2001) – The guide examines knowledge management (KM) challenges, approaches and benefits, with examples of good practice from industry, commerce and academia. It helps organisations of all sizes assess their KM approach and impact, through the use of good practice examples. The guidance disseminates KM good practice to both UK and global audiences; provides case studies of KM interventions; presents KM concepts in concise and plain English; and details other KM resources.

Information and documentation – Records management processes – Metadata for records – Part 1: Principles (ISO 23081-1:2006) – ISO 23081-1:2006 covers the principles that underpin and govern records management metadata. These principles apply through time to records and their metadata; all processes that affect them; any system in which they reside; and any organisation that is responsible for their management.

Information and documentation – Records management processes – Metadata for records – Part 2: Conceptual and implementation issues (ISO/TS 23081-2:2007) – This establishes a framework for defining metadata elements consistent with the principles and implementation considerations outlined in ISO 23081-1:2006.

Information and documentation – Work process analysis for records (ISO/TR 26122:2008) – The report provides guidance on work process analysis from the perspective of the creation, capture and control of records. It identifies two types of analyses, namely functional analysis (decomposition of functions into processes), and sequential analysis (investigation of the flow of transactions).

Space data and information transfer systems – Open archival information system – Reference model (ISO 14721:2003) – ISO 14721:2003 specifies a reference model for an open archival information system (OAIS). It aims to establish a system for archiving information, both digitised and physical, with an organisational scheme composed of people who accept the responsibility to preserve information and make it available to a designated community.

Recommendations for the storage and exhibition of archival documents (BS 5454:2000) – BS 5454:2000 makes recommendations for the storage and exhibition of archival documents, including library materials.

Knowledge management in the public sector. A guide to good practice (PD 7504:2005) – This guide is for practitioners and senior management, looking at the potential and actual scope of activity and benefits of knowledge management in the public sector. It is intended for politicians and policy-makers, employees and managers, as well as wider stakeholders and the general public.

Linking knowledge management with other organizational functions and disciplines. A guide to good practice (PD 7506:2005) – This guide shows how to link knowledge management (KM) and other functions and processes, within and between organisations. It is intended for employees, managers, directors and anyone else interested in KM. It combines desk and primary research, and offers a comparison of different approaches and case studies.