Introduction to the Section 46 Code and Maturity Assessment Tool

The Code of Practice on the Management of Records, issued under Section 46 of the Freedom of Information Act 2000, provides guidance to public authorities on the creation, management, retention, and disposal of records.

Revised and updated by The National Archives (TNA), the Code reflects contemporary information management practices and the realities of a modern digital working environment. It is a technical document designed to support information management professionals in discharging their duties under the Freedom of Information legislation.

Authorities are expected to regularly assess their policies and procedures against the Code’s requirements and update them as needed. Risks associated with non-compliance should be incorporated into the authority’s broader risk management framework.

To support this, TNA offers the Section 46 Maturity Assessment Tool as part of its Information Management Assessment toolkit. Designed specifically for public sector bodies, the Maturity Assessment Tool helps assess the strengths and weaknesses of their information and records management practices, set improvement goals, and track progress over time.

1. How to use the S46 Maturity Assessment Tool

  1. In the Organisation tab of the workbook, please tell us who you are and when you are carrying out the self-assessment.
  2. In the General tab, there are 13 Headline questions A to M, each with five maturity statements on the scale:
  • Beginner
  • Emerging
  • Learning
  • Developing
  • Mastering

Each Headline question has a number of Sub questions (there are 51 in all), each with a maturity measure:

  • Poor
  • Weak
  • Acceptable
  • Good
  • Excellent

Read the Headline question and maturity statements then, for each Sub question, rate yourself on the Poor to Excellent scale by selecting from the dropdown in column K. The worksheet will calculate an overall score for each Headline.

There are also options for:

  • Unknown
  • Not Applicable

Unknown should be chosen when the maturity measure cannot be established. An unknown answer will be scored at the same maturity level as ‘poor’ as it is expected that public record bodies understand enough about their information management practices to give a defined answer.

Not applicable will remove that question from the scoring calculation. It should be used only when a question is genuinely irrelevant to the organisation completing the S46 Maturity Assessment Tool.

  1. For each Sub question, also select an Improvement timescale from the column M drop down to choose when you think you need to act on this measure
  • No Action
  • Next Year
  • Next Two Years
  • Long Term

Where you select ‘Next Year’, you should also make a brief note in column N as to your planned action in the next 12 months and assign the task to a person responsible for the action.

These entries will be dynamically added to the Action Plan table for managing and reviewing the progress with your improvement plan.

  1. There are ten record Collection type tabs, prefixed ‘Coll 1’ to ‘Coll 10’. One for each of the collection types in the original IMA:
  • Email
  • User Holdings.
  • Shared structures (not-EDRM like).
  • Cloud document systems and EDRMs.
  • Corporate management systems.
  • Collaborative tools / workspaces (corporate);
  • Non-reliable data storage.
  • Shadow IT and NCCCs.
  • Structured data.
  • Paper collection.

Please select a minimum of three collection types that are important to you, up to a maximum of all ten.

  1. Each collection type tab has 7 Headline questions in columns N to T, and 16 Sub questions, with the same maturity scales as the General question set.
  2. For each collection type that you choose to self-assess against, rate yourself against each Sub question in column K, select an Improvement Target in column M, and write a brief planned action in column N where you select ‘Next Year’.

To embed a continuous improvement cycle, an action plan will be generated in the ‘Action Table’ tab which we recommend be reviewed monthly or quarterly, before your next annual self-assessment against the Tool.

For examples of collection types, please consult the ‘Definitions’ section below.

2. S46 Maturity Assessment Tool Scoring

In the S46 simplified Tool, scoring will be based on percentage bands for each level of maturity:

  • Level 1 – Beginner (poor): 0-29%
  • Level 2 – Emerging (weak): 30-49%
  • Level 3 – Learning (acceptable): 50-69%
  • Level 4 – Developing (good): 70-89%
  • Level 5 – Mastering (excellent): 90-100%

A view of the scores for each collection type and section can be found in the summary tab.

3. Definitions

The simplified S46 maturity Tool uses the following language and terms:

‘You’ and ‘We’: refers to your organisation, which could be a Department, Agency, Arm’s-Length Body or other UK Government body. (There is an appreciation that ‘one size does not necessarily fit all’; some organisations may have a well-established KIM function of 40 people; others may have one designated KIM manager with other responsibilities. Therefore, when using this Tool, your capacity, capability, expectations and ambitions may differ.)

Governance Processes: Governance is the structures in place within public sector bodies that govern corporate activities. Governance processes may mean an Information Board or Committee that approves KIM policy and offers oversight. And / or a clear escalation route and policy framework.

Designated Manager: The role of the designated manager will depend on the size and functions of the authority. In Government Departments the designated manager is the Departmental Record Officer (DRO) and in Northern Ireland the Information Manager (IM). Detailed information on these roles is provided at Annex C of the Code.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’).

Information Assets: An information asset is a body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited efficiently. Information assets have recognisable and manageable value, risk, content and lifecycles.

Information Asset Register (IAR): a list of assets, as set out in TNA guidance

Where a section of the maturity Tool requires an IAR and you do not have one, do you have recorded information asset ownership, and a mechanism for assessing risk and measuring asset value?

Disposal: does not just mean destruction: it embraces any action taken (or yet to be taken) to determine the fate of records including transfer to an archive for permanent preservation. In some instances, the word ‘disposition’ is used to avoid the negative overtones of the word ‘disposal’.

Retention:  The Section 46 Code of Practice defines retention as ‘An arrangement under the Public Records Act 1958, whereby authorities are permitted by the Secretary of State for Digital, Culture, Media and Sport to delay the transfer of specified public records for an agreed period and to retain them until the end of that period.’

Retention can also be defined as the length of time for which records are to be kept. Thus, it normally represents and will be expressed as a disposal period.

System and collection specific questions:

The S46 Maturity Assessment contains questions on 10 different collection types.

For these questions, the below grouping of information collection types are used. The examples under the collection types are only indicative and are not exhaustive.

  1. Email (current, held in in-use Email systems)
  2. User holdings
    Local ‘C:’/hard drives/laptops
    • ‘One Drive’ on Microsoft systems
    • ‘My Drive’ on Google system
  3. Shared structures (not-EDRM like)
    E.g. File shares
  4. Cloud document systems and EDRMs
    Formal EDRMs, SharePoint, Google Shared Drive etc.
  5. Corporate management systems
    HR, Finance, Procurement, Business Intelligence, CRM, Case Management systems etc.
  6. Collaborative tools / workspaces (corporate)
    M365 Teams, Loop, Google Spaces etc.
  7. Non-reliable data storage
    Hard Drives, CDs, DVDs, USB sticks
  8. Shadow IT and non-corporate communication channels
    Slack, Trello, WhatsApp etc.
  9. Structured data
    Datasets and databases etc.
  10. Paper Records

4.  Additional Resources

Please see TNA’s Glossary of record selection and transfer terms

TNA’s Practice Study gives background to the S46 Information Management Assessment. It also contains a useful glossary of the definitions used throughout this document and in the simplified maturity Tool itself.

5.  Data Use

Data collected during the S46 Maturity Assessment will be used by TNA to help support public sector bodies improve GKIM practices and compliance. Anonymised data may be used to analyse the information management landscape across government and to improve our guidance and engagement offer. Anonymised data may also be used to help identify evidence of best practices at well achieving bodies to be promoted through the programme.

As set out in TNA’s Memorandum of Understanding (MoU) with the Information Commissioner’s Office (ICO), The Keeper may be consulted by the Information Commissioner where the latter is considering issuing a Practice Recommendation to an authority that is subject to the Public Records Act 1958. Data collected as part of the self-assessment may inform the view of the Keeper in these circumstances and he may share data collected through the self-assessment as part of his feedback.

Also in Information Management Assessment programme