Essential guidance: an information and records management toolkit
It can be a daunting prospect to tidy up an email inbox or a personal or shared drive. However, it is an important task in supporting the University’s Information Management obligations - and our individual effectiveness. This article provides essential guidance on the management of our key University information assets and steps for conducting an information review.
Why do an information review?
Clearly it's good housekeeping to organise and store our key information assets in a consistent and logical manner.
We also have legal obligations: holding onto Redundant, Obsolete and Trivial (ROT) information containing personal data could potentially breach several aspects of GDPR including the principles of lawfulness, accuracy, data minimisation and storage limitation - any of which can lead to action by the ICO or potential claims by data subjects.
Equally, not being able to produce a record or piece of information as evidence of an event or transaction can cause significant difficulties, possibly leading to reputational or financial damage to the University.
We need to:
- Protect our key information assets
- Know where our information assets are stored
- Be able to retrieve any of our information assets in a reasonable timescale
- Ensure that ROT information is disposed of when no longer needed
- Identify and preserve vital legal and historical records at the Modern Records Centre
- Manage and maintain research outputs in WRAP or subject specific repository
The Records Management Top Tips page provides general advice on how to manage records throughout their lifecycle. This guidance aims to provide a deeper dive into this area and focuses on managing our everyday email inboxes, File Shares and SharePoint/Teams sites.
Before you plan your review, keep in mind that there isn't a one-size-fits-all solution to managing information over time and you may need to adapt the advice to suit the needs of your department or business area.
Step 1: Setting up a review
- Identify which information system(s) you want to review and the options available to you to transfer, delete or reorganise the information held there (and whether your user permissions allow you to complete this action).
- Identify the information stakeholders in your department or business area (and wider University) that will need to be involved in the reorganisation, transfer or deletion of information from shared information stores - who will be affected and who will need to know? (think about resource email accounts, File Shares, SharePoint sites). Set up an initial meeting to discuss how this work will be taken forward.
- Consider who in your department or business area should have longer term responsibility for deciding/allocating access controls for shared areas (when staff join or leave) and for periodically reviewing the organisation of these digital storage areas, including transferring or deleting information in line with the Record Retention Schedule (RRS). Communicate who this person will be and their role to the wider department or business area.
- Agree a suitable review date with colleagues and put a reminder in their calendars to carry out an annual (or more frequent) review of information storage areas (e.g. a clear out day).
Step 2: Identifying information assets
Information can have value for each individual, team, department or business area at the University. Understanding where your information assets are stored and protecting them for as long as they are required, supports both compliance obligations, efficient working and underpins good information and records management.
- Identify from the University Records Retention Schedule (RRS) the records that you work with, either on your own or with the relevant colleagues (helpful if you are reviewing a shared information store).
- Identify whether the information you hold in your individual account (e.g. One Drive or H drive) needs to be retained (again consult the RRS) or whether it should be moved to a shared information system (e.g. a SharePoint/Team site used by your department or business area).
Step 3: Organising your information storage area
Review whether the organisation of your information storage area is easily navigable: can you identify and access the records that you need when you need to find them?
- Clear, concise and meaningful folder names make it easier for you and future members of staff to access, identify and dispose of records in line with the RRS. If you do store your files in a folder structure (e.g. in a resource email account, file share or SharePoint), it should be structured logically, based around the core business functions of the department or area.
- For a folder structure to be successful, it is vital that someone in your department maintains the folders on a regular basis and only certain members of staff have permissions to create new folders. The ideal structure should be no more than four levels deep, with the top-level folders based on subject and the lowest level folder containing the records.
Step 4: Protecting Records and deleting the ROT
The next step is to review any remaining content, not initially identified as a record, before making a decision about deleting the ROT. This section provides some practical guidance on how to approach this, but keep in mind that if you identify any information that you think has enduring value, ensure it is named and stored appropriately so that it can be found again when needed, and either deleted or transferred to the Modern Records Centre for long term preservation in line with the RRS. Advice for University staff on depositing material at the Modern Records Centre.
Tips on identifying the records from the ROT
- Search for your oldest emails and documents and decide whether they still need to be kept.
- Search for key words (themes, topics, names that you or your department work with) that may bring up emails or documents that you need to keep as a record. If they have value to the wider University, ensure these are stored in a shared area that has the appropriate access controls in place.
- Search the information system for words (themes) that may bring up emails or documents that you can easily delete, such as: Newsletter, Out of Office, accepted.
- Empty your deleted items in Outlook. Get into the habit of doing this on a regular basis.
- Arranging emails by sender may allow you to delete several in one go. For example, marketing emails or scanned items sent from the photocopier.
- Consider whether you can delete all but the most recent email in a conversation chain.
- Manage your ‘Sent Items’ folder. You can sort by size, date, or sender, as above to help you select items for deletion.
Once you have completed this review stage you can look at the remaining emails or documents in more detail.
- Use the RRS to help you identify potential records.
- What would the impact be if these emails or documents were unavailable – consider operational, reputational, legal factors?
- Are these records beyond the retention date defined in the RRS?
- In consultation with colleagues in your department decide if it would be appropriate to bulk delete materials or if they should be preserved then arrange for their transfer to the Modern Records Centre.
- If you do choose to bulk delete bear in mind any potential risks from inadvertently deleting records when using this approach. You may need to look more closely at some material and review at an item-by-item level.
Step 5 - Managing the Build-up of Information
Once you have organised your information in a way that it can be managed effectively it’s important to continue to keep it under control. There are various other approaches to managing the build-up of information:
- Use the 4D approach to email management: Do it, Delegate it, Defer it, Delete it.
- Set a periodic review (e.g. weekly, monthly, quarterly, annual review) or putting a note in your diary to review content regularly, (little but often) either as an individual or scheduled departmental exercise.
- Reviewing the records you hold will help support the University’s efficiency and reputation by managing and protecting its information assets and adhering to its information compliance obligations.
Where can I find guidance that will help me manage information?
The University’s Information and Records Management page contains guidance that can assist you in identifying information that has value as an asset for a defined period of time, or perhaps permanently, for historical research purposes. It will also help you identify the ROT. There is also guidance available to help you identify material which is not necessarily required for compliance purposes but helps 'tell the story' of the University and forms part of the institutional memory.
Where can I find more information about managing Research data?
The University maintains a dedicated suite of guidance on the storage, curation, preservation and provision of research data which can be accessed on the Managing your research data intranet page.
Security & Information Management is Everyone's Responsibility
How to get help
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.