The Information Management Systems Approval Process is made up of two parts. The first is the Information Security Assessment and the Second is the Digital Information - Lifecycle Management (DILM) - Key Considerations form which is set out below. Both parts of this process need to be reviewed by IDC when a new digital information system is to be used by the University. If you have not yet completed the Information Security Assessment form then it can be accessed at this link.
The following DILM form sets out key areas for business areas in the University to consider in relation to requirements for the lifecycle management of digital information: when procuring, configuring or decommissioning systems that are intended to hold digital information. The DILM form helps support adherence to the requirement for data protection by design and default (where systems will hold personal data) and more broadly to the six principles set out in the University Records Management Policy. Further information on the rationale for the questions included in this form are contained in the document at this link.
There are potentially many other possible considerations when it comes to thinking about systems that hold information and records. For further more detailed guidance on this area please consult the following standards:
- BS ISO 15489-1:2016 - Information and documentation — Records management
- ISO 16175 (Parts 1-3) - Information and documentation — Principles and functional requirements for records in electronic office environments
- BS ISO 23081‑1:2017 - Information and documentation — Records management processes — Metadata for records
- BS 10008-1:2020 - Evidential weight and legal admissibility of electronic information – Specification
ICO Guidance - Deleting personal data - 20140226 Version: 1.1