Skip to main content Skip to navigation

Digital Information Lifecycle Management (DILM) - Key Considerations

The Information Management Systems Approval Process is made up of two parts. The first is the Information Security Assessment and the Second is the Digital Information - Lifecycle Management (DILM) - Key Considerations form which is set out below. Both parts of this process need to be reviewed by IDC when a new digital information system is to be used by the University. If you have not yet completed the Information Security Assessment form then it can be accessed at this link.

The following DILM form sets out key areas for business areas in the University to consider in relation to requirements for the lifecycle management of digital information: when procuring, configuring or decommissioning systems that are intended to hold digital information. The DILM form helps support adherence to the requirement for data protection by design and default (where systems will hold personal data) and more broadly to the six principles set out in the University Records Management Policy. Further information on the rationale for the questions included in this form are contained in the document at this link.

The completed form captures a 'level of achievement' score relating to lifecycle functionality and explanatory comments made by stakeholders/suppliers leading on a system at the University. All completed forms will be reviewed by the Information and Records Management Advisor and advice provided to the relevant business area on an individual case by case basis thereafter.
Select the type of System: (required)
1. Can information be easily identified and searched for in the system? (required)
2. Can information imported into the system continue to be accessible in its original format (e.g. Word, Excel, PDF, JPEG, MP4, MP3, CSV)? (required)
3. Are there controls to protect information from unauthorised access, alteration, deletion and use? (required)
4. Is it possible to access earlier versions of information held in the system? (required)
5. Can audit reports be produced that record actions taken on information held in the system (e.g. audit report captures: imports, exports, downloads, versioning, internal and external access, sharing and deletions etc.)? (required)
6. Is information capable of being exported (a) individually (b) in bulk in a format that would allow its continued usability (e.g. identification and access) outside of the system? (required)
7. Can the system be automated to carry out the deletion of information in line with agreed time periods (e.g. those set out in the University Records Retention Schedule (RRS)? (required)
8. Is there functionality for information that relates to identified or identifiable living individuals (personal data) to be anonymised or destroyed after a designated period of time in line with the relevant entry in the University’s RRS? (required)
9. Will destruction of information selected by authorised users result in its obliteration or inaccessibility so that it cannot be restored (e.g. through operating system features)? (required)
10. Can the system provide confirmation of information that has been destroyed and when (e.g. a system generated report that includes metadata necessary to identify the information and its time and date of destruction)? (required)
Privacy notice

The University of Warwick will process your personal data provided in this form for the purpose of understanding the requirements for the lifecycle management of digital information: when procuring, configuring or decommissioning systems that are intended to hold digital information. The legal basis for processing this personal data is that it is necessary for the performance of a task carried out in the public interest. Your personal data will not be shared or disclosed to any third parties external to the University of Warwick. Your personal data will not be transferred outside of the EEA, will be kept securely by the University of Warwick and will be retained for the lifetime of the System plus Seven years. The University of Warwick is the Data Controller of this information and is committed to protecting the rights of individuals in line with Data Protection Legislation. Please visit the University’s Data Protection webpages for further information in relation to your rights and how the University processes your personal data. The University’s Data Protection Officer, can be contacted at dpo@warwick.ac.uk, any requests or complaints should be made in writing to the University’s Data Protection Officer.

The University of Warwick is the Data Controller of any information you have entered on this form and is committed to protecting the rights of individuals in line with Data Protection Legislation. The University’s Data Protection webpages provide further information on your rights and how the University processes personal data. Please submit any data subject rights requests to infocompliance@warwick.ac.uk or address any complaints or suspected breaches to the University’s Data Protection Officer at DPO@warwick.ac.uk.

Spam prevention
Further Information

There are potentially many other possible considerations when it comes to thinking about systems that hold information and records. For further more detailed guidance on this area please consult the following standards:

  • BS ISO 15489-1:2016 - Information and documentation — Records management
  • ISO 16175 (Parts 1-3) - Information and documentation — Principles and functional requirements for records in electronic office environments
  • BS ISO 23081‑1:2017 - Information and documentation — Records management processes — Metadata for records
  • BS 10008-1:2020 - Evidential weight and legal admissibility of electronic information – Specification
  • ICO Guidance - Deleting personal data - 20140226 Version: 1.1