Ohh! very nice
8:22 a.m.
Your business has defined and allocated records management responsibilities. | |
Your business has approved and published an appropriate records management policy. This is subject to a regular review process. | |
Your business has identified records management risks as part of a wider information risk management process. | |
Your business incorporates records management (RM) within a formal training programme. This comprises mandatory RM induction training with regular refresher material, and specialist training for those with specific RM functions. | |
Your business has established written agreements with third party service providers that include appropriate information security conditions. Your business ensures the protection of personal data that is accessed by suppliers and providers. | |
Your business carries out periodic checks on records security and there is monitoring of compliance with records management procedures. The outcomes of any records security checks or compliance monitoring is measured against key performance indicators to provide strategic oversight to those with overall responsibility for RM. | |
Your business has minimum standards for creation of paper or electronic records and has established processes to ensure that there is a legitimate purpose for using personal data prior to collecting it. | |
Your business has identified manual and electronic record keeping systems throughout the organisation and actively maintains a centralised record of those systems. | |
Your business has processes in place to ensure that personal data that is collected is accurate, adequate, relevant and not excessive. Routine weeding is also carried out to remove any personal data or records that are no longer relevant or out of date. | |
Your business has tracking mechanisms to record the movement of manual records and ensure their security between office and storage areas and also in instances where records are taken offsite. | |
Your business has appropriate measures in place for the transfer of electronic records offsite to protect personal data from loss of theft. | |
Your business stores paper and electronic records securely with appropriate environmental controls and higher levels of security around sensitive personal data. | |
Your business restricts access to records storage areas in order to prevent unauthorised access, damage, theft or loss. Access should be role based in line with the principle of least privilege and checked regularly. | |
Your business has a process to assign user accounts to authorised individuals and to remove them when no longer appropriate. Such access should be granted on the basis of least privilege and have appropriate access controls in place. | |
Your business has business continuity plans in place. These identify records that are critical to the continued functioning or reconstitution of the organisation in the event of a disaster. Data that is stored electronically is routinely backed-up to help restore information in the event of disaster. | |
Your business has a retention and disposal schedule in place which details how long manual and electronic records will be kept for. Your business has defined confidential waste disposal processes in place to ensure that records are destroyed to an appropriate standard once a disposal decision has been made. |
© 2019 The Document Warehouse UK Ltd