The operating standards outlined in this document specify
responsibilities for compliance with the Records Management Policy. (company) personnel engage in one or more of
the following roles in the conduct of daily business operations; it is each
individual’s responsibility to know and understand the operating standards
required for that role.
1.
Company As Information Owner
The Company is
responsible for providing adequate means to produce, store, access, retain, and
destroy company records in order to appropriately mitigate risk and ensure
business operations. This includes
programs, tools, technology, facilities, and equipment.
2. Record Author,
Record User, Record Custodian
ü
Make and keep full and accurate records, in accordance with
the High Quality Information Standards outlined in the Policy, for all business
functions for which they are responsible.
Accessibility
Responsibilities
ü
Ensure the record is accessible in accordance with its
security classification
ü
Maintain the media, location, and organization of the record
to ensure ongoing access
ü
Create copies of the record, when appropriate, to increase
accessibility and/or maintain accessibility for others
ü
Protect the record in accordance with the (company) Security
Policy and Standards:
ü
Records are protected in accordance with their security
classification
ü
Electronic records are not placed on hard drives, but are
backed up on the Company network
ü
Physical records are not placed in personal locations, but
are maintained on Company premises
ü
Do not destroy original records
ü
Destroy record copies
after their useful life by utilizing the company provided recycling receptacles
3. Record Owner
A Record Owner’s
overall responsibility is to ensure records have acceptable quality,
appropriate accessibility, adequate protection and proper retention. They are
responsible to:
ü
ensure that all records are inventoried in the Record
Catalog, and that information about the records, such as security
classification, assigned retention period, media, location, etc. are correct
and complete
ü
Ensure full and accurate records are created and kept
ü
Monitor and audit record creation and maintenance as
appropriate
ü
Select organization, location and media that support
high-quality records
Access Responsibilities
ü
Grant and maintain access to information as appropriate
ü
Select and store in the appropriate media and location in
order to maximize operations efficiencies and mitigate risk
ü
Organize records in a fashion that maximizes access for
operational efficiencies
ü
Ensure that records are protected in an appropriate manner,
in accordance with the (company) Security Policy and Standards
ü
Classify and control records in accordance with the (company)
Security Policy and Standards
ü
Assure that records are being held in accordance with the (company)
Retention Schedule. The Record Owner will maintain records at least as long as
the minimum retention period identified on the (company) Retention Schedule.
ü
Not destroy records before the end of their retention
period, or if the records are the subject, or it is anticipated that they may
be the subject, of a legal or formal request for access, even if the retention
period has expired.
ü
Follow the (company) Destruction Procedures for destruction
of records that have reached the end of their retention period
4. Offsite Storage
Contact
The Offsite Storage
Contact is responsible for fulfilling the administrative duties associated with
records sent to and returned from offsite storage for their area. Responsibilities include:
ü
Use of the offsite storage administration system to order
and send records
ü
Accurate and complete execution of the Offsite Storage
Administration Procedures
ü
Appropriate protection of records while in the possession of
the Offsite Storage Contact
5.
Security
Management Team
The Security Management team is
responsible for establishing and maintaining appropriate standards, rules, and
controls for access to and protection of Company information resources, in
accordance with the (company) Information and Security Policy and Standards.
6.
Records
Management Team
The Records
Management Team is responsible for establishing and maintaining a standardized
records management program by developing and administering appropriate
policies, procedures, guidelines, and industry standards as part of its
program, as well as monitoring and reporting on records management compliance
practices. The team will assist the
Company in the appropriate creation, management, and retention of their
records. This will happen through the
provision of advice, training, collaboration, recommendation, and measurement
of accountability in records management matters. The Records Management Team is also
responsible for the offsite storage administration function, including
authorized, secure, and timely sending, retrieving, and destroying of these
records.
7.
Records
Management Steering Committee
The steering committee is responsible for providing guidance and governing the direction
of the (company) records management program through decision-making, support,
leadership, and communication. Specific
committee roles include:
Records Management is responsible to:
ü
Direct the program by bringing forth agendas and items for discussion and
approval
ü
Develop team
professionals with the skills and expertise required of a leading records
management provider
ü
Provide an
effective program, encompassing the procedures, standards, tools, and support
structures that support the realization of its vision
ü
Create
awareness, understanding, and ownership so that all employees can fulfill their
roles
ü
Build
accountability and ensure compliance through the use of governance models and
tools that measure results
Other committee members are
responsible to:
ü
Ensure the program goals meet business requirements and appropriately
mitigate any business risk associated with their area of specialty
ü
Provide guidance and leadership on records management issues and
initiatives
8.
(company)
Management
Management holds
ultimate accountability for attestation of compliance with the Records
Management Policy and Operating Standards. Management is responsible for
assigning appropriate Record Owners.
Management also approves destruction of records as outlined in the
Records Destruction Procedures.
9.
Internal Audit
Internal Audit is
responsible for periodic audits to provide feedback to the company and to the
Internal Audit Committee on records management compliance.
10. Continued
Business Operations
The CBO Team is
responsible for ensuring the company’s business operations will continue in the
event of an interruption.
Responsibilities include working with the Company to ensure:
ü
Records will be accessible in the event of record corruption
or loss resulting from natural or human disasters.
ü
Records will be backed up to ensure accessibility against loss or
corruption of operating systems, applications and data files.
ü
Back-up and recovery procedures will be implemented and maintained for
use in emergency or disaster situations so that access interruption is managed
appropriately.
ü
CBO plans will determine record importance levels (such as
vital, important, or irrelevant) and accessibility requirements, as required
for a CBO event.