Best practices for Records Management - ISO 30302
April 1, 2016
3 min read
3The new standards about record keeping are oriented towards organisational context and business processes, as well as all external and internal issues that could lead to risks or opportunities; this means an improvement in the quality of the final product, in individual safety, and in environmental sustainability.
Context of the Organisation
There are many ways to record important information but the wise thing to do is to turn it into digital information as it is more reliable, easier to store, easier to operate, and easier to transfer. Despite the fact that the recorded information should have a few attributes that could identify and keep this particular information in order, it could be recorded in any form - as a voice recording, email, even a chat message or screen recording of a Skype conversation. Most importantly, we have to determine what exactly should be recorded and in what form through a document register in the Record Management System.
Processes Requiring Records of Information
For example, if it is decided that it is very important for the quality of your final product to deliver immediately messages from a meeting with the board of directors to your General Manager, Senior Designer, or the Marketing Department, you could define the process like this.
One of the participants will have to send an email with brief minutes of the meeting to the senior designer’s assistant immediately after. Attributes: participants and what they have decided.
The assistant then has to put this information into the formalised but understandable format. After that, the assistant has to get approval for these minutes from the Senior Designer within 2 hours. Attributes: the possible recipients in the Marketing Department and other departments.
After the assistant gets the approval, they will send an email with the approved minutes. They will save this file as a Word format in Meetings/OfficeDesign/BD&D/Minutes/ with the file name: letters MBDD, data, time of the start of the meeting. Example: MBDD270320161200.docx. This procedure has critical processing time for quality assurance. It means that the business process has to be documented in a particular time frame and a defined procedure.
How Records should be Kept
Digital files:
- Document register in a folder’s and a files structure could be easily printed and revised
- Keep files on a file server in the office
- Access to different files and folders should be determined in the Records Management System and assigned personally by the individual login
- Password changing rules should be applied
- The server room has to have a proper cooling system
- Do regular backups within a predetermined time interval defined in the Records Management System
- Be sure that you have up to date anti-virus system
- Backup has to be stored in a different place, ideally, with different software and anti-virus systems
- Audit should be conducted by printing folders and files structure with date and time with the following deletion procedure for expired documents
Hard copy files:
- Each box has to have on the top of it - the clear document register and its place in the Records Management System
- Folders have to have all assigned attributes and clearly show place of this folder in the storage room
- The storage room has to have proper cooling and control of humidity systems
- Access to different files and folders should be determined in the Records Management System and assigned personally
- by the individual login
- Access register: time, name, position and document folder or box
- Audit should regularly be conducted by authorised persons, with the following destruction of expired documents
ISO 30301 has a comprehensive structure of the “2015 version” ISO standards documentation. These are the same paragraphs that allow you, step by step, to define procedures, risks and important steps in development, implementation and maintaining of the Records Management System.
Sign up for our newsletter
Stay Ahead: Subscribe for the Latest Compliance Insights and Updates.
We care about the protection of your data. Read ourPrivacy Policy.