Objective: Protect government records through controlled creation, preservation, disposal, transfer, and issuance, ensuring access according to best practices.
Policy Details:
- Legal Compliance: Adherence to Document Preservation Law No. (37) of 2016 and other applicable laws.
- Disposal Authorization: Written permission required from senior management for any record disposal.
- Records Management Program: Implementation of a program with clear steps for preservation, transfer, and destruction.
- Information Asset Register: Maintenance of a register detailing all information assets, including student and staff records.
Scenario and Examples:
- Creating and Maintaining Records:
- Acceptable: Digital records in secure LMS with daily backups.
- Unacceptable: Unsecured servers, no encryption.
- Disposal of Records:
- Acceptable: Disposal after retention period with written permission.
- Unacceptable: Unauthorized deletion.
- Transfer of Records:
- Acceptable: Secure, encrypted channels or insured parcels with recorded transfers.
- Unacceptable: Unencrypted email or unsecured methods.
- Release of Records:
- Acceptable: Formal requests, recorded access details.
- Unacceptable: Unrecorded releases, unchecked requests.
- Records Management Program:
- Acceptable: Integrated program with access controls and backups.
- Unacceptable: Lack of program, unsecured paper files.
Results:
- Improved record protection and legal compliance.
- Reduced risk of information leakage or loss.
Conclusion:
- Proper implementation of a records security policy is essential for information security and record integrity.
