table of contents · records and information management program. deploy, support and maintain the...
TRANSCRIPT
Table of Contents ................................................................................................................................................. 3
.......................................................................................................................................................... 4
................................................................................................................ 4
Objectives ............................................................................................................................................................. 4
Policy Principles .................................................................................................................................................. 5
Scope .................................................................................................................................................................... 5
Policy Details ....................................................................................................................................................... 6
Records and Information Management ....................................................................................................... 6
Transparency ............................................................................................................................................... 6
Integrity ......................................................................................................................................................... 6
Protection ..................................................................................................................................................... 6
Compliance .................................................................................................................................................. 7
Retention ...................................................................................................................................................... 7
Disposition .................................................................................................................................................... 7
............................................................................................................... 8
Record Creation .............................................................................................................................................. 8
Naming Conventions ...................................................................................................................................... 8
Record Maintenance ...................................................................................................................................... 9
Retention and Disposition .............................................................................................................................. 9
Protection ....................................................................................................................................................... 10
Electronic Document & Record Management System (EDRMS) .......................................................... 11
Personal Information and the Freedom of Information & Protection of Privacy Act (FOIP) .............. 11
Roles and Responsibilities........................................................................................................................... 13
Director of Corporate Services ................................................................................................................ 13
Accountability ............................................................................................................................................. 13
Directors and Managers ........................................................................................................................... 13
Corporate Records and Information Coordinator ................................................................................. 14
EDRMS Steering Governance Committee ............................................................................................ 15
EDRMS Working Group (Department Representatives)..................................................................... 15
Information Systems ................................................................................................................................. 16
All Personnel and End-users ................................................................................................................... 16
Training ............................................................................................................................................................... 17
Review and Monitoring ..................................................................................................................................... 18
CONFIDENTIALITY: ......................................................................................................................................... 18
NON COMPLIANCE: ........................................................................................................................................ 18
POLICY AUTHORITY: ..................................................................................................................................... 18
ATTACHED SCHEDULES .............................................................................................................................. 19
Schedule “A” - Definitions ..................................................................................................................... 20
Schedule B - Applicable Legislation, Acts and Regulations .......................................................... 28
Schedule C - Standards ...................................................................................................................... 29
Schedule D – Security Caveats .......................................................................................................... 30
Schedule E – County wide approved Naming Conventions ........................................................... 31
Schedule F – Records vs Non-Records ............................................................................................ 33
Schedule G – Retention Schedule (File Plan) .................................................................................. 36
This policy sets out the County of Grande Prairie No. 1’s responsibilities and activities in relation to
the Records and Information Management Program in accordance with legislation, acts, regulations
and professional best practice principles and amendments thereto. The County’s Records and
Information Management Program is the professional practice of managing all of the Records and
Information of our municipality throughout their life cycle, from the time they are created to their
eventual disposition. This includes identifying, classifying, storing, securing, retrieving, tracking and
destroying or permanently preserving records.
The purpose of Records and Iinformation Management is part of the County’s broader function
of Records and Information Governance, Risk, and Compliance and is primarily concerned with
managing the evidence of the County’s activities as well as the reduction or mitigation of risk
associated with It.
A file plan is a document listing all the titles of the records series, length of time each document or
record will be retained as an active record, the reason for its retention (administrative, legal, fiscal,
Municipal Government Act
Freedom of Information & Protection of Privacy Act
Various Acts & Regulations
Legislative Services
All County Policies P1
April 9, 2001
Motion #04/260/2001
June 27, 2016 - #CM20160627.1048
Records and Information Management Policy
June 2019
and historical) and disposition as legislated, with input from the Corporate Records and Information
Coordinator and the various County Departments ... It also promotes the effective management of
these records and information across the municipality, recognizing their value as a corporate asset
for the delivery of efficient, appropriate, open and transparent services. It also sets out to ensure the
County complies with its legislative obligations as required in all applicable legislations, Acts, and
Regulations and amendments thereto, as listed in the County’s Retention Schedule.
This policy applies to:
All the County employees, contractors, temporary help, and agents or representatives acting
on behalf of the County who create or collect records and information;
All records and information the County holds, including any information created, received and
maintained by the County in the course of its work, irrespective of format.
Please see Schedule “A”
Objectives
The overall objective of this policy is to ensure that all Records & Information of the County are
managed according to the Municipal Government Act, R.S.A. 2000, c. M-26 and amendments thereto
also known as the MGA, the FOIP Act and GARP (ARMA) generally accepted recordkeeping
principles; available for decision making; protected from unauthorized loss and/or release; and
disposed of only after all legal obligations have been met. This policy provides the County with a
management framework including (but not limited to) policies, standards, guidelines, procedures and
systems that are flexible, efficient, and effective for managing Records and Information. The
objectives of this policy are to ensure that the County;
Provides clear direction to all Directors, Managers, and all Employees including temporary
and seasonal, Agents and Representatives on their responsibilities for Records and
Information Management, and provides an understanding of the importance of proper storage
and retrieval of records and information;
Ensures that records and information of historical value are preserved;
Maintains a Records and Information Management Program culture where records and
information are managed coherently and consistently across the organization;
Collects information efficiently to support the County’s objectives, vision and values and
strategic themes;
Makes appropriate information accessible to everyone as required;
Ensures all departments are following the proper naming conventions for Records and
Information Management are set up by each department for consistency in searching and
retreivability of records and information.
The County has also approved a number of County wide naming conventions that all
departments are required to use regarding legal land locations, addressing, etc.. You will also
find information regarding characters that cannot be used in SharePoint, as outlined in
Schedule “E”;
Maintains records and information in a safe and secure environment;
Keeps information for no longer than is necessary in accordance with the County’s official
retention schedule (file plan), and various legislation and amendments thereto;
Identifies and protects the County’s vital records and information (those required to maintain business continuity in the event of a disaster, and without which the County could not operate).
This is done by Systems and includes::
1) Backups are stored in 3 buildings (Community Services Building, Administration
Building, and Public Works/Systems Building)
2) Historical retention is locked in Administration Building Server Room.
Policy Principles
The County recognizes that the Municipality’s Records and Information are a valuable and mandated
corporate asset and will be managed in a manner that:
Ensures its quality and integrity;
Ensures information is organized and classified in a manner which facilitates access by those
who require the information to continue their assigned work;
Safeguards designated information against unauthorized access;
Will help protect essential information against loss;
Will help eliminate unnecessary duplication or collection of information by including in the
training to the end user the importance of one copy as it relates to FOIP and Records &
Information Manangement .
The County declares (except as stated in this policy or as otherwise agreed in writing) ownership and
control of all records and information information that are created,requested externally for legal
issues, FOIP request, or other municipalities, etc., or received in support of its operations and internal
administrative support.
Scope The scope of this Policy is the County records and information in any form; and therefore includes
physical and electronic records in all form and formats, whether or not those documents are official
business records.
All of the County records and information items are in scope in terms of the information held within
them, and system outputs, which means the amount of records and information that is produced by a
person or department.
The infrastructure and systems on which information is communicated and stored, and within which
data may be backed up and recovered, is out of scope of this policy and falls under Information
Systems. This document refers to the County’s effective Records and Information Management
program.
Policy Details
Records and Information Management
The County recognizes the value of its information assets and will ensure that these assets are
managed effectively in accordance with the following information governance principles:
Transparency
The County’s business processes and activities, including its Records and Information Management Program, shall be documented in a transparent and verifiable manner, and the documentation shall be available to all personnel and appropriate interested parties, provided they have been given access privileges by the assigned department representative who has created it, and has ownership of the document or record.
The County shall maintain records and information in a manner that ensures timely, efficient, and
accurate retrieval of information. The County will maintain an inventory of its records and information
assets. Records and information shall be made available unless there is a compelling reason not to,
recognizing all the relevant legislative and regulatory requirements and amendments thereto. This
applies to both internal and external users of information. The County will present and organize
records and information to maximize its availability. The storage and organization of records and
information will promote its sharing, thereby minimizing duplication of effort and the cost of its
retrieval, as well as contributing to improved decision making.
Integrity
The County’s Records and Information Management Program shall be constructed so the
records and information generated by or managed for the municipality has a reasonable and
suitable guarantee of authenticity and reliability, as outlined in the MGA and FOIP, and any
other applicable regulations or acts.
Protection
The County’s Records and Information Management Program shall ensure a realistic level of
protection to records and information that are private, confidential, privileged, secret,
classified, essential to municipal business continuity, or that otherwise require protection.
The protection of records and information shall be carried out in accordance with FOIP Act
and the County’s approved Security Caveats which are currently listed in Schedule “D”; and
may be amended from time to time.
Disposal of records and information of a personal or confidential nature will be carried out
securely. Records and Information ownership rights will be observed. Records and
Information from third party sources will only be used in accordance with the license or
permissions granted. The intellectual property rights of the County will be considered in
relation to the distribution of its information assets, which is a definable piece of information,
stored in any manner which is recognized as 'valuable' to the municipality.
Compliance
The County will comply with applicable laws and other binding authorities, as well as with this
policy and any other applicable internal policies,bylaws, regulations, procedures, etc..
Retention
The County shall maintain its records and information for the required time, taking into
account its legal, regulatory, fiscal, operational, and historical requirements, and in
accordance with the County’s Retention Schedule. The Records and Information
Management and retention of information will take into account its value to the County.
Information will only be retained as long as there is a business need and to ensure
compliance with the relevant legal and regulatory requirements as per Schedule “G”-
Retention Schedule (File Plan).
Disposition
The County’s Records and Information Management Program shall provide secure and appropriate
disposition for records and information that are no longer required to be maintained by applicable
laws, legislation and policies.
All information that comes into the County shall be properly retained as per the County’s Retention
Schedule, in our Records and Information Management System.It shall be managed through its
lifecycle, which may take it through a variety of different storage environments under the control of
different owners. At all times there shall be clear responsibility for its management.
The County recognizes that an effective Records and Information Management Program must be
incorporated within the culture, business processes, organization and infrastructure of the County.
The County will:
Cultivate a suitable business culture where users value, protect, and manage
information, including records;
Develop the professional skills necessary to provide effective leadership and oversight on our Records and Information Management Program; with funding to come from the responsible department;
Ensure our key Records and Information Management Program activities are
embedded into our business processes - how we organize, store, secure, protect,
share, label, communicate and destroy information;
Establish appropriate business structure, lines of communication, department roles
and responsibilities, authority, and suitable delegation of responsibilities to support the
Records and Information Management Program.
Deploy, support and maintain the appropriate hardware, software and network for
capturing, storing, communicating and retrieving information in accordance with this
policy.
Reduce or eliminate various means of electronic document storage that act as an
alternative to the County’s EDRMS.
The County will protect and defend records and information and information systems by ensuring
their:
Availability Reducing risk of loss of service
Integrity Avoiding unauthorized modification
Confidentiality Avoiding unauthorized disclosure
Authentication Validating the source of information
Record Creation
The County shall have in place a record keeping system for both physical and electronic records.
This system includes the policies, procedures, guidelines and standards related to the management
of records at the County. The purpose of such a system is to provide efficient and systematic control
of the creation, receipt, maintenance, use and disposition of records, including the processes for
capturing and maintaining evidence of and information about business activities and transactions in
the form of records. It must also take into account the legal and regulatory environment applicable to
the County.
The County will distinguish between non-records and records, such that non-records may be
amended or deleted, but records cannot be altered as per Schedule “F” – Records vs Non-Records
Naming Conventions
This is how the County’s business units title their records and information. A collection of words or
numerical numbers which allow users to search for useful documents and information in the County’s
EDRMS. These naming conventions are to be agreed to at a business unit level and shared with all
other units as best business practice.
The County currently has county wide approved naming conventions that are listed in the attached
Schedule “E” – County wide approved Naming Conventions.
Record Maintenance
The record keeping system must be maintained so that the records are properly stored and
protected, and can easily be located and retrieved. The County will:
Ensure that adequate storage accommodation is provided for the records in a
dedicated, secure records store;
Monitor the movement and location of records so that they can be easily retrieved;
Provide an audit trail of recordkeeping activities;
Minimize or eliminate where possible the duplication of electronic and physical records;
Control access to the information in accordance with the County’s current Security
Caveats as per Schedule “D” – Security Caveats;
Ensure authenticity so that records retain their legal integrity;
Identify vital records and apply appropriate protection to them, including the
Information Systems business recovery plan that ensures the restoration these
records;
Identify records no longer required for the conduct of current business, and if
appropriate transfer to designated storage in accordance with the approved Retention
Schedule as outlined in Schedule “G”.
Retention and Disposition
The County has developed, approved, and will maintain a retention schedule categorizing its various
business functions and records, specifying a retention period and disposition (destroy or transfer to
archive) for each activity. It will also designate which records are vital and permanent.
Not all records and information meets the criteria of a record. These will be referred to as Non-Records. Please refer to Schedule “F” – Records vs Non-Records.
These will be referred to as unmanaged records. Those documents that meet the criteria of a record, and have been identified as such, can and therefore shall be managed as records and will simply be referred to as records.
Deletion refers to the informal act of destroying (physical) or deleting (electronic) documents.
Disposition refers to the formal process whereby records are destroyed or transferred in accordance with the approved Retention Schedule, under the direction of the Corporate Records & Information Coordinator.
The County will apply disposition to all records in accordance with the retention schedule in a manner that ensures:
Records of business value are identified and retained as outlined in the County’s
Retention Schedule;
The retention schedule is reviewed and updated at a minimum every three years;
An audit trail is maintained of disposition activities;
Disposition activities of applicable records are suspended in accordance with a FOIP
request or other legal proceeding, until such proceedings are completed;
Non-records and unmanaged records will be deleted in a consistent manner according
to internal County Records vs Non-Records Guidelines as outlined in Schedule “F”;
Non-records and unmanaged records will be destroyed so that reconstruction or
recovery is unlikely;
Physical and electronic records destroyed in accordance with the retention schedule
will be destroyed either by electronic means, shredding or burning, such that the
records cannot be recovered in any way.
The County will apply deletion to all non-records and unmanaged records in accordance with the
following:
The County has established appropriate retention periods suitable for the use of these
documents, according to the Municipal Government Act, Freedom of Information and
Protection of Privacy Act, and any other regulations or citations and amendments thereto that
are applicable;
Automatic (machine-initiated) deletion (based on pre-determined retention periods) of
electronic documents shall be acceptable for the destruction of non-records and unmanaged
records.
Protection
All of the County staff is required to share information responsibly and ethically, and records and
information that has been stored on the County systems should be available to those people within
the County who have a legitimate interest, as determined by your position. However, this does not
necessarily mean full staff or public access. Information that is (or should be) protectively marked will
be limited to those who genuinely need access to it. Sensitive information on individuals must also be
marked, and access strictly limited to those who need it to carry out their duties.
Access will be controlled by the use of protective markings, descriptors, and passwords, as specified
in the set up of access in the EDRMS. Where access must be limited, the information must be
protected and labelled properly. It must also be stored in an appropriately secure storage container or
system.
The County will:
Maintain and publish clear and concise information security and access policies;
Maintain and publish a list of protective markings and descriptors for documents;
Provide appropriate information infrastructures, capable of supporting security and access requirements;
Require staff to label information with the appropriate protective markings and descriptors;
Undertake periodic reviews of accessibility, security and privacy of information held within each department;
Investigate shortfalls of accessibility, or breaches in security or privacy, to reduce risk of repetition;
Monitor compliance with information access requests;
Assess and manage risks to the confidentiality, integrity and availability of information at all stages of the information lifecycle;
Balance the need to protect information with the need to effectively make use of it;
Develop a risk-aware culture;
Take appropriate measures to protect information from inadvertent or unauthorized creation, access, alteration, transmission or destruction;
Comply with all legislative and other mandatory requirements relating to the protection or destruction of information;
Appoint appropriately qualified individuals to roles with clearly defined responsibilities for aspects of records and information assurance;
Ensure that all staff is aware of their responsibilities regarding information, its management and use.
Electronic Document & Record Management System (EDRMS)
The County shall implement and maintain an EDRMS for the administration and management of
records (electronic and physical) and information. This system will allow the County to, at a minimum:
Provide a means whereby all personnel can declare electronic and physical records
within the EDRMS, by configuring and customizing the EDRMS software as required;
Provide a suitable means to ensure all declared records, undeclared records, and non-
records have appropriate security permission providing for appropriate access for all
employees, while restricting access to those who should not access documents;
Provide a means of recording and maintaining the County’s retention schedule/file
plan;
Provide for the identification of record and information state and status;
Provide a means of managing physical records as well as electronic records;
Apply System Assisted Classification (SAC) and System Facilitated Declaration (SFD)
techniques where warranted;
Identify and manage Vital Records in as outlined in the Records vs Non-Records
Guideline attached as Schedule “F”;
Provide a means of applying the County’s approved retention schedule to all records;
Manage the lifecycle of all records, from creation through to final disposition (deletion
or transfer);
Transfer records of historical value (archival records) to an outside agency.
Information in structured data stores, such as spreadsheets and l databases, shall be managed as recorded information like other records. Key outputs, or the contents of the data store at certain times, shall be treated as other documents, and retained in accordance with the retention schedule.
Personal Information and the Freedom of Information & Protection of Privacy Act
(FOIP) The County has to collect and use information about people with whom it works. These may include
members of the public, current, past and prospective employees, clients and customers, and
suppliers. This personal information must be handled and dealt with according to the FOIP Act,
however it is collected, recorded and used, and whether it be on paper, in computer records or
recorded by any other means.
The County regards the lawful and correct treatment of personal information as very important to
successful operations and to maintaining public confidence in the County. The County will treat
personal information lawfully and correctly. To this end, the County fully endorses and adheres to the
FOIP Act. All FOIP inquiries and requests are handled by the Corporate Records and Information
Coorrdinator, as designated or directed by the CAO.
The County will:
Observe fully the obligations of the County specified by the FOIP Act regarding the collection
and use of information;
The County will maintain a listing of personal information banks;
Make every reasonable effort to assist FOIP applicants in their efforts to access records;
Where access to personal information is granted in accordance with a request under the FOIP
Act, the County will provide a copy of the record if requested, if the copy can reasonably be
reproduced;
Meet its legal obligations to specify the purpose for which information is used;
Collect and process appropriate information and only to the extent that it is needed to fulfil
operational needs or to comply with any legal requirements;
Apply system reports and random samplings to determine the length of time personal
information is held;
Ensure that any third party processors contracted by the County adhere to the MGA, FOIP,
and all other controls that may be department specific;
Where a contractor provides services to the County, the County will clearly indicate through
provisions in the contract the records over which the County has control;
Ensure personal information shall be adequate, relevant and not excessive in relation to the
purpose for which they are processed;
Ensure personal information is accurate and where necessary, kept up to date;
Not process personal information for any purpose longer than is necessary for that purpose,
or for any reason other than which it was intended;
Ensure appropriate technical and organizational measures are taken against unauthorized or
unlawful processing of personal information and against accidental loss or destruction of, or
damage to personal information;
Not transfer personal information to a country or territory outside Canada unless that country
or territory ensures an adequate level of protection for the rights and freedoms of data
subjects in relation to the processing of personal information;
Ensure that the rights of people about whom information is held can be fully exercised under
the FOIP Act. These include:
o the right to be informed that processing is being undertaken;
o the right of access to one’s personal information;
o the right to prevent processing in certain circumstances;
o The right to correct, rectify, block or delete information that is regarded as wrong
information.
Roles and Responsibilities
Director of Corporate Services
The Director of Corporate Services must ensure the establishment of an effective Records and
Information Management Program function within the County. It is the responsibility of the Director of
Corporate Services to:
Implement this policy in a cohesive manner across all of the County;
Communicate this policy throughout the County and ensure proper training in Records and
Information Management principles to employees is being done;
Support the corporate vision, values and strategies that address information as a strategic
business asset of the County;
Support the Corporate Records and Information Coordinator to oversee the Records &
Information Management Program;
Support the Corporate Records and Information Coordinator, all departments, and other
stakeholders to develop retention periods/policies for the deletion of recorded information
other than managed records, namely:
o Non-records, including non-work documents
o Unmanaged physical records, and undeclared electronic records
o Email not declared as records, including inbound, outbound, and stored email,
regardless of location
Ensure all employees are aware of their obligation to manage information appropriately;
Ensure all data protection and security of information policies and procedures are understood,
implemented and adhered to;
Support the Records and Information Coordinator in the designation and training of
Department Champions (DCs), and new end-users;
Ensure that Records and Information Management Program be maintained and updated by ensuring adequate staff.
Accountability
The Director of Corporate Services shall oversee the Records and Information Management Program
and support the delegated responsibility for the Records and Information Management Program to
the Corporate Records and Information Coordinator.
Directors and Managers
Ensure all employees are aware of their obligation to manage information appropriately;
Ensure all data protection and security of information policies and procedures are understood,
implemented and adhered to;
Support the Records and Information Coordinator in the designation and training of
Department Champions (DCs), and new end-users.
Support the corporate vision, values and strategies that address information as a strategic
business asset of the County;
Support the Corporate Records and Information Coordinator to oversee the Records &
Information Management Program;
To ensure department compliance with this policy.
Corporate Records and Information Coordinator
The Corporate Records and Information Coordinator provides leadership, direction and vision for the
County’s overall Records and Information Management Program, including an organizational -wide
framework for the governance of Records and Information Management, and advises the Director of
Corporate Services (or designate) on policies, procedures and guidelines, standards and practices in
support of the County's corporate records and information. It is the responsibility of the Corporate
Records and Information Coordinator to:
Oversee the creation of policies, standards and guidelines related to the Records & Information Management Program;
Chair the EDRMS Working Group;
Work with IT to obtain and utilize software that enables and facilitates records and information management at the County;
Identify records and information, rules, and standards to manage and maintain the County’s Records and Information;
Interpret and explain the policy requirements to all employees;
Regularly measure and report on the overall quality and health of the Records & Information Management Program as described below in the matrix;
Develop and provide training as required and requested;
Serve as the principal contact and provider of advice regarding the management of county records, information and FOIP;
Determine what, if any, security classification or designation levels need to be attached to the recorded information;
Establish and maintain an approved retention and disposition schedule, and any other legal and policy obligations to ensure the timely disposition of recorded information that is no longer required;
Advise managers and department champions on year end processes, and oversee the destruction and transfer of records in accordance with the approved retention schedule;
Notify Directors/Managers prior to the approved destruction of records and receive final destruction sign offs from Department Managers;
Provide guidance in determining whether or not records and information or other material have an operational, fiscal, administrative or informational/ historical value and must be protected from deterioration or loss;
Arrange for the transfer of records & information designated as having historical value to the appropriate outside agency;
Make recommendations to eliminate significant deficiencies, and suggest improvements to the information management program, and report significant findings to the Director of Corporate Services;
Work with business units and departments to establish communication and training programs pertaining to Records and Information Management.
Establish and measure acceptable minimum thresholds for the following key electronic recordkeeping performance metrics, according to Generally Accepted Recordkeeping Practices:
o Qualification Rate (percentage of specified documents that meet the criteria of a record);
o Declaration Rate (percentage of qualified records that records were declared as records);
o Classification Accuracy Rate (percentage of declared records known to be correctly classified).
Monitor compliance with information access requests;
Conduct periodic random sampling of records and information, and structured data within
each department to assess compliance with this policy.
EDRMS Steering Governance Committee
The County shall monitor and measure all key elements of its Records and Information Management
Program and deal with escalated issues that may arise from time to time. The County has:
Form a Permanent EDRMS Steering Governance Committee to monitor and oversee all
Records and Information Management Program activities in compliance with this policy. This
committee shall be comprised of the following members, at a minimum:
o Director of Corporate Services
o Legislative Services Manager
o Information Systems Manager
o Corporate Records and Information Coordinator.
EDRMS Working Group (Department Representatives)
To facilitate organization-wide information management, each department will designate a
Department Representative. The duties of the Department Representative will be minimal, and they
may fulfil this role for more than one department. Each representative shall have duties with respect
to the information in the custody or control of their business unit or department. It is the responsibility
of the representative to:
Be the primary link between his/her department and the Corporate Records and Information
Coordinator;
They will be a sitting member on the EDRMS Working Group;
Identify the records required to be maintained by the Department, and communicate to
employees the specific requirements of the Department relating to these Business Records;
Make employees in the department aware of procedures for the offsite storage of physical
records and for the management and storage of electronic records;
Ensure that any recorded information subject to a Hold Directive are immediately identified
and safeguarded from any deletion processes and the Corporate Records & Information
Coordinator is informed;
Assist with any search for documents requested for litigation, compliance, audit, regulatory or
other purposes within specific business unit;
Facilitate the appropriate destruction of information, under the direction of the Corporate
Records and Information Coordinator;
Facilitate department employees understanding of this policy;
Take reasonable steps to ensure that his/her department complies with this policy;
Working with the Corporate Records and Information Coordinator and the group, develop
functional requirements and specifications for the declaration of electronic records;
Prepare and transmit critical EDRMS performance measures to the Corporate Records and
Information Coordinator as required;
Information Systems
Information Systems provides support of the Records & Information Management Electronic System.
It is the responsibility of IS to:
To install, provide direction, and set up the meta data fields for Sharepoint
Ensure the systems used to communicate and store records & information are as reliable and
efficient as practicable;
Implement deletion capabilities for all electronic documents other than declared records, in
accordance with the County’s policies for deletion of such documents. Such capabilities
should extend to all storage media upon which such documents may be found, including but
not limited to shared drives, local hard drives, portable media, social media, remotely-located
storage such as cloud-based storage, backup media, etc.;
Consult with the Corporate Records and Information Coordinator prior to the selection,
construction, or acquisition of any system that records electronic information;
Integrate where possible, sources of records and information with the EDRMS to facilitate the
collection and management of County records and information.
All Personnel and End-users
All employees and those acting on behalf of the County are responsible for ensuring the proper
classification, transmission, maintenance, storage and protection of recorded information. Working
individually or collectively, employees must ensure information is properly managed as a corporate
asset. It is the responsibility of all personnel to:
Assure the quality, authenticity, and reliability of information they create;
Safeguard records and information the County has entrusted to them;
Account for other people’s need for recorded information that they create or control, and
share the information appropriately as required by the County;
Ensure compliance with this Records & Information Management policy;
Ensure compliance with the MGA and the Freedom of Information and Protection of
Privacy Act and the role it plays on the County as a public authority;
With guidance from the Directors/Managers, assess the importance, urgency and
sensitivity of information;
Ensure that information that needs to be kept confidential (for security or privacy reasons)
is not inappropriately divulged;
Work cooperatively and diligently to correct errors in Records and Information
Management and reduce risk of recurrence;
Use the County’s information technology in an appropriate way, and avoid unacceptable
use;
Keep accurate and complete records;
Follow the specific requirements of his/her department when making decisions about
whether to classify information as a record, a work-in-progress (WIP), or a reference
document;
Distinguish Records from Non-Records in accordance with Schedule “F” Records vs Non-
Records guidelines;
Abide by all Legal Hold Directives preventing information deletion of as a result of current
or anticipated litigation, government investigation or audit;
Ensure any records in his/her custody or control are not removed from the County
premises unless such removal is required to conduct the County’s business and unless
any confidential or personal information contained therein is safeguarded in an
appropriate fashion;
Return information promptly to the County when the purpose for which the information
was removed from the County premises has ended;
Return all Records to the County upon termination of his/her employment or contractual
relationship with the County.
Training Full trainng will be provided to all employees that are required to use the EDRMS. The training matrix
will include training per department, as well as additional training for the EDRMS Working Group.
Methods will include a classroom settings, one on one, printed materials with clear instructions, and
eventually How-To Videos.
The focus for all users will be in The Hub Platform, as well as limited access to Collabware, the
records center.
Review and Monitoring This policy establishes a performance-monitoring framework to evaluate the effectiveness and
efficiency of the Records and Information Management Program in the County. The Corporate
Records and Information Coordinator will monitor and review this policy on an annual basis, or more
frequently if deemed necessary by the Director of Corporate Services in which this position ultimately
reports to, to ensure:
The scope and content of the policy is appropriate and in line with legal requirements;
All departments are aware of their responsibilities and that the creation, maintenance and
disposal of records and information is being carried out in line with the policy and supporting
standards;
Training and awareness is provided to all end-users.
CONFIDENTIALITY: The use and interpretation of all County Policies and schedules will comply with all aspects of the Freedom of Information and Protection of Privacy Act (FOIP). Any breaches of the FOIP Act will be subject to disciplinary action.
NON COMPLIANCE: Failure to comply with this policy could expose the County to significant loss in terms of increased
risk of litigation or legal sanction, increased cost of litigation, loss of reputation, or reduction in
operating efficiency.
The consequences of non-compliance of this Policy will be at the discretion of the CAO or their designate, and may include disciplinary action up to and including termination. The Chief Administrative Officer must approve any exceptions to the Policy.
POLICY AUTHORITY: The County Administrator has the authority to amend the related Schedules of Policy P1 from time to
time to keep current, enforceable and compliant with statutes and legislation in the Province of
Alberta. Any changes that are made to Policy are to be approved by Council.
ATTACHED SCHEDULES Schedule “A” - Definitions
Schedule “B” – Applicable Legislation, Acts, and Regulations
Schedule “C” – Standards
Schedule “D” – Security Caveats
Schedule “E” – County Wide Approved Naming Conventions
Schedule “F” – Records vs Non-Records
Schedule “G: - Retention Schedule
Schedule “A” - Definitions
Archival Recorded information and other items of enduring value that are worthy of
permanent retention and special management because of the importance of
the information they contain for continuing administrative, operational, legal, or
fiscal purposes or for historical or other research.
ARMA Originally, ARMA was the acronym for the Association of Records Managers
and Administrators. Over the years, we have seen a broadening of the
profession as records management has become a recognized and integral part
of information governance, which is key to doing business. To reflect the
changing environment and this "expansion" of the profession, the association's
Board of Directors decided to discontinue using ARMA as an acronym and
adopted "ARMA International" as a general descriptor of the association.
Auto-Delete The process whereby a machine-driven process will automatically delete a
document, without any human intervention, once a condition has been
satisfied. Example – “Delete 3 years after Last Modified Date ” or “Delete 2
years after receipt”.
Case Category A category containing documents whereby the business activity has a defined
end date. Typically a Person, Place, Event, or Thing. Disposition is triggered by
a date, such as “End of Useful Life” (A machine), or “Close of all Legal Matters”
(A workplace Accident). Example – employment files, typically qualified for
disposition 3 years after termination of employment. All records within a case
file reach disposition and are processed as a complete, intact group – they are
never separated or processed as individual records. Many organizations have
50% or more of all business records as case files.
Category A node in the hierarchical file plan. Denotes a set of records of similar subjects,
i.e. Travel Requisitions. All categories are linked via a child/parent relationship.
Classify The process whereby a user assigns a formal retention rule to a document, as
part of the Declaration process. Classification can be achieved explicitly (the
user selects and assigns a category), or implicitly (by virtue of selecting a
storage location such as a folder, that matches the subject of the document,
and which bears the appropriate retention rule for that subject).
Classification Accuracy Rate The percentage of a specified quantity of declared electronic records
that are known to be classified correctly. Ideal target rate = 100%, i.e. all
declared records are classified correctly. Key performance metric of an
EDRMS.
County The municipal corporation of the County of Grande Prairie No. 1 having jurisdiction under the Municipal Government Act and other applicable legislation.
DC Department Champions. A person within a business unit (e.g.
department/division) who has been delegated with specified recordkeeping
duties on behalf of the department. The duties are delivered in support of the
EDRMS project. Such duties could include measuring and reporting daily
critical performance measurements, creating new case categories as they
emerge, etc.
Declare Make a document a record. Once declared, a document is tracked by EDRMS
software, and prevented from deletion (locked), except via a formal disposition
process.
Declaration Rate The percentage of a specified quantity of electronic documents that meet the
criteria of a record, which are declared within an EDRMS as a record. Desired
declaration rate is 100%, and generally accepted principles are 85%. i.e. all
documents that are records are declared. Key performance measure of an
EDRMS.
Deletion As distinguished from Disposition. An arbitrary deletion by a person or
process. Deletion of a document by any method other than Disposition. Some
examples of deletion:
1) A system allows a user to specify (arbitrary) criteria for retention. A
document’s retention criteria has been met, and the system
automatically deletes the document, with or without any human
intervention.
2) End user with deletion privileges deletes the document
3) A system administrator deletes a document
Disposition As distinguished from Deletion. Formal, structured process of determining
what happens to records at the end of their retention period. The process is
human-initiated, and the decision as to what is destroyed/transferred is
ultimately governed by an approved retention schedule.
Disposition yields (3) possible outcomes following the expiration of the
retention period:
1) Destroy
2) Transfer to outside agency for permanent archival storage
3) Unknown. Retain until disposition is known. Some possibilities:
Held for legal review
In Dispute
Disposition simply not yet known or decided
Document A single piece of recorded information, in any form, physical or electronic. May
or may not meet the criteria of a record.
Document State Record State. At any point in time, a given document is considered to be in one
of the following three states:
Record. Known to meet the criteria of a record. Does not imply that the
document is being managed as a record. Critical to this state is that it is
“known” by the RIM Manager, so appropriate management can be applied
to the document.
Unknown. It is not known (for whatever reason) by the RIM Manager if this
document is a record or a non-record. May be a record or a non-record.
Critical to this state is that it is “unknown” by the RIM Manager.
Non-Record. Known to not meet the criteria of a record. Does not meet the
criteria of a business record, according to the organization’s definition of a
record. Critical to this state is that it is “known” by the RIM Manager, so
appropriate management can be applied to the document.
Document Status The Status of a document as declared by the user during declaration into
an EDRMS. The user declares the document status to be one of the
following three possibilities:
Work In Progress (WIP). Official business, but not yet ready to be
declared as a record. This implies the document is a record, and must
eventually be declared as such.
Record. The user believes this to meet the criteria of a record, and/or is
choosing it be managed as a record in the EDRMS. Once declared, it will
be subject to formal recordkeeping control.
Reference. The user believes this document does not meet the criteria of
arecord, but needs it to be retained as long as needed for the completion
of the
EDRMS Electronic Document and Records Management System. A business
information system in which the records of an organization are created,
captured, maintained, and disposed of. Such a system also ensures their
preservation for evidential purposes, accurate and efficient updating, timely
availability, and control of access to them only by authorized personnel. An
EDRMS includes rules and procedures governing the storage, use,
maintenance and disposition of records and/or information about records, and
the tools and mechanisms used to implement these rules.
An EDRMS delivers specified recordkeeping controls. Most systems can
manage electronic and physical records. Many are comprised of general-
purpose content management systems that deliver recordkeeping capability.
An EDRMS can be configured to store exclusively records, however it will
typically store all three of the following categories of items:
Declared Records
Non-Records
Non-Declared (unmanaged) records
Event Date The date that triggers the Disposition of a set of record(s) in a case file.
Suppose for example a retention rule for Contracts is “Destroy 2 years
following contract end”. The trigger date for records about contracts is
therefore the contract end date. If the contract for Safe-Tee Security for
instance ends Jan 15 2009, the records are qualified for disposition on Jan 15
2011.
File Multiple meanings:
1) An electronic document (recorded information in digital form, any format) 2) A collection of related documents (the “contract file”). Could represent one
or more physical folders of related documents. 3) A physical folder 4) The act of placing an electronic document into a storage or management
system (to “file” a document into an EDRMS).
In an EDRMS setting, a “file” most closely relates to a category, as
distinguished from a document (recorded electronic information).
FOIP The Freedom of Information and Protection of Privacy (FOIP) Act aims to strike a balance between the public’s right to know and the individual’s right to privacy, as those rights relate to information held by public bodies in Alberta.
GARP Generally Accepted Recordkeeping Principles.
Hold Directive (Legal Hold, Suspension). Process which an organization uses to preserve all
forms of relevant information when litigation is reasonably anticipated.
Suspends the normal disposition or processing of records. A legal hold is
typically issued as a result of current or anticipated litigation, audit, government
investigation or other such matter to avoid evidence spoliation.
Information The data collected that are processed, analysed, interpreted, classified or
communicated in order to serve a useful purpose, present facts or represent
knowledge in any medium or form. This includes any data, file, content,
record, or other tangible artifact in any form, including books, documents,
maps, drawings, photographs, letters, vouchers and papers, sound recordings
(audio), videotapes, electronic (digital) files, electronic mail transmissions,
databases and spreadsheets, graphical, physical sample, textual or numerical
form, and any other recorded information, photographed, recorded or stored in
any manner.
Non-Record A document that does not meet the criteria of a record, i.e. does not have
enduring business value. Examples include transient, redundant, or duplicate
copies of documents. . Also includes documents not related to business (non-
work documents).
Physical A document that is not electronic, e.g. document, folder (of
documents), box, or artifact. It is managed or tracked as a
record by the EDRMS.
Electronic The body (content) of the record is in electronic form, e.g. word
processing documents, PDF files, spreadsheet, digital images,
etc. Not declared as a record in an EDRMS.
Non-Work Electronic Documents an employee creates and stores on an office computer
system which are not related to the business. Such documents may be stored
in an EDRMS, co-mingled with records, non-records, and undeclared records.
Should be subject to deletion. Not subject to disposition.
Physical Records Those records that are not electronic. The content (body) of the record is not
stored within the EDRMS. Physical records typically take the following three
forms:
Box Contains multiple physical documents. A box is numbered via an
affixed label. Typically a barcode is applied for tracking purposes. The
box typically contains folders (of individual documents). A box is
considered to be a single record for disposition purposes.
Folder A file folder (jacket) containing a set of documents. Folders are
numbered and have a label affixed to them for retrieval purposes.
A folder is considered a single record for disposition purposes. A folder
often will have a Start and End date, representing the oldest and
newest correspondence, respectively. A folder may be part of a series
of multiple folders containing records on a given topic.
Non-Electronic Document. (N-Doc). A physical record where the content
(body) of the record is not stored within the EDRMS, however the
record is tracked and managed by the EDRMS in the same manner as
an electronic record. An electronic record has its content and metadata
stored in the EDRMS, whereas an N-Doc has only metadata stored in
the EDRMS. Some examples may be large maps, historical artifacts,
leather-bound books, core samples, microfiche rolls, etc.
An EDRMS with physical records management capability will manage physical
records (boxes, folders, N-Docs) alongside electronic records and apply the
same retention rules to them. It will also include electronic and physical records
in searches and legal holds.
Qualification, Record Determination that a document is a business record. Common criteria:
Records a decision
Created in the conduct of the business of the organization
Necessary for the conduct of the business
Constitutes evidence that a legal or policy obligation was followed
Qualification, Disposition Determination that a document is eligible for its end-of life disposition,
i.e. can be destroyed or transferred following the end of its designated
retention period.
Qualification Rate The percentage of a defined collection of documents that meet the criteria of a
business record, i.e. have business value. A key measure of performance in an
EDRMS system.
MGA Municipal Government Act, R.S.A. 2000, c. M-26 and amendments thereto also known as MGA;
Record A document or artifact that meets the criteria of a record (Information created,
received, and maintained as evidence and information by an organization or
person, in pursuance of legal obligations or in the transaction of business).
Either physical or electronic form:
Physical A document that is not electronic, e.g. document, folder (of
documents), box, or artifact. Identified as a record and therefore
has recordkeeping controls applied to it. May optionally be
recorded within (tracked by) a EDRMS.
Electronic The body (content) of the record is in electronic form, e.g. word
processing documents, PDF files, spreadsheet, digital images,
etc. If declared as a record in a recordkeeping system
(EDRMS), it is subject to recordkeeping control.
A document that is being managed as a record. Smallest atomic unit that can
reach disposition. Characteristics of a record:
1) It is assigned a retention rule from the official retention schedule
2) It may only be deleted or transferred, in accordance with the formal
records disposition process
3) Metadata is recorded about the record
One of (3) possible choices of Document Status (along with Reference or
Work In Progress) specified during document declaration in an EDRMS.
Record, Undeclared A document stored in an EDRMS that meets the criteria of a record, and
therefore is a business record, but is not subject to recordkeeping control. It
has not been declared to be a record to the EDRMS, and therefore may not be
known to be a record. Because it has not been declared, it is not subject to the
recordkeeping controls of the EDRMS.
Retention Schedule Also known as a File Plan. The list of approved retention periods and
disposition rules for each business activity or subject within the organization.
Driven by legislative obligations (various laws and regulations that apply to the
municipality), and county operational corporate policies.
Reference One of (3) possible choices of Document Status (along with Work In Progress
or Record) specified during document declaration in an EDRMS. Does not
meet the criteria of a record. Generally, a reference document is needed for
the conduct of business, therefore needs to be retained for a specified period
of time. Sometimes created outside the organization. Not subject to formal
disposition. Will typically be retained for as long as needed, then deleted.
Schedule Two meanings:
1) Noun. The “schedule”. The retention schedule (list of categories and their retention rules)
2) Verb. To “schedule”. The act of applying the retention rules to qualified records.
SAC (System Assisted Classification). A software capability whereby documents are
classified against a pre-determined classification scheme, without user
intervention. The analysis is carried out by software that determines the
document’s subject matter, then proposes the best match against the
classification scheme.
SFD (System Facilitated Declaration). The methods, techniques and (sometimes
proprietary) EDRMS product features that are designed to minimize user
interaction during the classification and declaration of electronic records.
Administrative Category A category containing documents whereby the business activity is
ongoing without any defined activity end date, e.g. “Travel”. Documents are
qualified for disposition once they reach a certain age, i.e. after 2 years.
Individual documents reach disposition and are processed independently of the
other documents of the same subject. Individual documents can reach the age
of disposition, while those not yet aged to disposition are left behind.
Transfer Move record to a physically separate storage location for permanent storage.
In the case of an electronic record, the original record is removed from the
EDRMS. Also known as “accessioning”.
Unknown One of (3) possible choices of Document State (along with Non-Record or
Record) specified during document declaration in an EDRMS.
Unknown Disposition. Disposition Status is Unknown. See Disposition.
Vital Records Recorded information required to re-establish or continue an organization in
the event of a disaster; containing information necessary to recreate an
organization's legal and financial position and preserve the rights of the
organization and its stakeholders. The informational value is so great, and the
consequences of loss are so severe, that special protection is justified in order
to reduce the risk of loss.
Work In Progress (WIP). One of (3) possible choices of Document Status (along with Reference
or Record) specified during document declaration in an EDRMS. Presumed to
be a record (meets the criteria of a record), but not yet ready to be declared as
a record (i.e. incomplete, not yet approved, etc.). A document stored in an
EDRMS in a WIP state must later be declared as a record.
Schedule B - Applicable Legislation, Acts and Regulations
Municipal Government Act (MGA)
Freedom of Information and Protection of Privacy Act (FOIP)
Limitations Act
All other legislation and regulations that are required
Schedule C - Standards
The following standards that support governance of the EDRMS Portal:
GARP/ The Principles (ARMA):
http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles
ISO 15489:
http://www.iso.org/iso/catalogue_detail?csnumber=31908
Electronic Records as Documentary Evidence:
http://www.scc.ca/en/standardsdb/standards/22952
Administrative Records Disposition Authority:
http://www.im.gov.ab.ca/documents/publications/ARDA.pdf
Schedule D – Security Caveats
ASB Inspections
Economic and Development
Family Services
Financial Services
Fire Incidents
FOIP
Human Resources
Insurance
Law Enforcement
Legal Issues – Administration
Legal Issues – Agriculture
Legal Issues – Assessment
Legal Issues – FCSS
Legal Issues – Planning and Development
Legal Issues – Public Works
Payroll
Personnel
Procurement Services
Training
And any other caveat that may be added at a future date.
Schedule E – County wide approved Naming Conventions
Legal Land Description
Use dashes, no spaces, no leading Ø’s , W6. All segments must be used.
SE-31-72-12-W6 (Quarter) LSD-Section-Township-Range-W6
1-31-72-12-W6 (LSD) LSD-Section-Township-Range-W6
Plan-Block-Lot
In a data field or when needing a “short” format, use no spaces, use ;(semicolons) and in order from largest
area to smallest area.
Plan;Block;Lot
123456;1;1
123456;;1
When writing a document to people that may find the short format confusing, spell out each of the fields to
eliminate confusion. Keep it in the same order.
Plan 123456;Block 1;Lot 1
Roll Number
Store as a number wherever possible. No spaces and no leading Ø’s. It reduces the chance of bad numbers .
10000
131900
Linc
Store as text wherever possible because the leading Ø’s are important. Ensure it matches what is in Land
Titles.
00123454678 Naming Conventions for Addressing
TWP RD – township road – this is as on rural addressing signs and how it is entered into Bellamy
RGE RD – range road – this is as on rural addressing signs and how it is entered into Bellamy
HWY – highway – this is as on rural addressing signs and how it is entered into Bellamy
ST – Street
AVE - Avenue
Rural Address examples:
741002A RGE RD 34 – there is no space between address and “A”, “B”, and so on
54056 TWP RD 710A – there is no space between road number and the “A” of the roads number
6A 54056 TWP RD 710A – no spaces between numbers and letters always—no hyphens
Civic Address Examples
11221A 98 ST – no space between house number and “A” (only if it is a letter)
10014 96A AVE – no space between 96 “A” Ave (only if it a letter)
Always in capital letters
327 SCOTT LANE – name in capital letters
MUNIID
Store as a number wherever possible. These numbers are
assigned by Alberta Municipal Affairs,
and every Alberta Municipality has one.
133 is the County of Grande Prairie’s MUNIID
Phone Numbers in The Hub
780-532-9722 or 1-403-555-1212 No Brackets around area code and no spaces
Schedule F – Records vs Non-Records
OFFICIAL RECORDS VS NON- RECORDS
When handling records—official or transitory—there are two essential legal authorities to consider:
The Municipal Government Act (MGA), enacted under the authority of the Alberta Provincial Government, provides basic information o n the legislated requirements for records management in municipal government. The MGA:
Mandates the municipal records management program,
Assigns accountability to the CAO for management of records in their custody or control,
Requires records retention and disposition schedules for all municipal records, and
Advises on the destruction of municipal records.
The Freedom of Information and Protection of Privacy Act (FOIP) ensures that the municipality protects the privacy of individuals by controlling the manner in which public bodies collect, use and disclose personal information. The FOIP Act:
Requires the municipality to be accountable to the public by providing a right of access to records in the custody or control of the government, subject to limited and specific exceptions, and
Limits the collection, use and disclosure of personal information by the municipality and sets rules for the protection of personal information.
RECORDS IN THE COUNTY OF GRANDE PRAIRIE
What is a record?
The FOIP Act defines “record” as a record of information in any form and it includes:
Notes Maps
Images Drawings
Audiovisual recordings Photographs
X-rays Letters
Books Vouchers
Documents Papers
Any other information that is written, photographed, recorded or
stored in any manner
Records provide evidence of municipal business and can be in any medium or format. Decisions we document that are related to our jobs, whether we use a computer, pen, camera or phone, can produce a record.
There are two classes of records: Official Records and Transitory Records.
What Are Official Records?
Official records document and provide evidence of business transactions. They are records that must be retained and filed in official records systems, and managed in accordance with municipal policies, standards, and practices. These are records that document or provide evidence of a municipality’s business activities.
Official records:
contain information that has ongoing business value,
are required to support business operations,
document and provide evidence of business transactions,
are required by legislation,
protect the rights of citizens and the government,
provide evidence of compliance with accountability or other business requirements, and
have future business, financial, legal, research or archival value.
Official records should be stored securely so that they will be readily available to those who need them and are authorized to access them. They must be retained and disposed of in accordance with an approved Records Retention and Disposition Schedule.
What Are Non-Records?
Non-Records or transitory records are records in any format that are ofshort-term value, with no further uses beyond an immediate transaction.
In other words, transitory records are only required for a limited period of time, in order to complete a routine action or to prepare a subsequent draft or final version.
Non- Records:
have no further value beyond an immediate and minor transaction,
are produced or received in the preparation of other records which supersede them or for convenient reference,
are not needed as evidence of a business activity and, as such, can normally be routinely disposed of,
are not filed in official records systems, and
are not required to meet legislative or regulatory obligations.
Why is it important to effectively manage transitory records? A significant amount of information retained by municipalities is temporary in nature and does not merit long-term retention. It has been estimated that in most cases only 20 percent of recorded information is official, while 80 percent is transitory. Hence, if transitory records are not destroyed, valuable space is taken up on servers and hard drives, in file rooms, workstations and storerooms, and makes it more difficult to locate and retrieve the records that we need.
A records retention and disposition schedule is a legal document that outlines how long records are to be kept, where
they are to be kept, and what their final disposition will be
Examples of Official Records Examples of Non-Records
Policies, directives, briefing notes,
Final reports and recommendations,
Business deliverables,
Draft materials in the preparation of legislation, legal documents, audit reports, etc.,
Accounting working papers,
Work plans, schedules, assignments and performance results,
Materials of historical or research importance,
Agendas and minutes of meetings, or
Legal agreements of any kind.
Advertising materials and junk mail,
Blank information media such as obsolete stationery and blank forms,
Notices of social events such as retirements or office parties,
Duplicate copies used for convenience,
“FYI” email notices on meetings,
holidays, boardroom reservations etc.,
Photocopies of departmental publications, or
Draft documents, working or research materials used in preparation for the final version.
Schedule G – Retention Schedule (File Plan)
Currently a work in progress