Whenever any organisation retains information, especially when this relates to individuals, there are certain legal requirements that need to be followed. We can help you with compliance.

Standards

Two of the most common and well-known standards currently in use are ISO 15489, an international standard and MOREQ, a European Standard.

ISO 15489

This is an international standard that defines best practices for the management of both paper and electronic documents and records. The standard is defined and maintained by the International Organisation for Standardisation (ISO).

 

The ISO 15489 standard is aimed at organisations who need to ensure that their documents and records are properly maintained, accessible, categorised, and indexed from the start of their life, which would be their creation, to the end of their life, which could either be disposal, archiving, or moving them to offline/offsite storage.

MOREQ  Model Requirements for the management of Electronic Records

This is a European standard for electronic records management that was developed by the IDABC (Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens).

 

MOREQ is a functional specification of the requirements for the management of electronic records. It includes sections for classification schemes, controls and security, retention and disposal, capturing records, searching, retrieving and rendering, and administrative functions.

 

Acts of Law

The following sections are concerned with legislation affecting ERM, especially holding information relating to individuals.

Freedom Of Information Act

This relates to the rights of both individuals and organisations to access information regarding almost any subject, provided that information is not subject to national security.

 

Freedom of Information requests can be made by virtually anyone to any organisation, and the organisation is obliged by law to provide this information. It is therefore necessary for the organisation to have an adequate records management system in place to facilitate these requests.

The Data Protection Act 1998

This act is concerned with how information relating to individuals is stored within organisations. It lays down procedures required for storing and maintaining information about individuals and details their rights regarding access to the information.

Other Acts of Law and Regulations

The Freedom of Information Act and the Data Protection Act are not the only Acts of Law to state the importance of satisfactory records management.

BSI PD 0008

This was developed by the British Standards Institution and is concerned with the "Legal Admissibility and Evidential Weight of Information Stored Electronically". It essentially relates to whether electronic documents and records have legal status and can be used in a court of law, and whether electronic documents have the same evidential weight as their paper counterparts.

 

The standard is primarily concerned with the authenticity of electronic documents and records and storing them in such a way as to prove their authenticity.

Financial Services and Markets Act 2000

The Financial Services Authority (FSA) are responsible for enforcing the rules of the Financial Services and Markets Act 2000. The FSA handbook includes recommendations on document and records management, with Rule 6.3.1 (6) requiring that organisations need to retain all accounting records for a minimum of 6 years. The rule also requires that, for the first two years, records need to be stored using a method whereby they can be available, and can be produced, with 24 hours of request.

Sarbanes-Oxley Act

This act came into force in the Unites States in 2002. It focuses on greater corporate regulations and introduces more stringent accounting practices for US Organisations.

International Financial Reporting Standards

These standards are the result of a decade-long initiative that aims to standardise the core elements of accounting methods used around the world. From 2006 onwards, most major companies in Europe will have adopted the standard and will be using its methods for submitting their accounts.

The e-Privacy Directive

This became law in the UK in October 2003 and is concerned with organisations use of electronic communication for direct marketing purposes. The electronic communication methods it covers are phone calls, emails, and interactions between the organisations web sites and its visitors.

Environmental Information Regulation 2004

This came into force in the UK on Jan 1st 2005, which coincided with the Freedom of Information Act 2000. Like the Freedom of Information Act, the Environmental Information Regulations state that the public has the right to access environmental data held by public authorities and certain other organisations.