The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Step 1 of 4: Management and organisational records management

1.1 Records management organisation

Your business has defined and allocated records management responsibilities.



1.2 Records management policy

Your business has approved and published an appropriate records management policy. This is subject to a regular review process.



1.3 Records management risk

Your business has identified records management risks as part of a wider information risk management process.



1.4 Records management training

Your business incorporates records management within a formal training programme. This comprises mandatory induction training with regular refresher material, and specialist training for those with specific records management functions.



1.5 Monitoring and reporting

Your business carries out periodic checks on records security and there is monitoring of compliance with records management procedures.