What is records management and what does it entail?
Records management (RM) is a field of management that oversees the creation, receipt, storage, use, access, maintenance, and disposal of records, whether in paper or digital format. It involves the supervision and administration of records throughout their lifecycle to ensure proper organisation, accessibility, and compliance with regulatory requirements.
- £5,000 to spend on IONOS products
- Individual support from cloud experts
- Secure solutions, hosted sustainably
Why is records management important?
Records management focuses on:
- Reducing lost and misfiled documents
- Helping to organise existing documents better
- Enabling quicker search and retrieval of documents
- Improving the general work processes as well as efficiency
- Increasing office space by reducing the amount of space needed for documents e.g. filing cabinets.
As well as improving the daily storing, modifying and sharing of documents, records management also establishes policies and standards so various types of records can be maintained:
- Identifying what records exist by maintaining a records inventory
- Applying required retention periods to stored items
- Disposing of documents
- Applying legal holds to records when necessary
- Identifying the owner of each records series
- Determining that a chain of custody and a proper audit trail both exist
- Developing and administering defined records policy and procedures, regardless of whether the records are paper or electronic
- Maintaining records throughout their life cycle
As a company grows, it gets more difficult to keep an overview of where documents are stored, whether they’re up-to-date, or if you even still have them.
The aim of records management is, therefore, to help a company make documents accessible for both business operations and audits. Spreadsheets are a great way to track where records are stored. Many small or medium-sized businesses use this method, but for larger businesses, records management software suites are more suitable and often have accounting software included.
How to comply with legal requirements
For many companies, it’s not simply a case of deciding whether to organise your documents correctly using records management; it’s actually a legal requirement. These are some of the problems you may face if you don’t comply:
- Be fined
- Risk of being audited by authorities
- Possible damage to reputation
- Risk of prosecution and claims for damages
Failure to maintain proper accounting records in the UK can result in fines of up to £3,000 per accounting period from HMRC. In serious cases, directors can face disqualification for up to 15 years under the Company Directors Disqualification Act 1986, especially if poor record-keeping leads to financial misconduct or tax evasion. Additional penalties may apply if missing records result in unpaid taxes, with fines potentially reaching 100% of the unpaid amount.
When complying with records management regulations, businesses must consider both national and international requirements. ISO 15489 is the leading voluntary standard that provides guidance on how to maintain an archive system
ISO 15489 Standard
This international standard has been implemented in the UK as BS ISO 15489-1:2016. It has been adopted in over 50 countries and translated into more than 15 different languages. It provides organisations with a theoretical framework for recordkeeping and highlights the importance of records management. Topics covered include:
- Metadata for records
- Records systems and controls
- Records monitoring
- Training for effective records management
- Creating, capturing, and managing records
While ISO 15489 is not mandatory, it serves as a best practice guide. However, certain retention periods must be complied with under UK law. For example, the Limitations Act 1980 states that all business contracts, agreements, and other arrangements need to be safely stored for the length of an employee’s contract plus six years after they leave.
Email records management
It is important to ensure that both physical and digital records, particularly emails, are properly managed. Emails may be considered business records if they involve transactions, agreements, or other business-critical communications. Businesses should establish clear policies on email retention.
For further guidance, you may find the following articles useful:
GDPR and the Data Protection Act 2018
As mentioned above, the General Data Protection Regulation (GDPR) came into effect in May 2018 and contains special provisions for archiving personal data in the public interest. The Data Protection Act 2018 (DPA 2018) is the UK’s implementation of GDPR and also came into effect in May 2018, replacing the Data Protection Act 1998.
The DPA 2018 applies only to data related to living individuals. It sets out requirements for:
- Accuracy of stored data
- Keeping data up to date
- Ensuring data is kept only as long as necessary
- Ensuring appropriate security measures to protect against unauthorised processing, access, loss, destruction, or damage
Fines for non-compliance
Businesses that fail to comply with the Data Protection Act 2018 can face fines of up to £17.5 million or 4% of annual turnover—whichever is higher. Non-compliance with GDPR or suffering a data breach could also result in penalties of up to £17.5 million or 4% of global annual turnover.
Retention periods and HMRC requirements
Businesses must adhere to specific retention periods for certain types of records:
- Financial records: At least 6 years under HMRC rules
- Employee records: Length of employment plus 6 years
- Tax records: 5 years from the latest tax return submission
- Health & safety records: Minimum 40 years in some cases
By following records management best practices and legal requirements, businesses can ensure compliance, protect sensitive data, and avoid legal penalties.
Please note the legal notice for this article.