It is advised to ensure that Policies and Procedures are in place. You should implement an Information Policy recognising documents as important organisational assets, a Retention Policy, based upon a schedule for each type of record and an Information Security Policy.

Information Policy

Procedures for their classification, structure, security, management and monitoring should be put in place based upon their individual type.

Retention Policy

This should state retention periods (irrespective of whether the format is paper, microform or electronic), criteria for review/disposition and procedures for controlled destruction. Useful guidelines are provided on the UK Public Record Office site.

Information Security Policy

An Information Security Policy, ensuring confidentiality (see also the section on Data Protection) and the protection of the integrity of information assets. A Business Continuity Policy should be included to ensure that vital records are protected in the event of major equipment, environmental or personnel failure. Overall, in implementing electronic Document Management, roles, responsibilities and procedures should be defined for:

• Document preparation and batching
• Photocopying
• Scanning
• Indexing
• Quality control of captured images and data
• Rescanning
• Document workflows
• Revision control
• File transmission/migration
• Backup and recovery
• System maintenance and administration
• Retention and disposition

Full systems description manuals should be maintained for all hardware and software components. Please also see the section providing advice on the maintenance of comprehensive Audit Trails.