Below we have provided a checklist of 25 activities to progress in order to ensure that your records management operations are robust and fit for purpose:

1. Review the Records Management Policy to check it is in existence, up to date, approved and distributed.

2. Review the Records Management Procedures to check they are in existence and cover the entire records lifecycle for both physical and digital data / information, are up to date, approved and distributed.

3. Review the Records Retention Schedule to check it is in existence, up to date with regards current laws and regulations, is approved, and distributed.

4. Review the Intranet content relating to records management to see if it needs revising to reflect current policy and procedures. Check that all document and other links are working.

5. Check if an Information Asset Register exists when it was last updated and if the assets have been tagged to retention policies. Promote that the IAR is used by asset owners / administrators to engage with their retention and disposal responsibilities.

6. If there is a separate ROPA (Records of Processing Activities), check that the retention policies it contains are up to date.

7. Based on the IAR or other sources, identify all systems of record, understanding which content is held where for what purpose. Further to this:

* Review to see if there is duplication of storage

* Spot check that records can be easily located

* Review that systems provide adequate functionality for applying security, version control, search, audit trails, retention, and disposal

* Identify electronic records that should be migrated into a system from less controlled environments

8. Consider how retention policies will be applied within your organisation to:

* Network Drives

* Collaborative workspaces / Chat and Conferencing content

* Content Management systems

* Line of Business Application data

* Web content

* Social Media content

* Email

* Physical records in office filing

* Archived physical records

9. Review the disposal review and approval process, including awareness of whether there are legal “holds”. Check what disposal audit trails are being captured.

10. Review current Privacy Notices to check that they contain the most up-to-date retention policies.

11. Check that consistent templates exist for all controlled documents.

12. Review what file and folder naming conventions exist and the extent to which they are actively used.

13. Check the review and approval process for controlled documents, including tools for document collaboration and revision.

14. Review whether a corporate file plan and metadata standards have been created and introduced. Discuss any current Master Data Management standards that might exits with IT / Data Governance colleagues. If required, consider developing baseline schemes for different business functions.

15. If there is a production process for document scanning in the organisation (for example in the post or print room) ascertain whether this has been evaluated against BS 10008 for the purposes for supporting legal admissibility and evidential weight.

16. Evaluate how office paperwork can be reduced via approaches such as:

* File weeding / disposal based upon retention policies

* Using e-Forms and/or Electronic signatures

* Document scanning

* Regular archiving

17. Review physical file storage to check aspects such as:

* Organisation and sequencing

* File titling, labelling and use of cover sheets

* The need for file registers

* Whether barcode file tracking will add value in tracking and tracing files / boxes / items

18. Review archive storage to verify that it is suitable and professionally managed, including:

* That records are not being inappropriately stored in lofts, basements, garages, outbuildings, self-storage units etc.

* That files and boxes at offsite storage have been properly catalogued

* That there are effective retrieval, return, scan-back and destruction processes

19. Identify if there is an appropriate archive happy to accept historic documents and other materials and that there are agreed and working deposit arrangements with them.

20. Review information rights processes – such as requests under Freedom of Information and Environmental information Regulations, or Data Subject Access Requests – to see if improvements can be made from a records management perspective.

21. Engage with the DPIA (Data Protection Impact Assessment) process to offer support and advice from the records management perspective.

22. Review the corporate risk register for what information-related risks are included.

23. Review with the Legal team if there are records management improvements that can assist in identifying and protecting content for eDiscovery / Disclosure purposes.

24. Explore whether a Digital Preservation strategy exits within the organisation to ensure that electronic content will remain accessible and usable over time.

25. Review or create a Training Needs Analysis and Communications Plan for records management, ensuring that this has both corporate and “localised” team-based approaches.