Skip to content
contact us | home | accessibility


Google Custom Search
good practice and innovation
about us infoKits Tools & Techniques Publications Events
You are here: Home » infoKits » Records Management » Records Retention - Risk assessment and vital records


Overview and Introduction
- What is a Record?
- What is Records Management?
- What is the Lifecycle of Information?
- What are Retention Periods?
- Why is Records Management Necessary Now?
- Legal and Regulatory Compliance
- Adopting a Records Management Programme
- Steps Towards Good Records Management
The Information Audit
- Why Do It and Where To Start?
- Objectives of the Information Audit
- A Health Warning
- The Relationship between Policy and Audit
- A Communication Strategy
- Information Gathering
- Electronic Records
- Good Housekeeping and Making Better Use of Investment
Functional Analysis
- Advantages and Disadvantages of Functional Classification
- A Practical Example
Records Retention Schedules
- Risk Assessment and Vital Records
- Disaster Recovery and Controlled Destruction
Implementation and Review
To Conclude
Sources of Further Information and Training






Risk Assessment

There will be a number of significant records for which there appears to be no clear-cut period of years for which the record has to be maintained.

There are two ways of dealing with this problem.

  • Conduct a risk analysis on the probability of the record being needed against risk of the cost to the institution of the record not being recoverable. Then the retention period would be determined on the basis of reasonable risk. Broadly speaking demand for any class of records tends to follow a similar pattern, which if plotted on a graph tends to look as follows:

    Records Usage Graph

    There will be a point at which demand for use drops below the defined threshold which can be set by the institution. A decision can then be taken on the basis of probability of recall against the consequences of not being able to produce the record.

  • The second option is to mark all material which cannot be given a definite retention period with a 1st and 2nd review date. Typically these might be set at 3 and 6 years, or 5 and 10 years. The 2nd review should be the point at which it is possible to determine whether it is necessary to keep the records permanently i.e. 30 years plus, or whether they could now be destroyed.

As a general point of good practice it is probably wise to have a system that where there is a clear-cut retention period the record is disposed of without further consultation.

Most of the JISC projects previously cited contain detailed information about retention periods usually taking the Study of the Records Lifecycle as the starting point.

An example from a planning and strategy function of a large University can be found at A records lifecycle for planning and strategy functions.

Another example relating to employee records can be found on the JISC website.

The only exception to this rule would be new legislation, applied retrospectively, which effectively alters the retention period. For this reason it is sensible when choosing a records management system, or developing one in-house, to allow for global changes to this data field.

Where material has to be reviewed after a period of years it is sensible to consult. Experience suggests that those consulted will be cautious. The 'just in case' mentality is normal. One criterion which should be considered is how often the record has been retrieved and whether there is any definable pattern.

Vital Records

Vital records are those records essential to the functioning of a college or university. They are those records that protect the interests and rights of the institution, its staff, students and other major stakeholders. As a matter of course they are likely to include current year financial information, records relating to current students and those relating to staff benefits, insurance, pension rights, proof of ownership, legal proceedings, and decisions.

With very few exceptions vital records should be duplicates and should be stored away from areas where the originals are being used. If these take the form of computerised records then they should be up-dated regularly as part of the normal back-up process and stored outwith the main processing and network areas.

Some vital records will be identified as part of the Information Audit but it really requires a distinct programme to bring the elements together fully. The objectives are:

  • To define the vital records

  • To ensure Senior Management buy-in

  • Identify potential hazards

  • Designate appropriate protection methods

  • Select appropriate storage sites and methods

  • Develop operating procedures

  • Bench Test programme procedures
Bookmark and Share
Link to the JISC Website

© 2009 Northumbria University, on behalf of JISC Advance
JISC infoNet is a JISC Advance service
This website is powered by Plone

 JISC Advance logo
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)