data retention policy - gov.uk · pdf filedata retention policy v1.0 page 1 of 89 ... 6.1...
TRANSCRIPT
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 1 of 89
Data Retention Policy
Policy Reference No: DBS 113
Date of Implementation: 6 December 2013
Policy Owner: Security & Facilities
Policy Author:
Version: 1.0
Review Date: December 2014
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 2 of 89
1.0 Policy Statement 4
2.0 Scope 4
3.0 Principles 5
4.0 What it means in Practice? 6
5.0 Links 6
6.0 Appendix A 6
6.1 Customer Relationship Management System (CRM)- 6
6.2 Applicant Personal Data 8
6.3 Investigation Team STOP Files – Applicant Personal Data 10
6.4 Update Service Registered Applicant Personal Data 11
6.5 Credit Card Payment Details for the UPDATE SERVICE 12
6.6 Registered Body Data 13
7.0 Corporate File Plan (CFP) 15
8.0 Disclosure Business Functions 16
8.1 Accommodation / Health and Safety/RISK 16
8.1.1 Business (Disclosure) Transition and Assurance Team - Transition
Team 17
8.1.2 Business (Disclosure) Transition and Assurance Team - Assurance and
Procedures Team (APT) 18
8.1.3 Disclosure Assurance/Assurance Analysis 21
8.1.4 CEO Secretariat 22
8.1.5 Commercial 23
8.1.6 Combined Investigations Unit 26
8.1.7 Customer Services 28
8.1.8 Data Protection and Records Management 36
8.1.9 Equality and Diversity Team - HR 38
8.1.10 Financial Accounts 40
8.1.11 HR 42
8.1.12 Operations 47
8.1.13 Police Finance 58
8.1.14 Police Performance Team 59
8.1.15 Policy, Information Governance & External Governance 60
8.1.16 Performance 63
8.1.17 Programme 64
8.1.18 Registered Body Account Management 69
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 3 of 89
8.1.19 Registered Body Training Communications 71
8.1.20 Security 72
8.1.21 Standards and Compliance Unit 74
8.1.22 Communications 76
9.0 Operational Barring 80
9.2 Initial Review Trigger Process 80
9.3 Subsequent Review Trigger Process 81
9.4 Clear Period Trigger Review Process 81
9.5 Statutory/Prescribed Trigger Process 82
9.6 Update Trigger Process 82
9.7 Report of Death Trigger 82
9.8 Disposal of Information 82
10.0 Barring Operational Data 83
10.1.1 SVGA 2006 (Barred List Prescribed Information) Regulations 2008/16
85
11.0 Appendix B - Abbreviations 87
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 4 of 89
1.0 Policy Statement
1.1 The DBS is responsible for creating, maintaining and implementing retention criteria for its own records. 1.2 This document sets out the Disclosure and Barring Service (DBS) Policy on the disposal and retention of records. It applies to all records, both in paper and electronic form.
2.0 Scope
2.1 The document is in three parts. The first section relates to Applicant Disclosure Records held in the Customer Relationship Management System (CRM), the second section relates to information stored within the Corporate File Plan (CFP) on POISE broken down by Directorate/Business unit for ease of use, and the third relates to Operational Barring data held in both electronic and paper form. 2.2 This document is intended for use by DBS staff when applying retention or disposal criteria to their records. However the physical deletion of the records stored within the CFP will need to be undertaken by the Units Records Advisor. It is a living document and will be updated to reflect changes in working practice when required. 2.3 Further information on general government record appraisal, selection and disposal can be found in the Lord Chancellor‟s Code of Practice on the Management of Records under Section 46 of the Freedom of Information Act (FOI) 2000. The Code sets out that under FOI the disposal of records is undertaken in accordance with clearly established policies. 2.4 The CFP section of the Policy shows the periods when particular types of DBS records should be reviewed to determine if there is an ongoing business need, if the record should be retained, destroyed or permanently preserved. Please Note: Staffing information held within each Business Unit should be retained in accordance with the HR section of the Policy. 2.5 Individual HR records for staff i.e. Sickness Absence Management (SAM) Performance etc should be held on the staff management file in accordance with Human Resources Policy. 2.6 Any queries relating to this Policy in the first instance should be directed to the Data Protection Officer or the Records Management Team.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 5 of 89
3.0 Principles
3.1 One of the main aims of successful record management is to be able to find, quickly and readily, any information requested. The introduction of the FOI Act in January 2005 reinforced the need to know what we hold and be able to locate it promptly. 3.2 In order to support this objective this document describes the types of documents that are used by the DBS by
-Directorate/Business Unit -what the business purpose is and
-when they should be destroyed. 3.3 The DBS will review information regularly to ensure that it is:
Necessary – the information must hold some value for the DBS to carry out its functions.
Proportionate – in order to justify the retention of the information, it must be proportionate to retain the information against the impact on individuals Human Rights, specifically in Human Rights Act Article 6 – Right to a Fair Trial and Article 8 – Right to Respect for Private and Family Life
Adequate – in order to justify the retention of information, it must be as complete as possible
Relevant – information must be fit for the purpose for which it is held
Accurate and up to date – all record details must be accurate, records must be updated with any new information
Of Historical value - it may also be necessary to retain information of particular legal or historical significance. This relates to past-periods data, used usually as a basis for forecasting the future data or trends. From a DBS perspective papers relating to the setting up of CRB/ISA and subsequently DBS would fall into this category.
3.4 Factors which may impact on the retention of information are:
The Age of Information – As time progresses information can become increasingly inaccurate
The Reliability of Information – May be questioned/unreliable where the information is unproven
The Reliability of the Source of Information – Sources of information may prove to be unreliable or false allegations may be made
Social Change – Changes in social acceptability of actions by individuals
Legislative Change – Changes in legislation can influence or be influenced by social change, bringing into question the continued retention of information.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 6 of 89
4.0 What it means in Practice?
4.1 The relevant owners of the documentation are responsible for its review in line with this Policy this also includes documents held in paper form. When the retention target is reached the information will need to be reviewed to confirm that the information is to be destroyed. This is because there is no further business, statutory or historical reason to keep them or select them for re-review at a later date either because business need is ongoing or because of potential historical value. 4.2 Any documents that are stored within the electronic records folders that need to be deleted will need to be highlighted to the relevant Unit‟s Record Advisor for deletion to take place. 4.3 Barring case workers will apply the Policy as appropriate to Barring casework referring to Operational Policy for standing instructions. The Data Retention Champions will also oversee the process.
5.0 Links
CFP User Guide F:\_CFP\6-Res & Perf\13-Unit Specific Functions\550-DBS\04-Info Mgmt\004-CFP Mgt\02-Records\CFPUserGuide[1].docx RA User Guide F:\_CFP\6-Res & Perf\13-Unit Specific Functions\550-DBS\04-Info Mgmt\004-CFP Mgt\02-Records\RAGuideCFP[1].docx
6.0 Appendix A
6.1 Customer Relationship Management System (CRM)-
CRM is the core system used for storing and processing Disclosure applications as well as maintaining relationships between Registered Bodies and applicants.
The data processed within CRM and supporting team databases are considered as a single logical entity and can be categorised broadly into four groups of data;
-Applicants or applications
-Registered Bodies
-Intelligence, notes and white mail relating to a disclosure application
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 7 of 89
-Related data of external bodies such as Local Police Forces
The criteria for the various categories of data with their retention periods which have been identified are displayed in table form.
The data items and retention periods identified for CRM data are stated only within the scope of DBS Disclosure.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 8 of 89
6.2 Applicant Personal Data
Data Category Retention Period Notes
Data Applicant personal data record. Criteria All disclosure applications, this includes completed Disclosures in addition to those that are only partially completed if withdrawn or processing is stopped for any other reason. Content The purged data will include all nominal (personal) data which can positively identify an applicant. This includes the data taken from the original application form, notes, disclosure details, service requests and any related inbound or outbound white mail. It will also include the image of the original individual application form plus the image of the disclosure certificate.
CLEAR DISCLOSURES Delete after 7 years from the date of issue of the disclosure certificate, or from a cancellation or withdrawal of the disclosure application. DISCLOSURES CONTAINING SOME FORM OF INFORMATION Delete after 15 years from the date of issue of the disclosure certificate, or from a cancellation or withdrawal of the disclosure application
Anonymised data should be retained for current MI purposes and can be held for as long as operational requirements dictate and for future MI reporting. This anonymised data will be categories such as age profiles, regions, type of employer, etc and will not identify individual applicants.
Manual Certificates
The Manual Certificate process is a contingency process which is used when a system based certificate is not possible. Information is retained in hard copies for certificates issued up to 2011 and records are kept electronically for all subsequent manual certificates on CRM in Q Drive in accordance with timeframes set for system based certificates.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 9 of 89
Telephone Recordings – 4 years from the date the call was made.
All telephone calls are recorded with the exception of telephone lines deemed unsuitable for recording i.e. TUS, Security.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 10 of 89
6.3 Investigation Team STOP Files – Applicant Personal Data
STOP files are a repository for storing cases DBS previously investigated where the DBS Investigating Officer has deemed it necessary to retain their nominal information together with the documents used to support the DBS Application in order to monitor the individual if they reapply and commit the same offence. The data can either be individuals who have been forwarded for Police investigation or have been issued with a Warning Letter reiterating the offence that has been committed and to advise that any repeated attempts to circumnavigate the system may result in Police action.
Data category Retention period Notes
Data Applicant personal data record. Criteria This is an exceptional case where the applicant appears on the INVESTIGATIONS TEAM STOP files Content A subset of the personal data including full name date of birth, passport numbers, nationality, driving licence number National Insurance number, reason why they are in STOP file. Additionally, some files consist of Registered Body, employer, position applied for and all relevant notes and supporting intelligence.
Delete after 15 years from the time the applicant has been placed on the STOP file.
This will comply with fraud requests and will aid as evidence in potential prosecutions
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 11 of 89
6.4 Update Service Registered Applicant Personal Data
Data category Retention period Notes
Data Applicant personal data record currently registered under the Update Service. Criteria Currently registered Content Includes all personal and audit data relating to the registrant.
Retain all data for the lifetime of the current registration.
Anonymised data should be available for current MI reporting purposes. This anonymised data will be categories such as age profiles, regions, type of employer, etc and will not identify individual applicants.
Data Applicant personal data record no longer registered under THE UPDATE SERVICE Criteria All DBS applicants who cancel subscription to the service, withdraw or whose subscriptions are cancelled or invalidated. Content The purged data will include all nominal (personal) data which can positively identify an applicant. This includes the data taken from the original registration form, notes, certificate details, service requests and any related inbound or outbound white mail. It will also include the image of the original individual application form.
CLEAR Certificates Delete after 7 years from the time their subscription is cancelled, withdrawn or invalidated. CERTIFICATES CONTAINING SOME FORM OF INFORMATION Delete after 15 years from the time their subscription is cancelled, withdrawn or invalidated.
Anonymised data should be retained for current MI purposes and can be held for as long as operational requirements dictate and for future MI reporting. This anonymised data will be categories such as age profiles, regions, type of employer, etc and will not identify individual applicants.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 12 of 89
6.5 Credit Card Payment Details for the UPDATE SERVICE
Data category Retention period Notes
Credit Card Details Non Automatic renewal -18 months Automatic Renewals- -18 months after they‟ve expired.
Card details are encrypted and stored securely for refund purposes. Card details will be encrypted and stored securely until they are automatically deleted.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 13 of 89
6.6 Registered Body Data
Data category Retention period Notes
Data All data relating to Registered Bodies, but excluding personal details of the signatories. Criteria To include Registered Bodies that are currently or no longer registered. It will include those completed Disclosures in addition to those partially completed if withdrawn or processing is stopped for any other reason. Content This would include the organisation name, address, etc.
Retain all data for the lifetime of the current registration and there after for as long as operation requirements dictate.
Data Personal records relating to Registered Bodies, such as those on lead and counter signatories. Criteria To include members of all Registered Bodies who are currently or no longer registered. It will include those completed Disclosures in addition to those only partially completed if withdrawn or processing is stopped for any other reason. Content This relates to personal
Retain all data for the lifetime of the current registration including the image of the original DBS application form. CLEAR CERTIFICATES Delete after 7 years after the signatory or registered body have ceased. DISCLOSURES CONTAINING SOME
Personal records of counter signatories should be kept for as long as operational reasons allow, especially in the context of signatories who have been cancelled and their re-application must be monitored.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 14 of 89
details of lead signatories and counter signatories.
FORM OF INFORMATION Delete after 15 years after the signatory or registered body have ceased.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 15 of 89
7.0 Corporate File Plan (CFP)
The Corporate File Plan (CFP) is the Home Office structure for filing both electronic and paper documents and records. The CFP only holds information up to and including RESTRICTED. The CFP is organised around the work we do, rather than who we are. This means it is organised by „functions‟ and „activities‟, rather than by Directorates and Units. The CFP differentiates between documents and records and these can be
shared with others, including those outside of your Unit/Section, helping us all
to work more efficiently and effectively. For example it can help reduce
duplication of documents, which can happen if we don‟t know a piece of
information already exists.
Folder Definitions
Documents: Information that is work in progress should be stored in the documents folder i.e. a report you are working on or a spreadsheet you are updating. This information when complete should subsequently be transferred to the records folder. Records: Information should be stored in the records folder when it is a finalised document. On transfer to the records folder no further amendments can be made unless a further version is saved. The application of retention periods set down within this Policy applies to both electronic and paper records. All information held needs to be reviewed and action documented periodically in line with this document and information deleted as appropriate.
Each business area within the DBS retains the responsibility for ensuring that documents are correctly filed within electronic folders or paper in files. The data listed on the following retention schedules is data stored
within the CFP.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 16 of 89
8.0 Disclosure Business Functions
8.1 Accommodation / Health and Safety/RISK
Records Advisor:
Document Type Retention Period
Accident Book - Paper copies- HSE requirement
3 years from date of last entry
Accommodation Forum - Actions, plans, minutes,
5 years delete
BCP Plans - Plans relating to procedures/contacts in the
event of an emergency
Until Superseded
DSE Assessments - Paper copies, Record of DSE assessments
3 years delete
Equality Impact assessments and PES - Drafts, review sheets, , consultation reports
5 years delete
E-requisitions, FM requests and Work Orders - Copies of e-reqs, operating agreement, update sheet, statistics,
7 years delete
Facilities, Property and Sustainability - Property, building management, facilities and
utilities data,
5 years delete
First Aid and Fire warden - Lists, training details, E-mails
5 years delete
Health and Safety Committee & Subgroup - Minutes, action plans, updates, E-mails
3 years delete
Health and safety Policy and Procedures - Drafts, review sheets,
5 years delete
Reportable injuries, diseases and dangerous occurrences -Paper copies- HSE requirement
3 years delete
Risk Registers- Corporate/Health &Safety - Registers detailing risks identified, mitigating
actions and RAG status
Until Superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 17 of 89
8.1.1 Business (Disclosure) Transition and Assurance Team - Transition Team
Records Advisor:
Document Type Retention Period
Budget Records 6 years from end of financial year
E-mails relating to Projects retained for audit trail to confirm decision making
5 years delete
Expenses Records including spreadsheets. 6 years from end of financial year
IT Requests - All IT request forms.
1 year after completion
Meetings Minutes - All meeting minutes & agendas from
project meetings to individual team
meetings.
5 years delete
Processes - Business processes
2 years delete
Project Documents - VBS, LISC, CRR, Convergence, THE
UPDATE SERVICE, AMS –
Documentation & Plans
5 years after implementation
Reports - Project/Business
10 years delete
Risks & Issues - Business Integrity
2 years after closure
Stats - To include adhoc statistics relating to
on going projects, Data quality and
team related.
5 years delete
Travel/Finance records - Requisition records, including travel
bookings/hotel bookings RTP and
associated spreadsheets.
6 years from end of financial year
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 18 of 89
8.1.2 Business (Disclosure) Transition and Assurance Team - Assurance and Procedures Team (APT)
Records Advisor:
Document Type Retention Period
Blank Templates of global e-mail, procedures, bulletins - Used regularly to format, review &
publish procedures
Until superseded
Comments & responses to procedure reviews – spreadsheets - Provides audit trail of process
changes, decisions
6 years delete
Completed AF10 Change Request Forms (document library) - Provides audit trail of process
changes, decisions made
6 years delete
Current Operational Procedures and Bulletins - Current staff instructions Until superseded
Database Management , request forms, drafts, errors logs - Audit trail of requests for new Access
databases, errors
2 years delete
E-mail Correspondence relating to processes / projects received & sent - Provides audit trail of process
changes, decisions
10 years delete
re CFP setup/retention sent & rec‟d - To track CFP changes requested in
case of issues 1 year after request completed
relating to risks, audits & security - Log of actions taken, decisions made 6 years delete
to/from Capita PSO - Audit trail of decisions made on
document review process When superseded
Letter Templates – sent to RBs / applicants - Used as reference material for
procedures
10 years delete
Meeting agendas and minutes - Audit trail of decisions made 2 years delete
Organisation Design, Service Delivery, job Until Superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 19 of 89
definitions, org charts, functions & process flows - Sets out Service Delivery in 2009
Previous procedure worksheets/database - Provides audit trail of process
changes, decisions 10 years delete
Previous versions of Operational Procedures & bulletins (document library) - Provides audit trail of process changes
- for FOI requests / general info
Delete 10 years after superseded
Previous versions of Database - Provides audit trail of document
reviews & where docs are stored
6 years delete
Previous Visio process maps of DBS application processes, projects - Provides audit trail of process changes
6 years delete
- Project related E-mails 10 years delete
Project release schedules 2010-11 - Audit trail of project go-live dates 2 years delete
Project Review comments & Author‟s responses (Excel) - Provides audit trail of process
changes, decisions
10 years delete
Project Review documents e.g. THE UPDATE SERVICE, VBS, New projects etc (Word docs) - Provides audit trail of process
changes, decisions
10 years delete
Screenshots of CRM, databases used by other teams - Used regularly – copy & pasted into
new/updated procedure docs
Until superseded
Service Delivery Audit log – spreadsheets - Log of actions taken, decisions made 6 years delete
Service Delivery Risk log – spreadsheets - To manage risk – log actions taken,
decisions made 6 years delete
Staff training – and information 6 years delete
Team calendar (Excel) current & previous years
2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 20 of 89
- To log leave
Templates - E-mail templates used when sending
documents for review When superseded
Visio process maps – of DBS application processes, new projects - Used regularly as reference material
for procedures & project reviews
Until superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 21 of 89
8.1.3 Disclosure Assurance/Assurance Analysis
Records Advisor:
Document Type Retention Period
E-mails -Project Quality -Staff Related -Team Related
5 years delete
Guides - Management Checking Guidance/frameworks
2 Years after new version
Meetings Minutes - All meeting minutes & agendas from
project meetings to individual team
meetings.
2 years delete
Processes -Procedures -Checking Guidance
- Frameworks
2 years delete
Project Documents/Work Orders - VBS, Crosschecks, low score work orders
and project work.
2 years after implementation
Reports - Quality/Business
6 years delete
Stats - Quality/Individual/Projects
2 years delete
Templates - Pro forma‟s etc
1 Year after new version
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 22 of 89
8.1.4 CEO Secretariat
Records Advisor:
Document Type Retention Period
Briefing documents - Briefing notes - Visits - Meeting agendas - Programme‟s
2 years delete
Correspondence files - Covering a variety of folders relating to major projects
Review after 5 years
Hospitality Register 10 years delete
Minutes of meetings and agenda - Circulated
papers/reports/presentations
containing recorded minutes of
meetings and topics for
discussion for the following
meetings:
Board
Senior Management Team
Audit & Risk Committee
Remuneration
Quality & Standards
Finance & Planning
Equality & Diversity
Health & Safety
JCNC
15 years then consider for Permanent preservation
Sensitive correspondence folders - Covering a variety of
documents of a sensitive nature
and with user access limits
- Expenses
- Personnel letters for staff
- PDR‟S
- Valedictory letters
Review after 7 years with a view to destroy any non critical documents
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 23 of 89
8.1.5 Commercial
Records Advisor:
Document Type Retention Period
Accommodation Capita - Audit trail of accommodation provision under
Capita contract
6 years from end of PPP Agreement
Budget - Audit trail for Commercial Team budget
6 years delete
Contractual Documents Capita - Contractual documents in support of the PPP
Agreement
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Meetings - Audit trail of commercial discussions
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Scoring - Audit trail of CAF scoring process
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Reports (Service Delivery Reports, Service Credit Calculations, Service Management Reports, Senior Management Reports, SDB Reports, Partnership Reports)
- Reports on contract operation
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Board - Audit trail of decisions made by Capita Supplier
Relationship Management Board
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Awards - Audit trail of applications for supplier awards
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Governance
- Audit trail of governance structure
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Management Information
- Management Information relating to the
delivery of the Disclosure Service
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Contract Issues
- Audit trail of decisions made
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Obligations
- Log of actions taken and decisions made on
contractual obligations
6 years from end of PPP Agreement
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 24 of 89
Supplier Relationship Management Capita – Sub Contractors
- Audit trail of decisions made on Capita sub-
contractors
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Commercials
- Audit trail of decisions relating to commercial
issues
6 years from end of PPP Agreement
Supplier Relationship Management Capita – Promotion of Agreement
- Audit trail of activities undertaken to promote
awareness of the PPP Agreement
6 years from end of PPP Agreement
Schedules Capita - The PPP Agreement
6 years from end of PPP Agreement
Police - Audit trail of commercial activity relating to
police force engagement with DBS
6 years from end of PPP Agreement
Spend - Audit trail of spend with suppliers
6 years from end of contract
Legal Advice - Audit trail of legal advice received
6 years from end of PPP Agreement
Projects Capita - Audit trail of process changes and decisions
made
6 years from end of PPP Agreement
Domestic Matters - Staffing information
6 years delete
Business Plan - Commercial Team contribution to DBS
Business Plan
6 years delete
Audit & Risks - Audit trail of actions taken and decisions made
6 years delete
Projects Other - Audit trail of process changes and decisions
made
6 years from end of contract
All Staff Messages - Staff instructions
6 years delete
Savings - Audit trail of value for money savings
6 years from end of contract
Guidance & Procedures - Staff Instructions
6 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 25 of 89
Control Records - Logs to assist in management of commercial
team activity
6 years delete
PCoE - Audit trail of interaction with PCoE
6 years delete
DBS Contracts - Contract documentations and audit trail of
decisions made
6 years from end of contract
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 26 of 89
8.1.6 Combined Investigations Unit
Records Advisor:
Document Type Retention Period
Archive Databases (cases) - Provides information for future
investigations and audit trail 10 years delete
Archive Databases (DPA) - Provides information for future investigations and audit trail 10 years delete
Archive Databases (Possible Illegal Immigrants) - Provides information for future investigations and audit trail 10 years delete
Contact Lists - Contact details of OGD for current
investigations Until superseded
Correspondence employers, RB's, applicants - provides information for
investigation decisions and audit
trail 6 years delete
Correspondence Other Gov Depts - UKBA, DVLA, General Registry Office, HMRC, NCA, LPF - Legal documents for prosecutions and audit trail 10 years delete
Correspondence letters and responses - provides information for investigation decisions and future reference Audit trail 6 years delete
Current procedures - current staff instructions
until superseded
Electronic records of discussions, minutes agenda‟s, TOR, forums - Management Information and audit
trail 2 years delete
Intel reports - provides information for
investigation decisions and
prosecutions 10 years delete
Live Databases (cases) - work in progress
until completed, then added to Archives
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 27 of 89
Paper records of supporting documentation and signed statements to be used as evidence - For police referrals and
prosecutions Until referred to police and/or prosecuted
Stats spreadsheets - Management Information, Risk
Assessment and QA 2 years delete
Word template letters - current procedures until superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 28 of 89
8.1.7 Customer Services
8.1.7.1 Correspondence
Records Advisor: POISE:
Document Type Retention Period
Aged Application script
- Script to be used by Customer Service staff when contacting customers as part of the Aged Application process to establish if the DBS check is still required
When superseded
Barring Complaints 5 years
Barring Complaints Register 5 years
Complaint & Enquiry Category Codes
- List of Complaint & Enquiry category codes and definitions used to record customer issues for MIS purposes
When superseded
Complaint Correspondence Checklist
- Checklist provided to staff to follow to ensure that correspondence meets expected quality standards
When superseded
Complaint Database documentation
- Documentation and comment sheets relating to the management requirements for establishing and maintaining a Customer Service database to record correspondence details for MIS purposes
When superseded
Complaint Escalation Leaflet
- Leaflet explaining what customers can do if they remain dissatisfied with how their complaint has been handled
When superseded
Complaint Handling Representative list and referral form
- List of designated staff throughout the business that act as Complaint Handling Representatives and a referral form for Customer Service staff to raise issues with them
When superseded
Correspondence Handling processes and best practice guidance
- Guidance for staff on identifying different types of correspondence (MP, Ministerial, Treat Official etc) and how to handle them
When superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 29 of 89
Correspondence Procedure PES
- Equality statement and action plan showing the level of consideration given to protected groups in developing the Customer Service Correspondence Procedure
When superseded
Correspondence QA Guide
- Checklist to be followed by Team Leaders when undertaking QA of correspondence
When superseded
Correspondence statistics for 2005 to 2010 - Monthly breakdown of volumes of
correspondence received, completed and PSS
between 2005 and 2010
5 years delete
Correspondence Trend Analysis reports 2006 to 2008 - Report of monthly volume and trend analysis of
correspondence received between 2006 and 2008
5 years delete
Customer Service Complaint letters - Copies of replies to customer complaints
5 years delete
Customer Service Complaint Referral Form - Form used by Call Centre Team Leaders to record customer details when complaint details taken by them over the telephone
When superseded
Customer Service Ex-Gratia referral form
- Form to be completed by Customer Service staff when referring a case to HEO‟s to consider awarding a redress payment to customer
When superseded
Customer Service letterhead
- Letterhead containing Customer Service details to be used when drafting correspondence
When superseded
Customer Service letters from 2008 to 2011
- Copies of letters issued by Customer Service between 2008 and 2011 in response to customer correspondence
5 years delete
Customer Service letters from 2012
- Copies of letters issued by Customer Service in 2012 in response to customer correspondence
5 years delete
Customer Service staff training matrix
- Spreadsheet showing the training schedule and training completed by Customer Service staff
6 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 30 of 89
DBS Complaint and Resolution Model - Corporate documents providing a definition of
what a complaint is and details of the complaint
escalation process
When superseded
FAQ Database
- FAQ Database for reference by staff to find answers to common questions
When superseded
Ineligible Application Process (IAP) templates and letters
- Standard templates and letters to send to customers in order to obtain further information on eligibility of positions under the IAP procedure
When superseded
Letterhead, Briefing Notes and Cover sheets for Director of Service Delivery (DoSD) and CEO responses
- Letterheads containing DoSD and CEO details to be used when drafting correspondence on their behalf. Briefing Note & Cover sheet templates to be used to provide background info to DoSD and CEO on cases for their signature
When superseded
Public Answered E-mail folder
- Public Outlook folder into which all E-mails answered by Customer Service staff are moved to after being sent to customers
12 months delete
Standard drafts and approved lines to take about frequently raised customer complaints - Library of approved responses for staff to refer to
when handling common customer complaints
When superseded
Standard responses and approved lines to take about frequently raised customer enquiries
- Library of approved responses for staff to refer to when handling common customer enquiries.
When superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 31 of 89
8.1.7.2 Registration
Records Advisor:
Document Type Retention
Hard Copies- CRM
CSig Acceptance Documents - Registration Documentation
Hardcopies retained for 6 months unless appeal is ongoing.
CSig Rejection Documents - Registration Documentation
Hardcopies retained for 6 months unless appeal is ongoing.
Pre Registration- - PRQs and associated documents retained in case contacted by RB
Hardcopies retained for 6 months unless appeal is ongoing.
Registration Cancellation Programme (RCP) 2007 – 2012 - Progress files for all organisations captured within the
RCP.
Hardcopies retained for 6 months unless appeal is ongoing.
All Electronic - CRM
Counter Signatory Removal Exercise - Database and templates / letters for alluding the c/sig cancellation exercise.
2 years
Mergers - Progress files for all organisations undergoing mergers
2 years
RCP Spreadsheets 2007 – 2012 - Organisations captured – via MIS spreadsheet – in the RCP. Identifies orgs that have appealed / not appealed against deregistration.
Retain for 2 years from each phase start?
Registration Statistics 2009 – 2012 - Stat records (spreadsheets) for all daily incoming registration work.
2 years
Umbrella Body Stats 2008 – 2010 - All letters, spreadsheets, stats and progress files for existing and potential UB‟s.
2 years
All Electronic POISE-CFP
CAF Outstanding Folder - Statistical Data
2 years
CAF Outstanding Folder - Sig suitability
5 years
CAF Outstanding Folder - Return c/sig
2 years
CAF Outstanding Folder - PRQ allocate
2 years
Monthly RAF‟s / CAF‟S - Statistical Data on docs received.
5 years
Weekly Counters Folder - Statistical Data
2 years
Weekly Masters Folder - Statistical Data
2 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 32 of 89
8.1.7.3 Customer Services Support Team
Records Advisor:
Document Type Retention Period
Excel
Disputes stats:
Met referrals
Disputes MIS
DQD Comparisons
2 years delete 2 years delete 2 years delete 2 years delete
Excel Accommodation plans - Accommodation plans for the move to 1st West
2 years delete
Excel CFP folder request spreadsheet - To track what CFP folders have been requested
2 years delete
Excel Spreadsheet C/S Budget Data,
Budget details for staffing costs, exps, training etc
XL Budget Variance C/S Dated 30th Nov 12
- Budget Variance – same data as above
6 years after end of financial year 2 years delete
Excel Spreadsheets C/S MIS - KPI sheet weekly & monthly
-Disputes MIS -Call Stats -Reprints Data
5 years delete 2 years delete 2 years delete 2 years delete
Excel Training Matrix - Details of all training C/S staff have undertaken
& future events required
6 years delete
FAQ access data base - For customer correspondence to find FAQ
When superseded
Various documents regarding IAP process, W59 process, Quality Assurance, Work Allocation
- Created whilst establishing the new processes within C/S
When superseded
Word documents And Powerpoint presentation
- Training documents for creating desk aids - Training Feedback Sheets
When superseded
Work Order - Submitted for changes to IVR messages in C/S
2 years delete
XL 1st thing report - Figures relating to no: E-mails in C/S inbox and
sub folders – completed daily
2 years delete
XL Monthly Correspondence Analysis - Categorised figures for the no: of enquiries and
complaints received each month
5 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 33 of 89
XL Service Delivery Board Paper - MIS data re: enquiries
2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 34 of 89
8.1.7.4 Contact Team and Disputes
Records Advisor: POISE:
Document Type Retention Period
Flexi update log - Staff flexi details
2 years delete
FOI Call Data - Stat sheet recording the total number of calls to
Disputes team each day during 2010 and for FOI requests
5 Years delete
QA Template - Sheet for recording QA checks for staff
When superseded
Stats Sheets - Multiple Stats sheets for monitoring Disputes
Work. Includes;
Sixty Day Spreadsheet
Awaiting Post Dispute Application
Call Log
Call Monitoring
Disputes Accuracy Report
Disputes Stats
Met 60 days
Customer Services All Call Data Spreadsheets from 2011 through to 2012
Disputes Monthly stats - Revised Times
2 years delete
CRM:
Document Type Retention Period
Data Pro Offices - Address sheet for all Data Protection Offices
in the UK
When Superseded
Stats and records for Data Source Disputes and Data Quality Disputes
- Database monitoring incoming Disputes Work.
Includes;
Data Quality New Database - New Disputes Database
5 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 35 of 89
8.1.7.5 Sensitive Applications Team
Records Advisor:
Document Type Retention Period
- Enquiries regarding the confidential
checking service
2 years delete
- Replies to enquiries
2 years delete
Sensitive Applications Database - Holds applicants details who have requested the use of the confidential checking service
Contents -2 years delete Database – when superseded
Template letters - Template letters for the use of the sensitive application team
When superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 36 of 89
8.1.8 Data Protection and Records Management
Records Advisor:
Document Type Purpose Retention Period
Audit Records Information relating to The National Archives Information Management Assessment & Information Commissioners Office Audit
6 years delete
Data Protection Compliance Review Documentation
- Final Compliance
Reports
Proformas completed for internal reviews
2 years delete 3 years delete
Data Protection Correspondence
General Correspondence from applicants regarding Data Protection issues and DBS responses.
2 years delete
Data Protection E-mail correspondence
E-mails sent internally and externally regarding Data Protection issues stored in public folder
6 months delete
Data Sharing Agreements
Template for Data Sharing Agreements
Until superseded
ICO Correspondence Requests for Information regarding specific cases
2 years delete
Information Asset Owner Network
- Information Asset
Register
- E-mails
- Submitted IAR
Change Forms
- Annual Assurance
Statement
- Agenda and
Minutes taken
from the Quarterly
SIRO meeting
Lists all the Information Assets across the business E-mail correspondence from IAOS regarding IA0s business
Living Document 6 months delete Retained for life of asset 3 years delete 3 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 37 of 89
- Information Asset
Register Archive
5 years delete
Training Materials - Powerpoint
Presentations
- Information
Booklets
Material relating to IAO and RA training
Until superseded
Various IA Network Communications
- Newsletters
12 months delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 38 of 89
8.1.9 Equality and Diversity Team - HR
Records Advisor:
Document Type Retention Period
Communications
Circulars 2 years after issue
Team Brief articles 2 years after issue
All staff messages 2 years after issue
OTR 2 years after issue
Connectt 2 years after issue
Corres 2 years after issue
Diversity Strategy Returns
2007
2008
2009
2010
2011
5 year review
Diversity & Values Event
Docs
Recs
5 year review
EDV Sub - Group
ToR 5 year review
Action Plans 3 years after date of last meeting
Agendas 3 years after date of last meeting
Minutes 3 years after date of last meeting
Papers 3 years after date of last meeting
Actions 3 years after date of last meeting
Scheme 2007 - 2010 5 year review
Action Plan 5 year review
Progress Reports 5 year review
Employment Monitoring Report
2007-2008 5 year review
2008 - 2009 5 year review
2009 - 2010 5 year review
2010 - 2011 5 year review
ToR 5 year review
Agendas 3 years after date of last meeting
Minutes 3 years after date of last meeting
Papers 3 years after date of last meeting
Actions 3 years after date of last meeting
Equality Questionnaires
2008
2009
2010
2011
3 Years after issue
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 39 of 89
Local Stakeholder Forum
ToR 5 year review
Agendas 3 years after date of last meeting
Review Docs 3 years after date of last meeting
Review Comments 3 years after date of last meeting
Action Plans 3 years after date of last meeting
SSNs Member Survey Results
2009
2010
2011
2012
3 Years after issue
SSNS
agender 5 year review
HODS 5 year review
HOW 5 year review
Hindu Connection 5 year review
Spectrum 5 year review
The Network 5 year review
Christian Network 5 year review
Sikh Association 5 year review
Islamic Network 5 year review
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 40 of 89
8.1.10 Financial Accounts
Records Advisor:
Document Type Retention Period
Accounts Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years Delete
Asset/Equipment Registers/Records 7 Years Delete
Audit Files Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years Delete
Audit Sheets – Ledger Postings 7 Years Delete
Audit Trails 7 Years Delete
Bank Deposit Books, Slips and Butts 7 Years Delete
Bank Reconciliation Files/Sheets 7 Years Delete
Bank Statements/Periodic Reconciliations 7 Years Delete
Capita Invoices
Journals
Credit Control
Accruals
Capita Costs
Accommodation Costs
Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years Delete
Cheques 7 years delete
Copies of invoice/debit notes rendered on debtors (invoices paid/unpaid, registers of invoices, debtors ledgers, etc)
7 years delete
Copies of Invoices and source documents 7 years delete
Credit Notes 7 years delete
Ex-gratia Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years delete
Job Centre+ (CRB vouchers) Paper copies in storage – Marsham Street / electronic copies on CFP
7 years delete
Journals – Prime Records for the Raising of Charges
Current + 6 Years
Journals (details of financial movements) Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years delete
Periodic Financial Statements Prepared for Management
7 Years delete
Records Relating to the Calculation of Annual Depreciation
7 Years delete
Requisition Records 7 Years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 41 of 89
Document Type Retention Period
Secondees Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years delete
Staff Debtors (including – season tickets, Imprests) 7 Years delete
Statements/Summaries Prepared for Inclusion in Quarterly/Annual Reports
7 Years delete
Sun Accounting (copies of invoices and SUN details) Paper copies in storage – Marsham Street / electronic copies on CFP
7 Years delete
Travel & Expenses Government Procurement Cards Invoices Travel & Subsistence Paper copies in storage – Marsham Street/ electronic copies on CFP
7 Years delete
Year End Balances, Reconciliations and Variations to Support Ledger Balances and Published Accounts
7 Years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 42 of 89
8.1.11 HR
Records Advisor:
Document Type Retention Period
Actuarial Valuation Reports Permanently
Advances for:
Authorisation for deputising,
substitution allowance, overtime
and travel time claims
Bicycles
Car parking
Christmas/holidays
Housing
Season tickets
6 years after employment has ended
Annual leave records 2 years
Annual/assessment reports for the last five years delete of service
Until age 72 or 5 years after last action, whichever is the later.
Annual/assessments reports 5 years (keep last 5 years delete – see above)
Application Forms And Interview Notes (For Unsuccessful Candidates)
6 Months. (Because of the time limits in the various Discrimination Acts, for example The Disability Discrimination Act 1995, minimum retention periods for records relating to advertising of vacancies and job applications should be at least 6 months. Successful job applicants documents will be transferred to the personnel file in any event.)
Assessments Under Health And Safety Regulations And Records Of Consultations With Safety Representatives
Permanently
Bank details – current 6 years after employment has ended
Bonus nominations 6 years after employment has ended
Building society references 6 months
Case conference forms - Linked to Enquiries register –
a summary of face to face
discussions on complex
cases
3 years
Completed sick absence record showing dates and causes of sick leave.
Until age 72 or 5 years after last action, whichever is the later
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 43 of 89
Document Type Retention Period
Copies of salary/wages/payearoll sheets
2 years
Current address details 6 years after employment has ended
Death benefit nomination/revocation forms
Until age 100 or 5 years after last action, whichever is the later
Death certificates Return original to provider, retain copy until age 72
Decree Absolutes Return original to provider, retain copy until age 72
of advice - Linked to Enquiries Register trail
3 years
Employee pay history records NOTE: the last 3 years delete records must be kept for leavers, in either the personnel or the finance records system, for the calculation of pension entitlement
6 years
Enquiries Register - Provides a record of advice
required by line managers
and a brief summary of
advice given
3 years
Health declaration Until age 72 or 5 years after last action, whichever is the later
Health referrals including
Correspondence with medical
advisor to PCSPS
Medical reports
Papers relating to any injury on
duty
Until age 72 or 5 years after last action, whichever is the later
HM41s - Referral made to OHS
3 years or on leaving whatever is sooner
Housing advance
6 years after repayment
Inland Revenue Approvals Permanently
Job applications – internal 1 year
Marriage certificate/documentation relating to civil registration
Return original to provider, retain copy until age 72
Medical reports of those exposed to a substance hazardous including:
Asbestos
Compressed air
Lead
Radiation
40 years after last record 40 years from date of last entry 40 years from date at which entry was made 50 years from date of last entry
Medical/self certificates – unrelated Four years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 44 of 89
Document Type Retention Period
to industrial injury
Money Purchase Details 6 Years after transfer or value taken
Other maternity pay documentation 18 months
Overpayment documentation 6 years after repayment or write-off
Papers on deputising, substitution allowance, overtime/travel claims
6 years after employment has ended
Parental Leave 5 Years From Birth/Adoption of the child or 18 Years if the child receives a disability allowance
Payroll input forms 6 years after employment has ended
Pension estimates and awards Record of:
Added years delete
Additional voluntary contributions
All other papers relating to
pensionability not listed above
Amount and date of any
Contributions Equivalent
Premium paid
Amount and destination of any
transfer value paid
Amount of any refund to PCSPS
Full name and DoB
NI Number
Papers relating to disciplinary
action resulting in changes to
terms, conditions of service,
salary, performance pay or
allowances
Pensionable pay at leaving
Reason for leaving and new
employer‟s name
Reckonable service for pension
purposes and actual service
where this is different with
reasons for the difference
Resignation, termination and/or
retirement letters
Until age 100 or 5 years after last action, whichever is the later
Pension Scheme Investment Policies
12 Years from the ending of any benefit payable under the Policy
Pensioners' Records 12 Years after benefit ceases
Personal payearoll history including:
Allowances
Maternity leave
Until age 100 or 5 years after last action, whichever is the later
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 45 of 89
Document Type Retention Period
No pay
Other taxable allowances
Overtime pay
Pay enhancements
Payment for untaken leave
Performance pay
Record of pay
Reduced pay
Personnel Files And Training Records (Including Disciplinary Records And Working Time Records)
6 Years after employment ceases
Previous service supporting papers Destroy after records noted as appropriated
Promotion, temporary promotion and/or substitution documentation (including assessors‟ notes and board markings).
Destroy 90 days after summary noted and individual informed (unless ongoing appeal).
Qualifications/references 6 years
Recruitment, appointment and /or promotion board selection papers
1 year
Redundancy Details, Calculations Of Payments, Refunds, Notification To The Secretary Of State
Current + 6 Years from the date of Redundancy
Salary ledger cards/records 6 years
Salary rates register Until superseded
Security personnel files 5 years after leaving (if normal retirement age) or 10 years delete after leaving if before normal retirement age.
Senior Executives' Records (That Is, Those On A Senior Management Team Or Their Equivalents)
Permanently For Historical Purposes
Statutory maternity pay documents 6 years after employment has ended
Statutory Sick Pay (SSP) forms 6 years
Time Cards 2 Years After Audit
Trade Union Agreements 10 Years After Ceasing To Be Effective
Training history 6 years
Transfer documents Destroy after summary noted and actioned
Trust Deeds And Rules Permanently
Trustees' Minute Books Permanently
Unpaid leave periods Until age 72 or 5 years after last action, whichever is the later
Variation of hours – calculation formula for individual
Destroy after use
VER spreadsheet 3 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 46 of 89
Document Type Retention Period
- Showing details of VER
schemes run by DBS and
uptake
Vetting Security Clearance confirmations from DSU
7 years after clearance ends (clearance will lapse with immediate effect if staff leave the organisation)
Vetting Security Clearance forms completed by staff
Destroy as soon as confirmation of vetting clearance has been received from DSU
Voucher Records (Requests/Issues/Returns/Claims for Payment)
7 Years
Welfare papers
Minimum of 6 years after last action
Working time directive opt out forms 3 years after the opt-out has been rescinded or has ceased apply
Works Council Minutes Permanently
Written particulars of employment
Contracts of employment
Changes to terms and conditions
Job history
Record of location overseas
Record of previous service dates
Until age 100 or 5 years after last action, whichever is the later.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 47 of 89
8.1.12 Operations
Records Advisor:
Document Type Retention Period
Word Docs- Minutes and Agendas - Audit trail of meetings and action points
2 Years delete
re have your say replies - Audit trail 18 months delete
Agendas, minutes, actions and relevant board papers/reports - Provide outcome of meetings & record of actions. Record of items discussed and relevant documentation
3 years delete
ACM CRM Request Form 2008 Agency Training Request Form V0.4 Cunard Room Booking Request Form Visitor Notification Form
- Template to request accesses
When superseded
Approved Welcome Pack March 09 - Procedure to use when new members of staff join
the production area When superseded
Awareness Session Evaluation - evaluation surveys
2 years delete
AF10 Log - Records AF10s submitted to SDUAT 2 years delete
BSI Reports - External Audit Results
3 years delete
CAPA Review Information Word Documents Excel Spreadsheets Templates E-mail Correspondence
- To record activity undertaken in relation to the
Production Corrective and Preventive Action
(CAPA) Procedure V1.0
18 months delete
CAPA Information documents Word Documents Excel Spreadsheets Templates E-mail Correspondence Folder to record evidence of ongoing activity in relation to the investigation of concerns opened under the Production CAPA procedure
18 months delete
CAPA information Word Documents Excel Spreadsheets Templates
Until superseded by an updated version
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 48 of 89
E-mail Correspondence - Supporting information in respect of a review of
the CAPA Process and supporting information in
respect of V2.0 published 16/01/12
CAPA Info Word Documents Excel Spreadsheets Templates E-mail Correspondence To record activity undertaken in relation to the Production
Corrective and Preventive Action (CAPA) Procedure V2.0
18 months delete
CAPA Advocate action log Minutes for PNC Matching Improvement Event Provide Audit of meetings and action points
2 years delete
CAPA schedule 10 01 12 The Update Service Dealing with difficult situations Delegates requesting interviewee development courses Dyslexic Presentation Delegate Lists Information assurance presentation DBS BARRING Training Sessions Mop up for Info assurance presentation PIE update sessions SAM Learning sets schedule Stress Awareness training for Managers CAPA Overviews 16th January 2012 Copy of DHB Workshop Delegate schedule
- Provides evidence for attendance at
awareness/workshops/training sessions and
presentations
3 years delete
Conflict Evaluation Database DBS BARRING Evaluation Database PNC Evaluation Database WMT Evaluation Database
- Regularly used to provide evidence and reports of
staff competencies
When superseded
Controlled Activity - E-mails containing spreadsheets holding applicant
information and decisions on how to proceed with
the notification.
2 years delete
INVESTIGATIONS TEAM Org Chart - Identify staffing compliment & structure for area When superseded
Customer Services Org Chart - Identify staffing compliment & structure for area When superseded
DBS BARRING Quality Report 2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 49 of 89
- Monthly Internal Communication
DBS BARRING Monthly Critical Errors - Records data to enable above report to be
completed 2 years delete
E-mails from DBS BARRING - Contains DBS BARRING decisions for possible list
matches. 2 years delete
fire marshal and first aiders update 13.09.2011 - Provides audit trail for certificate validation When superseded
Guidance for accessing evaluation database Obtaining Live Access or Live Training Access for an Agent
- Regularly used guidance for accessing data bases
for evaluation/accesses
When superseded
Individual evidence within SEO / HEO / EO folders – Word and Excel
- Allows staff to record and save evidence in their
folder
1 year delete
Letters - Record of what has been sent externally
(RBs/HO/LPF) by G7/G6 & SCS 2 years delete
Live PNC Plan - Record for all Live access terminals
When superseded
MAC – SEO / HEO / EO - Excel spreadsheet used as a Management
Assurance tool Until superseded
MAC Compliance - Details audit results
18 months delete
Monthly budget returns/staffing figures - Record of in month expenditure and staffing levels
broken down by cost centre 3 years delete
Name Plates medium - Template for badges for training events/meetings When superseded
Operations opportunities - Provide evidence of opportunities circulated to
staff 2 years delete
Operations training 2011 - Record of all training courses 2 years delete
PNC V5 Flowchart Inventory TSQ V.3 control and Audit
3 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 50 of 89
V.7 Flowcharts and audit control V5 control and audit tracker
- Provides audit trail for version controlled
documents
Production Conflict Cert Production DBS Barring Matching Cert Production PNC Matching Certificate Production Unsure Cert Work Management Cert
- Template used to issue to staff on completion of
training
When superseded
Production Expenditure for Training 2011 to 2012 - Provide evidence for expenditure of training
requirements 3 years delete
Presentations prepared by G6 given to staff or senior managers
- Record of information provided and can be
referred to for reference
3 years delete
Production Floor Plan - To identify structure & IT within Production area When superseded
Template - To organise leave allocation for Production area
over Jubilee holiday 12 months
Production Ops Org Chart - Identify staffing compliment & structure for area
contains budget information 5 years delete
Quality Report Template + previous months issue - Monthly Internal Communication
18 months delete
Quality Support Tasks - Lists daily tasks performed by team
n/a
Reward & Recognition spreadsheet - HoF to monitor R&R awards and reconciliation of
prev awards when completing new nomination
forms
2 years delete
SET UP – Contains Excel / Word Documents including Policy / Procedures / Evidence
- Act as a hyperlink to the Management Assurance
tool – enable staff to view policies – and record
evidence
Until superseded
Special Equipment log - BF system to monitor special equipment requests
and Progress 2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 51 of 89
Skills Skills database Skills sheet for staff no longer in production
- Spreadsheet providing all staff working
patterns/skills and areas of work
When superseded
TLO List 1 - Used for reference of TLO across the business When superseded
Training Schedule. - Provide evidence of training and training
requirements When superseded
VER applications and business cases - Audit purpose if asked by HR/HO/CEO
3 years delete
Weekly/Monthly Conflict Productivity Report - Details of agents productivity for Conflicts e.g. phone calls made
2years delete
QMS Audit
- 1- Audit Docs. BSI Action Plans - Corrective action plan for BSI
3 years delete
Corrective Action Tracking Log - Recording mechanism for non conformities raised via Production Internal Audits
3 years delete
DBS Form 01 - Audit Programme record
3 years delete
DBS Form 02 - Audit Log – performed audits
3 years delete
ISO 9001- folder - Presentations for Induction
When Superseded
Questions for Top Management - Guide for auditing When Superseded
Some Typical audit questions - Guide for auditing When Superseded
Top Management Audit questions - Guide for auditing When Superseded
Top Management questions - Guide for auditing When Superseded
Copies of Audit Results (2) Jan-March
3 years delete
(3) Apr-Jun 3 years delete
(4) Jul-Sep 3 years delete
(5) Oct-Dec 3 years delete
(01) Mastercopies
- Current Template forms When superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 52 of 89
Balance Scorecard (excel) - Productivity report sent to Head of Unit
2 years delete
CPT missing daily exceptions (rolling excel document) - Monitor correct usage of CPT
2 years delete
CPT New Code Request (word) - Template document for managers to request new CPT codes
Until superseded
CPT Productivity Codes (excel) - Explanation of when to use the CPT codes
Until superseded
Current Customer Pots (rolling excel document) - Monitor active and inactive customer pots for MIS
2 years delete
Daily Allocation Stats rolling document - Monitor work flow, allocations and targets
3 years delete
Line Managers Rpt Analysis (rolling excel document) - Monitor correct usage of CPT
2 years delete
Production Output Targets (excel) - Work targets created for Production
2 years delete
Daily Activity Record (excel) Template - Template activity sheet used by staff to record daily activities for input by line managers
Until superseded
Timetable Template (rolling excel document) - Used to structure the WMT work
3 months delete
WMT QA (excel) - Document used to record QA results
2 years delete
WMT Quality (excel) - QA stats for WMT to show if quality targets are met
3 years delete
Work Allocation feedback sheet (word) - Template document to feed back errors on CPT
Until superseded
Work Returned to Pot (rolling excel document) - Monitor work flow returned to holding pots
2 years delete
WMT Reports (excel) - Audit trail of reports received by WMT
2 years delete
CPT Issue logs (excel) - Record known issues, resolutions and completion dates
5 years delete
Fingerprint results CFP file - Fingerprint results
18 months
Excel and Word documents relating to DWH - Processes and evidence of changes to DWH
2 years delete
Excel and Word documents relating to responses to SDUAT documents - Evidence of comments to procedural documents
2 years delete
Excel, Word and Access Databases relating to RFI‟s - Contains electronic copies of RFIs submitted to Capita, plus database to assist with establishing outstanding RFIs plus SLAs. Required to establish what has been requested previously
5 years delete review
Excel and Word documents relating to SDR validation - Evidence of validation tasks relating to contractual
SDR 3 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 53 of 89
Excel and Access database relating to Ad-hoc tasks that the MIS team undertake and deliver
- Evidence of ad-hoc tasks performed by
team/individuals. Used to establish whether
specific tasks have been delivered previously and
for PDR purposes
Ongoing database and not archived, all RFIs are logged on here
Excel and Word documents relating to Vital Signs reports - Templates and KPI spreadsheets relating to Vital
Sign submissions 3 years delete
Excel documents relating to LPF SLA achievements - 10,14,18,25 & 60 day LPF SLA achievement
documents 3 years delete
Excel documents relating to POVA First Enhanced applications
- Details POVA first receipt volumes and service
standard achievements. Used to answer general
MI/FOI requests
3 years delete
Excel spreadsheets detailing aged applications by pot since from notification begin date. Weekly spreadsheet.
- Provides a weekly summary of applications by age
by notification begin date
2 years delete
Excel spreadsheet detailing aged applications by pot since receipt. Weekly spreadsheet
- Provides a weekly summary of applications by age
since receipt
2 years delete
Aged Cases by week Excel spreadsheet - Provides a summary of the aged application
analysis. Contains multiple weeks, can be filtered
by week
2 years delete
Aged Statuses by week Excel spreadsheet - As above, but by status 2 years delete
Aged Cases reporting suite. This contains links to the previous 4 items
- Contains all of the information from the previous 4
items
2 years delete
Association for Real change & Demand - Excel spreadsheet
- Contains demand and volunteer forecast for 2012
and provides the Communications Training team
with data for training events
2 years delete
Daily Ins and Outs Excel spreadsheet - Provides Finance with rolling mailroom and SPSL
2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 54 of 89
volumes
Daily LPF charts – Excel spreadsheet - Provides the business with MI relating to LPF
WIP/performance 2 years delete
Daily MIS – Excel spreadsheets. Daily, weekly and monthly
- Provides the business with MI relating to receipt,
notification WIP and SPLS volumes on a daily,
weekly and monthly basis
2 years delete
Disclosure content by summary by month – Excel spreadsheet
- Provides the business with volumes of applicants
matched to PNC, LPF, Lists etc
Rolling spreadsheet. Goes back to 2002/3, we do not archive/delete as we use this to answer FOI requests so it is more efficient if the info is readily available
Excel – E-bulk documents - Provides the business with volumes of E-bulk
applications by type/RB etc
Rolling spreadsheets – no retention – see above
Excel – Issues Log - Historical log of issues with DWH and the
resolution notes
5 years delete review
Excel – MIS request template - Template for MIS requests
No retention – template only
Word document – Ops retention Policy documentation Living doc, no retention
Excel – POVA first weekly - Rolling POVA (DBS BARRING Adult First)
volumes for Finance 2 years delete
Excel – PSS dashboards & daily breakdown‟s - Provides the business with PSS/KPI achievements
and daily breakdown
Rolling spreadsheet. Goes back to 2002/3, we do not archive/delete as we use this to answer FOI requests so it is more efficient if the info is readily available
Excel – RB Account Management & Analysis data - Provides the business with receipts data by
RB/sector etc and provides the RB account
managers with a tool that enables them to run their
3 years review
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 55 of 89
own reports relating to RB performance etc
Excel – shadow forecast act v forecast - Provides the business with actual receipt volumes
in relation to forecast volumes by RB 3 years delete
Sendable Demand Report - Amended version of Demand Report 5 years delete
Demand Report - Master copy of monthly intake data 5 years delete
Demand Forum Report - Monthly Demand Forecast Report delivered to
Demand Forum 5 years delete
DFE - Monthly intake for education section to DfES 5 years delete
Sector Analysis - Detailed analysis of Sector data produced for
Demand 5 years delete
5year FCAST Jul 09- Mar 15 v0.2 LATEST - DBS Demand Forecasting tool
5 years delete
Receipts - Daily record of intake for agency
5 years delete
Budget Year April 12-March 13 Demand Forecast - New FY Volume Forecast for Budget 5 year delete
Daily Volumes - Inform SMT of intake & year on year fluctuations 3 years delete
Demand Forecast Weekly & Daily Split 5 years delete
Demand Requirement Jul - Dec 2011-12 - Paper to ET explaining split of service bought from
Capita & Powerpoint presentation 3 years delete
Demand Log - Log of ongoing changes affecting the Demand
Forecast & intake 5 years delete
Final ToR Dem Audit doc - Audit report ToR relating to Demand planning &
how it can be improved from audit perspective 2 years delete
Financial Forecast Apr11-Mar12 - Demand Forecast for Financial Year 11-12 used to
identify resources for Production 1 year delete
DBS BARRING ANALYSIS - Data for specific DBS BARRING intake
1 year delete
Monthly Sectors - SMT Report
1 year delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 56 of 89
Monthly Tracking Data - Data for Sector monitoring
1 year delete
Olympic Eligibility - Data for Demand relating to Olympic recruitment
2 years delete
Procedures - Guidance on how to perform Demand Forecast tasks
5 years delete
Production Actuals - Historic data relating to actual intake received by Agency
3 years delete
Rolling Forecast 12.13 - Forecasting intake information for future FY
2 years delete
Rolling Forecast Master - Forecasting intake data for Agency both historical & future
5 years delete
Sector Stats -5 year historical sector data to assist Demand Forecasting
3 years delete
Sector Totals -5 year historical sector data to assist Demand Forecasting
3 years delete
Standard Data Apr-Aug 11 - Data for calculating Standards rate for Demand
2 years delete
Trend report - Ongoing intake fluctuation data
when superseded
Volunteers -5 year historical data for ongoing development of Volunteer forecast tool
2 years delete
Weekly Sectors - Report of weekly activity across Sectors for SMT
Weekly
Workforce Planning Amendments - Historical data of changes to data & ratio‟s to deliver benchmarks/meet staffing needs
2 years delete
YTD Sectors Analysis - Report of ongoing annual activity across Sectors for SMT
2 years delete
Forecast Volumes -demand forecast as agreed by the demand forum
5 years delete
Demand Related papers and supporting annexes -papers created for SMT and above on demand topics
5 years delete
Demand forecast changes -rolling document detailing all historical and current forecast changes
5 years delete
Update service forecasting tool -Update service demand forecast and assumed impacts on Disclosure demand
5 years delete
Balanced Scorecard Demand - Report for SMT 5 years delete
Staffing Models -Staffing requirements required to meet demand
5 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 57 of 89
Annual Budgets -Operations Annual Budgets requirements
3 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 58 of 89
8.1.13 Police Finance
Records Advisor:
Document Type Retention Period
Adelphi -These folders contain every individual Police Force, their payment details, including templates to enable easier paying of journals to the forces, because each force's actual bank details and project codes are listed
6 years
Fingerprint Information - Folders and spreadsheets relevant only to
Fingerprints
6 years
Other Police Financial Documents - Various spreadsheets not related to above
6 years
Police Finance Accounts - These folders are in depth financial breakdowns
of Police Finance, including budgets
6 years
Police Finance E-mails - E-mails from Police Liaison Managers with
attachments from all 51 police forces, which are
saved into individual folders for each force
6 years
Police Finance Procedures - Detailing procedures of Police Finance rolls,
including dealing with MBRs, ISAs and
Fingerprint claims
6 years
Police Finance Reports - A monthly Police Financial report compiled at the
end of each month that is circulated to senior
managers
6 years
Police Finance Spreadsheets - Various spreadsheets detailing all MBR, ISA &
Fingerprint returns received and listing the date
of each return, amount claimed and date paid
6 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 59 of 89
8.1.14 Police Performance Team
Records Advisor:
Document Type Retention Period
Budget Documents
Documents relating to agreeing the force budgets and monthly budget returns
7 years after creation date
Contact Details
Contact details for forces
When superseded
E-bulk
Documents relating to e-bulk issues and new E-RB‟s
7 years after creation date
Force Correspondence
Review 7 years after creation date
Employee Records
Line Manager information on staff. Whereabouts
7 years after creation date
Escalations
Escalation request Forms
7 years after creation date
Forecasts
Force volume forecasts
7 years after creation date
Guidance
Guidance sent to Forces
7 years after creation date
Meeting minutes
Meeting minutes for internal and external meetings with and about forces
7 years after creation date
No Trace in Error
Forms declaring No Trace Errors
7 years after creation date
Operational Procedure
Staff Instructions
When Superseded
PLX
Documents relating to the PLX project
7 years after creation date
SLA
Documents sent to force showing budgets and volumes relating to their SLA
7 years after creation date
Stats
Detailing Police Force performance figures
7 years after creation date
System Support Requests
Force CRM user requests
7 years after creation date
Travel
Travel requests and logs
2 years after creation date
Visit Reports
Reports relating to PPM visits to forces
7 years after creation date
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 60 of 89
8.1.15 Policy, Information Governance & External Governance
Records Advisors:
Document Type Retention
Business Advice
Electronic or paper records on legislative changes
Training presentations for staff
2 years. Review by Policy Advisor before destruction.
Business Impact Assessments 7 years
Business Document Reviews
Comments submitted for consideration on new/amended procedures & project paperwork.
6 months (retained by SDUAT for 10 years)
Consultations
Records of stakeholder engagement when considering introducing new regulations or products
5 years, then assess for transfer to The National Archives
Contributions and discussions around legislation
Electronic or paper records relating to the preparation of Bills
Electronic or paper records relating to Policy Instructions
Electronic or paper records relating to development of legislation
15 years, then assess for transfer to The National Archives.
Correspondence by letter or E-mail
CEO/Ministerial/MP/Treat Official responses
HO contributions
PQ responses
Spreadsheet tracking records
2 years
Corporate Publications
Annual Report and Accounts
Business Plan
Code of Practice
5 years from publication or last update unless still currently in use. Review by Head of Policy before destruction.
Court Orders
Correspondence by letter or E-mail
Spreadsheet tracking record
6 months 2 years
Electronic and/or paper records as an audit of discussions or meetings on issues relating to DBS/DBS services
10 years. Review by Head of Policy before destruction. May warrant longer retention or transfer to The National Archives for contractual reasons.
Freedom of Information request records
Electronic or paper audit trails
Responses
2 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 61 of 89
Governance Paperwork
Papers and briefings provided to the Board and Senior Management Team
2 years after submission. Review by Head of Policy before destruction
Judicial Review cases
Electronic and/or paper records of all interactions
Financial records for all costs incurred and payments made
5 years from the last interaction. 7 years from last interaction. Review by Head of Policy before destruction.
Legal Advice
Electronic or paper records of advice from HO legal advisors (pre Dec 2012) and DBS legal advisors regarding legislation
15 years, then assess for transfer to The National Archives.
Legal Costs
Electronic or paper records of costs incurred when dealing with Courts matters
7 years
Meetings (Authentication Forum, Welsh Language Board etc)
Agendas & Minutes
Terms of reference
10 years if the group is still active and a business need exists. 2 years after the last interaction if the group is discontinued. Review by the Chair before destruction.
Ministerial submissions 10 years. Review by Head of Policy before destruction.
Operational Policies 5 years after superseded. Review by Head of Policy before destruction.
Policy Enquiries
Internal E-mails
External responses
Database records
Performance statistics
3 months 2 years 5 years. Review by Policy Advisor before destruction 2 years
Project paperwork
Electronic and/or paper audit of comments and discussions relating to new Projects
10 years after completion of project 5 years if the project rejected or deferred
Regulatory Impact Assessments
Records of impact assessments when considering introducing new regulations or products
5 years, then assess for transfer to The National Archives
Risk Management records
Team Risk Register
Closed risks
3 years from the last interaction.
Stakeholder guidance
Advice provided to and received from stakeholders
Correspondence
10 years. Review by Head of Policy before destruction. 2 years.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 62 of 89
Presentations
Contact records
2 years after most recent review. 2 years after last interaction
Subject Access request records
Application forms
Paper and/or electronic audit trails
Responses
Spreadsheet tracking records
6 months 6 months 6 months 2 years
Team records
Attendance calendars
Workforce Planning
Budget records
Team meeting paperwork
Procedures
Training records
2 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 63 of 89
8.1.16 Performance
Records Advisor:
Document Type Retention Period
Audit Plans/Reports/Management Responses (Internal and External) Internal (HO) Audit reports on teams i.e. Information Assurance/Performance Management carried out. This includes management responses to recommendations made by audit and any action/plans in place.
10 years
Feedback Questionnaires Complaint feedback – satisfaction survey sent to all complainants - responses
10 years
Investigations/Precedents 10 years
Performance Monitoring Reports – Monthly organisation Balanced scorecard/performance Reports, also includes other directorate performance reports i.e. Operations Barring.
10 years
Register of Comments – relates to feedback received, not classed as a complaint, date classification any response, timescales, any actions
5 years
Register of Complements – Log and details of compliments received, classification etc
5 years
Service Plans – Directorate service plans for each financial year, including quarterly monitoring reports
10 years
Statistics Reports – performance/MI reports ie stats for annual report, enquiries, research, projects
10 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 64 of 89
8.1.17 Programme
Records Advisor:
Programme & Project Team
Document Type/Product Disposal Times
Benefits Profile and Benefits Realisation Plan
Used to set up the measurement
processes and capture the „before‟
measurements as far as possible.
10 years delete following closing date of project
Business Analyst Documentation
High level business processes
Business Use Cases
Desk instructions
Requirements documents
All docs – current + 6years
Business Case
Documents the justification for the
undertaking of a project based on
the estimated cost of development
and implementation against the
risks and the anticipated business
benefits and savings to be gained.
10 years delete following closing date of project
Change Management Database
Stores important information
relating to requests for change
and work orders.
6 years delete following last action on database
Cost Response
Provides cost details for work to
be carried out by suppliers.
6 years delete following completion of the work
Detail Design Document
Provides detailed design for IT
solutions.
6 years delete following completion of the work
End Project Report
Project Manager‟s report to the
Project Board on how well the
project has performed against its
Project Initiation Document (PID).
15 years - Assess for permanent preservation
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 65 of 89
End Stage Report
Provides a summary of progress
to date, the overall project
situation and sufficient information
to ask for a Project Board decision
on what to do next with the
project.
5 years following completion of project
ET Paper
Report submitted to Executive
Team providing information and
recommendations.
15 years - Assess for permanent preservation
Feasibility Study Report
Produced following the
investigation into the feasibility of
undertaking a particular project,
including costs/benefits analysis
and basic impact assessment.
10 years after issue
IB Papers/Minute
Documents arising from the
Investment Board process.
6 years following completion of project- Assess records for transfer to TNA
Impact Assessment
Assesses the impact of any
change on various elements, e.g.
regulatory, equality and diversity,
business processes.
6 years following completion of project
IT Analyst Documentation
Approach documents
Interface documents
All docs – current + 6years
IT Infrastructure Documentation
Various documentation
All docs – current + 6years
Meeting papers including minutes, actions, agendas
Delivery Board
Project Mgt Board
Quality review meetings
All docs – current + 6 years
Migration Documentation
Various documentation
All docs – current + 6years
Monthly Progress Report
To provide the Project Board (and
possibly other stakeholders) with a
summary of the project status.
10 years following completion of project
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 66 of 89
MOU Documentation
Approach
Drafts
Final versions
Signed off versions
All docs – current + 6 years
Plans
Programme
Team
Testing
Training
All docs – current + 6 years
PMO Documents
Issues log
Lessons learned log
PMO Process documents (risk,
configuration management,
change control etc)
Product manifesto
Lessons Learned Log – 10 years All other docs-current + 6years
Post Implementation Review
Report arising from one or more
reviews held after project closure
to determine if the expected
benefits have been obtained.
10 years following completion of project
Product Description
Description of a product‟s
purpose, composition, derivation
and quality criteria.
10 years following completion of project
Programme Board Minutes
Minutes taken from Programme
Board meetings.
6 years following closure of Programme.
Programme Board Report
To provide the Programme Board
(and possibly other stakeholders)
with a summary of the status of
the project portfolio.
10 years following completion of project
Programme Risk and Issue Log
Contains all information about the
risks and issues, to be managed
at Programme level, including their
analysis, countermeasures and
status.
6 years following closure of Programme.
Project Board Minutes
Minutes taken from Project Board
meetings.
6 years following completion of project
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 67 of 89
Project Brief
To provide a full and firm
foundation for the initiation of the
project
10 years following completion of project
Project Initiation Document (PID)
To define the project, to form the
basis for its management and the
assessment of overall success
10 years following completion of project
Project Mandate
The information is used to trigger
project initiation
10 years following completion of project
Project Plan
Provides a statement of how and
when a project‟s objectives are to
be achieved, by showing the major
products, activities and resources
required on the project.
10 years following completion of project
Project Reference Materials
Any non-specific information that
has been utilised in the
management of the project
6 years following completion of project
Project Risk and Issue Log
Contains all information about the
project‟s risks and issues,
including their analysis,
countermeasures and status.
6 years following completion of project
Requests for Change
A means of proposing a
modification to the current
specification of a product.
6 years following completion of project
Requirements Document
Provides business requirements to
be applied in the design and
development of IT solutions
10 years following completion of project
Risk Potential Assessment (RPA)
A standard set of high-level criteria
for assessing the risk potential of a
proposed programme/project in a
strategic context.
6 years following completion of project
Stakeholder Management
All documentation relating to the
management of parties with an
interest in the execution and
outcome of a project.
10 years following completion of project
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 68 of 89
System and User Acceptance Testing
All documentation relating to the
testing of IT solutions
7 years following completion of project
Work Order
The means for submitting a formal
request for work to be undertaken
by a supplier
6 years following completion of project
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 69 of 89
8.1.18 Registered Body Account Management
Records Advisor:
Document Type Retention Period
Budget Records 6 years delete after the end of the financial year
Compliance - Excluding normal
correspondence – to include
where a case has been made to
take sanctions against the RB
2 years delete
Consultation records - Consultation with stakeholders
including documentation,
reviews, FAQ‟s
3 years delete
E-bulk Digital Certificates 4 years delete
Expenses Records 6 years delete after the end of the financial year
Final Audit Records - All audit reports and
recommendations
6 Years delete
Guidance and info sent to RB‟s - To include - E-Bulk standard
docs, template letters/E-mails,
BAG, Deed, CoCo, SCD, IAA
2 years after being superseded
IT Requests - All IT Requests forms, notes of
logged records
1 year after completion
Meeting Minutes - All meeting minutes, including
individual team and Relationship
management meetings -
excluding RB Visit Reports
2 years delete
Procedural docs - Operational procedural
documentation
2 years after being superseded
Project Documents - E-bulk Project documentation.
DQ and Compliance documents
5 years review
RB Correspondence - General correspondence to RB‟s
2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 70 of 89
not including reports
Registered Bodies (RB) Visit Reports - Minute details of reports and
actions
3 years delete
Stats - To include - Ad hoc statistics
sent to top 50 RB‟s, Demand
planning, Data Quality (DQ),
Returned Forms Reports, E-Bulk
Stats
2 years delete
Training 5 years delete
Travel/Finance records - Requisition records, including
travel bookings requests
6 years delete after the end of the financial year
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 71 of 89
8.1.19 Registered Body Training Communications
Records Advisor:
Document Type Retention Period
Briefing packs for the Update Events - Information sent to the delegates
7 years delete
Confirmation E-mails - Sent to delegates advising of place booked and the venue details
Until the date has passed
Corporate guidance - To answer queries raised at the events
Until superseded
Countersignatory Error Rates - To monitor the success of the training events
Until superseded
Countersignatory lists - To ensure all the signatories are attending the events
Until superseded
Departmental guidance - To answer queries raised at the events and update training material
Until superseded
E-mail templates - To use to answer questions received by delegates
Until superseded
Event Registers - To keep track of those who have attended the events
Until after the event
Monthly budget sheets - Keeping track of spending
1 year
Monthly stat sheets - Break down of all costs incurred on a monthly basis
1 year
RB Contact details - To request training venues
Until superseded
Registers of the Update Service Events - To identify who attended the events
7 years delete
RTP - RTP for trains/hotel/car since 2010
6 years delete
Training Interest sheet - For staff to input their training interests
Until superseded
Training Material/Presentations - Used to train signatories
Until superseded
Training Schedule - To plan the training teams availability
Until date has passed
Travel confirmations - Location of the trainers
Until date has passed
Update Service feedback - Analysis of the success of the event
7 years delete
Venue details - Location of a venue for trainers and delegates
Until after the event
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 72 of 89
8.1.20 Security
Records Advisor:
Document Type Retention Period
Access assurance checks -Audit Purpose
3 months
Audit Reports & Recommendations 6 years delete
Capita Documents - E-mails - reports -service reviews
6 years from end of PPP
CD Request form -Records requests of information burnt to CD
1 year
Compliance check documents -Provides evidence when compiling breach reports
3 months
Contract re-let 6 years
Dual Access reports -To monitor access to the CRM system
1 year
E-mail monitoring reports /evidence -Audit Purpose
1 year
HR leavers reports -Ensures that staff records are maintained accurately
1 year
Pass Application -To monitor staff access to the building
1 year
Pen Test (ITHC) Results Lifetime of the system
RISK -Agency -Capita
Until superseded 6 years from end of PPP
Risk Management Accreditation Document Set (RMADS)
1 year past secure disposal of system
Security Correspondence
4 years
Security Incident folder -Provides information relating to incidents
7 years
Security Incident Investigations 7 years
Security Incident Log 7 years
Security Procedures Until superseded
Security Working Group 4 years
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 73 of 89
Document Type Retention Period
- Agenda
- Minutes
- RISK
Staff Departure forms -Ensures that staff records are maintained accurately
1 year
TCS 6 years from end of PPP
Team meeting minutes 12 months
Temp pass report -To record information taken from the CRM system
3 months
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 74 of 89
8.1.21 Standards and Compliance Unit
Records Advisors:
Document Type Retention Period
Compliance Visits documentation -Compliance Reports for individual LPF visits - Details of Findings and corrective action -Compliance Findings for all forces -Compliance Cases selected for each individual LPF visit -Compliance Letters informing the LPF of the upcoming visit
4 years delete
Support Visits documentation -Support Visit Reports - Details of Minutes/Findings and any necessary corrective action if applicable
4 years delete
Audit Trail Documents -Library of each LPF's current searching methods
2 years delete
Guidance and information sent to LPF Forces -Best Practice documents -Judicial Review transcript -E-mails – Enquiries -E-mails - Circulars
4 year after being superseded 2 years delete 4 years delete 4 year after being superseded
QAF Documents -Method Products and Guidance
7 years after being superseded
Travel / Finance records -Budget Records
6 years after the financial year
SLA Documents -Service Level Agreements Reports -Service Level Agreements Calculation Figures
3 years from expiry 3 years from expiry
Visit Schedule -SCU Team's compliance regime schedule
1 year after the end of the current visit schedule
Projects -Recommendation 6c Pilot Results
2 year maximum after the
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 75 of 89
end of the project
Templates -SCU Compliance Template letters
1 year after being superseded
Procedures -SCU Team Procedures
1 year after being superseded
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 76 of 89
8.1.22 Communications
Records Advisor:
Document Type Retention Period
Languages - PDFs containing the guide to complete the
application form in different languages: Arabic Bengali Chinese Gujarati Hindi Punjabi
Urdu
2 years after withdrawal
Analytics - Website user stats
3 years delete
Bus Publn - Business publications such as the financial budgets
for customer services, KPI stats, annual reports and other publications
10 years delete
Business Link - To store documents relevant to the Business Link
site
3 years delete
Circulars - To store circulars, circular and global index and
templates
2 years after issue
Conferences - This is to store all relevant information from past
conferences, staff briefings and contacts for future events.
3 years delete
Consltn - Consultative group responsibilities
2 years delete
Contacts - Useful contacts regarding the intranet
Until superseded
Contracts - DBS TV, Research, Website
2 years REVIEW post contract termination
Convergence - Project documents, Risks, Board Meetings, Online
Forms and Testing documents.
3 years delete
Corp ID - Guidelines, images, logo and branded goods documents.
2 years after withdrawal
CSSC info 2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 77 of 89
- Update Service information
Customer Correspondence - Customer Services
3 years delete
DBS Blog - Vince Gaskell Blog Documents
2 years delete
DBS TV - Information regarding DBS TV
2 years delete
DBS Values - DBS values information
2 years from when superseded
Direct Gov - To store documents relevant to Direct gov
3 years delete
FAQs - This folder contains previous FAQ documents
2 years from when superseded
Finance - Contains budget spreadsheet from 2005
7 years delete
FURLS - Friendly URL guidance
2 years after withdrawal
Guidance To store website guidance for different sectors of the website
2 years after withdrawal
HO - To store documents relevant to the Home Office site
3 years delete
Horizon - Set up of Horizon / Intranet
3 years delete
Instrs - Contains instructions for team members on how to
perform various roles on the Comms team.
When superseded
Intranet - Documents relating to Horizon / CRM Intranet
3 years delete
Investors in People - Information on Investors in People
2 years delete
Literature - Contains various „how to‟ guides in various formats
eg Easy Read, large print.
2 years post withdrawal
Mgt Round Up Papers - SMT Papers
2 years delete
Mtg - This stores all meeting documents such as minutes
and delegate information for a wide range of meetings in customer services
2 years delete
Org Charts - Store organisation charts for all DBS departments.
2 years after withdrawal
Org Dev - DBS Org Development information
2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 78 of 89
Perf - Web server performance documents
3 years delete
Posters - Store all posters regarding Communications
2 years after issue
Press & Media - To store press lines, press enquiries, media briefs,
briefings and press cuttings relating to the DBS. - FAQs
3 years delete 3 years delete
Projs - ISA / VBS Specific projects
2 years delete
Redweb - Hosting costs for DBS Domains
7 years delete
Ref Material - Work Orders
7 years delete
Research - Research Programmes
10 years delete
RTPs - This folder contains previous and current request for
purchase forms that have been processed since 2010
6 years delete
Single Domain - Correspondence and content documents
2 years delete
Speaking Engagements - Presentation of speaking engagement
3 years delete
Staff Suggestion Scheme - Letters, database and guidance regarding the staff
suggestion scheme.
3 years delete
Subms - Parliamentary submissions
2 years delete
Team Brief - Team brief articles and versions from 2006
2 years after issue
Teams - Record of all teams that might have an input to the
intranet
10 years delete
Templates - This stores all templates for documents used by
Communications, such as circulars, globals, letters, presentations and logos.
When superseded
UB - Umbrella body guidance
2 years after withdrawal
Updates - To store correspondence regarding website updates
2 years delete
Visits - Store all guidance for visits and VIP tours including
photographs and biographies
2 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 79 of 89
Web Comms - Communication information and charges to the
website etc
2 years delete
Website Domain Names
- To store correspondence regarding domain names
2 years from domain name expiry
Welsh - To store guidance and relevant Welsh documents
2 years after withdrawal
Welsh - Translations and Policy documents
2 years after withdrawal
Work Orders - LN, Memos and Work Orders
7 years delete
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 80 of 89
9.0 Operational Barring
9.1 Operational Barring hold Barring information both in paper form within case files and electronically on a system called „uCRM‟.
9.1.1 At present the following Data Retention Champions from Barring Operations oversee the retention process for Barring casework:
**NAMES REDACTED AND WITHELD UNDER SECTION 40(2)**
9.1.2 There are six trigger points for the retention of operational Barring information whether case files or uCRM records. Trigger points require action by DBS Barring function to ensure that information is retained in accordance with appropriate legislation, particularly the Data Protection Act 1998 and Human Rights Act. 9.1.3 The six types of trigger points are:
Initial Review Trigger;
Subsequent Review Trigger;
Clear Period Review Trigger;
Statutory/Prescribed Trigger;
Update Trigger;
Report of Death Trigger.
9.2 Initial Review Trigger Process
9.2.1 Where statutory or prescribed retention periods do not exist for information, information will be reviewed in accordance with the Initial Review Trigger Process. Therefore, the Initial Review Trigger Process applies only to operational information, particularly case files and electronic records or any other media in which case information may be held. 9.2.2 When all work has ceased on a case file and the final decision has been made whether to bar or not to bar an individual, the Initial Review Trigger Process will be completed. The purpose of the Initial Review Trigger Process is to ensure that all information that is not used in DBS Barring Decision Making Process, and would not be used to demonstrate any patterns of behaviour which would lead to safeguarding concerns for future referrals is removed from the file prior to long-term retention.
9.2.3 Where DBS Barring has NOT barred an individual from working with children or vulnerable adults, all information must be reviewed to identify any safeguarding concerns and retained if necessary and maintained for the periods outlined in Appendix One. Unused information / material may be reviewed and disposed of in accordance with the protective marking of the information
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 81 of 89
9.3 Subsequent Review Trigger Process
9.3.1 Subsequent Review Triggers apply to operational case files where new substantial safeguarding information has been received which may have an impact on the Barring decision. This will restart the retention review period applied at the Initial Review e.g. If further substantial safeguarding information comes in which may affect the original Barring decision i.e. Review/Appeal
9.4 Clear Period Trigger Review Process
9.4.1 The Clear Period Trigger Review Process will be activated when no activity has taken place on a file for the periods outlined in Appendix One. 9.4.2 For the purposes of retention, a clear period is the length of time since the last activity on a file, e.g. assessing safeguarding information to identify if a bar is required or an appeal or review has been received. Where new information (not safeguarding information) in relation to nominal details about an individual has come to light, e.g. change of name, address, contact details or occupation, the Update Trigger Review Process will be initiated. Update Triggers do not count towards clear periods and the Clear Period Trigger remains unchanged. 9.4.3 Where DBS Barring has barred an individual from working with children and/or vulnerable adults, upon reaching the Clear Period Trigger, the information must be assessed to ensure that it is accurate, relevant and proportionate to retain the information. Used material will be required to be retained where a Barring decision stands to support the evidence of DBS Barring Decision Making and in case of requests for reviews of Barring decisions. 9.4.4 Any unused material held on the electronic system must also be reviewed and justified if further retention is necessary. 9.4.5 Where information has been retained for non-Barring decisions, the decision behind the continued retention of information is in some ways more significant than that of information held for Barring decisions. Where DBS Barring has barred an individual, information used to support the Barring decision is more easily justified as long as the Barring decision continues. However, where DBS Barring has not barred an individual, the continued retention of the information following the clear period is harder to justify if no further information on the individual has come to light. 9.4.6 When carrying out a Clear Period Trigger Review, the reviewer must consider the age of the information and the lack of any further contact for the period outlined in Appendix One. This is of particular significance for unused material for Barring decisions and for all information held for non barred cases
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 82 of 89
9.5 Statutory/Prescribed Trigger Process
9.5.1 Where a statutory/prescribed retention period exists for information, information will be retained for the period identified in the table 10.0. Information will not be held by DBS Barring for any period longer than that identified unless there is a continued need to hold the information and it may be justified. The Statutory/Prescribed Trigger Process relates to information held in all DBS Barring files.
9.6 Update Trigger Process
9.6.1 Where additional safeguarding information about an individual is received, which may impact on a previous Barring decision, this would not be part of the Update Trigger Process. An appeal or review of an individual‟s file would also not form part of the Update Trigger.
9.7 Report of Death Trigger
9.7.1 Where personal or sensitive personal data is being processed, there is the possibility that DBS Barring may receive a report of death of an individual. Ultimately the only method of establishing identity of an individual is through the use of fingerprint identification. However it is acknowledged that fingerprint identification will only be available in a very small number of cases. Reports of death are more likely to be received through information gathering processes or by reports from a family member. 9.7.2 The Data Protection Act 1998 only relates to “living individuals”. Where a report is received that an individual has died, their personal information (sensitive or otherwise) is no longer subject to the Data Protection Act. While this is the case, certain records such case files hold information about more than one individual. Staff must remember that while the individual of a file may no longer be subject to the Act, information relating to other individuals will still be subject to the legislative requirements. 9.7.3 Although personal data relating to a deceased individual is not governed by the requirements of the Data Protection Act 1998, this information should be treated as if the information were still subject to the Act, especially in terms of confidentiality and security.
9.8 Disposal of Information
9.8.1 The recording of the disposal of information is critical to ensuring an audit trail is maintained. Audit trails may be used to identify if information has been disposed of incorrectly or to validate the non-retention of information subject to Freedom of Information or Subject Access requests 9.8.2 Whenever information is destroyed, a record must be retained of what information has been destroyed, the method of destruction and details of the staff who destroyed and witnessed the disposal of the information
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 83 of 89
9.8.3 Records of destruction may be held electronically or in paper records. 9.8.4 Where Initial or Clear Period Trigger Reviews have been used to identify information for destruction, the electronic copy of the RACDF held on uCRM should validate the entry on the Disposal Register. 9.8.5 Where information has been disposed of in accordance with a Statutory/Prescribed Period Trigger, a record is retained on the Retention Assessment Criteria Decision Form (RADCF) and as an entry in the destruction register. 9.8.6 Copies of the Destruction Register will be retained by DBS Barring for a period not exceeding 100 years.
10.0 Barring Operational Data
Document Type Retention Period
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 84 of 89
Bar Information - Case Files uCRM Record (see 6.10.3 for mandatory information that must be kept) This category of information possesses the highest possible risk of harm to the public and in compliance with SVGA 2006 Regulations 2008/16.
Retain for life of bar plus 10 years or until the individual has reached 100 years of age (whichever is sooner). Review every 10 years to ensure adequacy and necessity of information.
General Team Information Minutes of meetings contact information
12 months delete
Policies/Procedures- I GAP Delete 10 years after superseded
Non Bar Decisions - Case Files uCRM Record This category of information may be used to indicate patterns of behaviour which are not proven or immediately obvious in the initial referral.
Review after an initial 10 year clear period. If information has been identified as having potential to show pattern for future referrals, retain and review every 10 years. Destroy if review cannot justify the continued retention of the information.
Review / Appeals – DBS Barring Decision Upheld
See Adult & Child Bar Information above
Review / Appeals – DBS Barring Decision Not Upheld
See Non Bar Decisions (Adult & Child) above
Deceased Cases Destroy 7 years after confirmation of Death is received
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 85 of 89
10.1.1 SVGA 2006 (Barred List Prescribed Information) Regulations 2008/16
Other information DBS must keep in respect of an individual included in a barred list.
The descriptions of information set out in regulations 3 and 4 are prescribed as other information that the DBS must keep in respect of an individual who is included on a barred list.
Regulation 3
The information prescribed by this regulation is the following information related to the identity of the individual and provided to the IBB:
(a) any alternative names and aliases of the individual;
(b) the individual's date and place of birth;
(c) the address of the individual;
(d) all information on any monitoring application submitted by the individual;
(e) the unique identification number accorded to the monitoring application or referral to the IBB in respect of the individual;
(f) the Police National Computer identification number relating to the individual;
(g) the DBS disclosure number relating to the monitoring application or the referral to the IBB in respect of the individual;
(h) the national insurance number of the individual; and
(i) all additional information relating to the identity of the individual.
Regulation 4
The information prescribed by this regulation is the following information related to the DBS's functions:
(a) the date of the individual's inclusion on the barred list;
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 86 of 89
(b) all information provided to the DBS which it considers relevant to the decision of whether or not the individual should be barred;
(c) any information provided to the DBS by keepers of relevant registers or supervisory authorities in accordance with sections 41 (Registers: duty to refer) and 45 (Supervisory authorities: duty to refer) of the Safeguarding Vulnerable Groups Act 2006;
(d) relevant police information provided to the DBS but which the DBS must not take account of for the purpose of deciding whether or not the individual should be barred, in accordance with paragraph 19(5) and (6) to Schedule 3 of the Safeguarding Vulnerable Groups Act 2006 (information which the chief officer of a relevant police force thinks that it would not be in the interests of the prevention or detection of crime to disclose to the individual);
(e) the reasons for the DBS's decision to bar the individual, including any findings of fact made by the IBB giving rise to that decision;
(f) any information provided to the DBS, including representations made to it by the individual, which the DBS considers might be relevant to any subsequent appeal or review; and
(g) the outcome of any such appeal or review and any information provided to or held by the DBS following such proceedings, including any findings of fact.
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 87 of 89
11.0 Appendix B - Abbreviations
BAG Business Agreement
BCP Business Continuity Plan
BIU Business Integrity Unit
BSI British Standards Institute
BTAT Business Transition Assurance Team
CAF Countersignatory Application Form
CAPA Corrective and Preventative Action
CEO Chief Executives Office
CFP Corporate File plan
CoCo Code of Conduct Agreement
CPT Capacity Planning Tool
CRM Customer Relationship Management System
Csig Counter Signatory
DBS Disclosure and Barring Service
DBS Barring Barring Arm of Disclosure and Barring Service DBS Disclosure Disclosure arm of Disclosure and Barring Service DFE Department for Education & Skills DHB Discrimination Harassment & Bullying DoSD Director of Service Delivery DPA Data Protection Act DQD Data Quality Dispute DSE Display Screen Equipment DVLA Driving Vehicle Licensing Authority DWH Data Warehouse Ebulk Deed Deed
EDV Equality Diversity Values
ET Executive Team
FAQ Frequently Asked Questions
FOI Freedom of Information
FURLS Friendly URL Guidance
HMRC Her Majestys Revenue & Custom
HO Home Office
HODS Home Office Disability Service
HOF Head of Function
HOW Home Office Women
HR Human Resources
IAA Information Assurance Agreement
IAO Information Asset Owner
IAP Ineligible Application Process
IAR Information Asset Register
IB Investment Board
ICO Information Commissioners Office
ISO International Organisation of Standardisation
JCNC Joint Negotiation Consultative Committee
NOT PROTECTIVELY MARKED
Data Retention Policy v1.0 Page 88 of 89
LPF Local Police Force
MAC Management Assurance Calendar
MIS Management Information Systems
MoU Memorandum of Understanding NCA National Crime Agency
OGD Other Government Department
PCoE Procurement Centre of Excellence
PDR Personal Development Review
PES Policy Equality Statements
PID Project Implementation Document
PMO Project Management Office
PNC Police National Computer
POISE Home Office system which contains the DBS Corporate file plan
POVA Protection of Vulnerable Adults
PPP Public Private Partnership
PSS Performance Service Standard
PVM Police Volume Management QAF Quality Assurance Framework
RACDF Retention Assessment Criteria Decision Form
RAF Registration Application Form
RAG Red Amber Green
RAs Records Advisors
RB Registered Body
RCP Registration Cancellation Programme
RDG Race Gender Disability
RFI Request for Improvement
RTP Request to purchase
SCD Supporting Compliance Document
SCS Senior Civil Service
SCU Standards & Compliance Unit
SDAT Strategic Diversity Action Team
SDUAT Service Delivery User Assurance Team
SLA Service level Agreement
SMT Senior Management Team
SOCA Serious Organised Crime Authority
SSN Staff Support Network
SSns Staff Support Networks
TCS Tata Consultancy Services
TLO Training Liaison Officer
TNA The National Archives
ToR Terms of Reference
UB Umbrella Body
uCRM Updated Case Records Management System
UKBA United Kingdom Border Agency
VER Voluntary Early Release
WMT Work management Team