Progress Update Review - East Lothian Council and Licensing Board

Home
Publications
Progress Update Review - East Lothian Council and Licensing Board

Share this page

Click here to share this page on Facebook. Click here to share this page on LinkedIn. Click here to share this page on X (formerly known as Twitter).

Contents

Public Records (Scotland) Act 2011
Progress Update Review (PUR) Mechanism
Executive Summary
Authority Background
Assessment Process
Progress Update Review (PUR): East Lothian Council and Licensing Board
The Public Records (Scotland) Act Assessment Team’s Summary
The Public Records (Scotland) Act Assessment Team’s Evaluation

1. Public Records (Scotland) Act 2011

The Public Records (Scotland) Act 2011 (the Act) received Royal Assent on 20 April 2011. It is the first new public records legislation in Scotland since 1937 and came into force on 1 January 2013. Its primary aim is to promote efficient and accountable record keeping by named Scottish public authorities.

The Act has its origins in The Historical Abuse Systemic Review: Residential Schools and Children’s Homes in Scotland 1950-1995 (The Shaw Report) published in 2007. The Shaw Report recorded how its investigations were hampered by poor recordkeeping and found that thousands of records had been created, but were then lost due to an inadequate legislative framework and poor records management. Crucially, it demonstrated how former residents of children’s homes were denied access to information about their formative years. The Shaw Report demonstrated that management of records in all formats (paper and electronic) is not just a bureaucratic process, but central to good governance and should not be ignored. A follow-up review of public records legislation by the Keeper of the Records of Scotland (the Keeper) found further evidence of poor records management across the public sector. This resulted in the passage of the Act by the Scottish Parliament in March 2011.

The Act requires a named authority to prepare and implement a records management plan (RMP) which must set out proper arrangements for the management of its records. A plan must clearly describe the way the authority cares for the records that it creates, in any format, whilst carrying out its business activities. The RMP must be agreed with the Keeper and regularly reviewed.

2. Progress Update Review (PUR) Mechanism

Under section 5(1) & (2) of the Act the Keeper may only require a review of an authority’s agreed RMP to be undertaken not earlier than five years after the date on which the authority’s RMP was last agreed. Regardless of whether an authority has successfully achieved its goals identified in its RMP or continues to work towards them, the minimum period of five years before the Keeper can require a review of a RMP does not allow for continuous progress to be captured and recognised.

The success of the Act to date is attributable to a large degree to meaningful communication between the Keeper, the Assessment Team, and named public authorities. Consultation with Key Contacts has highlighted the desirability of a mechanism to facilitate regular, constructive dialogue between stakeholders and the Assessment Team. Many authorities have themselves recognised that such regular communication is necessary to keep their agreed plans up to date following inevitable organisational change. Following meetings between authorities and the Assessment Team, a reporting mechanism through which progress and local initiatives can be acknowledged and reviewed by the Assessment Team was proposed. Key Contacts have expressed the hope that through submission of regular updates, the momentum generated by the Act can continue to be sustained at all levels within authorities.

The PUR self-assessment review mechanism was developed in collaboration with stakeholders and was formally announced in the Keeper’s Annual Report published on 12 August 2016. The completion of the PUR process enables authorities to be credited for the progress they are effecting and to receive constructive advice concerning on-going developments. Engaging with this mechanism will not only maintain the spirit of the Act by encouraging senior management to recognise the need for good records management practices, but will also help authorities comply with their statutory obligation under section 5(1)(a) of the Act to keep their RMP under review.

3. Executive Summary

This Report sets out the findings of the Public Records (Scotland) Act 2011 (the Act) Assessment Team’s consideration of the Progress Update template submitted for East Lothian Council and Licensing Board. The outcome of the assessment and relevant feedback can be found under sections 6 – 8.

4. Authority Background

East Lothian borders the City of Edinburgh, Midlothian and the Scottish Borders. Its administrative centre is Haddington, although its largest town is Musselburgh.

The council area was created in 1996, replacing the East Lothian district of the Lothian region. The district had been created in 1975 under the Local Government (Scotland) Act 1973, consisting of the old county of East Lothian plus the burghs of Musselburgh and Inveresk, which until then had been in the county of Midlothian.

https://www.eastlothian.gov.uk/

Licensing is the responsibility of licensing boards under powers contained in the Licensing (Scotland) Act 2005. Local licensing boards have wide discretion to determine appropriate licensing arrangements according to local needs and circumstances and their own legal advice. Each local government area must have a licensing board. East Lothian Licensing Board consists of 6 Board members.

https://www.eastlothian.gov.uk/info/210571/licensing/12804/licensing

5. Assessment Process

A PUR submission is evaluated by the Act’s Assessment Team. The self-assessment process invites authorities to complete a template and send it to the Assessment Team one year after the date of agreement of its RMP and every year thereafter. The self-assessment template highlights where an authority’s plan achieved agreement on an improvement basis and invites updates under those ‘Amber’ elements. However, it also provides an opportunity for authorities not simply to report on progress against improvements, but to comment on any new initiatives, highlight innovations, or record changes to existing arrangements under those elements that had attracted an initial ‘Green’ score in their original RMP submission.

The assessment report considers statements made by an authority under the elements of its agreed Plan that included improvement models. It reflects any changes and/or progress made towards achieving full compliance in those areas where agreement under improvement was made in the Keeper’s Assessment Report of their RMP. The PUR assessment report also considers statements of further progress made in elements already compliant under the Act.

Engagement with the PUR mechanism for assessment cannot alter the Keeper’s Assessment Report of an authority’s agreed RMP or any RAG assessment within it. Instead the PUR Final Report records the Assessment Team’s evaluation of the submission and its opinion on the progress being made by the authority since agreeing its RMP. The team’s assessment provides an informal indication of what marking an authority could expect should it submit a revised RMP to the Keeper under the Act, although such assessment is made without prejudice to the Keeper’s right to adopt a different marking at that stage.

Key

Green

The Assessment Team agrees this element of an authority’s plan.

Amber

The Assessment Team agrees this element of an authority’s progress update submission as an ‘improvement model’. This means that they are convinced of the authority’s commitment to closing a gap in provision. They will request that they are updated as work on this element progresses.

Red

There is a serious gap in provision for this element with no clear explanation of how this will be addressed. The Assessment Team may choose to notify the Keeper on this basis.

6. Progress Update Review (PUR): East Lothian Council and Licensing Board

Element 1: Senior Officer

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

Update required on any change.

The Council officer holding Senior Management responsibility for the Records Management Plan is now Morag Ferguson, Head of Corporate Support, mferguson@eastlothian.gov.uk.

The Assessment Team thanks you for this update which has been noted. Update required on any change.

The Council officer holding Senior Management responsibility for the Records Management Plan will change from June 2024 due to the imminent retirement of the current senior officer. The Council will inform the Keeper’s Assessment Team of the name of the new senior officer (Head of Corporate Support) once in post.

For the time being all correspondence should be addressed to the named officer under Element 2 and to Carlo Grilli, Service Manager-Governance (cgrilli@eastlothian.gov.uk; 01620 827770)

Thank you for this update which is gratefully received. We have noted Mr Grilli’s details and look forward to hearing from you when the new Head of Corporate Support in in place.

Element 2: Records Manager

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

Update required on any change.

Zarya Rathé has resumed her post as Team Manager-Information Governance (and Data Protection Officer).

Thank you for this update which has been noted. Update required on any future change.

There has been no change to the named officer under Element 2.

Thank you for letting us know that there have been no changes to this Element. Update required on any future change.

Element 3: Policy

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

Update required on any change.

Formal review of the Council’s RMP has slowed since the activation of the Council’s Business Continuity measures in March 2020, which limited activities to business-critical operations only. While these measures currently remain in effect, the Council is now looking toward recovery and we expect to progress toward our aim of developing and re-submitting a fresh RMP to the Keeper for assessment in the coming year. Formal review and approval of an up-to-date Information and Records Management Policy will be included in that process.

The Council is also in the early stages of developing an Information Transformation Strategy to address the holistic management of Council information across formats, systems and platforms. The Strategy will underpin the Council’s Digital Strategy and Business Transformation agendas; we aim to complete this early in 2023, dependent on completion of the Digital Strategy, expected around the end of 2022.

The Council's Information Governance team is also in the process of reviewing and updating its suite of Records Management and Archives guidance which is published on the Council Intranet.

Supporting evidence:
• Report presented to the Council's Policy and Performance Review Committee regarding progression of the RMP;
• Briefing Note re: Information Transformation Strategy

Thank you for letting the Assessment Team know that that the Records Management Plan (RMP) review process has slowed down due to the impact of the pandemic and the prioritisation of business-critical operations.

The receipt of evidence provided is acknowledged with thanks. The Report on the RMP progression, in particular, highlights East Lothian Council and LB’s commitment to complying with PRSA, and it is hoped this results in a robust RMP submission for The Keeper’s assessment. The Information Transformation Strategy and the review of guidance for staff will positively contribute to this process.

See also Element 13.

Compliance with the Council’s Information and Records Management Policy was last reported to Committee in March 2024 as part of the Information Governance Annual Report. Please see Element 13 below.

Thank you for this update on regular Information and Records management Policy compliance reporting. It is reassuring to hear that a RM policy remains operational and in place.

Element 4: Business Classification

Status:

5 January 2015 - agreed plan - Amber
1 November 2022 - review - Amber
11 February 2025 - review - Amber

The Keeper would like to know when this survey is complete and potentially view the ‘targeted plan for implementation of classification scheme.’

The Keeper requests that he is kept informed on the development of the proposal and that he may view the outcome of the “EDRMS Review” planned for 2015. He would be especially interested in information regarding any alternative solution should the CIVICA proposal be rejected.

The RMP indicates that a restructuring of paper file store ‘may’ be undertaken. The Keeper will be interested to know what decision is taken regarding this.

The Keeper agrees this element of the submitted RMP under ‘Improvement Model’ terms. This means that he is convinced that East Lothian Council has made a firm commitment to restructure their hybrid document management systems around their published business classification but requires to be updated as the project progresses.

The Council is currently undertaking an Asset Review project, addressing the consolidation of the Council estate in line with changing ways of working. To support the closure and re-allocation of office space, the Council's Information Governance team is supporting individual Services via a series of mini-Record Audits, addressing the extent of paper records held in offices and identifying anticipated needs in terms of retention, storage and scanning. As part of this process, Services are also being encouraged to set up and enforce agreed File Plans in line with refreshed guidance and tied to the Council’s BCS (see below).

The Council has also continued to progress development of its Information Asset Register via an ongoing series of workshops with individual Service areas. As part of these workshops, Services are asked to review their record holdings against the BCS and Retention Schedule and link individual Information Assets to the appropriate entries on the BCS/Retention Schedule (and/or develop new entries/retention rules as required in conjunction with the Information Governance team).

File Naming and File Planning guidance has recently been updated and distributed to Services which are currently participating in the Asset Review project. This will be made available to all staff via the Council Intranet shortly.

Supporting evidence:
• Sample Record Audit questionnaire;
• Sample IAR entries;
• File Naming Guidelines;
• File Planning Principles

Update in October 2022: We would not characterise the BCS as fully implemented at this stage. Since our initial PUR submission in April, we have since taken a decision to replace use of the LGCS with use of the inherent BCS in the SCA BCS/RRS model Retention Schedules, and to update our Retention Schedule in line with revision schedule for the national model Schedules which are currently under review by the Scottish Council on Archives, with ongoing engagement with local authorities to be facilitated by a dedicated SCARRS Sub-group within the Archivists of Local Authorities Working Group (ASLAWG) which has been recently established. There will need to be updates made accordingly to the Council’s existing Information Asset Register entries.

The Assessment Team thanks you for this update on the ongoing Asset Review project and the mini- Record Audits. It is also positive to hear that File Plan guidance has been updated and Services encouraged (although, it is noted, not required) to use these as they tie into the Council’s Business Classification.

The development of the Information Asset Register, and how this ties up with the BCS, is also noted with thanks.

Thank you for submitting supporting evidence, the receipt of which is acknowledged.

Whilst progress has been made, this Element remains at Amber as the work continues. The Team look forward to a more comprehensive indication of the authority’s position in the planned voluntary RMP resubmission.

Comments on further update: The Assessment Team is grateful for the clarification provided. It is good to hear of the changed approach to BCS.

The Council has concluded Phase 1 of the Asset Review project with record audits concluded in relation to Services affected by Phase 1.

Development of the Council’s Information Asset Register (‘IAR’) has continued in line with its agreed schedule of 4 workshops per annum. The IAR lists key metadata against information assets including ‘record classification’ which corresponds to the Council’s combined Business Classification Scheme / Records Retention Schedule derived from the Scottish Council on Archives Records Retention Schedules (‘SCARRS’).

The Council has purchased Microsoft 365 E5 licenses which allow for a high degree of control over the application of business classification metadata and retention labels to digital documents within the SharePoint environment. Work is still in its early stages to determine the plan for roll-out of M365 across the Council. Three members of the Council’s Information Governance team are members of the core M365 project team, including the Council’s Element 2 Officer named above, and it is expected that the application of classification and retention metadata will be a key baseline component of the Council’s implementation. Work is also being done to explore using the features within SharePoint to inform and facilitate the development of the Information Asset Register and data flow mapping.

The Council’s Intranet guidance for all staff regarding Records Management has been updated. Work is underway to use compliance software MetaCompliance to embed training and awareness regarding records management in all Council Service areas.

The Assessment Team thanks you for this update on the progressing Asset Review project. The continuing embedding of the Information Asset Register through workshops is also noted with thanks.

This Element remains at Amber while work on M365 implementation continues. It is clear from this update, however, that East Lothian Council and Licensing Board are evidencing gradual progress in terms of business classification, particularly in light of ongoing move to M365.

The Assessment Team look forward to being updated on progress in subsequent PURs.

Element 5: Retention schedule

Status:

5 January 2015 - agreed plan - Amber
1 November 2022 - review - Amber
11 February 2025 - review - Amber

Please refer to comments against element 4. […]

As with the Business Classification Scheme, a project is in place to impose these retention decisions on the hybrid record systems currently operating. This project is commencing with a full survey of the Council’s service areas. The target date for completion of this project is 2018. The Keeper requires East Lothian Council to keep him up-to-date on progress.

The Keeper agrees this element of the submitted RMP under ‘Improvement Model’ terms. This means that he is convinced that East Lothian Council has made a firm commitment to apply their published retention schedule. He requires to be updated as the project progresses.

Updates and revisions to the Retention Schedule continue, with particular focus on areas affected by the Asset Review over the next 6 months.

Records disposal modules have been introduced in systems used by Revenues/Benefits, HR/Payroll and Housing, although further work continues to be required to address application of retention rules to digital records across Council systems.

As the Information Asset Register develops, the Council is looking at use of the IAR as a tool for addressing regular review of information assets with reference to the Retention Schedule. It should be noted that this is currently in an exploratory phase and has not yet been formally adopted.

Thank you for this update regarding ongoing work on updating and revising the Retention Schedule. This is a key element in the practical implementation of records retention procedures, and allows for organisation-wide, consistent application of rules.

The update mentions digital records retention rules and indicates that electronic records retention procedures are not fully in place. This is a cause for concern as the proportion of digital records over paper records has, as a general trend, been gradually increasing every year.

Thank you also for informing the Assessment Team of the exploratory project of using the IAR as a tool to address regular review of information assets.

This Element will remain at Amber as the improvements requested by the Keeper have not yet been implemented. We look forward to hearing more about this in the upcoming voluntary RMP resubmission.

Updates to the Council’s Retention Schedule are now made on a rolling monthly basis.

All teams with Information Asset Registers in place are advised to use the ‘Date of last review’ field within the IAR to record the review of records for disposal on a regular basis.

Going forward, and in line with the implementation of OneDrive and SharePoint throughout the Council, the primary means of applying retention rules and disposition actions to digital records will be through the governance features within M365. It is intended that SharePoint will replace the use of shared drives, and efforts will be made to streamline the use of business applications and ultimately reduce the number of standalone applications in use across the Council.

Thank you for providing us with this update on ongoing OneDrive and SharePoint implementation, and how IAR and Retention Schedules are used to support this work.

It is understood that embedding M365 will take time, it is also clear that steps are being taken to ensure that the appropriate automated retention scheduling scripts will be in place from the get-go.

This Element will remain at Amber while the work continues. The situation has evolved significantly since 2015, and it is positive to see solid gradual progress.

Element 6: Destruction arrangements

Status:

5 January 2015 - agreed plan - Amber
1 November 2022 - review - Amber
11 February 2025 - review - Amber

The Council is planning to set protocols for use of internal shredders. The Keeper requests sight of these protocols when they are available. […]

There is an acknowledgement that the irretrievable destruction of records held electronically is problematic. The Council has instigated an approved action plan to address this. The RMP (page 8) explains how the destruction of electronic records occurs currently (where it does) and provides a statement regarding the current thinking of how the process will work once the retention schedules are properly imposed. The Keeper accepts that the Council has properly identified a gap in provision and has appropriate mechanisms in place to close that gap.

The Keeper agrees this element of the Council’s plan on Improvement Model terms and requires to be updated as the project discussed under elements 4, 5 and 11 progresses.

The Council’s arrangements for the destruction of paper records, including the engagement of external Suppliers of document management services, are currently under review. As part of the Information Transformation Strategy, we intend to set the future aims and direction for paper records management with consideration for the changing use of the Council estate and the recent introduction of a new Home Working Policy and associated provisions.

There have been no significant changes to the Council’s provisions for electronic destructions, however work is planned regarding the implementation of EDRMS and exploring use of the Information Asset Register as another tool for managing destructions across formats.

The Assessment Team thanks you for this update on records destruction arrangements. It is acknowledged that the Council’s arrangements with regard to paper records are currently under review.

It is noted that records destruction of electronic records remains unchanged.

The Team would like to remind East Lothian Council and Licensing Board that the implementation of EDRMS will also have major implications on the records destruction procedures, as well as Elements 4, 5 and 11.

It appears work continues. This Element will remain at Amber until this has been completed, but the implementation of EDRMS may require that approach to this Element’s practical implementation is reconsidered.

As noted above in relation to Elements 4 and 5, the implementation of M365 will address the destruction of digital records in the SharePoint and OneDrive environments, which will replace the use of shared and personal drives.

Work is ongoing to procure an external document management Supplier to provide paper records storage, retrieval, scanning and destruction services in relation to all of the Council’s paper records in the longer term. For the time being, the Council has engaged Oasis Group to provide these services in relation to any new paper files transferred out of Council offices. Regarding older records holdings, the Council continues to operate its own external records store pending transfer to the Preferred Supplier identified by the procurement process.

Work is ongoing to identify options for the destruction of paper records in Council offices going forward. While the amount of paper records generated by the Council is decreasing as Council business becomes increasingly digital, the Council recognises that there will always remain a certain level of information that continues to be processed in paper format, and appropriate procedures for secure destruction of these records will continue to be required.

The Assessment Team agrees that the M365 implementation will have a positive impact on how this Element’s requirements are met in the long term. The retiral of shared and personal drives is a gradual process that, it appears, East Lothian Council and LB are undertaking in a measured and planned way.

Thank you also for the update on outsourcing document management services. The Assessment Team encourages ELC & LB to ensure that records to be retained for permanent preservation in the archives are not getting lost in the process, and that appropriate destruction logs continue to be kept for records entered into longer-term storage by a third party.

Thank you also for indicating that procedures are developed for secure paper records destruction in Council Offices.

This Element will remain at Amber as work continues.

Element 7: Archiving and transfer

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

The Keeper requests the two new documents (Acquisitions Policy & Transfer Procedures) planned relating to the management of archival material are forwarded to him when appropriate.

No change, but Digital Preservation will be included as a key component of the Information Transformation Strategy.

Thank you for letting the Assessment Team know that there have been no major changes to East Lothian Council and Licensing Board’s archiving and transfer arrangements. That focus on digital preservation as a key component of the Information and Transformation Strategy is also noted with thanks.

In December 2022 the Council created a new post within the Information Governance team with a remit for digital preservation.

An assessment of the Council’s digital preservation maturity was undertaken in August 2023 using the Digital Preservation Coalition’s Rapid Assessment Model. The Assessment put the Council at the level of 1 – Awareness or 2 – Basic in all areas, and we have identified target levels of 2 – Basic and 3 – Managed to be achieved by August 2024.

One of the targets identified by the assessment was the creation of a new Digital Preservation Policy to set out the Council’s approach to digital preservation and align it with wider Council Strategies. That Policy has been drafted and approved by the Element 1 Officer.

A Digital Assets Register has been created to identify digital content already within the custody of the Council’s Archives Service. Metadata requirements have been identified but are not yet fully utilised, and DROID software is now in use to check content on ingest.

Work has also been done to procure relevant equipment to support the preservation of digital records in cooperation with the Council’s IT department.

Thank you for sharing this positive update on ongoing digital preservation work with the Assessment Team. It is understood that archiving and transfer arrangements with the chosen repository remain formalised and functional.

Element 8: Information security

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

The Keeper requests the two new documents (Acquisitions Policy & Transfer Procedures) planned relating to the management of archival material are forwarded to him when appropriate.

Updates are in progress to the Council’s IT Acceptable Use Policy, which is expected to be finalised and implemented imminently.

Thank you for this update on the IT Acceptable Use Policy review. This is one of a suite of documents that will assist East Lothian Council and LB keep adequate procedures in place to protect their records against unauthorised access, alteration, destruction, or removal of records, and the Team trusts that other policies, including the Information Security Policy, are regularly reviewed and kept up to date.

The Council’s IT Acceptable Use Policy has been updated in is now in use.

The Council’s IT Security and Information Governance teams are working together to develop the Council’s use of MetaCompliance software to promote training, awareness and compliance across the Council.

Element 9: Data protection and element 14: Shared information

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

The Keeper requests that he is provided with the Board’s registration number when it becomes available.

East Lothian Council and Licensing Board have opted to consider both of these Elements together under Element 9.
On Shared Information (Element 14), update is required on any change.

Updates to policies, procedures and templates have been progressed to reflect that, following Brexit, personal data processing in the UK is now governed by the UK GDPR. Existing templates for Data Sharing Agreements, Data Protection Impact Assessments and wording within the Council’s standard Terms and Conditions are also under review with reference to national and regional frameworks.

Update in October 2022: The Council’s template Data Sharing Agreements have been updated as required since the approval of East Lothian Council’s RMP in 2015. The most significant changes to existing templates were in 2018 to bring these in line with the requirements of the Data Protection Act 2018 and the GDPR. Relevant updates have continued to be made, for example to reflect the implementation of the UK GDPR following the UK’s withdrawal from the EU. The total number of Data Sharing Agreements in place for the Council’s routine data sharing activities has significantly increased since 2015 and in particular since May 2018 when the Data Protection Act 2018 / GDPR came into effect.

Thank you for this update on ensuring that policies and templates reflect the most recent legislative framework in place. This is a key requirement under Element 9.

Regarding Element 14, the Team assumes no changes to existing Data Sharing Agreements have taken place, and that these Agreements are being kept up to date and relevant for their purpose.

Comments on further update: Thank you for taking the time to confirm that Data Sharing Agreement templates have been updated.

The Council’s updated Data Protection Policy was approved by Cabinet on 14 May 2024.

Review of the Council’s Standard Terms and Conditions has been completed with new wording inserted relating to Data Protection and the management of Public Records. This wording has also been adapted for Controller-Controller data sharing agreements.

Standard waiting times for the processing of Data Protection Impact Assessments and Data Sharing Agreements have been reduced, with these processes under continuous review for improvement.

As noted above in relation to Element 8, the Council is developing the use of MetaCompliance software to promote training, awareness and compliance in relation to data protection, information security and records management.

The Assessment Team appreciates this update on Data Protection and Shared Information procedures in place. It is reassuring to hear that policies are bring kept up to date, and that reviews are being undertaken when pertinent to reflect changes. We also note the use of software to ensure compliance, awareness and training are promoted.

Element 10: Business continuity and vital records

Status:

5 January 2015 - agreed plan - Amber
1 November 2022 - review - Green
11 February 2025 - review - Green

[T]he Council is currently developing service level Continuity Plans. The local approach is a sensible one. These should be available, at least in part, by early 2015. The Keeper requires the Council to send a sample, redacted if necessary, of these when they are completed. […]

The Keeper is happy to agree this element of East Lothian’s RMP under ‘Improvement Model’ terms. This means that he convinced that the Council intends to develop business continuity plans for its service areas and has explained a coherent strategy to enable this to be done.

No change.

Update in October 2022: The current ongoing record audits are linked to the Council’s Asset Review programme, through which Council buildings are being cleared and re-purposed as more flexible working spaces. While this programme was and is not directly driven by the Council’s pandemic response, it has certainly grown and accelerated due to the changes to ways of working that were catalysed by the pandemic. A new Home Working Policy, for example, was introduced in April 2022, allowing employees to apply for contractual working-from-home arrangements, which has and will continue to reduce demand on office space, as well as introducing new challenges regarding records management and information security/data protection. Guidance on working safely from home while protecting personal information and managing records properly was developed near the start of the pandemic, and will continue to evolve in line with the preparation of the Council’s second Records Management Plan.

Our Business Continuity software was used throughout the pandemic as well as an ongoing spreadsheet detailing where each service was at as regards BC. The BC software provide invaluable and was used by CMT to get a picture of the Council’s BC response. Services which remain in BC mode remain invoked on the software. The only review would be to update all BC SPoCs [Single Points of Contact] on use of the software.

Thank you for letting the Assessment Team know there have been no major updates to Business Continuity arrangements. However, as this is the first update following the pandemic, the Team would have liked to hear how the authority’s business continuity processes fared during the disruption, and if any reviews to these are planned as a result.

Under Element 4, the Council and Licensing Board noted that mini Record Audits were taking place, ‘addressing the extent of paper records held in offices and identifying anticipated needs in terms of retention, storage and scanning.’ The Team would be interested to clarify if these records relate to changed ways of working during the pandemic, or if this action is taking place as business as usual.

Comments on further update: The Assessment Team is grateful for this clarification, and further information on Business Continuity Arrangements

The Council continues to expand the use of its business continuity software to identify and manage risk across Council Services.

Information compliance risks (including risks relating to records management) are discussed quarterly at cross-service Linking Risks meetings as well as meetings of the Corporate Risk Management Group of which the named officers at Element 1 and Element 2 are regularly attending members.

Services completing the Information Asset Register are required to rate all information assets at one of the following levels:

• Vital Records-Council: if access to these records is compromised, this would cause failure of core Council functions
• Vital records-Service: if access to these records is compromised, this would cause failure at the Service level but not for the entire Council
• Not vital: unavailability of these records would not have a significant impact on Council functions at the Service or corporate levels.

Vital records are also identified within individual business continuity plans maintained by Council Service areas via the business continuity software.

Element 10 stipulates that records recovery, prioritising vital records, is an integral part of the authority’s business continuity planning.

This detailed update on business continuity arrangements, particularly with regard to vital records, is greatly appreciated. The Team has no specific concerns regarding this Element.

Element 11: Audit trail

Status:

5 January 2015 - agreed plan - Amber
1 November 2022 - review - Amber
11 February 2025 - review - Amber

Please refer to comments against element 4.

As explained under element 4 above, East Lothian Council operate several electronic systems within different service areas as well as shared drives and paper records. A programme is underway to investigate the possibility of greater centralised control of the records held in these systems. This programme has been initiated by surveying current holdings at a local level. […]

It is likely that considerable work will be required to properly account for records held on shared drives even where local practices have been formalised. […]

The Keeper can agree this element on ‘Improvement Model’ terms. This means that he is convinced that tighter oversight of record location and of version control will result from the project set out in the approved Action Plan. As with elements 4 and 5 above he requests that he is kept up-to-date with the project as it progresses.

As part of the Asset Review, the Council is taking steps to standardise the metadata applied to paper records and to enhance file tracking through the engagement of an external contractor.

Control of digital records is continuing to develop as staff identify information flows via the Information Asset Register.

The Keeper will expect authorities to maintain a complete and accurate representation of all changes that occur in relation to a particular records. This includes changes to the record’s location, both in relation to analogue and digital records.

Any records transferred to the Council’s external contractor are barcoded at box level and tracked throughout their lifecyle, including any retrievals/returns to and from Council offices.

Testing is currently underway of the use of Teams channels (and associated SharePoint sites) for the storage and use of records and information within individual Service areas. Any documents stored in channels have full version control in line with the controls applied to SharePoint sites. The Council’s M365 Project Team is in the initial stages of getting to understand the full audit functionality and how audit reports will best generated and managed in this environment.

OneDrive has also now been rolled out to all Council staff for the storage and management of ‘personal work-related records’, for example records relating to each employee’s contract of employment, leave and sickness recording and monitoring, etc. As with SharePoint, the M365 Project Team is still exploring the full audit functionality within OneDrive.

In the longer term, the roll-out of SharePoint will replace the Council’s shared drives and bring with it improvements to audit and tracking of access, modification and destruction of digital records.

Thank you for this reassuring update regarding ELC’s use of an external contractor for longer-term storage purposes.

It is also great to hear that the authority is actively working on gaining full audit functionality for M365, including Teams Channels and the underlying SharePoint environment, as well as OneDrive. Moving away from shared drive environments will result in a single-platform approach, but the Team recognises that this will take time to implement carefully.

This Element will remain at Amber while these activities are ongoing.
The Assessment Team looks forward to being updated on further progress.

Element 12: Competency framework

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Green
11 February 2025 - review - Green

Update required on any change.

No change.

It is important that staff training requirements are reviewed regularly as systems or way of working (e.g. working from home) change so that staff continue to be adequately supported in their adherence to the authority’s RMP.

Update required on any change.

The Council has created a new post of Team Leader-Information Governance who reports to the named Element 2 Officer (Team Manager-Information Governance) and directly manages the Council’s Information Officers-Archives and Records. The Team Leader supports the delivery of archives and records management services and deputises for the Team Manager on matters relating to data protection.

The Council is in the process of agreeing a training contract to support the Team Leader in completing CPD courses in Archives and Records Management at CAIS, University of Dundee.

Thank you for updating the PRSA Assessment Team on the relevant staff structures. It is also great to hear that the new Team Leader will be supported through CPD through formal archives and records management training courses.

Element 13: Assessment and review

Status:

5 January 2015 - agreed plan - Green
1 November 2022 - review - Amber
11 February 2025 - review - Green

The Keeper requests that if any changes result from the review he is provided with the updated version.

The Keeper would be interested in the results of the Data Protection Health Check, if appropriate.

No change.

East Lothian Council and Licensing Board should be commended for their regular participation in the PUR process (in 2016, 2017, 2019 and 2022).

While no update has been given here regarding Element 13, Element 3 suggests that the pandemic-related delays have caused significant delay to the regular review and update process of the RMP and some adjacent policies.

This Element has been changed from Green to Amber to indicate that the authority has not been able to keep focus on this Element while resource has been redeployed due to the pandemic. We acknowledge, however, that they are taking active steps to rectify this.

As of February 2023, the Council’s progress in relation to its Records Management Plan is reported annually to the Audit and Governance Committee in the form of its Information Governance Annual Report.

This report addresses the Council’s compliance with regulatory regimes relating to Data Protection, Information and Records Management, and the Regulation of Investigatory Powers. The Council has completed two such reports at the time of submission of this PUR update, with the most recent presented to the Committee in March 2024.

As set out above, updates and reviews have been undertaken of many of the policies, procedures and projects cited within the Records Management Plan.

Element 4/5 – the Council’s BCS/Retention Schedule undergoes regular monthly updates in consultation with Services and the Information Governance team.

Element 7 – A number of existing archives Policies have been updated, and new Policies drafted, including:

• Digital Preservation Policy;
• Reviewed Collections Management Policy;
• Access Policy;
• Reviewed Accession Form

Element 8 – the IT Acceptable Use Policy has been reviewed and updated.

Element 9 – the Data Protection Policy has been reviewed and updated, with the changes approved by Cabinet in May 2024.

Section 1(5)(i)(a) of the Act says that an authority must keep its RMP under review. The update and review of policies supporting the Records Management Plan also contribute towards this Element, but it is important to gauge whether the Records Management Plan itself remains fit for purpose in light of the continually-evolving public sector records management landscape. The Team understands that this Plan has been ‘kept under review’ – as well as used for progress reporting – since then via the Information Governance Annual Reporting cycle.

This Element has been turned back to Green to indicate that processes are in place to keep the RMP under review and relevant.

Continuing regular participation in the PUR process is commended.

Element 14: Shared information

See element 9. East Lothian Council and Licensing Board have opted to consider both of these Elements together under Element 9.

7. The Public Records (Scotland) Act Assessment Team’s Summary

Version

The progress update submission which has been assessed is the one received by the Assessment Team on 26th June 2024. The progress update was submitted by Zarya Rathé, Team Manager – Information Governance and Data Protection Officer.

The progress update submission makes it clear that it is a submission for East Lothian Council and Licensing Board.

The Assessment Team has reviewed East Lothian Council and Licensing Board’s Progress Update submission and agrees that the proper record management arrangements outlined by the various elements in the authority’s plan continue to be properly considered. The Assessment Team commends this authority’s efforts to keep its Records Management Plan under review.

General Comments

East Lothian Council and Licensing Board continues to take its records management obligations seriously and is working to bring all elements into full compliance.

Section 5(2) of the Public Records (Scotland) Act 2011 provides the Keeper of the Records of Scotland (the Keeper) with authority to revisit an agreed plan only after five years has elapsed since the date of agreement. Section 5(6) allows authorities to revise their agreed plan at any time and resubmit this for the Keeper’s agreement. The Act does not require authorities to provide regular updates against progress. The Keeper, however, encourages such updates.

The Keeper cannot change the status of elements formally agreed under a voluntary submission, but he can use such submissions to indicate how he might now regard this status should the authority choose to resubmit its plan under section (5)(6) of the Act.

8. The Public Records (Scotland) Act Assessment Team’s Evaluation

Based on the progress update assessment the Assessment Team considers that East Lothian Council and Licensing Board continue to take their statutory obligations seriously and are working hard to bring all the elements of their records management arrangements into full compliance with the Act and fulfil the Keeper’s expectations.

The Assessment Team recommends authorities consider publishing PUR assessment reports on their websites as an example of continued good practice both within individual authorities and across the sector. This report follows the Public Records (Scotland) Act Assessment Team’s review carried out by

Iida Saarinen
Public Records Officer

File downloads

NRS Public Records (Scotland) Act (PRSA) East Lothian Council And Licensing Board Progress Update Review (PUR) 2024 Final Report Web Version 11 February 2025

File type: PDF,
File size: 357.67 KB

Was this page helpful? *

Yes

Yes, but

Your comments