Home
Publications
Progress Update Review - South of Scotland Enterprise

Progress Update Reviews Records and archives

Progress Update Review - South of Scotland Enterprise

Date published: 07 April 2025

Share this page

Click here to share this page on Facebook. Click here to share this page on LinkedIn. Click here to share this page on X (formerly known as Twitter).

Contents

Public Records (Scotland) Act 2011
Progress Update Review (PUR) Mechanism
Executive Summary
Authority Background
Assessment Process
Progress Update Review (PUR): South of Scotland Enterprise
The Public Records (Scotland) Act Assessment Team’s Summary
The Public Records (Scotland) Act Assessment Team’s Evaluation

1. Public Records (Scotland) Act 2011

The Public Records (Scotland) Act 2011 (the Act) received Royal Assent on 20 April 2011. It is the first new public records legislation in Scotland since 1937 and came into force on 1 January 2013. Its primary aim is to promote efficient and accountable record keeping by named Scottish public authorities.

The Act has its origins in The Historical Abuse Systemic Review: Residential Schools and Children’s Homes in Scotland 1950-1995 (The Shaw Report) published in 2007. The Shaw Report recorded how its investigations were hampered by poor recordkeeping and found that thousands of records had been created, but were then lost due to an inadequate legislative framework and poor records management. Crucially, it demonstrated how former residents of children’s homes were denied access to information about their formative years. The Shaw Report demonstrated that management of records in all formats (paper and electronic) is not just a bureaucratic process, but central to good governance and should not be ignored. A follow-up review of public records legislation by the Keeper of the Records of Scotland (the Keeper) found further evidence of poor records management across the public sector. This resulted in the passage of the Act by the Scottish Parliament in March 2011.

The Act requires a named authority to prepare and implement a records management plan (RMP) which must set out proper arrangements for the management of its records. A plan must clearly describe the way the authority cares for the records that it creates, in any format, whilst carrying out its business activities. The RMP must be agreed with the Keeper and regularly reviewed.

2. Progress Update Review (PUR) Mechanism

Under section 5(1) & (2) of the Act the Keeper may only require a review of an authority’s agreed RMP to be undertaken not earlier than five years after the date on which the authority’s RMP was last agreed. Regardless of whether an authority has successfully achieved its goals identified in its RMP or continues to work towards them, the minimum period of five years before the Keeper can require a review of a RMP does not allow for continuous progress to be captured and recognised.

The success of the Act to date is attributable to a large degree to meaningful communication between the Keeper, the Assessment Team, and named public authorities. Consultation with Key Contacts has highlighted the desirability of a mechanism to facilitate regular, constructive dialogue between stakeholders and the Assessment Team. Many authorities have themselves recognised that such regular communication is necessary to keep their agreed plans up to date following inevitable organisational change. Following meetings between authorities and the Assessment Team, a reporting mechanism through which progress and local initiatives can be acknowledged and reviewed by the Assessment Team was proposed. Key Contacts have expressed the hope that through submission of regular updates, the momentum generated by the Act can continue to be sustained at all levels within authorities.

The PUR self-assessment review mechanism was developed in collaboration with stakeholders and was formally announced in the Keeper’s Annual Report published on 12 August 2016. The completion of the PUR process enables authorities to be credited for the progress they are effecting and to receive constructive advice concerning on-going developments. Engaging with this mechanism will not only maintain the spirit of the Act by encouraging senior management to recognise the need for good records management practices, but will also help authorities comply with their statutory obligation under section 5(1)(a) of the Act to keep their RMP under review.

3. Executive Summary

This Report sets out the findings of the Public Records (Scotland) Act 2011 (the Act) Assessment Team’s consideration of the Progress Update template submitted for South of Scotland Enterprise. The outcome of the assessment and relevant feedback can be found under sections 6 – 8.

4. Authority Background

South of Scotland Enterprise (also known as SOSE) launched officially on 1 April 2020 as the Economic and Community Development Agency for Dumfries and Galloway and Scottish Borders.

SOSE was established by the Scottish Government “in recognition of the unique circumstances of the South of Scotland, and the need for a fresh approach to drive inclusive growth across the area.”

The South of Scotland Enterprise Act 2019 was passed by Scottish Parliament in June 2019 and provides the SOSE legal framework:

https://www.southofscotlandenterprise.com/media/1159/south-of-scotland-enterprise-interim-framework-document.pdf

https://www.southofscotlandenterprise.com/

5. Assessment Process

A PUR submission is evaluated by the Act’s Assessment Team. The self-assessment process invites authorities to complete a template and send it to the Assessment Team one year after the date of agreement of its RMP and every year thereafter. The self-assessment template highlights where an authority’s plan achieved agreement on an improvement basis and invites updates under those ‘Amber’ elements. However, it also provides an opportunity for authorities not simply to report on progress against improvements, but to comment on any new initiatives, highlight innovations, or record changes to existing arrangements under those elements that had attracted an initial ‘Green’ score in their original RMP submission.

The assessment report considers statements made by an authority under the elements of its agreed Plan that included improvement models. It reflects any changes and/or progress made towards achieving full compliance in those areas where agreement under improvement was made in the Keeper’s Assessment Report of their RMP. The PUR assessment report also considers statements of further progress made in elements already compliant under the Act.

Engagement with the PUR mechanism for assessment cannot alter the Keeper’s Assessment Report of an authority’s agreed RMP or any RAG assessment within it. Instead the PUR Final Report records the Assessment Team’s evaluation of the submission and its opinion on the progress being made by the authority since agreeing its RMP. The team’s assessment provides an informal indication of what marking an authority could expect should it submit a revised RMP to the Keeper under the Act, although such assessment is made without prejudice to the Keeper’s right to adopt a different marking at that stage.

Key

Green

The Assessment Team agrees this element of an authority’s plan.

Amber

The Assessment Team agrees this element of an authority’s progress update submission as an ‘improvement model’. This means that they are convinced of the authority’s commitment to closing a gap in provision. They will request that they are updated as work on this element progresses.

Red

There is a serious gap in provision for this element with no clear explanation of how this will be addressed. The Assessment Team may choose to notify the Keeper on this basis.

6. Progress Update Review (PUR): South of Scotland Enterprise

Element 1: Senior Officer

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

Update required on any change.

Self-assessment update - 26 September 2023

Show this section

Responsible Lead Executive continues as Anthony Daye, Executive Director of Finance and Corporate Resources.
AD agreed as SIRO August 2023.

Progress review - 4 April 2024

Show this section

The Assessment Team thanks you for letting us know that the person named under Element 1 has not changed.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Responsible Lead Executive changed to Allan Harrow as interim Executive Director of Finance and Corporate Resources which includes role as SIRO from 15th January 2024 (see evidence 1a).

Progress update review - 14 March 2025

Show this section

Thank you for this Senior Responsible Officer update which has been noted.

Element 2: Records Manager

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

Update required on any change.

Self-assessment update - 26 September 2023

Show this section

Recruitment underway for a new post of ‘Records Management Executive’.

DPO, Governance and Assurance Manager, Maureen Malone continues as the responsible officer for records management.
MM and TD completed RM training and Practitioner Certificate.

Progress review - 4 April 2024

Show this section

Thank you for letting the Assessment Team know that there have been no changes to the person responsible for day-to-day records management at SOSE.

It is great to hear that a new Records Management Executive post was also being recruited at the time of the submission. The Team acknowledges the receipt of a job description with thanks. The Team has appropriately been notified that since November, David Dolan is in post as SOSE Records Management Executive.

For comments on training, see Element 12.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Position has not changed.

Progress update review - 14 March 2025

Show this section

Thank you for letting the Assessment Team know that there have been no changes to this Element. Update required on any future change.

Element 3: Policy

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

Update required on any change.

Self-assessment update - 26 September 2023

Show this section

Records Management Policy in place and current and on Hub Intranet. Due for next review May 2024.

Progress review - 4 April 2024

Show this section

Records Management Policy Reviewed, Approved, and uploaded to SOSE Hub – next Review May 2026 (see evidence 3a, 3b).

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Thank you for confirming that a Records Management Policy remains in place, and that this has a regular review schedule. We note that the next review is due in May 2024.

Progress update review -14 March 2025

Show this section

Thank you for this update on keeping the Records Management Policy up to date which has been noted. Update required on any change.

Element 4: Business Classification

Status:

8 June 2022 - agreed plan - Amber
4 April 2024 - review - Amber
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

[The] text of the RMP (for example at page 8) makes it clear that this is an area of development for the authority and the IAR will be expanded to include all SOSE’s information assets. The RMP states under future developments: “Once the business classification scheme has been integrated into the information asset register, this will be a key tool for ongoing improvement of public record keeping and information asset management across SOSE, including the classification of all records and other information assets against the business. Further work is needed to rationalise the business classification elements in the SOSE Data Retention Schedule and M365 document library retention label register, to create a single, controlled business classification scheme, integrated in the Data Retention Schedule and information asset register. This work will be undertaken in consultation with Information Asset Owners.” The Keeper agrees these actions and particularly commends the involvement of local business area information asset owners (see Local Records Management under General Comments below) in developments affecting their records.

Self-assessment update - 26 September 2023

Show this section

A functional BCS has been developed as has an IAR, and SOSE has begun the process of verifying the contents of the IAR with the relevant business teams. This includes identifying Information Asset Owners as well as the Information Asset Custodians and putting in place an appropriate governance framework. SOSE has also named a SIRO to support this work. It is intended to have this work completed by the end of this calendar year.

The BCS will be integrated into record keeping at SOSE although it has yet to be decided exactly how this will be incorporated at SOSE to ensure there is maximum benefit: it will help inform decisions around any new filing structure as well as keywords and, as part of the ongoing work for this year, we will be looking at options such as the use of the TermStore within SharePoint.

Progress review - 4 April 2024

Show this section

The Assessment team is grateful for this update on Business Classification Scheme and Information Asset Register development. This is a significant step towards completing the improvement actions identified in the Keeper’s Assessment Report.

The Assessment Team confirms that the work to verify the IAR contents and identifying Information Asset Owners and Custodians, and establishing a robust governance framework, has now been completed as scheduled.

The Team understands that the gradual incorporation of the BCS into day-to-day recordkeeping is still ongoing.

This Element will remain at Amber while work on fully embedding the BCS continues. The Team looks forward to updates on progress in this Element in future PURs.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Business Classification Scheme is included in the Information Asset Register which is now embedded within SOSE (see evidence 4a, 4m).

Information Asset Owner Information session held 13/02/2024 covering role and responsibilities of IAO (see evidence 4b, 4c).

Information Asset Custodian sessions held May to July covering role and responsibilities of IAC (see evidence 4d, 4e, 4f, 4g).

Further Sessions held with Information Asset Custodians on the Information Asset Register in July. This included reviewing the current assets identified and IACs to confirm details held on current assets and identify and record new assets (see evidence 4h, 4i, 4j, 4k).

Information Asset Register now available to colleagues on SOSE Hub (see evidence 4l).

Progress update review - 14 March 2025

Show this section

The Assessment Team notes that SOSE now has a functional Business Classification Scheme, integrated into the Information Asset Register. This has also been fully embedded into day-to-day operations.

It is good to hear SOSE has provided information sessions to both Information Asset Owners and Custodians.

The Assessment also notes that it has received the evidence documents provided with thanks.

This Element has been turned from Amber to Green to indicate that SOSE has now closed the gap identified by the Keeper at the time of the Records Management Plan (RMP) Agreement in 2022. While the original element will remain at Amber until a formal resubmission takes place, a Green PUR status indicates progress has been made and that the authority is well-placed to obtain a Green RMP status under this Element upon formal resubmission.

Element 5: Retention schedule

Status:

8 June 2022 - agreed plan - Amber
4 April 2024 - review - Amber
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

A draft version of the DRS has been shared with the Keeper and he agrees that it is an appropriate arrangement for recording the allocation of retention decisions to record type. The Keeper understands that this draft will be combined with the authority’s Business Classification Scheme (in development) to create an expanded Information Asset Register. The Keeper agrees this action. A single point of reference will be a strong business tool for the authority. […]

The Keeper agrees this element of the South of Scotland Enterprise Records Management Plan on ‘improvement model’ terms. This means that the authority has identified a gap in provision (the retention schedule would be improved by combining it with the ‘business classification scheme’) and has put processes in place to close that gap. The Keeper’s agreement is conditional on his being updated as the project progresses.

Self-assessment update - 26 September 2023

Show this section

Retention Policy in place and labels applied by IT to folders under ownership of requestor.

DRS has been reviewed by independent adviser (TKM).

As highlighted above, good progress has been made with the information asset register and it is envisaged that the next phase will involve the review of retention periods as the IAOs and IACs begin to take on their roles. Where necessary, labels within SharePoint will be updated and SOSE will begin to monitor the application of labels and destruction of information. There is also a highly controlled process in place for the creation of new Teams sites, which includes applying retention labels at the point of team creation.

Progress review - 4 April 2024

Show this section

Thank you for this update on Destruction and Retention Schedule arrangements. It is good to hear that a Retention policy is in place, that labelling is in use, and that the DRS has been reviewed by an independent adviser. It is also reassuring to hear that SOSE has given due consideration to the controlled creation and disposal of MS Teams sites.

As reported also under Element 4, it is clear that SOSE has made good progress on the IAR, but that work remains to be done. The next steps for this are noted with thanks.

This Element will remain at Amber as the work continues.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Retention schedules are intrinsically linked to SharePoint management and protocols.

Sessions held with IACs on Retention Schedules, the Owners of Teams areas, and the technical administration elements of SharePoint/Teams Sites – IT delivered sessions with all Team Owners in June. (See evidence 5a, 5b. Also, evidence 6a and 6b relate.)

The IAR also identifies Records for Permanent Retention (see evidence 5c).

Training and awareness sessions for Information Asset Custodians highlights the need for records that are prompted for review that they may be subject to a requirement for permanent retention and IAOs and IACs require to check with the Information Governance team and the IAR during review

IACs have been informed as part of their training to consult with the Records Management Executive when retention labels prompt review of any documents to ensure that the retention schedule (within the IAR) is applied.

Progress update review - 14 March 2025

Show this section

The Assessment Team thanks you for this update on retention schedule arrangements.

The Assessment also notes that it has received the evidence documents provided with thanks.

This Element has been turned from Amber to Green to reflect the progress made. A Green PUR status indicates that the authority is well-placed to obtain a Green RMP status under this Element upon formal resubmission.

Element 6: Destruction arrangements

Status:

8 June 2022 - agreed plan - Amber
4 April 2024 - review - Amber
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

The M365 system […] provides the Governance and Assurance Manager with detailed reports regarding viewing, modifying, and deletion of records. However, SOSE state in their RMP (page 11): “Further work needs to be done to develop more detailed disposition procedures and controls for SharePoint and other M365 workloads as part of the future development work... This will include the disposition review process and production of records of disposal, where proof of destruction is required.” The Keeper agrees that arrangements for the destruction of public records should be ingrained in the structuring developments explained at element 4. […]

The Keeper agrees this element of the South of Scotland Enterprise Records Management Plan under ‘improvement model terms’. This means that the authority has identified a gap in provision (the disposition processes are not satisfactorily embedded in a structure – because that structure is itself under development), but have put processes in place to close that gap. The Keeper’s agreement is conditional on his being updated as the project progresses (see comments regarding the PUR mechanism under element 4).

Self-assessment update - 26 September 2023

Show this section

This remains outstanding although will be addressed at the same time as the review of retention labels and their application throughout the file structure.

It remains the case that disposition will be managed by M365 and it is an ideal time to revisit and prioritise this work given how long SOSE has now been in existence.

Disposition will either use existing functionality within labels (requiring review), or it will be managed through some kind of workflow to ensure that approval for disposal is appropriately captured.

Progress review - 4 April 2024

Show this section

The Assessment Team acknowledges that work on Element 6, alongside Elements 4 and 5, is ongoing, while the BCS and IAR are being fully embedded and whilst M365/SharePoint is being implemented. While some aspects of the future destruction arrangements are still under development, this Element remains at Amber.

The Assessment Team looks forward to updates on progress in future PUR submissions.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Training carried out by IT to all SharePoint/Team Owners on destruction arrangements March/May.

SharePoint Team Owners have been given briefings on retention labels and Owners respond to retention label and disposition (destruction arrangements) emails and review

The guidance is also available on our Intranet (Hub) (see evidence 6a, 6b, 6c, 6d, 6e, 6f, 6g).

Trigger emails are received by all Team Owners requesting they perform a Disposition Review on Records under their ownership when review required (see evidence 6f).

Progress update review - 14 March 2025

Show this section

As with Elements 4 and 5, the progress under this Element is noted with thanks. The receipt of the evidence documents provided is noted. It is understood that SOSE now has an embedded records destruction system in place, including staff guidance.

This Element has been turned from Amber to Green, indicating that the authority is well-placed to obtain a Green RMP status under this Element upon formal resubmission.

Element 7: Archiving and transfer

Status:

8 June 2022 - agreed plan - Amber
4 April 2024 - review - Amber
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

SOSE and NRS have yet to formally agree a Deposit Agreement. The RMP explains (page 13): “SOSE intends to enter into an agreement with the NRS for the transfer of records of enduring value to the NRS for permanent preservation. As part of this process, once it has been agreed which types of records will require to be transferred to the NRS, all relevant SOSE policy and procedure documents will be updated to reflect this.”

The Keeper acknowledges that he has been provided with a copy of an e-mail to the NRS Client Managers to initialise the deposit agreement process.

The Keeper agrees this element of the South of Scotland Enterprise Records Management Plan under ‘improvement model’ terms. This means that the authority has identified a gap in provision (a formal agreement with NRS has yet to be established), but have committed to closing that gap. The Keeper’s agreement is conditional on his being updated on progress.

Self-assessment update - 26 September 2023

Show this section

Request sent to NRS for archiving.
Neil Miller at NRS noted Claire Sillick would contact us.

SOSE is currently in the process of getting a Transfer Agreement in place with NRS.

Progress review - 4 April 2024

Show this section

The Assessment Team appreciates this update on continuing work to formally agree a Deposit Agreement with National Records of Scotland. This work is essential in order to permanently retain, appropriately preserve, and made accessible records that have enduring value.

This Element remains at Amber while work on a formal Agreement continues. We look forward to updates on this in future PURs.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Formally agreed a Deposit Agreement with NRS (see evidence 7a, 7b, 5c, 7d).

Progress update review - 14 March 2025

Show this section

Thank you for letting the Team know that a formal Deposit Agreement with NRS is now in place.

The receipt of the evidence documents provided is noted with thanks.

This Element has been turned from Amber to Green to reflect the good progress made by SOSE. A Green PUR status indicates that the authority is well-placed to obtain a Green RMP status under this Element upon formal resubmission.

Element 8: Information security

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

The Using SOSE IT Equipment and Systems Policy provides instruction on how to report information security incidents. The Keeper recognises that this policy is under review at the time of his assessment. He would be pleased to receive an updated version when available in order that he may keep the SOSE submission up-to-date.

The Using SOSE IT Equipment and Systems Policy will be supplemented and supported by a suite of other information security policies and guidance some of which were in draft format at time of submission. The Keeper acknowledges he has been provided with draft versions of the SOSE:

Information Classification Guide
Handling Classified Information Guide (April 2020)
Information Classification Handling Policy.

These documents will provide a valuable addition to the authority’s information security framework and the Keeper would appreciate being provided with an updated version of all three (and any further information security documents that might be created) as they become available.

Self-assessment update - 26 September 2023

Show this section

Using SOSE IT Equipment and Systems Policy was updated and approved in August 2022. Next review due August 2024.

Reviewed and updated to include taking equipment abroad following an incident of lost/stolen SOSE laptop.

Information Security Classification is included in the IAR.

We are in the process of condensing the three documents into one Policy and to align to the BCS.

Plan in SOSE to update Policies to include AI - use and risks .e.g. LLM (large language model) and Generative e.g. in marketing and comms.

Work is ongoing through EIS Partnership to scope and plan for Sensitivity Labels.

Cyber Essentials Plus re-certification confirmed September 2023.

DR/BCP contract in place.

Progress review - 4 April 2024

Show this section

Thank you for confirming that the Using SOSE IT Equipment and Systems Policy has now been updated. It is reassuring that incidents are followed by learning, and necessary updates in policy and practices.

It is also good to hear that the Information Asset Register includes Information Security Classification. That work is ongoing to scope and plan for sensitivity label implementation is also good to hear.

Thank you for letting the Assessment Team know that there has been a change in approach regarding the three policies named in the Keeper’s Agreement Report (Information Classification Guide, Handling Classified Information Guide and Information Classification Handling Policy). It is good to hear that SOSE is no longer updating these versions, but is working to combine the scope of these policies into a single policy that aligns with the Business Classification Scheme. The Team looks forward to sight of this new, combined Information Classification Policy when it has been formalised and becomes available.

Thank you for confirming that SOSE retains its Cyber Essentials Plus re-certification. While not a requirement, this is positive indication of ongoing focus on information security.

For comments on business continuity arrangements, see Element 10.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Position remains the same as previous PUR.

Progress update review - 14 March 2025

Show this section

Thank you for letting us know that there have been no major updates under this Element. Update required on any future change.

Element 9: Data protection and element 14: Shared information

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

The Data Protection Policy has “review date 1st April 2021”. However, the Keeper has been informed separately (May 2022) that, due to structural changes in the authority, this review has been delayed pending a major rewrite. He would appreciate being provided with the updated version when available in order that he may keep the SOSE submission up to date.

Self-assessment update - 26 September 2023

Show this section

The Data Protection Policy was extensively updated earlier this year, which has now been approved. The next review due May 2025.

A copy of the current policy is attached.

SOSE also undertook a data protection review earlier in the year which highlighted areas of good practice as well as areas that would benefit from further development. A copy of the review report is attached.

DP Practitioner Certificates achieved for Governance Team members.

Progress review - 4 April 2024

Show this section

Many thanks for this update on Data Protection policy update. The receipt of this is acknowledged, alongside the Data Protection Review Report. It is good to hear that a data protection review has taken place. The Assessment Team is grateful for being kept up to date, and that SOSE is planning improvements based on this.

Thank you for letting us know that Data Protection Practitioners’ training has also been completed by Governance Team members. This is very positive.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Position remains the same as previous PUR.

Progress update review - 14 March 2025

Show this section

Update required on any future change.

Element 10: Business continuity and vital records

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

Update required on any change.

Self-assessment update - 26 September 2023

Show this section

SOSE has comprehensive policies and procedures in place to ensure business continuity and for use following any incident that could potentially impact peoples’ working environment.

We now have third party off-site secure back-up for O365 applications data.

Progress review - 4 April 2024

Show this section

Thank you for this update confirming that SOSE has robust policies and procedures in place to ensure business continuity in the face of an unexpected event. Thank you also for letting us know that an off-site, third-party secure backup of O365 applications data is in place.

As reported under Element 8, it is reassuring to hear that Disaster Recovery and Business Continuity planning is in place. The Team notes this has been contracted out to a third party.

Update required on any future change.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

BCP steering group created in April 2024 led by Risk Assurance Officer/ Sponsored by Director of F&CR.

BCP Specialist Certificate of the Business Continuity Institute achieved in August 2024 achieved by Risk Assurance Officer.

Progress update review - 14 March 2025

Show this section

Thank you for this positive update on SOSE’s business continuity arrangements.

Element 11: Audit trail

Status:

8 June 2022 - agreed plan - Amber
4 April 2024 - review - Amber
14 March 2025 - review - Green

Keeper's Report -8 June 2022

Show this section

Digital The vast majority of the public records of SOSE are managed on the M365 system. This system has a powerful search facility that allows a user to track all records across the various applications using a variety of search criteria. The efficiency of the search facility relies on consistent naming of documents as they are saved to the system. The M365 system automatically manages version control. The M365 system also provides the Governance and Assurance Manager with detailed reports regarding viewing, modifying, and deletion of records.

However, in order to efficiently use the search functionality mentioned above, it is essential that records are consistently named and this responsibility falls to the creator. It is important therefore that naming conventions are put in place for all SOSE staff. As noted above, SOSE commit to adopting “controlled vocabularies to aid information search and retrieval” in their Records Management Policy. The Keeper has been provided with evidence showing that SOSE understand this and that there is a M365 Naming Conventions policy document currently at the v0.2 draft stage (May 2022). The Keeper requires an approved version as soon as it becomes available. He would expect this to be issued to staff in the next year and suggests that an approved version of the M365 naming conventions document might be supplied using the PUR process (see element 4 for more on PUR).

The Keeper agrees this element of the South of Scotland Enterprise Records Management Plan under improvement model terms awaiting evidence that SOSE ensure their staff are correctly naming public records in order that they can be located and that staff can be confident that the located record is the correct version.

Self-assessment update - 26 September 2023

Show this section

SOSE has implemented a policy on naming conventions since RMP submission and has also worked with other system projects such as MySOSE to ensure that the naming convention is integrated wherever possible. The naming conventions policy is attached.

Controlled vocabularies will also be considered by SOSE as part of the work on the BCS and consideration of the TermStore.

Progress review - 4 April 2024

Show this section

Thank you for letting us know that a Naming Conventions Policy has been implemented. The Team has received a copy alongside the PUR submission with thanks. This is a great first step in making digital public records more easily discoverable.

The Team understand that SOSE continues to work to ensure that the policy is consistently implemented, that version control is in place, and that controlled vocabularies will be considered.

If SOSE is content that work on this Element is still ongoing, this Element will remain at Amber. The Assessment Team look forward to progress updates in future PUR submissions.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Naming Convention Sessions held in conjunction with IACs Sessions at Element 4. This detailed the SOSE naming convention to be used across SOSE teams and details provided on good records management practice (see evidence 11a, 11b).

Naming Convention Documentation on Hub (evidence 11c).

Example of Naming Convention in Use and shown to IACs as exemplar of requirements for SOSE colleagues and Teams (evidence 11d).

Information Governance Hub (see evidence 11e).

Progress update review - 14 March 2025

Show this section

Element 11 focuses on tracking and version control, stipulating that the location of records is known and changes recorded.

The receipt of the evidence documents provided is noted with thanks, including Naming Convention Documentation. In addition to appropriate labelling and save location, implementing naming convention consistently will greatly aid in the discoverability of born-digital records.

This Element has been turned from Amber to Green to reflect the progress made by SOSE. A Green PUR status indicates that the authority is well-placed to obtain a Green RMP status under this Element upon formal resubmission.

Element 12: Competency framework

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

Update required on any change.

Self-assessment update - 26 September 2023

Show this section

Both the DPO, Governance and Assurance Manager and [Tony’s role] have attended RM and data protection practitioner training in the last year.

Training for the roll out of the IAR is also currently being developed and ongoing training requirements for all staff have been factored into the project plan to address.

All staff briefings on RM and DP and FOI completed in May – July 2023.

Learning Pool being rolled out for mandatory training with annual refresh for all staff – including RM, DP.

SLT briefing session on RMP by TKM.

Progress review - 4 April 2024

Show this section

As also reported under Element 2, is it great to hear that both MM and TD have completed records management training, and have obtained a Practitioner Certificate in Scottish Public Sector Records Management. The Team acknowledges the receipt of these certificates as positive indicators of investment in records management.

Upcoming staff training development on Information Asset Register is also noted with thanks. We also not that regular mandatory training refreshes and briefings are taking place as scheduled. The Team also notes that a briefing session on the Records Management Plan by the independent advisor (TKM) to the Senior Leadership Team is also noted with thanks.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Records Management LearningPool Module released for All Staff completion (released Feb 2024) (see evidence 12aa, 12ab, 12ac, 12ad, 12ae, 12af).

Data Protection LearningPool Module released for All Staff completion (released June 2024) (see evidence 12ba, 12bb, 12bc, 12bd, 12be, 12bf, 12bg).

All Staff Briefing (July 2024) (see evidence 12c).

DD completed RM and DP training and Practitioner Certification.

Progress update review - 14 March 2025

Show this section

Element 12 stipulates that staff creating or otherwise processing records are appropriately trained and supported.

SOSE’s update indicates that staff at all levels continue to be trained in records management.

Element 13: Assessment and review

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2024

Show this section

Update required on any change.

Self-assessment update - 26 September 2023

Show this section

SOSE is keen to regularly review and assess progress with RMP implementation and is using a maturity framework as well as this PUR process. For information, the latest maturity assessment is attached.

MM Updates SLT with progress.

F&CR Directorate Workplan Records RMP work ongoing.
SOSE continue to contract with TKM for independent assessment of RM governance.

Progress review - 4 April 2024

Show this section

SOSE is commended for its participation in the PUR process, as well as the maturity framework assessment.

Thank you also for telling us that SOSE will continue using an external consultant to review its records management governance.

Update required on any future change.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

Continual review of Records Management is embedded in the Records Management Executive role.

This PUR provides evidence of the continual assessment and review that SOSE is committed to.

Progress update review - 14 March 2025

Show this section

Thank you for this update. SOSE’s participation in the Progress update Review (PUR) process is a positive sign of review and assessment of records management arrangements.

Update required on any future change.

Element 14: Shared information

Status:

8 June 2022 - agreed plan - Green
4 April 2024 - review - Green
14 March 2025 - review - Green

Keeper's Report - 8 June 2022

Show this section

SOSE operate an External Information Sharing Policy which sets out the steps that should be taken to ensure appropriate information governance clauses are considered when undertaking data sharing. The Keeper has been provided with a copy of this policy. This is version 1.0 ‘owned’ by the Governance and Assurance Manager and approved by the Director of Finance and Corporate Resources (see element 1). The Keeper notes that this policy was under review at time of submission and requests that he is provided with the updated version (v2.0?) when available.

Self-assessment update - 26 September 2023

Show this section

External Sharing Policy has been superseded and replaced by the scope of the Data Protection Policy and Privacy Policy and Data Protection impact Assessment process.
DSAs and DPAs in place and recorded and tracked for expiry/renewal, which was checked as part of the data protection review. The Privacy Policy was also reviewed and will be re-issued in the New Year to ensure it accurately states which third parties personal data would be shared with.

SOSE have signed a Data Sharing Charter with public sector partners.

Progress review - 4 April 2024

Show this section

Thank you for letting the PRSA Team know that the External Information Sharing Policy has been superseded. TH Team notes that Data Protection Policy, Privacy Policy and Data Protection Impact Assessment process now replace this in scope. It is also positive to know that Data Sharing and Data Processing Agreements are in place and being kept up to date and fit for purpose.

SOSE’s participation in the Data Sharing Charter is also noted with many thanks.

Self-assessment Update as submitted by the Authority since 4 April 2024

Show this section

SOSE continues to consider and put in place Data Sharing Arrangements with other public sector partners and external organisations under the direction of the SOSE DPO and seeks external expert advice from TKM Consulting Ltd as and when required.

Progress update review - 14 March 2025

Show this section

This positive update on work on data sharing arrangements has been noted with thanks.

7. The Public Records (Scotland) Act Assessment Team’s Summary

Version

The progress update submission which has been assessed is the one received by the Assessment Team on 15th August 2024. The progress update was submitted by David Dolan, Records Management Executive.

The progress update submission makes it clear that it is a submission for South of Scotland Enterprise.

The Assessment Team has reviewed South of Scotland Enterprise’s Progress Update submission and agrees that the proper record management arrangements outlined by the various elements in the authority’s plan continue to be properly considered. The Assessment Team commends this authority’s efforts to keep its Records Management Plan under review.

General Comments

South of Scotland Enterprise continues to take its records management obligations seriously and is working to maintain all elements in full compliance.

Section 5(2) of the Public Records (Scotland) Act 2011 provides the Keeper of the Records of Scotland (the Keeper) with authority to revisit an agreed plan only after five years has elapsed since the date of agreement. Section 5(6) allows authorities to revise their agreed plan at any time and resubmit this for the Keeper’s agreement. The Act does not require authorities to provide regular updates against progress. The Keeper, however, encourages such updates.

The Keeper cannot change the status of elements formally agreed under a voluntary submission, but he can use such submissions to indicate how he might now regard this status should the authority choose to resubmit its plan under section (5)(6) of the Act.

8. The Public Records (Scotland) Act Assessment Team’s Evaluation

Based on the progress update assessment the Assessment Team considers that South of Scotland Enterprise continue to take their statutory obligations seriously and are working hard to maintain all the elements of their records management arrangements in full compliance with the Act and fulfil the Keeper’s expectations.

The Assessment Team recommends authorities consider publishing PUR assessment reports on their websites as an example of continued good practice both within individual authorities and across the sector.

This report follows the Public Records (Scotland) Act Assessment Team’s review carried out by

Iida Saarinen
Public Records Officer

File downloads

Document cover image

NRS Public Records (Scotland) Act (PRSA) South Of Scotland Enterprise Progress Update Review (PUR) 2024 Final Report 14 March 2025

File type: PDF,
File size: 290.79 KB

Contact details

Was this page helpful? *

Yes

Yes, but

Choose a reason for your feedback *

Your comments Your feedback helps us to improve our services.
Do not give any personal information.