The DCA is the steward of the University's permanently valuable records and collections created in any format, ensuring their permanent preservation and accessibility.

Search the DCA Website


Browse the DCA Website

browse this website using the DCA Sitemap


Search DCA Collections

via the Tufts Digital Library

Guidelines for Managing University Records

PDF version of Guidelines for Managing University Records

Purpose

The purpose of these guidelines is to provide specific best practices for managing university records. The guidelines support the University Records Policy and outline basic steps to help departments comply with the policy.

Scope

Tufts University: Faculty, staff, and administrators who manage university records.

Effective Date

February 22, 2007

Contact Information

Digital Collections and Archives
617-627-3737

Guidelines

 

University Records Definition

From the University Records Policy

    Records are information fixed on any media. University records are those that Tufts employees create or receive in any format in the course of university business. University records are the property of Tufts University. University records exist in a variety of forms, including but not limited to, paper and electronic documents, microforms, audio and video recordings, databases, and electronic mail messages. University records include but are not limited to minutes; correspondence; memoranda; financial records, such as invoices, journals, ledgers, purchase orders, grant documentation, and other information pertaining to fiscal matters; published materials, including reports and newsletters; moving images and photographs; sound recordings; drawings and maps; and computer data or other machine readable electronic records, including electronic mail. Typically, but not necessarily, university records fall into the following categories: personnel (staff and faculty), student, alumni, financial, research administration, health and safety, physical plant, and general administration and management records.

    Exceptions
    The following records and documents are not university records.
  • Faculty records. These are faculty members' records that they create or receive in the conduct of their teaching, research, or professional activities. However, records held by faculty that they create or receive in the conduct of student advising, committee work, research administration, or program, department, or school administration, are university records.
  • Extra copies of publications kept for distribution.
  • Staff members' records that they create or receive in the course of their non-Tufts professional activities.
  • Personal or private documents neither created nor received in the conduct of university business.
  • Reference objects such as library, museum, and specimen material made or acquired solely for reference, research, or exhibition activities.

Best Practices for Managing Records

From the University Records Policy

    Departments must manage their university records in a trustworthy manner that ensures their authenticity. In order to do this, departments and offices must:
  • Create records that accurately document their core activities.
  • Manage and store their records in a manner that facilitates timely and accurate retrieval.
  • Ensure that they store their records in secure locations and safe, stable environments.
  • Allow only those with the proper authority to have access to their records.
  • Know and carry out the proper disposition of their records, that is, know what to do with their records when they no longer actively use them.
  • Know and comply with the Tufts policies and the external laws, regulations, standards, and professional ethics that affect the management of their records.

Records Creation

All departments and offices must create university records that accurately document their core activities. To do this departments and offices should:

  • Determine what records they need to create and use to conduct their business.
  • Determine which of their department or office members has the responsibility and authority to create their records.
  • Incorporate their records creation activities and responsibilities into their own policies and procedures.
    • Periodically review their records creation procedures.

Records Storage

All departments and offices must store their university records in a safe, stable, and secure manner that supports their timely and accurate retrieval and appropriate controls on their accessibility. To do this departments and offices should:

  • Develop filing, classification, and/or indexing systems for their records that all of their department or office members understand and follow. These systems need not be complex--they only need to enable people to find the appropriate records quickly.
  • Know the location of all of their records.
  • Store their records in stable environments. For the physical storage of records this means storing records in dry and clean areas that are protected from the elements and have appropriate temperature and humidity levels. For the electronic storage of records this means ensuring that records are stored on stable media and in readable software formats.
  • Periodically check the stability of their physical and electronic storage environments.
  • Ensure that their physical and electronic records storage areas are secure. Know who has access to their physical storage areas. Make sure these areas are locked when unattended. For their electronic records storage areas, ensure that they are complying with the University's Information Technology Resource Security Policy .
  • Determine the confidentiality and privacy status of all of their records. A variety of internal policies, such as the Digital Collections and Archives' General Policy on Access to University Records , or external laws and regulations, such as FERPA (Family Educational Rights and Privacy Act) and HIPAA (Health Insurance Portability and Accountability Act), may help departments and offices determine the confidentiality and privacy status of their records.
  • Know who has the proper authority to view their records.
  • Ensure that their records storage security measures meet the confidentiality and privacy needs of their records.
  • Periodically review their records storage security measures.
  • Document their records organization system, storage locations, and security procedures in their own policies and procedures.

Records Disposition

All departments and offices must know what they need to do with their university records once they no longer actively use them. Usually, departments and offices either confidentially destroy their records or transfer them to the Digital Collections and Archives (DCA) for permanent retention. The University Records Policy gives the DCA the authority and responsibility to determine the appropriate disposition for university records in consultation with the necessary faculty, staff, and administrators. The DCA has the authority and responsibility to articulate these disposition decisions in records retention schedules. In order to determine and properly undertake the disposition of their records and comply with the University Records Policy, departments and offices should:

  • Consult the University's records retention schedules to determine the disposition of their records.
  • Contact the Digital Collections and Archives for assistance in interpreting the records schedules or creating new schedules if needed.
  • Ensure that they not destroy university records that are currently part of, or are likely to be part of, any legal action or proceeding, litigation, audit, investigation, or review, even if the records retention schedules or other policies or procedures indicate that the records are eligible for destruction. Procedures for responding to subpoenas that require the timely production of records or information pertaining to specific individuals or entities involved in potential or ongoing litigation are governed by the University's Subpoenas for University Records Policy .

Confidential Records Destruction

All departments and offices must destroy in a confidential manner their university records that require destruction. Departments and offices can only use the general trash or recycling to destroy records and documents that have a wide and open distribution at the time of their creation, such as publications. All other records should be destroyed in a confidential manner. To confidentially destroy records departments and offices should:

  • Ensure that they truly destroy electronic records when deleting files.
  • Employ the services of a confidential records destruction vendor or use a cross-shredder to shred paper records.
  • Consult the Digital Collections and Archives' instructions on Confidential Records Destruction for more information.

Compliance

All departments and offices must ensure that their recordkeeping practices are in compliance with applicable Tufts policies and external laws, regulations, standards, and professional ethics. To be compliant in its recordkeeping activities departments and offices should:

  • Identify and track changes to the applicable Tufts polices and external laws, regulations, standards, and professional ethics.
  • Ensure that its staff understands the applicable Tufts policies and external laws, regulations, standards, and professional ethics.
  • Not undertake any recordkeeping activity that does not comply with applicable Tufts policies and external laws, regulations, standards, and professional ethics.
  • Be able to demonstrate its recordkeeping compliance with applicable Tufts policies and external laws, regulations, standards, and professional ethics.

Advice

For advice on following these guidelines, departments should consult the Digital Collections and Archives.

Appendix A

Related Guidelines and Policies
This is a list of significant Tufts guidelines and policies that concern recordkeeping. This is not a comprehensive list.

Policy University Records Policy
Policy Owner Digital Collections and Archives
Description Defines university records, the DCA's authority regarding university, and all departments' and employees' recordkeeping responsibilities.
Location http://dca.tufts.edu/general/urp.html

Policy Subpoenas for University Records Policy
Policy Owner University Counsel
Description Delineates procedures for responding to subpoenas that require the timely production of records or information pertaining to specific individuals or entities.
Location http://inside.tufts.edu/policies/polsubpoenas.php

Policy Business Conduct Policy
Policy Owner Finance Division
Description Serves as a guide to appropriate business behavior. This includes documenting all financial transactions and handling all business records confidentially.
Location http://finance.tufts.edu/policies/poli_busconducpolicy.php

Policy Uniform Administrative Requirements (A-110 OMB)
Policy Owner Sponsored Programs Accounting
Description Links to Office of Management and Budget Circular A-110 which, among other things, defines records retention requirements for federal grants and contracts records.
Location http://finance.tufts.edu/grantmanag/spend_uniadminreq.php

Policy Personnel Records
Policy Owner Human Resources
Description Explains that HR maintains a personnel file for each employee which it keeps confidential.
Location http://www.tufts.edu/hr/handbook/persrec.htm

Policy Information Technology Responsible Use Policy
Policy Owner University Information Technology
Description Explains that employees must use technology resources responsibly, which includes being aware of data privacy issues.
Location http://uit.tufts.edu/?pid=444&c=104

Policy Information Technology Resources Security Policy
Policy OwnerUniversity Information Technology
Description Delineates an extensive data security policy.
Location http://uit.tufts.edu/?pid=431&c=105

Policy Email Policy
Policy Owner University Information Technology
Description Describes responsible use of email.
Location http://uit.tufts.edu/?pid=173&c=111