Policy
Records Management Policy
The Gambling Commission's Records Management Policy.
5 - Roles and responsibilities
5.1. Everyone is responsible for:
- reading and following the relevant policies and guidance
- completing available training
- keeping accurate and appropriate records of work activities and actions taken
- managing information in line with the applicable policies
- retaining information securely for as long as needed, as defined in the Records Retention Schedule
- flagging any concerns around the management of information.
5.2. Project managers are responsible for:
- putting in place appropriate procedures for the management of project information
- making arrangements for suitable actions to be taken at the project conclusion.
5.3. Line managers are responsible for:
- ensuring their direct reports are aware of, and follow, all relevant policies and guidance
- ensuring their direct reports complete available training
- making sure appropriate processes for managing information are in place and followed in their teams
- reviewing their team’s information management processes as necessary
- making sure access controls are appropriate and up-to-date, especially for starters, movers, and leavers.
5.4. Information Asset Owners (IAOs) are responsible for:
- ensuring that their information assets are managed appropriately
- ensuring adequate access controls to their information assets for appropriate users
- arranging transfer of responsibility for information assets to a new IAO if responsibility for the relevant function changes, e.g. restructure or the IAO changing role
- updating the Information Management team if any changes need to be made to the Information Asset Register (IAR)
- reviewing records that are due for disposal and approving or extending as required, and documenting these decisions for audit purposes.
5.5. Cheif Executive Officer (CEO) and Executive team are responsible for:
- ensuring their business areas follow the policies and implement appropriate processes
- putting in place suitable corporate plans and strategies to facilitate robust information management practices
- providing executive level support to the Information Management function as needed.
5.6. Data Protection Officer, Records Manager and Information Management team are responsible for:
- leading on Information Management practices across the Commission
- creating and updating appropriate policies to govern the proper management of information through its lifecycle of creation, use, storage and disposition
- providing guidance, advice, support and training to all staff to enable them to adhere to the relevant policies
- creating and maintaining the corporate Information Asset Register and Records Retention Schedule
- managing the identification and transfer of relevant records to the National Archives
- monitoring and reporting on records management within the Commission to facilitate effective oversight and scrutiny.
5.7. Senior Information Risk Owner (SIRO) is responsible for:
- implementation and maintenance of security standards across the organisation
- ensuring correct procedures and delegations are in place to respond to security incidents
- ensuring system upgrades and maintenance do not result in an adverse impact on retention requirements
- ensuring records management and retention should be identified and agreed by programmes and projects prior to design, development and or implementation of a new process or system.
The Senior Information Risk Owner is the Chief Technology Officer.
5.8. Commissioners are responsible for oversight and scrutiny of records management processes ensuring that effective processes are in place as a key corporate control.
Previous section4. Scope - Records Management Policy Next section
6. Monitoring and compliance - Records Management Policy
Last updated: 20 March 2025
Show updates to this content
No changes to show.