Doing some research again and decided to make some notes on “Record Management” good practice; here are my notes and links. …

A bit of googling on “record management” finds some blue chip policies, and the ISO standard.


  1. Record Management Policy – Bank of England, which among other things specifies the point at which email’s become “records” and how to store them once they become so. The BoE policy points at, ISO 15489 which has several updates, including in 2016.
  2. University of York’s, IRM Policy, the highest UK site on Google if querying, “record management best practice”.

DB’s code of conduct, see page 25, says, among other things, “Maintaining accurate books and records is fundamental to meeting our legal, regulatory and business requirements. You are responsible for maintaining accurate and complete records and for complying with all the controls and policies our bank has in place. You should never falsify any book, record or account that relates to the business of our bank, its customers, employees (including your own activities within our bank) or suppliers. You must never dispose of records or information that may be relevant to pending or threatened litigation or a regulatory proceeding unless you are authorised to do so by the Legal Department. You must also comply with applicable record retention policies.” Historically, it has had its problems, but from what I know, trying hard to get it right.


Here’s the ISO Page, ISO 15489-1:2016. It’s just a landing page with an abstract, ISO charge for content. They say, ISO 15489-1:2016 applies to the creation, capture and management of records regardless of structure or form, in all types of business and technological environments, over time. There is a wikipedia page on the standard. Access Records Management, an easy to find service vendor say, “ISO 15489 is the global standard for records management. The first of its kind, it was first published in 2001 and has since been revised and re-published, most recently in 2016. It has been adopted in over 50 countries around the world and has been translated to more than 15 different languages.”

Immutability & Encryption

The Dodd Frank Act 2010, the US derivatives market regulatory law, specified that relevant documents had to be on “immutable” storage; some argue that this was inserted at the behest of optical media storage vendors but this has now been replaced by cryptographic technology and some have experimented with block chain solutions to provide this functionality.  (One of the problems with block chain is the power cost of the proof of work, is looking at alternative means of securing the encryption.)

In response to the Treasury deletion

Things I have written before,

  1. On record management on my blog
  2. Doing record management well on my linkedin blog
  3. On Deletion on my linkedin blog
  4. You can’t make it up , on my linkedin blog, argues that international standards are better than ignorant common sense
  5. Toxic Combinations on my linkedin blog, reviews ISO 27001
  6. Toxic Combinations on my blog, focuses on Police & Justice

3 Replies

  1. The Treasury have deleted the Perm Secs texts and other phone hosted messages. I added some links that I used to write a linkedin blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.