The purpose of these guidelines is to provide departments and offices with guidance for managing University records. The guidelines support the Institutional Records Policy and outline basic steps to help departments and offices comply with the Policy.
Typically, university records fall into a range of categories including, but not limited to: administrative records, advancement records, alumni records, corporation records, environmental health and safety records, faculty records, financial/budget records, legal and regulatory compliance records, personnel records, operations records (facilities management), student academic records, student life records, university research data and compliance, and university statistics.
For the purpose of complying with the Institutional Records Policy, the following records are exceptions to the policy:
Extra copies of publications kept for distribution.
Personal documents neither created nor received in the conduct of university business.
Departments and offices should manage their university records in a trustworthy manner that ensures their authenticity. To do this, departments and offices should:
Create records that accurately document their core activities.
Manage and store records in a manner that facilitates timely and accurate retrieval.
Ensure that records are stored in secure locations with stable physical or electronic environments.
Allow only those with the proper authority to have access to records.
Access should be allowed to the minimum amount of information necessary for business purposes.
Comply with Brown policies and the external laws and regulations that affect the management and disposition of their records.
All departments and offices should create university records that accurately document their core activities. To do this, departments and offices should:
Determine which of their department or office members has the responsibility and authority to create records.
Incorporate their records creation activities and responsibilities into their own policies and procedures.
Periodically review their records creation procedures.
All departments and offices should store their university records in a safe, stable, and secure manner that supports their timely and accurate retrieval and establishes appropriate controls on their accessibility. To do this, departments and offices should:
Develop filing, classification, and/or indexing systems for their records that all of their department or office members understand and follow. These systems need not be complex—they only need to enable people to find the appropriate records quickly.
Know the location of all of their records.
Store their records in stable physical and electronic environments. For the physical storage of records this means storing records in dry and clean areas that are protected from the elements and have appropriate temperature and humidity levels. For the electronic storage of records this means ensuring that records are stored on stable media and in readable software formats. For further instruction or guidance on electronic records, contact the Chief Information Security Officer in Computing and Information Services.
Periodically check the stability of their physical and electronic storage environments.
Periodically review their physical and electronic records storage security measures.
Determine the confidentiality and privacy status of all of their records.
Know who has a business need and the proper authority to view their records. If uncertain, please contact the Records Manager.
Ensure that their records storage security measures meet the confidentiality and privacy needs of their records.
Document their records organization system, storage locations, and security procedures in their own policies and procedures.
Restricted and Private Information
All departments and offices should conduct the collection, processing, maintenance, disclosure, storage, retention and disposal of Brown Private and Restricted Information in accordance with applicable laws, regulations and University policy.
Private and Restricted Information:
is information which when linked can be used to distinguish or trace an individual's identity. The University is obligated to keep Private and Restricted Information elements (whether in electronic or hard copy format) confidential and secure during collection, processing, maintenance, disclosure, storage, retention and disposal.
may include but are not limited to: name, address, SSN, driver's license, account/financial information, date of birth, phone numbers, email addresses and personal health information.
collection and retention should be limited to the minimum amount necessary to conduct University business.
if the is no current business purpose, the Private and Restricted Information should not be collected.
should only be collected by authorized individuals based upon their job responsibilities. Authorized individuals with access are responsible for the proper handling, disclosure, storage, retention and the proper disposal of the information they collect.
Recommendations for Scanning University Paper Records
Scanning is the most popular method for dealing with records reformatting. Scanning, also referred to as digitizing, is the conversion of materials in print form to a computer-readable format. When undertaking a reformatting project, departments and offices should:
Adhere to university policy and acceptable industry standards when microfilming or creating digital scans of university records.
Properly store and migrate digital images to ensure their long-term preservation and accessibility.
This is a set of best practices for digitizing paper records and using the electronic version in place of the paper original. Please contact the Records Manager with any questions.
In order for scans of University records to meet Brown’s needs for adequate recordkeeping, the following minimum requirements must be met:
The scan must be complete, including all parts of original document;
The scan must be legible. Scans should be reviewed for legibility as a part of regularly conducted quality control checks. Considerations for legibility include:
The scan is not blurred or indistinguishable, text is readable, if colors or images are important then documents are scanned in grayscale or color.
Each individual document is captured completely; and The resulting image is not crooked or skewed.
The document must be scanned at a resolution that will capture the finest significant details of the original, typically a minimum resolution of 150 dpi for text, 300 dpi for images or higher;
The scan must be saved in PDF or TIFF format and must not be further altered; and
The scan should be saved in a location that is known, identifiable, secure, and backed up on a regular basis by CIS or by department IT staff.
As with paper records, scanned records must be accessible when needed,
kept in a secure location to prevent accidental or intentional alteration or loss,
named and organized
Please note that these standards are the minimum required and will be acceptable for most non-permanent records. In some instances higher standards may be appropriate.
For example, if an original document is faded or badly printed, the scan may need to be done at a higher resolution or the image may need manipulation to make it legible. The ultimate goal in adhering to these standards is to produce reproductions of the original records that will serve as acceptable supporting documentation for audits and legal matters. Scans that are not legible, complete, and secure yet accessible to authorized people when necessary, are not acceptable forms of supporting documentation.
Records with original signatures may be scanned or migrated for storage for the remainder of their retention. As with other records being scanned they should be scanned at the recommended technical requirements.
The University's current digitization vendor is:
KONICA MINOLTA Enterprise Content Management
ECM Solutions Consultant
If you have any questions about these guidelines, please contact the Records Manager.