Transmittal Notice
- Explanation of Material Transmitted: This chapter was updated to include requirements stipulated in OMB-M-19-21 and the HHS Records Management Policy. Partial Revision: 5/7/2021 – This policy was partially revised to move the procedures for Departing Staff Requesting to Remove Copies of NIH Records from the Policy section into Appendix 5: Process for Departing Staff Requesting to Remove Copies of NIH Records.
Please refer to NIH Manual Chapter 1743-2 to review NIH’s responsibilities related to the NIH Litigation Hold Policy.
Please refer to NIH Manual Chapter 1742 to review NIH’s responsibilities related to transfer, withdrawal and destruction of Records at the Washington National Records Center.
Please refer to NIH Manual Chapter 1744 to review NIH’s responsibilities related to the Vital Records Program.
- Filing Instructions:
- Remove: 1743 – Keeping and Destroying Records, dated 10/01/2015
- Insert: 1743 – Managing Federal Records, dated 12/24/2020, Partial Revision: 5/7/2021
- PLEASE NOTE:
- For inquiries regarding the content of this chapter contact the Information Management Branch (IMB), Division of Compliance Management (DCM), Office of Management Assessment (OMA), Office of Management (OM), Records Management Program: [email protected] or 301-496-4606. Additional information on NIH records is located at the following URL:https://oma.od.nih.gov/DMS/Pages/Records-Management.aspx
- For inquiries regarding the NIH Policy Manual contact the Management Operations Branch (MOB), DCM, OMA, at 301-496-4606, or navigate to the following URL: https://oma.od.nih.gov/DMS/Pages/Manual-Chapters.aspx
A. Purpose
This manual chapter establishes the policies, procedures, and guidelines related to the creation, maintenance, and disposition of Federal records. This policy complies with the requirements established by the Federal Records Act (FRA), and applicable statutes, regulations, and existing policy.
Proper maintenance of Federal records promotes open government and supports the principals of transparency in government by providing an adequate audit trail and history of the intent of public policy.
B. Scope
The policy in this chapter applies to all National Institutes of Health (NIH) Institutes, Centers, and Offices within the Office of the Director (ICOs), and all personnel, including employees, contractors, volunteers, fellows, trainees and interns (referred to here as “staff”), involved in the creation, maintenance, and disposition of NIH’s Federal records.
C. Background
The FRA, as amended, requires all Federal agencies to create and preserve records that adequately and properly document the agency’s organization, functions, policies, decisions, procedures, and essential transactions. Federal records serve as the agency’s memory. Effective and efficient management of records provides the foundation for decision-making at all levels, including mission planning and operations, personnel services, legal inquiries, business continuity, and preservation of U.S. history.
Recordkeeping by Federal agencies is controlled by laws and regulations (see references below) and that require:
- Government records be kept only for authorized periods of time;
- No government records may be destroyed, mutilated or removed from government custody without authorization;
- Records which are valuable enough to be preserved permanently must be kept intact and transferred to the National Archives and Records Administration (NARA) as appropriate; and
- Records which are not in active use, but which cannot be destroyed for some time, will be transferred to a Federal Records Center (FRC), stored appropriately in agency occupied/owned space both physical or digital, or transferred to a NARA- approved commercial storage facility.
The FRA also requires agencies to establish a records management program, defined as a planned, coordinated set of policies, procedures, and activities needed to manage their recorded information. Major elements include periodically issuing up-to-date records management directives, properly training those responsible for implementation and carefully evaluating the results to ensure adequacy, effectiveness, and efficiency.
D. Policy
It is the policy of the NIH, as an Operating Division of the U.S. Department of Health and Human Services (HHS), to create, maintain, and dispose of Federal records in compliance with the FRA, as amended and applicable statutes, regulations, and existing policy. This policy applies to all NIH Federal records, regardless of format or media.
- Creating and Capturing Federal Records
A Federal record is defined in 44 U.S.C 3301 as:
“All recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved as appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government or because of the informational value of data in them, excluding library and museum material made or acquired and preserved solely for reference or exhibition purposes; or duplicate copies of records preserved only for convenience.”
Federal Records capture NIH's institutional memory and preserve important historical information. They are of critical importance in ensuring that ICOs continue to function effectively and efficiently. Records serve several purposes including:
- Planning for administrative, program and mission related needs;
- Providing evidence of NIH activities;
- Protecting legal and financial rights;
- Enabling oversight by Congress and other authorized agencies;
- Documenting NIH's history; and,
- Continuing key functions and activities in the event of an emergency or disaster.
Federal Records contain the information that documents how NIH fulfills its mission. Records typically contain information that is:
- Created during NIH business;
- Received for action;
- Needed to document NIH's activities and decisions;
- Required to support NIH's financial and other obligations and legal claims; or,
- Communicated to assert NIH requirements or guidance.
- Records Lifecycle
All NIH Federal records must be managed throughout the records lifecycle, which includes creation or receipt, maintenance and use, and disposition. NIH Federal records must be managed in accordance with record schedules approved by the Archivist of the United States. Unscheduled records must not be destroyed. Approved NIH schedules can be found in the NIH Record Schedule System (RSS). The following requirements must be addressed and met for managing NIH Federal records throughout their lifecycle:
- Permanent Federal Records: Permanent records must be created, maintained, and stored in media and formats that allows for their complete and organized accessioning, or transfer of physical and legal custody, to NARA. To initiate an accession of permanent Federal records to NARA, contact the appropriate ICO Record Liaison (RL) or [email protected].
- Temporary Federal Records: Temporary records stored on-site that have met their retention period must be managed and destroyed in accordance with a NARA-approved Records Schedule. NIH temporary records that are stored at an FRC must be disposed of in accordance with NIH Manual Chapter 1742-Transfer, Withdrawal and Destruction of Records at the Washington National Records Center. NIH records stored offsite outside of an FRC can only be transferred to NARA-approved commercial storage facilities that meets the requirements established in 36 CFR 1234.
- Record Storage: All ICOs must have internal procedures for tracking records stored at FRCs and NARA-approved commercial storage facilities. If an ICO Records Liaison chooses to store inactive Federal records outside of an FRC, the records can only be stored at commercial storage facilities that meet the requirements. Use of a commercial storage facility must be coordinated through the NIH Records Management Program in advance of any records being sent to a commercial storage facility for storage. Contact [email protected] to initiate the process. The National Archives maintains a list of NARA-approved Commercial Records Storage Facilities by State.
- Enterprise Performance Life Cycle Framework (EPLC): NIH has adopted the HHS Enterprise Performance Life Cycle (EPLC) framework for planning, managing, and overseeing Information Technology (IT) projects over their entire life cycle. The HHS EPLC framework requires that project management plans for IT projects take into consideration records management requirements in the planning and disposition phase
- Type of Record
- Essential Federal Records: All ICOs are required to certify their Essential Records Inventories annually. ICOs must ensure that their respective emergency operating records and legal and financial rights records vital to the continuity of essential NIH activities are properly identified, as described in NIH Manual Chapter 1744: NIH Vital Records Program.
- Personal Papers/Non-records: Personal papers must be clearly designated and maintained separately from all Federal records. If information about private matters and agency business appears in the same document, the document is considered a Federal record.
- Electronic Federal Records: Electronic records are data or information that has been captured and fixed for storage and manipulation in an automated computer system; these records require the use of the system to render it intelligible by a person. All permanent electronic records must be managed and maintained in an electronic format for eventual accession to NARA. Permanent electronic records shall be transferred in a NARA-approved format as outlined in NARA Bulletin 2014-04, Format Guidance for the Transfer of Permanent Electronic Records Appendix A: Tables of File Formats and must be accompanied by the minimum metadata elements as specified by NARA Bulletin 2015-04, Metadata Guidance for the Transfer of Electronic Records.
- Email Messages: NIH’s email messages must be managed in accordance with NIH Manual Chapter 1743-1: Email Records Management.
- Record Organization
- NARA Universal Electronic Records Management (ERM) Requirements The Universal ERM Requirements serve as the baseline when developing system requirements for any electronic records management system at NIH.
- Office File Plans: Each ICO must maintain a centralized file plan within the RSS. The RSS is a system for searching and identifying NIH record schedules and serves as a repository for ICO file plans. A file plan is a comprehensive listing that identifies the types of records created and maintained by an office. The file plan should include detailed information specific to each office, such as the disposition date, records owner or creator, and location of the records. For assistance developing an office file plan, contact the ICO Records Liaison or [email protected]. All ICOs are required to certify their file plans on an annual basis.
- Record Organization: Records must be maintained so that they are easily retrievable. Records must be organized and indexed in a manner that permits the access and retrieval of the records in an effective and efficient manner.
- Record Retention Schedules: All ICOs must retain and dispose of records in accordance with the NARA- approved Records Retention Schedules as outlined in the RSS.
- Unscheduled Records: Unscheduled records are records not covered by a NARA-approved records retention schedule. Unscheduled records must not be destroyed and treated as permanent until a final disposition is approved. Proposed records retention schedules for unscheduled records should be submitted to [email protected] for further action.
- Administrative Management of Records
- Records Management Program Reviews: Annually, the NIH Records Management Program, within the Office of Management Assessment (OMA) will conduct a formal review of two ICO records management programs. The goal of the reviews is to evaluate the effectiveness of records management programs and practices and ensure that they comply with NARA regulations and NIH policies. Formal evaluations are intended to provide the ICO records management programs with information to be used to measure compliance and identify opportunities for improvement. Records Management Program reviews are initiated by the request of the ICO.
- Records Management Training: NIH staff are required to complete annual records management training to understand what constitutes a record, and how to manage records in accordance with NIH’s recordkeeping requirements and Federal laws and regulations. Additional NIH records management training is available for staff via the HHS Learning Management System (LMS). New NIH staff must complete the Information Management for New Hires training within the first 30 days of their employment start date, or prior to on-boarding.
- Records Ownership: NIH records are the property of the Federal government, not the property of individuals employees or contractors acting as an agent for the government and must not be removed without proper authority.
- Safeguarding Records: Records collected, created, or maintained shall be safeguarded to avoid disruption or loss of access to or use of information, the unauthorized disclosure of information, and the unauthorized modification or destruction of information in accordance with the security categorizations set forth in Federal Information Processing Standards (FIPS) Publication 199, Standards for Security Categorization of Federal Information and Information System (Feb. 2004). Safeguards shall be adopted to provide protection for information that is restricted from disclosure by the Privacy Act of 1974, the Computer Security Act, the Federal Information Security Modernization Act of 2014 (FISMA 2014), or other statutes, regulations, Executive Orders, or authorities. In addition, ICOs shall incorporate all applicable NIH information security policies and measures in their records management activities. Confidential and privacy-protected records shall be managed and safeguarded in accordance with any applicable Federal laws and regulations requiring access to, protection of, or restrictions on the disclosure of these records as well as NIH requirements governing access to and protection for the lifecycle of the records.
- Safeguarding Records containing Sensitive and Personally Identifiable Information (PII). Each ICO has a duty to appropriately safeguard PII in its possession and to prevent its compromise. Due to the nature of work, NIH generates sensitive information. Each ICO must understand how to identify, handle, and protect its records. More information on safeguarding PII, is available on the NIH Office of the Senior Official for Privacy (OSOP) web page and NIH Privacy Frequently Asked Questions document.
- Safeguarding Controlled Unclassified Information (CUI). Controlled Unclassified Information (CUI) must always be safeguarded in a manner that minimizes the risk of unauthorized disclosure while allowing timely access. NIH authorized holders shall take reasonable precautions to guard against unauthorized disclosure of, or access to, CUI in both physical and electronic environments. Physical safeguards may include establishing and using controlled environments, such as keeping CUI under the NIH Authorized Holder's direct control or protecting CUI with a physical barrier. More information about safeguarding CUI, including specific handling guidelines, are available in 32 CFR 2002.14 Safeguarding Records containing Sensitive and Personally Identifiable Information (PII).
- Transfer of Records
- Record Transfers: Inactive records, records that are not frequently referenced, but must be kept until their disposition date, are candidates for transfer to either an FRC or NARA- approved commercial storage facility. Record transfers must be coordinated through the ICO RL. ICOs must have processes in place to effectively manage and track records transferred to FRC and NARA-approved commercial storage facilities. NIH records stored at an FRC must be managed in accordance with NIH Manual Chapter 1742-Transfer, Withdrawal and Destruction of Records at the Washington National Records Center. NIH records stored at a NARA-approved commercial storage facilities must meet the requirements.
- Records Removal and Departing Staff: Departing staff must not remove Federal records, including email messages and attachments, from NIH custody. NIH staff must request and receive prior approval in order to remove copies of records, including copies of unpublished research records or data, from NIH custody. For additional information, see Appendix 5: Process for Departing Staff Requesting to Remove Records.
- Unlawful or Accidental Removal or Destruction of Records: NIH reports actual and potential threats to records (e.g. removal, alteration, or deliberate and accidental destruction), to NARA, and may report to the HHS Office of the Inspector General. NARA may contact the United States Attorney General for recovery of any unlawfully removed records.
E. Responsibilities
- NIH Records Officer (RO), within the Office of Management Assessment, must:
- Promote records management statutes, regulations, memorandums, NARA policy, and Presidential Directives;
- Act as the official liaison with NARA and responds to data calls and mandatory reports;
- Collaborate with NIH Offices to execute the NIH Records Management Program initiatives;
- Coordinate records management issues with other Federal and regulatory agencies, including NARA, the Office of Management and Budget (OMB), the General Services Administration (GSA), the Government Accountability Office (GAO), and the Office of Personnel Management (OPM);
- Develop standards, procedures, and guidance for improving records management; ensure NIH ICOs accession permanent records to NARA; and facilitate the segregation and disposal of all records of temporary value;
- Integrate records management procedures and activities into NIH Records Management policy and planning;
- Maintain, update, and distribute NIH Records Schedules;
- Conduct periodic compliance evaluations of ICO records management programs;
- Coordinate fiscal year (FY) interagency agreement with NARA and agency budget officials for the storage and servicing of records; and
- Report incidents of record removal, alteration, loss, or destruction to NARA.
- NIH Records Liaisons (RLs): Each ICO is required to have a primary and secondary RL assigned. Each RL is responsible for the following:
- Coordinate the records management program activities, including an essential records program, in their respective organizations to ensure compliance with NIH Policy;
- Identify program-specific records and ensure they are covered by an NIH Records Schedule;
- Ensure that permanent records are preserved, inactive temporary records are transferred to either a NARA FRC or NARA-approved commercial off-site storage, and temporary records that have met disposition are destroyed promptly according to NIH Records Schedules;
- Ensure that recordkeeping requirements are established and kept current and that staff is kept abreast of any changes to these recordkeeping requirements;
- Ensure that all personnel with records management responsibilities receive appropriate records management training;
- Ensure that NIH’s Records Management Program provisions and standards are included in the scope and planning for electronic information systems (see F. Procedures, below);
- Ensure the development and implementation of an office file plan and updating the office file plan on an annual basis;
- Receive litigation hold notifications for awareness. RLs must not initiate or approve any destruction of records, including records stored at the NARA FRC, or NARA-approved commercial off-site storage, that are responsive to an active litigation hold; and
- Immediately submit reported incidents of record removal, alteration, loss, or destruction to NIH Records Officer.
- NIH Records Custodians (RCs): The RC is appointed by the RL within each ICO. Each RC is responsible for the following:
- Works with the RL and other stakeholders in developing an ICO File Plan. This is the primary instrument for classifying records and is a critical component to any recordkeeping strategy.
- Makes decisions about who can access records, in consultation with supervisors, the RL, and the records owners. Each office will have varying needs regarding confidentiality and security. The RC is responsible for determining who should have access to records.
- Provides guidance to office personnel in all records related issues. The RC is the "resident expert" on records produced by their office/IC, and the primary source of information on those records. In addition, the RC should provide guidance to ICO personnel who are involved in packing or preparing records for storage.
- Reviews material scheduled for disposition at the request of the RL. Quarterly disposition notices will in some instances require the RC to either review the records or confer with the records owner in order to provide a response on if records stored at the FRC can be destroyed.
- Attends records management trainings, conference calls, and meetings as appropriated by the RL.
- Assists departing staff with transferring custody or disposition of all Federal records before or immediately upon termination, suspension, reassignment, or separation of employment.
- Immediately submits reported incidents of record removal, alteration, loss, or destruction to the ICO Records Liaison.
- NIH Management and Supervisory Officials must:
- Ensure staff (this includes employees, contractors, fellows, interns and volunteers) are aware of and adhere to NIH Records Management policies;
- Ensure new staff complete initial and annual records management training;
- Ensure that departing staff identify and transfer all Federal records in their custody to the designated custodian of the program files, supervisor, RL, or the person assuming responsibility for the work and complete the NIH Records Chain of Custody for Departing Staff Form NIH-2994;
- Review departing staff’s record materials, including email records, prior to the staff’s departure (See Appendix 5);
- Ensure departing staff comply with policies and procedures regarding preservation, transfer, and deletion of records; and
- Immediately submits reported incidents of record removal, alteration, loss, or destruction to the ICO Records Liaison.
- All NIH Staff must:
- Create and maintain adequate and proper Federal records documentation for the work for which they are responsible; maintain records in a manner that facilitates access and retrieval regardless of format; destroy records only in accordance with NARA-approved records schedules; and not remove copies of Federal record or non-record materials from NIH custody without obtaining authorization from immediate supervisor and ICO designated final approving official.
- Complete annual records management awareness training.
- Immediately report incidents of record removal, alteration, loss, or destruction to the supervisor or ICO Record Liaison.
- Complete: 1) the NIH Records Chain of Custody for Departing Staff Form NIH-2994 and 2) Departing Staff Request to Remove Copies of NIH Records Form NIH-3000 (See Appendix 5) and return to supervisor when departing NIH.
- Immediately submits reported incidents of record removal, alteration, loss, or destruction to NIH Management and Supervisory Officials.
- NIH Freedom of Information Act (FOIA) Official shall:
- Provide a copy of Federal records, if appropriate, for release to the general public.
- NIH Senior Official for Privacy shall:
- Ensure the statutory and regulatory requirements pertaining to the Privacy Act, Federal Information Security Modernization Act (FISMA), OMB Memorandum M-17-12, and the E-Government Act, including disclosure prohibitions, access and amendment provisions, and agency recordkeeping requirements.
- Ensure the appropriate records schedule is indicated in Privacy Act System of Records Notices (SORNs) and Privacy Impact Assessments (PIAs).
- HHS Office of the General Counsel (OGC) must:
- Notify NIH’s Records Officer when they become aware that a moratorium on records disposition is needed for litigation (see Manual Chapter 1743-2 NIH Litigation Hold Policy), oversight or audit purposes and other legal matters.
- Support the submission of NIH’s records disposition schedules by reviewing them for legal sufficiency before submittal.
- Provide legal advice on the laws and regulations related to the records and information management program, which includes coordination with the RO to ensure compliance with recordkeeping requirements, determination of retention periods, and implementation of authorized disposition instructions for system data and documentation.
- NIH Chief Information Officer (CIO) shall:
- Ensure that records management requirements are incorporated into the NIH system development life cycle methodology as part of managing the information life cycle.
- Ensure that NARA-approved records schedules for electronic information systems and other electronic records, such as email, are properly implemented.
- NIH Chief Information Security Officer (CISO) shall:
- Ensure the technical security of the NIH electronic data records according to NIH standards.
- NIH IT Infrastructure and System Owners shall:
- Notify the information system managers and RO of technology changes that would affect access, retention, or disposition (archiving or disposing) of records in electronic information systems.
- Oversee the creation and use of electronic records according to Federal regulations and NIH policy and ensure that recordkeeping functionality is developed for all information systems managing electronic records, which includes coordination with NIH’s RO to ensure compliance with recordkeeping requirements, determine retention periods and implement authorized disposition instructions for system data and documentation.
- Work with NIH RO and RLs to collect data required to transfer permanent records systems to the NARA in accordance with approved records schedules and NARA requirements.
F. Procedures
Each ICO within NIH must establish and maintain a records management program with the following minimum requirements. These records programs must:
- Create, receive, and maintain records providing adequate and proper documentation and evidence of NIH’s activities.
- Manage records in any format (e.g., paper, emails, instant messages (IMs), text messages, electronic documents, spreadsheets, presentations, images, maps, videos, blogs and other social media tools that generate communications) in accordance with applicable statutes, regulations, NIH policy and guidance issued by the NIH RO, including NARA-approved records schedules.
- Maintain permanent electronic records (e.g., emails, IMs, text messages, electronic documents, spreadsheets, presentations, images, maps, videos, blogs and other social media tools that generate communications) electronically, and if applicable, in an approved electronic records system.
- Maintain non-email electronic records, in their native format in an organized way on an NIH network drive, SharePoint site or other agency electronic information system.
- Transfer or migrate records in paper and legacy electronic systems to approved or registered information management systems which are associated with a records schedule for manual management of disposition where practicable and when available.
- Ensure that non-electronic records are managed appropriately in paper-based official recordkeeping systems which facilitate their preservation, retrieval, use and disposition, if they are not appropriate for digitization.
- Maintain records so they can be accessed and maintained for the required retention period.
- Secure records to protect the legal and financial rights of the government and persons affected by government activities.
- Ensure that instructions for the management and disposition of records as specified in the approved records schedules are followed.
Appendix 1: References
- United States Code
- 5 U.S.C. Chapter 5, Subchapter II – Administrative Procedure
- 18 U.S.C. Chapter 101 – Records and Reports
- § 2071. Concealment, removal, or mutilation generally
- 40 U.S.C. Subtitle III – Information Technology Management (Clinger-Cohen Act of 1996)
- 44 U.S.C. Chapter 21 – National Archives and Records Administration
- 44 U.S.C. Chapter 29 – Records Management by the Archivist of the United States and by the Administrator of General Services
- 44 U.S.C. Chapter 31 – Records Management by Federal Agencies (Federal Records Act)
- 44 U.S.C. Chapter 33 – Disposal of Records (Federal Records Disposal Act)
- 44 U.S.C. Chapter 35 – Coordination of Federal Information Policy (Paperwork Reduction Act of 1980, as amended; Paperwork Reduction Reauthorization Act of 1995; and Government Paperwork Elimination Act)
- Code of Federal Regulations
- 5 CFR Chapter III, Subchapter B – OMB Directives
- Part 1320. Controlling Paperwork Burdens on the Public
- 36 CFR Chapter XII, Subchapter B – Records Management
- Part 1220. Federal Records; General
- Part 1222. Creation and Maintenance of Records
- Part 1223. Managing Vital Records
- Part 1224. Records Disposition Program
- Part 1225. Scheduling Records
- Part 1226. Implementing Disposition
- Part 1227. General Records Schedule
- Part 1229. Emergency Authorization to Destroy Records
- Part 1230. Unlawful or Accidental Removal, Defacing, Alteration or Destruction of Records
- Part 1231. Transfer of Records from the Custody of One Executive Agency to Another
- Part 1232. Transfer of Records to Records Storage Facilities
- Part 1233.Transfer, Use, and Disposition of Records in a NARA Federal Records Center
- Part 1234. Facility Standards for Records Storage Facilities
- Part 1235. Transfer of Records to the National Archives of the United States
- Part 1236. Electronic Records Management
- Part 1237. Audiovisual, Cartographic, and Related Records Management
- Part 1238. Microform Records Management
- Part 1239. Program Assistance and Inspections
- 5 CFR Chapter III, Subchapter B – OMB Directives
- OMB/NARA Directives
- M-19-21 Transition to Electronic Records (June 28, 2019)
- M-17-12 Preparing for and Responding to a Breach of Personally Identifiable Information (Jan. 3, 2017)
- OMB Circulars
- OMB Circular A-123 – Management's Responsibility for Enterprise Risk, Management and Internal Control (July 15. 2016)
- OMB Circular A-130 – Managing Information as a Strategic Resource
- Executive Orders
- Executive Order 12656 - Assignment of Emergency Preparedness Responsibilities (Nov. 8, 1988)
- Presidential Memorandum - Managing Government Records (Nov. 28, 2011)
- HHS Policies
- HHS Policy for Records Management, May 28, 2020, HHS-OCIO-PIM-2020- 06-004
- HHS Policy for Records Management for Emails, May 28, 2020, HHS-OCIO-PIM-2020-06-005
- HHS Policy on Litigation Holds, November 29, 2016
- NIH Manual Chapter Policies
- NIH Litigation Hold Policy, November 12, 2020
- NIH Vital Records Program Policy, March 21, 2005
- NIH Transfer, Withdrawal and Destruction of Records at the Washington National Records Center Policy, December 20, 2004.
- NIH Delegations of Authority (DoA)
- General Admin, No. 14: Records Management; Mail Management.
Appendix 2: Definitions
The following records management terms are extracted from 36 CFR, Parts 1220 to 1239, the amendments to the FRA, and related Federal laws and regulations.
- Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
- Disaster refers to an unexpected occurrence inflicting widespread destruction and distress and having long-term adverse effects on agency operations.
- Disposition Schedules are mandatory disposition instructions that provide continuous authority to dispose of recurring series or systems of temporary records, transfer records to the National Archives and its national network of FRC, and accession permanent records to the National Archives. NIH’s disposition schedules are contained with the NIH Records Retention and Disposition Schedules in RSS.
- Documentary Material is a collective term for records and non-record materials that refers to all media on which information is recorded, regardless of the nature of the medium or the method or circumstances of recording (36 CFR 1220.18).
- Electronic Information Systems is the organized collection, processing, transmission and dissemination of information in accordance with defined procedures.
- Electronic Records is any information that is recorded in a form that only a computer can process, and that satisfies the definition of a Federal record in 44 U.S.C. 3301. Electronic records include numeric, graphic and text information, which may be recorded on any medium capable of being read only by a computer or other technological device and which satisfies the definition of a record.
- Email Records are electronic mail and other electronic messaging systems (text messaging, instant messaging, chat, voicemail messaging, social media or mobile device applications) that are used for the purposes of communicating between individuals.
- Essential Records, also called vital records, are essential agency records needed to meet operational responsibilities under national or regional emergency or disaster conditions.
- Federal Records Act of 1950 (FRA), as amended, establishes the framework for records management programs in Federal agencies.
- Federal Records Center (FRC) is the facility that was established for the receipt, maintenance, servicing, and disposition of records that are retired in accordance with NARA-approved records disposition schedules.
- File Plan is (1) a plan designating the physical location(s) at which an ICOs files are to be maintained, the specific types of files to be maintained there, and the organizational element(s) having custodial responsibility; or (2) a document containing the identifying number, title or description, and disposition of files held in an office.
- General Records Schedules (GRS) are mandatory disposition instructions issued by NARA for temporary administrative records that are common to most Federal agencies.
- Litigation Holds stipulate that all records that may relate to a legal or Congressional oversight action involving NIH shall be retained. This requirement ensures that the applicable records are available for the discovery process prior to litigation. NIH shall preserve records when it learns of pending or imminent litigation, or when litigation is reasonably anticipated. Litigation holds prevent the spoliation (e.g. destruction, alteration, or mutilation of evidence) which can have a negative impact in litigation.
- National Archives and Records Administration (NARA) establishes policies and procedures for managing United States Government records. NARA assists Federal agencies in documenting their activities, administering records management programs, scheduling records, and retiring non-current records to Federal records centers, and conducts periodic evaluations of agency compliance.
- Non-Record Material is information, contained on any media, which has no documentary or evidential value and does not meet the definition of a record.
- Permanent Records are records appraised by NARA as having enough historical or other value to warrant continued preservation by the Federal Government beyond the time they are needed for administrative, legal, or fiscal purposes. Permanent records will be transferred to the physical and legal custody of NARA in accordance with the instructions contained in the relevant records disposition schedule.
- Personal Papers are documentary materials belonging to an individual that are not used to conduct agency business. These papers are related solely to an individual’s own affairs or used exclusively for that individual’s convenience. They shall be clearly designated as personal and kept separate from the Department’s records.
- Personally Identifiable Information (PII) is any information collected or maintained by the Department about an individual, including but not limited to, education, financial transactions, medical history and criminal or employment history, and information that can be used to distinguish or trace an individual’s identity, such as his/her name, Social Security number, date and place of birth, mother’s maiden name, biometric data, and including any other personal information that is linked or linkable to a specific individual.
- Program Reviews is a formal review to measure the effectiveness of records management programs and practices.
- Records include all recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations or other activities of the United States Government or because of the informational value of data in them. (44 U.S.C. 3101, Definition of Records).
- Recorded Information includes all forms of records, regardless of format or characteristics, including information created, manipulated, communicated, or stored in physical, digital, or electronic form, including metadata.
- Records Management Program refers to the planned coordinated set of policies, procedures, and activities needed to manage an agency’s or department's recorded information. Encompasses the creation, maintenance and use, and disposition of records, regardless of media. Essential elements include issuing up-to-date program Directives, properly training those responsible for implementation, and carefully evaluating the results to ensure adequacy, effectiveness, and efficiency.
- Retention Period is the timeframe that records are kept in accordance with NARA-approved records disposition schedules.
- Temporary Records are records determined by the Archivist of the United States to have insufficient value (based on current standards) and for disposal, either immediately or after a specified retention period.
Appendix 3: Acronym Glossary
- AG – Attorney General
- CIO – Chief Information Officer
- CIO – Chief Information Officer
- CISO – Chief Information Security Officer
- CUI – Controlled Unclassified Information
- EIS – Electronic Information System
- ERM – Electronic Records Management
- FOIA – Freedom of Information Act
- FRA – Federal Records Act
- FRC – Federal Records Center
- GRS – General Records Schedules
- ICO – Institutes, Centers, and Offices within the Office of the Director
- NARA – National Archives and Records Administration
- NIH – National Institutes of Health
- OD – Office of the Director
- OGC – Office of General Counsel
- OIG – Office of the Inspector General
- OMA – Office of Management Assessment
- PII – Personally Identifiable Information
- RC – Records Custodian
- RL – Records Liaison
- RO – Records Officer
- RMT– Records Management Team
- RSS – NIH Records Schedule System
- SORN – System of Records Notice
- WNRC – Washington National Records Center
Appendix 4: Records Management Resources
Records Management Guidance
The Records Management program will periodically issue guidance in the NIH Records Management Guidebook in accordance with requirements established in NARA bulletins and other NARA issuances. The guidebook supports this policy and serves as the instruction manual for managing NIH data, information, and records; comply with recordkeeping requirements; and to transition NIH towards electronic recordkeeping for ICOs records management programs. Guidance documents already issued include essential records, social media records, text messaging, and records management in cloud computing environments. All records management guidance documents are available to peruse on the Records Management SharePoint website.
Points of Contact
NIH Records Schedules
OMA Records Management SharePoint
NIH Records Management SharePoint Site
Appendix 5: Process for Departing Staff Requesting to Remove Copies of NIH Records
The process for receiving approval to remove copies of Federal records is as follows:
- Requestor. The departing staff member (“Requestor”) must request approval to remove copies of Federal records by completing a Departing Staff Request to Remove Copies of NIH Records Form NIH-3000. The form should be completed in digital format (do not print the form). Once completed, the Requestor will submit the form to their supervisor (this could be an assigned supervisor, Principal Investigator, IC Scientific Director, IC Clinical Director, or ICO Executive Officer depending on the position of the Requestor), (“Supervisor”).
- Supervisor. The Supervisor will incorporate Form NIH-3000 into any internal ICO procedures for routing staff requests for approval to remove copies of Federal records. After that, or if an ICO does not have internal procedures for approving requests made by departing staff to remove copies of records, the Supervisor will fill out and digitally sign the form as approved or denied. If denied the Supervisor will return a copy of the form to both
- Final Approver. If approved, the Supervisor will submit Form NIH-3000 to one of the appropriately designated ICO officials within the 5 highest level senior leadership positions or their deputy for final approval (“Final Approver”).
- Review. The purpose of the review by the Supervisor and the Final Approver is to verify, to the best of their knowledge, that:
- Official Federal records remain in the custody of NIH, and only copies will be removed;
- Copies do not contain any Personally Identifiable Information (PII), Sensitive Information, Controlled Unclassified Information (CUI) or other information withheld from the Privacy Act;
- The Federal Records are not currently subject to a litigation hold;
- Copies do not contain any information that would be exempt from disclosure in response to a Freedom of Information Act (FOIA) request (the release of such information could forfeit the agency’s ability to withhold said information in response to a FOIA request).
- The information contained in the copies has no restrictions on sharing. For example, information in the records was not obtained under an agreement, such as a Confidential Disclosure Agreement (CDA), Material Transfer Agreement (MTA), or Cooperative Research and Development Agreement (CRADA), with an outside party, containing confidentiality requirements. Additionally, no information in the copies would be considered a disclosure that could prevent patenting of an associated invention. If the restrictions are not known, please contact the ICO Technology Development Coordinator.
- Confidential Disclosure Agreement (CDA). Requestors who receive approval to remove copies of records may also be asked by their ICO to sign a Confidential Disclosure Agreement (CDA), if the information contained in the copies they wish to remove is deemed by the ICO to be confidential or proprietary information. A template CDA is attached in Appendix 6 for the convenience of the ICO for this purpose. An alternate, ICO-approved CDA may be used instead. NOTE that any NIH proprietary information or materials that will be taken by the Requestor to be used in future research, as opposed to reference only, must be covered by a separate agreement to be prepared by, and executed with, the relevant ICO’s Technology Transfer Office and signed by an authorized individual.
- Approval. If the Supervisor and Final Approver approve the removal the copies of the requested Federal records from NIH, and - if deemed necessary by the ICO - a CDA has been signed and returned by the Requestor, then the copies may be removed.
- Denial. If the Supervisor, or Final Approver does not approve the request, the Requestor is not authorized to remove copies of the Federal records.
- Submission. Whether approved or denied, once fully signed, the Completed Form NIH-3000, and any accompanying CDA, is routed to the NIH Records Officer, by the last individual to sign the form, to be maintained within a document repository owned by the NIH Records Officer ([email protected]) within the Office of Management Assessment (OMA).