Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
1. Purpose
Most ECHA Work Programme activities and decisions lead to the reception and production
of documents, which have to be managed on the basis of this procedure. This procedure
sets out the principles for document and records management, ensuring in particular:
– the due creation, receipt, handling and storage of documents and records,
– the registration of documents and the identification of all records by means of
appropriate markings enabling it to be filed, searched for and retrieved, and
– the preservation of ECHA’s documents and records as a proof of the activities
undertaken and of the fulfilment of legal obligations.
Effective and proper records management and archiving help:
– meet the ECHA Transparency obligations1, in particularly by facilitating public access
to its key documents (submitted dossiers, opinions and decisions of ECHA’s
governing body and scientific committees),
– fulfil the requirements under Regulation (EC) 1049/2001 on public access to
documents,
– address the actions which are necessary under the COUNCIL REGULATION (EU)
2015/496 of 17 March 2015 amending Regulation (EEC, Euratom) No 354/83 as
regards the deposit of the historical archives of the institutions at the European
University Institute in Florence,
– support audits and legal proceedings (e.g., appeals against decisions taken by
ECHA).
More topics related to information governance (see figure 1) may fall within the scope
of this procedure in the future, such as:
- compliance with carbon neutrality goals which have an impact to document
management,
- the historical archives declassification and transfer to Florence,
- deciding on the digital preservation strategy of ECHA information and records,
- the information management aspects of the new security regulation which will
require changes to this procedure.
1 See ECHA’s Transparency Approach – update on actions for 2021-2022, MB/65/2020
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 1 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
Figure 1 Elements of information governance
2. Scope
This procedure applies to all (controlled)2 documents held by ECHA and has to be
implemented by all ECHA staff. It does not apply to the control of IMS documents, which is
described in PRO-0001 Control of IMS Documents. This procedure is without prejudice to
the legal obligations that apply to the Agency under Regulation (EC) 1049/2001 on public
access to documents.
3. Description
3.1. ECHA’s documented information structure
2 See Figure 2 for controlled and uncontrolled documents
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 2 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
Figure 2 ECHA’s documented information structure
Uncontrolled documents are linked with informal (ad hoc) procedures or communications
and do not require any controls as described in this procedure (e.g. no specific registration,
filing and storage requirements). They should be disposed as soon as they are no longer
needed.
Examples: non-approved draft versions of documents, internal communications exchanged
between ECHA staff, informal communications exchanged between ECHA staff and external
partners, etc.
Reference documents are those
documents that support and set the framework for the
operational work of the Agency.
Examples: PROs, WINs, ED decisions (IMS
procedural documents), REACH, Staff
Regulations, ISO standards, building standards (legislative texts and normative standards),
IT manuals, journals, books, reports of the Court of Auditors (documents of external origin),
etc.
Operational/administrative documents are those documents which derive from the
administrative and operational processes of the Agency, including the output produced and
the relevant documents supporting/pertaining to such decision making. The process owners
shall identify from among the operational/administrative documents the records that give
evidence of the actions carried out.
Examples: see examples of uncontrolled documents
Evidence documents (records) are those operational/administrative documents created,
received and maintained as evidence of the actions carried out in the framework of ECHA’s
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 3 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
official tasks. A record should correctly reflect what was communicated or decided or what
action was taken. It should be able to support the needs of the business to which it relates
to and used for accountability purposes (e.g. audits) or legal proceedings (e.g. appeals
issued on ECHA’s opinions or decisions).
In ECHA’s context this means that documents that match the following conditions shall be
qualified as records:
– They are considered final/approved versions,
– They document decisions taken by the Agency or provide evidence of the
performance of ECHA’s duties, required for audit or for the fulfilment of legal
obligations,
– They are in whatever medium (audio-visual, paper, electronic, digital etc).
Examples: incoming industry or Member State dossier, outcome of conflict of interest check,
accordance check decision, public consultation procedure documents (final RCOM tables),
approved (versions of) draft decisions, proposals for amendment, final decisions/opinions,
meeting minutes, annual declaration of interest, mission claims, job applications,
environmental reports etc.
3.2 Responsibilities
The process owner is responsible
– For defining the different roles in the approval lifecycle of a document,
– For deciding the security classification of documents,
– For filing and storing their documents according to the requirements described in
section 3.3.4 and Annex 1 to this procedure ,
– For ensuring that the last updated version of their documents stored in any IT system
is always available and retrievable,
– For defining the records relevant to their processes and the corresponding retention
periods.
The responsibilities related to specific aspects of record management are indicated in the
respective IMS documents.
The Information Management Assistant is responsible for drafting and communicating the
corporate policies on document management and support Units in their implementation.
The Information Management Assistant also ensures that document management IT
systems comply with the respective policies and acts as the Records Manager in those
systems when required.
The Archivist is responsible for providing the necessary guidance related to the management
of physical records and ensures that the physical archives maintenance complies with the
internal rules.
3.3 Control of documents
3.3.1
Registration and metadata
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 4 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
Documents to be registered are all (incoming / outgoing) communications that require an
action or follow-up, regardless of their medium (electronic, physical) and format (e-mails,
letters, web-forms). As an absolute minimum, all incoming / outgoing communications that
are qualified as records in the
LIS-0026 ECHA Retention Schedule are to be registered.
Documents are registered through the Mail Registry or any other IT system in place that
guarantees an equivalent result (see Annex 1). Duplication of registration should be
avoided.
Documents and records stored in a document management system have a set of minimum
metadata associated to them in order to describe their context, content and structure and
their management through time. The basic metadata and their default values are defined in
the relevant IT Architecture document. Annex I (see pages 9-10 below) list all IT Systems
which manage documents against certain criteria which are directly linked with the metadata
captured in those systems.
3.3.2
Approval procedure
The approval of each record needs to be documented and stored together with the record
(e.g. circulation sheet or approval log). A physical signature to authenticate ECHA
documents is only needed when explicitly required by law (e.g. contracts and other
documents specified in the Financial Regulation) and can thus be left out when the approval
process can be demonstrated by other means (e.g. an electronic workflow with an approval
log).
3.3.3
Distribution and Classification
All documents in ECHA shall be marked with the different security levels as defined in
Annex 1 of PRO-0085 Access to ECHA Information (Public – Internal – Restricted – Highly
Restricted). All documents which have no security marking have to be considered Internal.
3.3.4
Filing plan and storage
The ECHA filing plan is a hierarchical structure (from general to specific) and it consists of
a sequence of headings (activity – process – sub-process) based on the
LIS-0009 ECHA
Activity and Process Structure.
Electronic mailboxes are reserved for storing personal or informal communications used
within a specific Unit without relevance for ECHA’s official tasks or legal obligations. Shared
drives are used only for the storage of the following exceptions:
1. Large/heavy files which exceed the capacity limitation of SharePoint, 100MB/file
(e.g. IUCLID files, audio visual files, publications, manuals with graphics/images,
business object reports).
2. Large backup files (
3. Files which are not supported in SharePoint (e.g. shared Excels, cross-linked Excels,
Access files).
4. Files saved during software testing.
5. Short lived preliminary documents which will in the future be automatically destroyed
after 6 months (to be saved in W:\@public).
External Collaboration Platforms (i.e. Secure-CIRCABC) are reserved for exchanging
information with external organisations and users in order to perform regulatory tasks
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 5 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
allotted to ECHA. Documents shared, using the external collaboration platforms, shall be
initially stored in ECHA’s recognised document management systems.
The storing method selected for each ECHA process shall fulfil the security requirements
described in
Annex 1 of PRO-0085 Access to ECHA Information. As a principle, the storage
of documents in multiple locations should be avoided.
The storage of paper originals shall only be necessary if a physical signature is required by
law or internal administrative rules (e.g., for control or audit purposes, see also under 3.3.2
approval procedure). In all other cases, a scan or electronic version of the record shall be
sufficient. The scanning process should ensure that the following standards are met:
a) The scanned copy is in PDF format with a minimum resolution of 300dpi,
b) All pages of the document have been digitised,
c
d) The scans are legible and at least as readable as the originals,
e) The colour (s) is accurate (scanning equipment uses 24bit colour depth).
After scanning, the paper original may be destroyed after a period of 6 months.
3.3.5
Preservation of documents
Process Owners have to decide how long they need to retain their documents according to
their business needs.
The Information Management Assistant shall manage the
LIS-0026 ECHA Retention
Schedule in which the Process Owners shall identify the (types of) records relevant for their
processes and define their retention time The ECHA Retention Schedule will further
determine the elimination, second appraisal or permanent preservation of the documents
listed, after the expiration of their respective retention time.
All permanent records shall be transferred, to the extent possible, to ECHA's permanent
archive, managed electronically in Dynamic Case Records Management (DCRM). DCRM is
the system selected to support the provisions of the Archiving Council Regulation 2015/496
as regards the deposit of the historical archives of the institutions at the European University
Institute in Florence. Permanent records in paper format can be transferred to the
permanent physical archives, although ECHA shall strive to digitalise such permanent
records where possible.
In line with the Archiving Council Archiving Regulation 2015/496 and its implementing rules,
all permanent records shall be declassified and made publicly available after 30 years, unless
they deserve further protection due to commercial interests or personal data protection3.
Other records (i.e. administrative records) in electronic or physical format shall be destroyed
after the expiration of their retention period indicated in the
LIS-0026 ECHA Retention
Schedule.
3 See latest ED declassification decision ED/16/2019
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 6 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
4. Flowchart
N/A
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 7 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
5. Definitions
Term or abbreviation
Definition
Any (structured) content whatever its medium (written on paper or
stored in electronic form) concerning a matter relating to the policies,
activities and decisions falling within the institutions sphere of
Document
responsibility.
In ECHA’s context this shall include all documents created or
received, regardless of the format (paper or electronic). Metadata
form an integral part of the document.
DCRM
Dynamic Case Records Management
Group of documents organised in such a way as to form a coherent
and relevant unit in terms of the actions carried out in the
Case documentation
handling/implementation of a case (e.g. substance evaluation case,
dossier registration case, selection procedure case, appeal case,
etc.).
A filing plan is a coherent logical structure that allows staff to
organize correctly those documents they deem as important. It also
Filing plan
makes them discoverable and available when they are stored in a
Document Management System.
Metadata
Data describing context, content and structure of documents and
records and their management through time.
Preservation
Processes and operations involved in ensuring the technical and
intellectual survival of authentic records through time (ISO 15489-
1:2001).
Process Owner
Person or role responsible for the effective and efficient functioning
of the process. He/she has the necessary authority to take action or
make decisions with an impact on the process performance (PRO-
0008).
Registration
Act of giving a record a unique identifier on its entry into a system
(ISO 15489-1:2001).
Retention period
Lifetime defined for different type of files, taking into account its
administrative usefulness for units/directorates, statutory and legal
obligations and its potential historical value.
S-CIRCABC
External Collaboration Platform
IMS document
Procedures (PROs), Work Instructions (WINs), etc. as described in
PRO-0001.
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 8 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
6. Records
N/A
7. References
Associated document code
Document name
Regulation No 31 (EEC), 11 Staff Regulations of Officials and Conditions of Employment of Other
(EAEC)
Servants of the European Community
Management Board Decision Financial Regulation of the European Chemicals Agency
30/2019
(EU) 2015/496
Council Regulation amending Regulation (EEC, Euratom) No 354/83
as regards the deposit of the historical archives of the institutions at
the European University Institute in Florence
(EC) No 1049/2001
Regulation of the European Parliament and of the Council of 30 May
2001 regarding public access to European Parliament, Council and
Commission documents
(EU) 2018/1725
Regulation of the European Parliament and of the Council of 23
October 2018 on the protection of natural persons with regard to the
processing of personal data by the Union institutions, bodies, offices
and agencies and on the free movement of such data
ED-0037
Use of S-CIRCABC for Handling ECHA Information
C (2020)4482
Commission Decision of 6.7.2020 on records management and
archives
SEC (2020)800
Implementing Rules for Decision C (2020) 4482 on records
management and archives
ISO 15489-1
Information and documentation – Records Management –
Part1: Concepts and principles
8. Annexes
Annex 1: Information management capabilities of ECHA’s document management systems
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 9 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Annex 1: Information management capabilities of ECHA’s document management
systems
Legend: x = no √ = yes
Document management
Filing in
Accepted
Mail
Approval workflow
systems
accordance with
storage
registration
(replacing physical
LIS-0009
location
functionality
signature)
REACH-IT
x
√
√ (outgoing)
√
R4BP
x
√
√
√
ePIC
x
√
√ (outgoing)
N/A
HRMS
x
√
√ (incoming)
√
MiMA
x
√
N/A
√
Remedy
x
√
√
√
ABAC
x
√
√ (incoming)
√
Dynamic Case
√
√
√
√
Records Management (RM)
√
√
N/A
N/A
SharePoint (general)
√
√
x
x
Office 365 SharePoint
x
√
x
Only for documents in FIMSII
SP Mail Registry
x
√
√
x
SP ATD
x
√
√
x
SP EasySign
x
√
x
√
SP DoI Management Tool
x
√
N/A
√
Shared drives
x
x
x
x
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 10 of 11
Document code:
PRO-0010.08
Security level:
Internal
Effective date:
14/01/2022
Control of Documents and Records
Document management
Filing in
Accepted
Mail
Approval workflow
systems
accordance with
storage
registration
(replacing physical
LIS-0009
location
functionality
signature)
S-CIRCABC
x
x
x
x
Interact
x
x
x
x
FMBs
x
x
x
x
IMS (Integrated
√
√
x
√
Management System)
ELM (Events Logistic
x
√
√ (outgoing
x
Management)
invitations)
TEM-0129.01
Uncontrolled copy once printed. Ensure that the right version is in use.
Page 11 of 11
