The toolkit is not exhaustive, and there may be other governing board documents you want or need to store. It is up to you to decide how long to retain these for.
For any documents containing personal data, it is a legal requirement under the General Data Protection Regulation (GDPR) to store them for no longer than necessary. Work with your school or trust to determine what this means for the documents you hold.
Although the toolkit above was written before the introduction of the GDPR, the IRMS told us that they expect that it will remain compliant, as the principles of data retention have not changed under the GDPR.
Documents containing personal data
The GDPR says that your school or trust must ensure the security of personal data to prevent any data breaches. It does not specify any security measures that you must take.
Talk to your school or trust, particularly your data protection officer, about how you are storing documents with personal data, to ensure they are satisfied with your arrangements.
This section outlines good practice for storing documents, with particular reference to 'confidential' documents (those that contain personal data, or need to be kept confidential for other reasons).
How to store documents
Paper copies vs electronic copies
There is no specific requirement to hold documents in either paper or electronic formats.
It is up to you to decide what format is most appropriate for the documents you hold, although it's worth checking whether your local authority or trust has a policy on this, as some stipulate how school governance documents should be stored.
Storing paper copies
Keep these in a filing cabinet or cupboard in school that will allow relevant people to access them readily.
Hard copies of confidential documents should be stored securely – for example in a locked cupboard in the school office.
If you're concerned about staff being able to access documents relating to confidential information about other staff members (or themselves), it would still be best practice to store these documents at the school rather than elsewhere.
Consider keeping them in a separate lockable cupboard from other documents, and give a key to the clerk and chair (or equivalent in academies) to prevent staff having access.
Storing electronic copies
Keep these in a separate part of your school or trust’s servers, with access limited to relevant people.
Confidential documents should be password-protected. The passwords should be strong (at least 8 characters long and containing symbols) and only shared with those who may need to see the documents.
Accessing documents from home
Taking physical documents home
You should explain to the governor or trustee that it is their responsibility to ensure documents are secure.
There are no firm guidelines on how to do this, but they should ensure that the documents are kept:
In a reasonably secure place, where they cannot easily be accessed by anyone other than the governor or trustee responsible for them (e.g. in their home and not their car)
In an adequate filing system, to avoid confusion with other pieces of paper or records
However, it is not best practice to store documents off-site permanently. Ask the governor or trustee to return the documents to the school once they are finished with them.
For confidential documents, ask them to sign these out and sign them back in once they have been returned.
This ensures that you know who holds the documents at all times, and it will remind governors and trustees of their responsibility to prevent the documents from being lost or stolen.
Accessing electronic documents from home
It is best to store confidential documents remotely rather than allow them to be saved on personal devices, such as if you attach them to an email. This means you have more control over how they can be accessed and when they will be disposed of, making things more secure.
Bill Dennison is a national leader of governance. He is currently chair of governors of a large secondary school and a governor of a large sponsor-led secondary academy. He was previously head of the education department at a Russell Group university.
Fred Birkett is an experienced teacher and education consultant. He has been a governor for 20 years in primary and secondary schools and a chair of governors for half that time.
Karen Mitchell has spent much of her career working in local authorities providing ICT and information management support services to schools. She now works as an independent consultant in the school sector and is vice chair of the resource committee on a school governing body.
Martin Owen is a chartered accountant (CPFA). He has more than 20 years' experience working with schools to improve their governance, leadership and management of financial, business and operational processes.