Records Management

On this page:

Records are a valuable university asset and serve as evidence of UB's organization, functions, policies, decisions, procedures, operations and other activities.


Every person at the university creates, receives, uses and disposes of records in the course of their day-to-day activities. Documentary materials that support university business and have legal, operational or historical value are records and important university assets.

University records:

  • Document transactions and management decisions
  • Demonstrate compliance with laws, regulations and policies
  • Provide evidence of legal obligations between the university and others
  • Establish and promote university identity and tradition
  • Maintain the university's memory

University records are media neutral – no matter the means of creation, the content of the record is key, not the format.

Characteristics of a University Record

  • You or your department is the creator of the record
  • You generate or receive the information to use for your technical or administrative work
  • The record contains informational value as evidence of your group’s functions, policies, decisions, procedures, operations, mission, programs, projects or activities
  • The record originated in another office or outside UB, but you commented or took action on it
  • The record documents UB actions such as: what happened, what advice was given, who was involved, when it happened, the order of events or decisions
  • The document is related to UB business and does not exist elsewhere 

The following are not records:

  • A draft or interim document that has not been circulated to others, does not contain substantive comments, and for which there is a final version being maintained
  • Published or processed information that you received and use as a reference
  • A copy kept only for convenience or reference with no action taken
  • Information accumulated and maintained at the workplace, but does not affect or reflect the transactions of your program or business
  • Transient documents that convey information of a temporary value, regardless of medium, and have a very short-lived administrative, fiscal or legal value; typically, retention is event-driven and not a fixed period of time

Records Management

Records management is the systematic control of records throughout their life cycle.

The goal of records management is to have university employees create the records we need; keep these records in ways to allow for efficient access and use; maintain records for as long as we need them for legal, operational and historical purposes; and dispose of them when they are past their retention period. Effective records management saves time, effort, space, money and other resources.

Managing university records is a shared responsibility. All faculty and staff are responsible for managing the records and information under their custody or control.

Benefits of Effective Records Management

  • Improve overall utilization of resources
  • Control the growth of records volume
  • Comply with regulatory recordkeeping requirements
  • Improve the ability to locate and retrieve records
  • Safeguard records of administrative, fiscal, legal, or historical value
  • Dispose of records that are no longer needed
  • Apply consistent record keeping practices
  • Reduce operating, storage and information technology costs
  • Minimize litigation risks

Retention Guidance

Retention schedules are designed to allow university records to be retained for as long as necessary. When records are no longer needed, the schedules provide guidance on proper disposition.

Record Retention Schedules

Record retention guidelines are detailed in the retention schedules. The retention schedules list types of records, but usually not specific records or documents.

Offices of Record and Record Coordinators

Offices of Record and Record Coordinators

The Office of Record maintains the university's official records in accordance with the retention schedules for a specific record category (e.g., human resources, financial, student). 

Record Coordinators are the subject matter experts for a specific record category (e.g., human resources, financial, student) who provide guidance to departmental Record Custodians regarding the retention and disposition of the specific record categories for which they are responsible.

Human Resources Records

Human Resources (HR) is the office of record for most human resources related records, including payroll and personnel records. The only official HR records maintained at the department level are monthly and biweekly timesheets.

Copies of HR records stored in the department should be properly destroyed when they no longer serve a legal, operational or historical value to the university. Many HR records are of a confidential or sensitive nature.

Procurement Records

Procurement Services is the office of record for most procurement related records. The individual decanal unit is the office of record for original procurement card documents maintained in departmental files (e.g., receipts, receivers, invoices). Copies of procurement records should be properly destroyed when they no longer serve a legal, operational or historical value to the university.

Procurement Services is the office of record for the following records (this section covers all contract and non-contract records related to purchases of goods and services or payment of claims, except for records of contracts related to capital construction or land purchases):

  • Purchase and Accounts Payable Records:
    Records related to the purchase of goods and services including purchase requisitions and justifications, vendor solicitations, requests for proposal, price quotations, contracts, leases, bonds, bid proposals, specifications, procurement and procurement contact records, procurement record checklists, purchase orders, receipts and other payment history records, invoice requests, merchandise receipts, vendor invoices, agency vouchers, service reports, purchase order logs, requisition logs, reports showing encumbrance of funds, and other supporting documentation; also includes records used by an agency accounts payable or claims office to track and monitor the claims and payment process on a daily basis, including manual and automated logs, registers, listings, and related records 
  • Vendor and State Contracts Reference Files: 
    Information on supplies, equipment, computer hardware and software, and other products and their vendors, including price lists, vendor evaluations and related records
  • Cancelled Bids File:
    Records pertaining to bids for goods or services which were cancelled without an award being made;  records include purchase requisitions and justifications, vendor solicitations, requests for proposals (RFPs), price quotations and related records
  • Records of employees' requests for reimbursement or payment of expenses for State and Research Foundation travel, including encumbrance records, requests for travel advance, travel vouchers, justifications and various supporting records

Safeguarding Restricted Data

University records may contain information that is protected by federal and state laws and regulations, as well as university policy. These records require additional safeguards to manage risk related to confidentiality, integrity and access.

Restricted Data

Restricted data (including personally identifiable information) requires a high level of confidentiality and must be protected against unintentional, unlawful or unauthorized access, disclosure or theft. Restricted data includes:

  • Social security number
  • State-issued driver license number or non-driver ID number
  • Bank or financial account number
  • Credit or debit card number
  • HIPAA-regulated Protected Health Information in any form (e.g., oral, paper, electronic)
  • Passport number
  • UB IT authentication credentials
  • Documents protected by attorney- client privilege
  • Donor contact information and non-public gift information

When managing data confidentiality, follow these guidelines:

  • Encrypt sensitive files
  • Manage data access
    • Provide access only to those who have a "need to know" 
    • Consider two-factor authentication
    • Periodically review access lists and revoke access when no longer necessary
  • Physically secure devices and paper documents
  • Securely dispose of data, devices and paper records
  • Manage data acquisition
    • Consider privacy and confidentiality when data is acquired
    • Acquire sensitive data only when necessary
  • Manage data utilization
    • Use sensitive data only as approved and as necessary 
    • Misusing sensitive data violates the privacy and confidentiality of that data and of the individuals or groups the data represents
  • Manage devices
    • Use anti-virus software and device passcodes, suspend inactive sessions, enable firewalls, and use whole-disk encryption

Contact an Expert

Carrie Woodrow.

Carrie A. Woodrow


Policy, Compliance and Internal Controls

420 Crofts Hall

Phone: (716) 645-1786


Related Policies, Links