Document Management Policy

Summary
This Policy establishes standards for document management across all of the
Company’s functions and operations, and for ensuring documents are created,
maintained and disposed of appropriately, taking full account of operational
needs.
Scope
This policy applies to all members of the Company and any individual creating
or handling documents on the Company’s behalf.
Document Control
Document The Board of Dorectors of Ufulu Finance Limited
owner
Lead contact The Chief Executive Officer
Document status Proposed Policy
Version V0.1
Approved by Date
Contents
1. Introduction.................................................................................................................................2
2. Purpose of this Policy..................................................................................................................2
3. Scope.............................................................................................................................................3
4. Definition......................................................................................................................................3
5. Roles and responsibilities............................................................................................................3
6. Document lifecycle.......................................................................................................................4
7. Document management practices...............................................................................................5
8. Naming conventions and folder structures................................................................................5
9. Information Classification Scheme.............................................................................................6
10. Digital preservation.................................................................................................................7
11. Destruction...............................................................................................................................7
12. Education and training............................................................................................................7
13. Interaction with other legislation and policies.......................................................................8
14. Policy review and ownership...................................................................................................8

1. Introduction
Documents are a vital part in the effective functioning of any organisation. We need documents on a
short-term basis to help us to work consistently and productively and to keep track of progress in
projects and activities. Creating standards for document management and ensuring that documents are
created, managed and disposed of appropriately is a key part of good information management that
will improve efficiency and mitigate legal and compliance. This must also be supported with the
necessary guidance and training for staff to ensure they are confident document handlers.

2. Purpose of this Policy

The Company must ensure that documents created in relation to its operations are being managed
and maintained appropriately. This policy sets out standards and definitions to enable staff to
create documents that:

 Meet the Company’s internal requirements

 Enable the content of the document to be accessed, used and reused in a controlled and
efficient manner
 Ensure the continuity of Company operations in the event of staff absence or
emergency circumstances
 Are compliant with all regulatory and statutory requirements
 Enable the defence of the rights and interests of the Company and its stakeholders
  Are capable of providing evidence of a decision or operational process
 Are kept and maintained and stored in the most economical way consistent with the above
objectives

3. Scope
This policy applies to all members of the Company and any individual creating or handling
documents on the Company’s behalf.

The policy applies to all documents held in any format, including (but not limited to):

 Letters (digital and hard copy)

 Emails
 Policies and guidance
 Meeting papers and minutes
 Reports
 Contracts
 Presentations
 Official communications
 Photographs
 Audio recordings (other than voicemail messages)

Voicemail, text or instant messages do not constitute documents for the purposes of this policy,
unless recorded or retained for specified purposes in accordance with legal requirements.

4. Definition
 The company: Ufulu Finance Limited
 Filestore: Fully managed cloud file storage
 Metadata: A set of data that describes and gives information about other data. (author, file size,
the date the document was created, and keywords to describe the document
 Casefile: A collection of evidence or documents relating to a legal case.
 Doc: Document
 Personal data: It is any information which is related to an identified or identifiable person like
contacts (phone numbers, email addresses), bank account details or data, customer number or
address
 Retention Period: The length of time that a record must be kept before it can be destroyed.

5. Roles and responsibilities

Management of the company is accountable at an executive level for ensuring that the Company
has robust information governance and security processes and procedures in place – this includes
document management. This role is held by the Head of Operations at the accountable executive
level, with the Senior Debt Collections and Administration Officer acting as the responsible
person at an operational level.

All staff are responsible for creating and using documents in line with the terms of this policy

6. Document lifecycle
All documents created have a “lifecycle” from creation through to disposition, as shown below:

Creation Distribution Use Maintenance Disposition

It is important to understand this cycle and the various stages when creating and handling
documents to ensure that they are managed effectively.

1. Creation
Documents that will represent formal, compliant and trusted communications or records must be
well-designed from the point of creation, using relevant naming conventions and document templates
when necessary. All staff must act responsibly, lawfully and professionally when creating documents
relating to the Company’s activities and/or on the Company’s systems.

2. Distribution
When documents are transmitted or otherwise made available to those who need them and, upon
receipt, are used in the conduct of the Company’s operations.

3. Use
Use takes place after a document has been distributed internally, and can generate business
decisions, further actions, or serve other purposes.

4. Maintenance
While a document is in active use, it is vital that the content is maintained, accurate and available to
those who require it at all times.

5. Disposition
The practice of handling information that is accessed less frequently or has reached its assigned
retention periods. This could mean destruction of the document(s) or transfer to an archive until the
assigned retention period is reached.

7. Document management practices

The below list sets out practices that must be adhered to when creating and handling
documents on behalf of the Company:

 Documents must be clearly named (with date and version number if relevant) and stored
in a structured manner (see section 8)
 Duplicate copies of documents must not be created unnecessarily
 Wherever possible, documents must be shared from their source location rather than
attaching documents to emails.
 Key documents (that others may require access to) must be stored in an appropriate shared
filestore (on a shared local network or cloud) and not on personal filestores (including
desktop or device filestores)
 Copies of documents, whether digital or hard copy, must only be taken offsite when
necessary (encrypted and password-protected removable storage or remote access via a
secure network connection must be used whenever possible)
 Digital copies of document should never be emailed to a personal email account or stored
on a personal cloud-based storage account
 Once a document is finalised, previous versions and drafts of documents should only be
 retained where entirely necessary e.g. for legal or audit purposes
 Appropriate metadata should be included at the point a new document is created to ensure
it can be easily located and retrieved
 Any metadata contained in documents that have been created from previous versions
or from templates created by another person should be deleted and/or updated
 Final copies of formal documents (such as policies or minutes) must be saved in PDF format
 As standard practice, the filename and storage location should be included in the footer
of the document
 Formal documents that will be used and edited in the long term must include a document
history or version control box to allow users to see the development of the document over
time
 Regular audits (at least annual) of digital and hard copy information must be conducted to
ensure that information is not retained longer than it is required (see Record Retention
And Destruction Policy)

8. Naming conventions and folder structures

A naming convention is a collection of consistent rules followed in naming documents, which should
allow users to work effectively, ensure that files can be easily accessed by all who require access and
to ensure that individuals are referring to and working on the correct document. The use of consistent
naming conventions will improve efficiency by allowing staff to quickly identify the nature of the
information contained within a document when searching through an archive or filestore. For further
information, please see relevant guidance on naming conventions.

Folder structures and names are also important in allowing the efficient retrieval of documents. The
below principles must be followed when creating new folder structures:

 Folders must be clearly named by a relevant and meaningful subject area

 The names of individuals should only be used when creating a case file
 Top level folders must be kept to a minimum
 Ideally, file structures should not exceed six levels of subfolders
 Appropriate access levels must be assigned depending on necessity to access the
documents contained within the folder

9. Information Classification Scheme

The Company has an information classification scheme, including four levels of security
classification for different types of information, as below:

Classification Definition

Public doc May be viewed by anyone, anywhere in the world. (Organizational profile, loan
application forms)
Open doc Available to all authenticated members of Company staff (Conditions of Service,
Leave forms)
Confidential doc Available only to authorised and authenticated members of staff (Appraisal
reports, payrolls, employment contracts, disciplinary cases)
Secret doc Known only to a very small number of authenticated members of staff
(Trade secrets, server credentials)

While it is not mandated that all documents and records are marked with the relevant classification, it is
good practice to include the classification in the document header or footer, or by way of a watermark
(on a digital copy) or stamp (on a hard copy), to ensure that users and recipients are aware of the
potential sensitivity of the content.

Staff should consider the following questions and exercise their judgement in each case:

Does the document contain information that Provided the document contains information that
originated from an open and publicly- was not obtained in breach of any confidentiality
accessible source? or secrecy obligation and is in the public domain,
the document may be classified as open or public
depending on the
other questions to be considered below.
Does the document contain personal data? See the Data Protection Policy for a definition of
“personal data”, but as a general guide this is any
information that may directly or indirectly
identify an individual (called a “data subject”).
Documents that contain personal data should be
classified as
Confidential.
Does the document contain any information of The document may contain commercially
commercial or competitive value for the Company sensitive information or trade secrets relating to
or any other third party? the Company or entrusted to the Company by a
third party or information relating to the
Company’s strategic plans
and market opportunities.
 10. Digital preservation
Where documents or records are either “born digital” or where hard copies are digitised, the
Company will ensure that there are appropriate standards and guidance in place to ensure that
records of permanent or continuing value remain accessible and preserve their integrity for as long as
required, accounting for changes in IT software and hardware.

Adherence to these standards and guidance will safeguard the authenticity and integrity of digital
materials in the long term and will allow the storage of digital materials safely through adoption of
security mechanisms appropriate to each classification of material.

11. Destruction
All documents must be subject to action proscribed in the Company’s Record Retention And
Destruction Policy, which may be destroyed, at the end of the assigned retention period unless
such period has been suspended on learning of an actual or reasonably anticipated claim, audit,
investigation, subpoena or litigation asserted or filed by or against the Company.

12. Education and training

Relevant training and education materials will be provided to ensure that staff are aware of their
responsibilities in relation to document management.

13. Interaction with other legislation and policies

The Company has a number of existing policies and procedures that have relevance to document and
records management, as below, and staff must be aware of their content:

 UFP.01 – Document Management Policy

 UFP.02 - Records Retention and Destruction Policy
All documents processed on behalf of the Company must comply with the various legislation relevant
to information governance and security.

14. Policy review and ownership

This policy will be reviewed and amended as required, and at least every three years by the
Company’s Board of Directors.

Document history

Version Author / Primary Details of Date Approved by Approved

reviewer changes date
UFP.01 Draft Document Initial draft – 26 Nov 2021
Management new policy
Policy

The Directors of the Company adopt this statement of record retention policies.
Chairperson, Company Dated