Print-friendly PDF

Guidance for secure and tamperproof accession records

This resource offers guidance on looking after your accession records to ensure they are secure and tamperproof.

Contents
  • Acquisition and accessioning in the Spectrum standard
  • Making sure your accession records are secure and tamperproof
  • Examples of secure accession records
  • Futureproofing your accession records
  • Backing up your accession records
  • GDPR and museum records
Acquisition and accessioning in the Spectrum standard

If you acquire objects for your permanent collection, you will take legal ownership of them by ‘accessioning’ them as part of the Spectrum Acquisition and accessioning procedure. This demonstrates the formal commitment by your governing body to care for objects over the long term. You might also acquire objects and take legal ownership for other reasons, such as using them in handling activities or as display props that you do not subsequently accession.

To achieve the minimum standard for the Acquisition and accessioning procedure in Spectrum 5.0, the minimum requirements specific to your accession records, and the capture and security of acquisition information, must be fulfilled.

You can find out more about the types of records for acquisition within the Spectrum procedure. Forms for recording acquisition are available in the online shop

Making sure your accession records are secure and tamperproof

Spectrum requires accession records, either paper-based or electronic, to be maintained and backed up using methods which are:

  • Auditable and tamperproof
  • Secure
  • Futureproof

Asking the following questions can help you to assess if your records meet the Spectrum requirement:

  • Can you demonstrate how your system is auditable and tamperproof?
  • Would it be possible for somebody to change an accession record and cover their tracks?
  • How will you preserve your accession records and ensure you can access them in the long term?

An auditable and tamperproof system is one that can track the use of the system, and keeps a permanent record of any changes made and ideally who they were made by. For example in the case of a handwritten accession register, it meets the Spectrum requirement if:

  • The pages of the register are numbered and bound
  • All entries are made in ink
  • Each page is signed off by the person delegated to maintain the register as defined in organisation job descriptions, the documentation policy and the procedural manual
  • Accession records are not deleted or obscured

If you are using an electronic collections management system, talk to your supplier about whether they can demonstrate that the system is able to meet the requirements for tamperproof accession records. If not, consider an alternative format as shown in the examples below.

In a secure system, accession records are stored safely and backed up regularly, with security copies kept off-site at an alternative location (ideally another museum or similar organisation). Access to the records should be controlled.

Security copies should be produced often enough, and kept securely enough, to prevent the information being tampered with. For security copies of hard copy accession registers, microfiche copies, photocopies and scanned copies are acceptable.

If an electronic collections management system is being used that is not sufficiently tamperproof, as described above, copies of new records should be printed out on archival quality paper using a durable print medium and securely bound at regular intervals. The printout should be signed and dated, preferably on every page.

If you are a registered company, or charitable trust, you should have a second copy of your accession records held with another registered organisation since in the event of insolvency, the original may be held as a record relating to an asset and access to it may be difficult or impossible.

The examples here describe methods to record accession information in a tamperproof way.

Example 1:

 

Accession information is kept in: AND Copies of accession information are kept in one or more of the following ways:
A handwritten archival quality bound register or registers.

A handwritten accession register should be made of the best quality, high rag content, archival paper and be bound in permanent form with numbered pages, indicating the total number of pages in the book.

Entries should be made in the best quality permanent ink, and mistakes should be scored through with a single line so that they are still legible. The person responsible for the register should sign and date each completed page of the register. The register should be kept in secure condition, ideally in a fire-proof cabinet.

PDF icon Scanning the accession register/set of registers to produce an electronic document which cannot be changed (eg a PDF), and keeping a copy of the document offsite. Electronic backups should not be produced by overwriting previous backups. Each backup file must contain metadata which indicates the date of the backup.
Photocopying the accession register/set of registers.

A photocopied security copy of a handwritten accession register should be made from a good quality (more than 80gsm) high rag content paper and copies should be made using a dry-process photocopier. Registers should not be damaged by forcing them against the copier glass and splitting the spine.

Recording accession information in an electronic collections management system which is regularly backed up.

 

Example 2:

Accession information is kept in: AND Copies of accession information are kept in:
An electronic collections management system which is regularly backed up. A printout from the collections management system which is made from a good quality, high rag content, archival quality paper and printed using a durable medium – eg using a laser printer. The printout should be made at regular intervals, securely bound, and signed and dated, preferably on every page.

 

Example 3:

Accession information is kept in: AND Copies of accession information are kept in one or more of the following ways:
An electronic collections management system which has been demonstrated to be tamperproof.

 

A printout from the collections management system which is made from a good quality, high rag content, archival quality paper and printed using a durable medium – eg using a laser printer. The printout should be made at regular intervals, securely bound, and signed and dated, preferably on every page.
A futureproof digital copy.
Futureproofing your accession records

A futureproof system allows you to access your accession records over the long term, for example very old accession registers are still readable today. If your accession records are entirely digital, you should take extra care to guard against tampering and the danger of losing information as formats and technology become obsolete.

Backing up your accession records

In practice museums will use a combination of forms, registers and databases to make up a secure, tamperproof and auditable system of recording accession information.

Your documentation policy must state:

  •  Who is responsible for producing backups

Your procedural manual must state:

  • The format of backups
  • How and where records of back up routines are kept
  • Locations of backup copies
GDPR and museum records

Museums can say that the processing of personal data during acquisition and accession is necessary for archiving purposes in the public interest or necessary for historical research purposes. There must be safeguards in place to protect the rights of individuals whose personal data is being processed. This means that the museum must have good security measures both in terms of physical security and IT security, clear policies and procedures in place when collecting data, and must only process the data that is really needed to minimise collection of unnecessary data.

Date created: 2018

Author: Collections Trust

Publisher: Collections Trust