This resource offers guidance on looking after your accession records to ensure they are secure and tamperproof.
- Acquisition and accessioning in the Spectrum standard
- Making sure your accession records are secure and tamperproof
- Examples of secure accession records
- Futureproofing your accession records
- Backing up your accession records
- GDPR and museum records
Acquisition and accessioning in the Spectrum standard
If you acquire objects for your permanent collection, you will take legal ownership of them by ‘accessioning’ them as part of the Spectrum Acquisition and accessioning procedure. This demonstrates the formal commitment by your governing body to care for objects over the long term. You might also acquire objects and take legal ownership for other reasons, such as using them in handling activities or as display props that you do not subsequently accession.
To achieve the minimum standard for the Acquisition and accessioning procedure in Spectrum 5.0, the minimum requirements specific to your accession records, and the capture and security of acquisition information, must be fulfilled.
You can find out more about the types of records for acquisition within the Spectrum procedure. Forms for recording acquisition are available in the online shop
Making sure your accession records are secure and tamperproof
Spectrum requires accession records, either paper-based or electronic, to be maintained and backed up using methods which are:
- Auditable and tamperproof
Asking the following questions can help you to assess if your records meet the Spectrum requirement:
- Can you demonstrate how your system is auditable and tamperproof?
- Would it be possible for somebody to change an accession record and cover their tracks?
- How will you preserve your accession records and ensure you can access them in the long term?
An auditable and tamperproof system is one that can track the use of the system, and keeps a permanent record of any changes made and ideally who they were made by. For example in the case of a handwritten accession register, it meets the Spectrum requirement if:
- The pages of the register are numbered and bound
- All entries are made in ink
- Each page is signed off by the person delegated to maintain the register as defined in organisation job descriptions, the documentation policy and the procedural manual
- Accession records are not deleted or obscured
If you are using an electronic collections management system, talk to your supplier about whether they can demonstrate that the system is able to meet the requirements for tamperproof accession records. If not, consider an alternative format as shown in the examples below.
In a secure system, accession records are stored safely and backed up regularly, with security copies kept off-site at an alternative location (ideally another museum or similar organisation). Access to the records should be controlled.
Security copies should be produced often enough, and kept securely enough, to prevent the information being tampered with. For security copies of hard copy accession registers, microfiche copies, photocopies and scanned copies are acceptable.
If an electronic collections management system is being used that is not sufficiently tamperproof, as described above, copies of new records should be printed out on archival quality paper using a durable print medium and securely bound at regular intervals. The printout should be signed and dated, preferably on every page.
If you are a registered company, or charitable trust, you should have a second copy of your accession records held with another registered organisation since in the event of insolvency, the original may be held as a record relating to an asset and access to it may be difficult or impossible.
The examples here describe methods to record accession information in a tamperproof way.
Futureproofing your accession records
A futureproof system allows you to access your accession records over the long term, for example very old accession registers are still readable today. If your accession records are entirely digital, you should take extra care to guard against tampering and the danger of losing information as formats and technology become obsolete.
Backing up your accession records
In practice museums will use a combination of forms, registers and databases to make up a secure, tamperproof and auditable system of recording accession information.
Your documentation policy must state:
- Who is responsible for producing backups
Your procedural manual must state:
- The format of backups
- How and where records of back up routines are kept
- Locations of backup copies
GDPR and museum records
Museums can say that the processing of personal data during acquisition and accession is necessary for archiving purposes in the public interest or necessary for historical research purposes. There must be safeguards in place to protect the rights of individuals whose personal data is being processed. This means that the museum must have good security measures both in terms of physical security and IT security, clear policies and procedures in place when collecting data, and must only process the data that is really needed to minimise collection of unnecessary data.