DWP Generic Recording and Transcription Policy
Updated 4 March 2026
© Crown copyright 2026
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dwp-procurement-security-policies-and-standards/dwp-generic-recording-and-transcription-policy
This is version 3 effective from 2 February 2026
This Recording and Transcription Policy is part of a suite of policies designed to promote consistency across the Department for Work and Pensions (DWP) and supplier base with regards to the implementation and management of security controls. For the purposes of this policy, the term DWP and Department are used interchangeably.
Security policies considered appropriate for public viewing are published on DWP procurement: security policies and standards
Security policies cross-refer to each other where needed, so can be confidently used together. They contain both mandatory and advisory elements, described in consistent language (see table below).
Table 1 – Terms
| Term | Intention |
|---|---|
| must | denotes a requirement: a mandatory element. |
| should | should denotes a recommendation: an advisory element. |
| may | denotes approval. |
| might | denotes a possibility. |
| can | denotes both capability and possibility. |
| is/are | is/are denotes a description. |
Policy Overview
a) The DWP Generic Recording and Transcription Policy sets out the conditions for using recording and transcription facilities on approved software as directed by use case governance.
b) Recording and transcription functionality is available to all in the department as part of the MS Teams suite and through provision of other approved software. Recording and transcription services should only be used in specific situations. The main intention for using this functionality is to allow users to catch up on internal team meetings (for example All Colleague calls), as previously available under the telephony replay facility.
c) The restrictions on recording and transcription functionality are intended to ensure DWP complies with all relevant security, privacy, statues, and regulatory frameworks. Including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act (DPA) 2018, and the Freedom of Information Act (FOIA) 2000.
Purpose
This policy sets out DWP’s rules and expectations regarding the use of recording and transcription functionality.
Scope
This policy applies to:
a) All DWP employees (including contractors, consultants and other workers), involved in the use, provision and lifecycle management of hardware and DWP approved software, from this point forward will be referred to as ‘users’.
b) All Recording and Transcription tools, including (but not limited to) Artificial Intelligence (AI), machine learning, and large language models. See DWP Artificial Intelligence Policy for further guidance.
c) All contracted third-party suppliers whose systems or services store, handle, or process DWP information, or are involved in the provision and lifecycle management of hardware for the DWP; to ensure the appropriate levels of assurance for the confidentiality, integrity and availability of the DWP’s assets.
d) This policy does not apply when you are connecting to external calls, webinars, conferences or similar, which use recording and transcription services outside of the control of DWP.
e) The use of recording and transcription must not be used in any citizen scenarios unless a policy exception has been approved.
f) All users must adhere to the following security policies and standards when recording or transcribing a meeting.
- DWP Acceptable Use Policy
- DWP Information Security Policy
- DWP Information Management Policy
- DWP Artificial Intelligence Policy
- Standards of Behaviour
- Security Standard – Voice and Video Communications
g) This Policy does not replace any legal or regulatory requirements.
Policy Statements
1. Users must only record and/or transcribe meetings where there is a legitimate business reason to do so.
2. Users must review and verify the accuracy of transcriptions in all circumstances.
3. Users must only use the MS Teams recording and transcription functionality in meetings where the content does not exceed OFFICIAL-SENSITIVE. See DWP Security Classification Policy
4. Recording and transcription can be selected for any meeting. These facilities must only be used up to OFFICIAL-SENSITIVE content (when using MST) and where no customer data or personal staff information is discussed unless there has been an approved policy exception.
5. Recording and transcriptions must not be used for the following content unless there has been an approved policy exception or easement:
a) Human Resources (HR) / Line Management investigations including evidential or record keeping purposes.
b) Meetings/discussions with citizens
6. The retention period for recording and transcription can vary due to the product being used and further information on this can be found in the Corporate Records retention schedule.
7. Webinar registration and attendee data must be deleted manually in line with Webinar in Teams Policies and Procedures.
8. All stored recording and transcriptions must be stored in the correct location; have a retention label applied to them with the necessary access permissions also applied.
Accountabilities and Responsibilities
a) The DWP Chief Security Officer is the accountable owner of the DWP Recording and Transcription Policy and is responsible for its maintenance and review, through the DWP Deputy Director for Security Policy and Data Protection
b) The associated Product Owners in DWP Digital have accountability for technical aspects of applications and must ensure the functionality of the product remains aligned with the objectives of this policy and that the product has been risk assessed and approved for usage with DWP.
c) Line Managers are accountable for ensuring staff follow the policy.
d) Meeting organisers are responsible for managing the retention and deletion of recordings and/or transcriptions.
e) Meeting organisers are responsible for ensuring that automated default of recordings and/or transcriptions is disabled and that meeting attendees are informed prior to recording and/or transcription functionality being enabled.
f) It is the responsibility of all participants who have access to a recording and/or transcription to ensure these products are handled with the same care as any other DWP official information and not shared with parties who are not authorised for that information.
Compliance
a) All DWP employees, whether permanent or temporary (including DWP’s contractors) have security responsibilities and must be aware of, and comply with, DWP’s security policies and standards.
b) Many of DWP’s employees and contractors handle sensitive information daily and so need to be enacting minimum baseline behaviours appropriate to the sensitivity of the information. Most security incidents and breaches relate to information security.
c) Failure to report a security incident, potential or otherwise, could result in disciplinary action and, in the most severe circumstances, result in dismissal. A security incident is the attempted or actual unauthorised access, use, disclosure, modification, loss, or destruction of a DWP asset (or a supplier asset that provides a service to the Authority) in violation of security policy. The circumstances may include actions that were actual, suspected, accidental, deliberate, or attempted. Security incidents must be reported as soon as possible. DWP users must report security incidents via the DWP Security Incident Referral Webform; third parties and suppliers must follow the DWP Security Incident Management Standard (SS-014).
d) DWP’s Security and Data Protection team will provide overarching compliance strategies and content, while individual information owners and business areas will assess, measure and ensure lower-level compliance with this policy within their areas. DWP’s Security and Data Protection Team may need to inspect physical locations, technology systems, design, and processes and speak to people to facilitate this. All DWP employees, agents, contractors, consultants, business partners, and service providers will be required to facilitate, support, and when necessary, participate in any such inspection.
e) An exception to this policy can be requested in instances where a business case can be made to undertake any activity that is non-compliant with this Policy. This helps to reduce the risk of non-compliant activity and security incidents. If an individual is aware of an activity that falls into this category, they should notify the Information and Records Management Team immediately.
Definitions
Meeting Organiser
As the person who has set the meeting in their calendar.
Product Owner
As the person responsible for the quality of their products. They apply their knowledge of user needs and business goals to frame problems and set priorities for their delivery teams
Recording
As capturing the audio, video and screen sharing activity during a meeting.
Scheduled Teams meetings
As a meeting created using a calendar invite, either in Outlook or Teams
Transcription
As a written output of what was said during a recorded meeting. Users can choose this option as needed.
Webinar - in Teams
As webinars are structured meetings where presenters and participants have clear roles. A key difference between webinars in Teams and Teams meetings without webinars, is that webinars support registration and provide attendee engagement data.