Today’s increasingly digital enterprises face a host of complex challenges when it comes to implementing, managing and maintaining information governance and records management processes.
What was once solely the domain of records management and legal departments is now yet another responsibility for IT – as organizations are expected to identify and protect data that has business, legal or regulatory value, they must also facilitate the defensible destruction, or defensible disposition, of all other records and information.
What Is Defensible Destruction?
Why it is critical to understand defensible destruction - or defensible disposition - and best practices for a defensible disposition strategy? Let’s start with defining three fundamental cores of defensible destruction – information governance, records management and digital forensics.
- Gartner defines information governance as the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
- Gartner defines Records Management (RM) technologies, according to Gartner, enable organizations to enforce policies and rules for the retention and disposition of content required for documenting business transactions, in addition to automating the management of their record-retention policies. These technologies, implemented with well-formulated and consistently enforced RM strategies and policies, form an essential part of the organization-wide life cycle management of information. RM principles and technologies apply to both physical and electronic content.
- Gartner also defines digital forensics as the use of specialized, investigative techniques and technologies to determine whether illegal or otherwise inappropriate events have occurred on computer systems, and provide legally defensible information about the sequence of those events.
Information governance and compliance is the specification of decision rights and an accountability framework used to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
Essentially, it is the path to assuring that organizations have their ducks in a row before they begin destroying records and information.
It’s your problem…No, it’s OUR problem!
In order to achieve defensible destruction, stakeholders from an organization’s IT department must collaborate closely and transparently with records and information management (RIM), legal and business entities within an organization to construct an information retention and disposition strategy ideal for today’s digital enterprise. Defensible destruction or disposition is the process by which an organization routinely carries out records and information destruction.
The destruction process is defensible if it is:
- Documented in a policy, procedure, or program/project plan.
- Based on or is directly aligned with the records management program and the corporate records retention schedule in effect at the time of destruction review.
- Consistently followed and applied - regardless of medium or storage form.
- Complies with hold orders, laws & regulations, including privacy and security.
- Auditable and testable, as applicable.
- Applied to 3rd parties that manage records on behalf of an organization.
5 Key Steps: Defensible Disposition Program
There are 5 key steps in developing a defensible disposition program:
- Assessing your RIM Program to assure records and information are defined and that there are clear retention and destruction requirements outlined in a records retention schedule and associated policy or policies.
- Assessing your capabilities and associated costs, including third party IT & physical records support with regard to physical and electronic record destruction
- Determine your ‘go forward’ approach – this often includes updates to RIM program documentation, roles and may have an impact on technology, e.g. requiring additional metadata be captured during system development and upgrades
- Determine your retroactive approach – assuming that destruction either has not taken place or has been taking place inconsistently across the organization, defining how you are going to tackle the backlog of information and records is a key consideration for a complete program
- Document the plan in program or project documentation as well as in a way that assures your process going forward is clearly documented, achievable, staffed, budgeted and consistently applied.
Get In The Game
When it come to moving forward with a defensible disposition strategy, designing your projects and programs to carry out these key practices are the exciting part, but unfortunately are not the parts that assure your delivering on your defensible mission.
The consistent use and application of these practices require enterprise support and organizational acceptance - the desire is for all defensible disposition tasks, strategies and cautionary thought processes to be second nature for an organization. Routine!
By delivering disposition strategies with steadfast, business-as-usual processes, organizations can identify gaps, collect records information, measure assets, determine and schedule asset implementation goals and explore industry leading technologies and thought leadership equipped to champion the defensible destruction game. When it comes to defensible disposition, the best defense is a good offence - so get in the game!