A records policy is all well and good to draft, but if your organization doesn’t have the procedures in place and implement them, the policy is rather futile.
Some companies use these policies, but only in a specific department. This approach fails to address the entire organization’s compliance needs.
An organization-wide records policy is your company’s best approach to create an organized foundation, supporting and protecting the entire business. According to AIIM’s State of the Industry 2011 report, 57% of organizations are more aware about the risks that come with poor information management, while 37% say they are not sure their electronic records have not been altered, removed or inappropriately accessed. This presents the need to devise and then enact a records policy.
What makes a good records policy?
Make sure you have a well-thought-out policy in place before trying to advance an action plan. Record management policies all have a few things in common, though they vary organization-to-organization. These rules do the following:
Meet business and legal obligations
Define categories for documents to be retained with associated retention schedules as well as procedures for retention and destruction
Specify responsible parties to control and enforce the policy
Include safeguards for suspending records retention in the face of foreseeable, pending or active litigation as well as investigation
Address both electronic and paper data
State the rationale for the policy
Are widely communicated and easy to follow
Using information analytics to enact your policy
Information analytics is the process to operationalize a record management policy. Define the methodology, and then the policy needs to be paired with auto-classification technology.
To do this, the organization must become aware of where data is located. The technology has to address business-critical information that must be regulated; point-in-time information, which covers duplicate records; and data in an information library. With more people using mobile devices for work, managing records must encompass data in and out of the office—so it goes beyond the servers in an IT closet.
After selecting the technology platform, it’s time to formulate operating procedures for indexing, retrieving, retaining, and destroying records across the enterprise. The technology can automate these processes, but user training is still important since there is a human component to data management.
With visibility into what documents, records and data reside in repositories throughout the enterprise, taking action is now possible. Reporting on duplicates, non-compliant file types (MP3s, etc), documents with personally identifiable information (PII), aged or abandoned documents outside of the record retention schedule enable removing these documents in a manner consistent with information management policies and in a defensibly sound manner.
What has been your biggest challenge to put your records policy into action?