Implementing and sustaining an effective Records Management program means you will face challenges on the way to compliance.
Information Governance brings together the functional areas of Information Governance (IG) such as IT, Legal, Records & Information Management, Privacy, Information Security, and Compliance which often intersect. What are common problems Records & Information Management (RIM) professionals face ... and how to best to overcome when developing RIM capability?
Streamline policies and procedures where it makes sense. Keep it simple and out of the hands of users where possible. Are you using a big bucket records retention schedule? What processes are automated? How do you limit manual data entry? The less business users need to learn and do gives them more time and energy to do their jobs while Records & Information Management works behind the scenes to reduce the impact and costs of compliance and make the right information easily accessible to the right people.
No RIM & IG Champions
You must have senior management buy-in for Records Management & IG programs. RIM and IG initiatives cannot happen without this support. Build and strengthen relationships with key stakeholders so they know who you are, understand what you are trying to accomplish, and realize its importance to the organization. Upper level support is critical to obtain funding for implementing new systems, starting projects, and hiring needed staff. You also need their backing to get employees available for RIM related assessments and projects.
Information Silos & Lack
of Enterprise-wide Data Classification
RIM must be fully integrated into enterprise technologies. These applications must be consolidated for efficiency with the retirement of legacy systems. When several systems contain information needed by other business processes how to you deal with sharing content? You must be able to find the information you have quickly so it can provide business value. Be aware of security concerns such as who has access to systems and information. Make sure you know where sensitive information, PII, and business critical records are stored to mitigate the risks of a data breach. There must be an enterprise taxonomy and data mapping. Mergers, Acquisitions, and Divestitures can cause information silos as systems, data, and records are often not assessed and classified when brought into the new company.
No Awareness of Records & Information Management
How are you communicating your RIM program and policies to employees? Make clear the consequences of not following policies and improper use of systems. Use both the carrot and the stick to reward employees for compliance and punish when the rules are being neglected. There must be training for new employees but also communication and reminders for all employees especially when policies are updated or rolled out for the first time. Keep the training and communications clear, simple, and helpful. The company Records Management training an employee took 10 years ago is out of date and employees will forget their training if it’s never followed up on. Employees must be aware and understand the ask then follow through with doing it (Records disposition must follow the retention schedule, highly confidential official records containing personally identifiable information cannot be stored on Google drive, etc.). Spread the word beyond training, corporate communications are the RIM department intranet site by using creative engagements at timely intervals to sell your RIM program. Take note of what works and what doesn’t then measure your progress.
Failure to Communicate & Partner with IT
IT is extremely important and usually doesn’t work with RIM as much as it should to achieve common goals. Records Management is often behind with electronic records, data archiving, and digital transformation. Communication with IT is easier to accomplish with an Information Governance framework in place but you don’t need this to start working together and making sure your IT department integrates RIM when designing and implementing systems and decommissioning applications - classification retention, disposition. Good partnership and communication also extends to other areas such as Compliance, Legal, Privacy, and Information Security and is at the core of good Information Governance.
Lack of Change Management
People resist change as it disrupts existing routines. Backlash to change is often out of fear it will make things worse even if the current state is not good. Records Management and Information Governance initiatives will fail without effective change management. Change management is necessary to ensure the thorough and smooth implementation of changes and achievement of the benefits of the change. Information Governance requires change management not only due to the number of stakeholders involved with good IG but also since the concept is just now starting to gain traction and implementation. Which avenues will you use to communicate a change or new initiative? How often? What are the keys takeaways employees need to know? Is the change global or regional? What cultural and geographical considerations need to be made in communicating and implementing the change?
No Policies & Procedures in Key Areas
Your Records Management department has policies and a retention schedule but how often are these updated? Records & Information Management programs do not always stay up to date with policies and procedures, especially for digital records and emerging technologies. Get rid of outdated policies - such as those focusing on paper and ignoring electronic records - and update them on a timely basis to ensure relevance. Do employees know how to properly manage, preserve, and archive electronic records?
What about social media governance, disposition of digital media, information privacy and security, and the Internet of Things (IoT)? Be sure to only implement policies and procedures that are feasible and enforceable. Make sure that you train employees to actually follow these policies and procedures and not just pass a training quiz. Enforce these new policies across your enterprise in order to stay compliant. Then audit your progress and update policies and processes to stay current as both your company and technologies evolve. An organization that once operated regionally in America can go global and now need to create a global records management policy and retention schedule that adheres to many different national laws and regulations.