Finding and Managing Needles in Haystacks
Personnel files…invoices…employment contracts…financial statements…
Running an organization involves dozens of different types of records and information.
How they are handled throughout their life –information lifecycle management – can have a significant financial and operational impact, either positive or negative. Managing records effectively also helps ensure compliance with various legal and regulatory requirements.
Minimizing Risk and Complexity
An effective Records Management program should track information from creation until its ultimate disposition. Key program elements include a Records Retention Schedule, Defensible Disposal Policy, and associated procedures for information lifecycle management. Without these elements, a business risks serious and costly violations of state or federal laws and regulations, including industry-specific rules such as HIPAA standards for healthcare. Failing to consistently follow a Records Management program means the organization is out of compliance with its own policies and subject to legitimate legal scrutiny by the courts in litigation. No organization would knowingly choose this weak position.
Without a good Records Management program, organizations often default to keeping information indefinitely, including physical and/or electronic records. This can lead to unsustainably high storage expenses, including physical records retained in off-site storage and/or electronic records retained on the premises or in the cloud. Electronic records, while initially cheaper than paper, present their own unique challenges for retrieval and accessibility. And as the amount of data grows in any format, finding that one desired piece – the proverbial needle in the haystack – becomes more complex, costly, and time-consuming.
Managing the Information Life Cycle
How long should company records and information be retained? When and how do I dispose of information that no longer needs to be retained to run the business or meet legal requirements or regulatory obligations?
Defensibly disposing of records and information in the normal course of business is one of the key challenges most companies face. If you do not know how long you are required by law, or obligated by regulatory standards, to retain information it is nearly impossible to know when you can defensibly dispose of it.
Similarly, if you do not have the processes and technology in place to support locating and cataloging records and information, how can you know where the information is being stored to effectively manage its life cycle? Records Management programs work to solve these challenges, helping ensure outside obligations are met along with appropriate internal policies, with processes and guidance to enable the retention, retrieval, and timely disposal of records and information.
- Records Retention Schedule – A company policy that acts as a roadmap for retaining and disposing of records and information by clearly defining what information needs to be retained and for how long, driven by legal requirements, regulatory obligations, and business needs. This is a foundational component that supports the information lifecycle and defensible disposal.
- Information Governance Policies – IG policies, including retention and disposal; archiving, personal data and privacy; information security; retained and surveilled persons; preservation and legal holds; metadata; and electronic communications usage.
- Processes to Facilitate Data Disposal – Processes to support and assure the disposal of information that is no longer required, especially personal data.
- Knowledge Base of Regulatory Requirements – Systems for capturing and maintaining regulatory intelligence and for capturing and maintaining the organizational location (businesses and systems) of records, personal data, and other relevant information (a “data source catalogue”).
- Records Management Training – Mandatory RM training for new hires and annual training for existing employees; stand-alone course or module within company training syllabus. Includes RM examples.
- Established IG or RM Program – An IG or RM program is established, documented, and operationalized across the organization and managed by a dedicated IG/RM manager. Trained records coordinators (as part of their job description) are assigned to ensure IG/RM is applied to business units.
Solutions are built from a comprehensive set of Information Governance capabilities utilizing our proprietary IG Operating Framework. Click to view full set of solutions and capabilities.
"*" indicates required fields