The instructions are pretty clear: bend the knees, slow backswing, head down, don’t swing too hard and follow through. Imagine hearing those instructions, but never actually playing a round. Then imagine teeing off at The Masters. How practical would those instructions be without the opportunity to actually put them to use, as you teed off at one of sports’ most cherished events?
For many companies, this analogy rings true when considering its records information management program. Hours are spent developing a plan to safeguard vital electronic and physical data should disaster strike. But without a checks and balances strategy, the plan may be no more valuable than your driver at Augusta. Natural disasters, legal changes and audits typically arrive without warning. Without a clear and practiced RIM program, accessing critical information can be a difficult process.
Consider this: ARMA International, a nonprofit trade association for record management professionals, found that 93 percent of the Fortune 1000 companies surveyed have some sort of document retention or disaster response policy in place. This sounds like an encouraging number until you consider that only 38 percent apply and enforce those policies on a regular basis.
Much like the golf analogy, a plan without practice has little value. The effort and investment of implementing an enforcement strategy to any RIM program pales in comparison to the cost of having to replace lost documents or mounting legal defenses as a result of improperly/not properly securing information. An effective RIM program and enforcement policy can follow a relatively straightforward blueprint, as outlined below. It takes coordination and effort, but it is an absolute must for any organization that is entrusted to secure physical documents or digital records.
Creating a Data Lifecycle
Knowing a document’s lifecycle, from creation to destruction, is the first step to a fully functional records program. Establishing what each document is and where it is located will minimize the legal risk, regulatory compliance risk and annual expense of data management and storage. eLawForum estimates the total cost of litigation preparation to be $210 billion, equivalent to one-third of the after-tax profit of the Fortune 500, dwarfing CEO compensation. According to legal counsel of a large financial company, it spends over $200 million in information harvesting fees to support record and information discovery.
Next, a committee or individual should be appointed to move the initiative forward in every department that plays a part in the data lifecycle. The personnel responsible for managing a document’s lifecycle is typically quite diverse, ranging from administrative assistants to CEOs.
Each department should determine the data or documents for which it is responsible on a day-to-day basis. Certain degrees of variance in categorization will occur across departments, because data usage and the kinds of data utilized will also vary.
Making Data Accessible
Just “having” documents is not necessarily conducive to finding them in a pinch. Data must be organized in a user-friendly fashion to be accessed quickly when time is in short supply. To that end, adherence to a detailed retention plan will ensure proper data organization.
First, determine which documents are necessary and which ones are not. Keep in mind that 30 to 60 percent of the information companies keep is retained beyond its operational, regulatory or legal life. That represents a valuable portion of physical and virtual space. If documents are no longer viable, securely discard them. Next, classify information by department and make sure file names are standardized to eliminate confusion, regardless of who is searching.
Once data is organized, implement hands-on training for all employees. Simply issuing a policy memo is not enough. When stakeholders have the ability to learn the process and ask questions, they are more likely to buy in.
Creating and enforcing an RIM program is specifically intended to prepare the organization for unexpected data retrieval. For almost every company, this is not a matter of “if,” but “when.” Laws and regulations governing day-to-day operations change frequently, immediate audits can be issued and disasters arrive without warning. Quick access to compliance-related documents is crucial, because emergencies are inevitable.
Create an annual RIM auditing process to ensure the organization has its data in place. The process should be overseen and reviewed by an internal expert or an outside consultant. Not only will the organization have assurance that the policy is being adhered to, but an audit will ensure that the procedures are still aligned with the company’s business.
It is impossible to forecast when disasters or other mitigating circumstances will occur, but implementing an effective RIM program and accompanying enforcement will make finding the appropriate documents easier. Further, it will help management create a more efficient, compliant and economically viable company.
Mark Wesley is President of Recall North America, Mark leads an organization of more than 2,000 members spanning the US, Canada, and Mexico. Mark holds a B.S. degree in Systems Engineering from the United States Naval Academy and an MBA from The Wharton School of The University of Pennsylvania.