records & information management (rim) risk: is your company exposed? march 19, 2013
TRANSCRIPT
Records & InformationManagement (RIM) Risk: Is Your Company Exposed?
March 19, 2013
Agenda Today’s Business Environment
Risks of Today’s Business Environment
What is Records/Information Management
Approaches for Implementation
Factors for Success
Why Companies Fail
Questions
Business Environment
• Staff are drowning in information – 90% of information is “born digital” with few controls to manage
• More use of technology – keep making records• Information growth trends are continuing e.g.
email, drives, tweets, blogs, wikis, mobile devices etc., etc.
• More legislative requirements
Business Environment
• More litigation/discovery – ESI (electronically stored information)
• Limited resources – need to be more efficient• Information creation is decentralized at the
desktop – everyone’s a records manager today with little or no training
Risks
• Regulatory Compliance
• Litigation
• Data security and privacy
• Operational Inefficiencies
• Hardware and software obsolescence
• Reputational
What is Records Management
It’s all about IG
Records/Information Management + Risk Management
= Information Governance (IG)
??
Required Components
Audit
Training
Policies/Procedures
Technology ECM
Retention Schedule - Inactive records management
Classification Scheme - Active records management
Accountability
What You Need To DoWho’s in charge - accountability
Need strong senior management support so
staff know the initiative is important
Need to “walk the talk”
This is not a project but a lifestyle
What You Need To DoKnow Your Records - Conduct an inventory
What records exist? Where they are located? Format? How old are they? Official vs. transitory? How often used? Who is accountable?
What You Need To DoDevelop Common Naming Conventions
Provides an address for the records – where to store them
Records are linked to the retention schedule by the classification scheme
Ensures staff are using the correct terminology to name their documents so documents inherit the correct retention period
What You Need To DoDevelop the retention schedule
Appraise Records Operational Administrative Financial Legal Archival Vital
Most records are NOT covered by legislation – so the business “owners” with legal and tax advice must make the decision as to how long to keep them
What You Need To DoDestroy Annually
Outline records disposition policies and procedures as an established pattern of systematic document retention and destruction
Annual systematic destruction process NOT when you get around to it
Ensure no audits, government investigation or litigation pending
Certificate of Destruction
What You Need To Do
Training and Education
Initial and ongoing training for all employees
Don’t forget about new hires – develop a process with HR
Training should include at a minimum Records Classification – in which “bucket” do they fit Purpose and importance of a retention schedule Risks to the organization for not following it Official v.s. transitory records Transfer to offsite storage Destruction practices Legal hold practices
What You Need To DoAuditing & Monitoring for Compliance
Staff need to know this is as important as a financial audit – consequences for non compliance
Internal audit to include records management practices
Provide to departments an ‘audit findings’ report on records/information management compliance
Critical Factors for Success Senior Management Support
Change Management Strategy
Commitment to Continuous Improvement
Responsibility and Accountability
Pace of Implementation: Phased Approach
Maintains Momentum
Success Measurement and Demonstrated
Success
Training / Auditing / Reporting
It’s more than purchasing technology
No leadership support
Lack of communication
WIIFM Theory
No accountability/ownership
Why Companies Fail
No support – help desk needed to
answer rim questions
No consequences for non-compliance
Technology too complicated
Email integration - automatic delete
policy
Why Companies Fail
What information is retained?
Where it is stored?
How long to retain it?
How that data is protected?
How polices, standards & regulations are enforced?
RISK & RIM – Do you know?
Success = Accountability/Ownership
