Compliance and Archiving

Information is at the center of everything an organization does and how the organization manages that information and its corporate records can directly affect its ability to compete, service its employees and customers, comply with regulations, and recover from disaster. 

Regardless of how technology, organizations will always require a records management system. In fact, the success of an organization may rest on the ability to locate a critical record in a timely manner. 

Any incoming or outgoing information has the potential to be a record, and must therefore, be managed. 

A record is any documented information made or received by an organization regardless of its medium or characteristics that supports business decisions, transactions or is mandated to be maintained. In other words, it is the information itself that determines if it is a record; the media in which that information is made and stored makes no difference. 

Records management is the systematic control of records through their lifecycle. 

Archiving is the preservation of those records identified as having a lifecycle of permanent or indefinite retention, or, historic value to the organization. 

The same controls need to be created and implemented for paper and electronic records to satisfy compliance requirements, to eradicate duplicate copies, and to direct the users to where and how the official record is maintained.

Information Governance Best Practices

A compliant information governance program is necessary for organizations to proactively and progressively manage all data, media and information. As the number of regulations governing information governance continues to increase as well as the number of potential information sources it is mandatory that businesses create, implement and execute best practices in records and information management. The best practices must include the entire lifecycle of a document, regardless of media or format, and should address:

·       Creation/Receipt

o   Taxonomy

o   Standard classification

o   Application of a functional, enterprise-wide retention schedule – auto-classification based on business rules

·       Management

o   What is a record in the enterprise?

o   What are the vital records for the enterprise?

o   How are vital records protected?  How are they made available?

o   What is included in each record as data is gathered or created?

o   What is not included? 

o   What is the migration plan for records  as technology evolves?

o   Where are they expected to reside? 

·       Ultimate Disposition

o   When to apply the retention schedule?  Is it based on fiscal year or an event?

o   What happens to each record as is no longer useful?  Is it archived for historical purposes or destroyed? 

o   Are the permanent/historical records saved in a manner in which they are protected and preserved for retrieval 10, 20, 50, 100 years from now?

 

 

Best practices must be consistent and be applied regardless if there is only one employee or an international business.  A solid information governance program will include:

·       Establishment of an Information Governance Program

·       Establishment of a Records Program

·       Records Liaisons for functional business units

·       Publication of easy to use procedures for the creation, indexing, access, retention, storage, holds, destruction and possible migration

·       Frequent and regular communication with end users about records and information creation and protection

·       Software to track the lifecycle and ultimate disposition of records and information

·       A retention schedule and program to guide how to identify a record, what is kept and how long the retention is

o   All media and formats

o   Legal and operational research to backup the periods and why they were selected

o   Legal and audit hold requirements

·       Establish audit and audit reporting to ensure compliance

·       Yearly purging and archiving

·       Scheduled reviews of and revisions to ensure compliance with new laws, regulations and precedent

Records and Information Governance Program

A company’s Records and Information Governance Program directly impacts relationships with constituents, employees, suppliers, national and other local governments, and touches on other stakeholders in a global environment. Constituents and outside agencies expect fast response times in problem resolution which requires an employee to find the right record at the right time. Information needs to be accessible and complete with the goal of improving services over time. Building on the concept, best in class information governance provides the framework to also report to stakeholders, government regulatory agencies and to the public in an accurate and expeditious manner. 

Records and Information Governance Program maintenance is tedious and more often than not, is on the back burner in most organizations. 

Western recognizes that each organization has a unique set of records and information management challenges. The first challenge is to define a Program and its business rules and processes. The second is to convey to employees that each is obligated to manage the organization’s business records in accordance with national, state and local regulations while protecting confidential and trade-secret information. The second is to make it easy for employees to comply. . Since the records and information belong to the organization, and not the employee, a systematic process to capture the records and information, index and manage appropriately needs to be put in place. 

The answer: Robotic Process Automation 

Records management as it is currently practiced essentially starts when an employee creates or receives a document. Management of business records is left to the individual without much business oversight; there is no records management, which is not a best practice as described in ARMA’s Generally Accepted Recordkeeping Principles (The Principles). It is also not in keeping with the ANSI/AIIM Standard 25:2012 for Trusted Systems or the International Organization of Standardization’s (ISO) standards 15489, 30300 or 13007. This leaves the organization at risk of not being able to provide requested electronic records held by an employee on a C-drive or in an email inbox without extensive and expensive IT effort. These rules, along with a retention schedule which defines what should be done with a particular record type, mean that a robot can be created to ensure the rules are met, and, can be proven to have been met. 

The technology, like all technology after the early adopters have proven its usefulness, has come down in price. The ROI is the equivalent of less than one responsive document search in an unmanaged environment of shared drives and email archives.