By: Brandon Green, General Manager, Cintas Document Management
A clearly defined plan for record retention and disposition is a vital component of a complete records management program. While it may seem easier to keep everything, this is actually a losing strategy. Why keep a record that could potentially be used against you in a law suit that you are under no obligation to keep? Additionally, costs for both paper and electronic record storage and retrieval can add up. For example, if you maintain 20 years of records, all of that information is potentially relevant in litigation whether it be emails, paper files, databases, spreadsheets, etc. As part of standard litigation, attorneys normally collect information and work with vendors to process that data into databases. The cost associated with this can be astronomical.
As corporations’ information management systems, policies and practices continue to become an increasingly scrutinized element of legal compliance, having an effective document management policy in place is critical. If an organization has a well documented policy in place, executives can easily explain their practices during litigation and quickly confirm if a particular record was deleted as part of its document retention process. It is also important to have clear and well-defined procedures in place that people can easily understand to further validate the process. Risk and costs associated with storage, preservation, collection and review are minimized by the corporation’s ability to manage information well.
Practical Realities of Implementation and Tips for Success
There are approximately 4,700 federal statutes and tens of thousands of state regulations that affect records management. Many of these address the legal industry. The first step in developing an effective record information management program is to understand your business and industry, and what regulations apply. The program’s purpose is not just about reducing the number of records and information within the organization, but also about preserving information when a company has the legal obligation to do so. By understanding what statutes apply, you can more accurately define your document retention schedule.
Once the policy and procedures have been developed, the next step is employee training. In addition to mandatory training upon policy rollout, annual refreshers and social events sponsored by the retentions department should be held. Training should also be built into orientation so that new employees will ingrain the process from day one. It is important to have employees sign a compliance sheet following training to show that they have been trained and understand the records retention policy. Additionally, internal resources such as an Intranet page citing policy details, and a contact to direct questions are advantageous to organizations. Companies should also provide a list of frequently asked questions including steps to take in the event of litigation and a quick reference guide to retention categories.
Beyond employee training, accountability for compliance policy must also be in place. This can be done by establishing an internal auditing team that conducts random audits. Audits should result in some sort of consequence such as a fine, or in severe circumstances of negligence, employee termination. Some industries such as banking require annual audits by federal regulators.
Records and Information Management Tools
From document storage, shredding and imaging services to tools for litigation hold tracking, there are numerous resources available to help organizations manage their records. Converting paper files and records to electronic documents can help increase productivity, improve business processes and ensure regulatory compliance. Document storage providers can save organizations space, time and money due to increased information security and faster document/information retrieval. Document shredding services help organizations implement a secure and compliant document destruction program which increases confidential business record security and reduces cost. Organizations should look for a provider that provides document imaging, storage and shredding solutions to help better meet an organization’s growing information management needs. The provider should be PCI-DSS Compliant and AAA NAID certified to ensure the highest levels of security.
Records management is primarily concerned with the evidence of an organization’s activities, and is usually applied to the value of the record rather than its physical format. Anything from a voicemail to a signed, printed contract can be considered a record, so it is important to develop a records retention program with the involvement of IT, records management and business leaders that is obvious and easy to implement. Since it can be very difficult to manage the entire process in today’s digital age, having a solid plan in place and working with an outsourced document management provider will enable organizations to enjoy the peace of mind of a compliant, secure, records retention and information management program.
For more information, visit www.cintas.com/documentmanagement.