Iron Mountain Digital Authority

compliant records management

One of the most important findings from the survey is that when it comes to records management maturity, organizations typically fall into one of four profiles:

Lower Maturity organizations — These companies tend to be smaller and many lack policies and programs for handling records management.

growing Maturity: Privacy Focused organizations — Most of these firms fall into the category of $10 million to $100 million in annual revenues. Many have adopted some policies — usually in niches and pockets.

growing Maturity: seeking consistency organizations — As a rule, these companies earn between $100 million and $1 billion in annual revenues. They have established records retention policies but seek greater consistency.

HigH Maturity organizations — These organizations typically fall into the $1 billion-plus category for revenues. They have policies and formal programs and apply them consistently across the organization for their paper records.

companies in all four of the maturity profiles still had
challenges related to application of policies against
electronic records.

techniques alone are not enough to build a comprehensive and holistic strategy.

There’s a lot at stake. When companies fall short in their information management practices, they can expect:

> Escalating risk related to loss of critical corporate data, legal fines and restitution and loss of shareholder confidence

> Poor productivity due to longer lead times for document retrieval, ad hoc and, potentially, conflicting document management policies, and an inability to efficiently respond to legal requests

> Higher costs due to the time and effort required to maintain multiple, ad hoc systems, redundant efforts and legal fines and restitution

Best practices fall into five primary categories:

mation efficiently and in a cost-effective manner, it’s vital to address the entire spectrum of challenges, concerns and benefits.

The Compliance Benchmark Report, the second edition of a report first issued by Iron Mountain in late 2007, examined organizations with between 1,000 to more than 100,000 employees and revenues of less than $1 million to greater than $30 billion. Iron Mountain tapped general counsel, CIOs and records managers from a cross-section of industries, including financial services and banking, legal services, manufacturing, healthcare providers, and insurance. The result is a valuable snapshot of the current state of records management. It’s information that organizations can use to build effective strategies.

thinking beyond the box

Although many organizations are equipped to handle basic tasks — including storing backup tapes in a secure facility; arranging for offsite hardcopy storage and managing inventory either in-house or through a third party; and implementing effective hardcopy retrieval methods — these

retention — A sound and legally compliant records retention policy, including a records retention schedule, is the foundation of a compliant records management program, setting the definition of a record and how long to keep records in order to meet legal requirements.

PoLicies & Procedures — An organization’s program should be supported by formalized policies and procedures that address each component of its records management program in accordance with operational and legal requirements. The use of a formal program to communicate and educate all members of the program on policies and procedures will help to drive consistency in application.

index & access — The success of an organization’s records management program hinges on its ability to access information for business support, litigation response, or audit or investigations. Proper indexing is essential to enabling usability of information.

Privacy & disPosaL — Consistent disposal practices provide retention and regulatory compliance, and decrease corporate risk when conducted in accordance with an approved records retention schedule. Sensitive or personal information should be protected against inadvertent disclosure and stored in compliance with all regulations.

audit & accountabiLity — For the program to be successful there must be a Corporate Records Manager to administer the program at the corporate level, as well as a designee in each business unit accountable for implementation in their unit.