Records and Information Management: Getting It Right From The Start

Download PDF

The Basics Of Adopting Company- Wide Information Management Policies

A Quick Guide To Gaining Wider Acceptance

Success in records and information management takes planning, organization and a strategy for taking control of physical and digital records from creation, through active use, secure short, long or permanent storage and planned disposition. Done well, records and information management helps your organization limit information risk, manage costs and lay the foundation for successful data analytics. Your information management policies are the bedrock of getting a return on your information. But planning for the adoption of your policies is a step that a surprising number of organizations neglect to take. Research from Iron Mountain and PwC indicates that only 20% of North American mid-market organizations have training programs to brief employees on information risk (Beyond Good Intentions – The need to move from intention to action to manage information risk in the mid-market, 2014). What’s more, the same research indicates that less than half of the surveyed organizations have a strategy for the secure disposal of technology, hardware and confidential or sensitive records. The problem of managing information isn’t just a matter of having a policy, but of ensuring that policy becomes a part of the way people in an organization do their jobs.

Steps To The Universal Adoption Of Information Policy

  • Create an Information Governance Board or Committee
  • Know your Wider Business Goals and Priorities
  • Assess Policies
  • Develop Policies
  • Plan for Implementation
  • Communicate And educate
  • Measure Your Progress

Change can be a daunting prospect. A clear plan helps you make progress and ensures you’re aligned with the needs of your organization.

Create an Information Governance Board or Committee

The buy-in of senior leadership gives traction to your plans for policy adoption. Your board may not wake up in the morning with information policy as their first thought but they are concerned with serving and retaining customers as well as balancing costs and revenue. Your committee should include:

  • Critical business functions
  • Legal/compliance
  • Records and information management
  • Privacy
  • IT
  • Data officer

The relationship between information management and the legal and compliance landscape is important. Involving business units who are on the front line of customer service or who regularly need to share information will help to include the perspectives of end users. Establish regular meetings and a reporting plan.

Know your Wider Business Goals and Priorities

It sounds simple. But, in fact, it’s easy to fall victim to a siloed mentality and lose sight of the commercial direction your organization is taking. The policies you craft to speed up processes and improve compliance may not work unless they also make sense to the people who use them. Your colleagues may prefer to continue with old ways of working because they feel there is nothing really wrong with the status quo. The key to successful change is ensuring that your ideas and aims are linked to shared priorities. Information is an asset and a resource as well as a responsibility. Aligning your priorities to wider business aims gives you a better chance of managing its value. Plus, if funding is an issue making your business case will be more straightforward.

The key to successful change is ensuring that your ideas and aims are linked to shared priorities

Assess Policies

Your policy assessment should examine:

  • Technologies, including mobile and social
  • Processes and work flows
  • Procedures
  • Resources
  • Education

By identifying gaps, you’ll be able to determine what prevents policies from being adopted. For most organizations, this is not a simple check list. It may start by knowing what you have, where you keep it and who has access.

Develop Policies

Use what you learned about business priorities and policy gaps to pinpoint where to start making step-by-step progress. Your records retention schedule is vital, but that’s not the limit of your policy decisions. Consider:

  • Paper
  • Email
  • Mobile
  • Computer and other devices

Processes, procedures and workflows are based on a foundation of stable, enforceable policies. Consider too the importance of balancing security with access, collaboration and efficiency. Your written policies should also include:

  • Acceptable use policy
  • Incident response plan
  • Business continuity

Put a timeline for regular policy review in place. Your mobile device management, document retention and privacy policies will evolve and you’ll need to change them to keep up with new developments.

Plan for Implementation

In order for change to succeed, you should consider the mindsets and priorities of the people you’re asking to adopt policies. Teams in customer service may not be as passionate about information governance as you are. Make your policies easy to adopt and ask your business leaders to act as examples and champions. Policies should be clear, applicable and straightforward. Ask for help and insight not only from your committee, but from people at all levels and with different needs.

Communicate And educate

It’s not enough to tell people what to do. You should also engage them with your aims and ideas. Develop a plan that uses different channels to get your guidelines and processes across. Some people will enjoy a webinar; others a written guide and a few may need a one-on one meeting. Training can take different forms. Many organizations find that eLearning can introduce and develop new skills and thinking in an easy-to-digest format. If you can nominate information stewards in different departments or teams, you can build a culture of information policy awareness. Keep an open door and schedule records management brown bag lunches where you answer questions and take suggestions.

Measure Your Progress

Policies are empty unless people are engaged and making changes. Your plan should include milestones, and a detailed approach to measuring how well your policies are being adopted. Consider including hard measures like numbers connected to secure disposition of documents or files transferred to off-site storage facilities. You can also set up measures for attending training and surveys to get a clearer idea if people are adapting to policies.

Training can take different forms. Many organizations find that eLearning can introduce and develop new skills and thinking in an easy-to-digest format.

Last Words

Gaining universal acceptance of information management policies requires the move to a culture where information is understood, respected and valued.

To learn more about information policies and governance, get our solution brief

Download Now


Records Management Solution Brief
Records Management Solution Brief

Topics: Govern Information

With Iron Mountain Records Management services, you'll have the resources you need to effectively store and safeguard your information assets, and make them easily accessible to individuals across your organization.