New Regulations, Litigation and Audits: Are You Ready?

What do these events have in common? They demand a quick response from your records management team. Here’s how to kick off a cost-effective, efficient and compliant records information management strategy.

When you think about it, a legal discovery request or a financial audit is the corporate equivalent of a 10-car pileup on the Interstate—with your records management team as the first responders.

So how quickly can your records managers tap your archives for critical documents or to confirm compliance with federal or state regulations? Ask yourself:

  • Do you have an inventory of your information and records readily at hand so you can respond instantly to a discovery request?
  • Does your records information management (RIM) plan include email and social media?
  • Does the plan meet the requirements of all the regulations—both federal and local—that apply to your company?
  • Are you confident that chain of custody has been preserved along the way?

If the answer to any of these is no, your company could experience operational pains as the search for critical information drains resources. Every extra minute spent tracking down information costs your company something—time, productivity, dollars or any combination of these. Add in fines, legal fees and court costs associated with noncompliance or delays in delivering information, and your bottom line will surely take a hit.

But you can avoid those unpleasant expenses if you have an overarching RIM strategy that protects your information from end to end.

The Long Arm of the Law

Keep current on regulatory obligations. The following federal regulations are either being revamped or are causing companies to adjust RIM strategies:

1. The Sarbanes-Oxley Act (SOX). Compliance with the outside audit requirements of the act’s Section 404 can cost an organization millions of dollars. It calls for storing potentially voluminous supporting documentation for lengthy time periods.

2. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. On the heels of the recession, Congress instituted regulatory reforms for the financial services industry.

3. The Health Insurance Portability and Accountability Act (HIPAA). Version 5010 aims to standardize information presentation across all records formats.

4. The Red Flags Rule. The Federal Trade Commission’s newly implemented Red Flags Rule requires targeted companies to create a written identity theft prevention program that includes reasonable policies and procedures for “detecting, preventing and mitigating identity theft.”

It’s Not Impossible, Just Complicated

To get to that archival happy place, you first have to wade through a lot of data: The world collectively created and replicated 1.8 zettabytes of data in 2011, much from social media. Gartner researchers predict that by 2014, “social networking services will replace email as the primary vehicle for interpersonal communications for 20 percent of business users.”

Also, regulations are constantly changing and expanding. For example:

  • The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 focuses on Wall Street reform, though it was somewhat diluted before it reached the desk of President Obama. Among other changes, this legislation revised reporting requirements for companies with a $75 million to $250 million market capitalization. It also mandates changes to record retention requirements.
  • Yet more refinements are under discussion for the increasingly pervasive Health Insurance Portability and Accountability Act (HIPAA).
  • The Food Safety Modernization Act of 2011 imposes several extensive new records requirements on food manufacturers and distributors.

If your company was recently involved in a merger or acquisition (M&A activity grew significantly during the first half of 2011), you’ll also need to safeguard incoming records against breaches, ensure privacy, and possibly meet new regulatory requirements if your acquisition maintains a business presence in multiple states.

Make Compliance a Priority

With these and many other possible changes afoot, your company must ensure that all relevant information remains compliant and accessible. Be sure to:

  • Evaluate your current practices
  • Demonstrate good-faith efforts and progress toward compliance
  • Build an effective infrastructure  
  • Update your policies and procedures as industry regulations change
  • Strengthen your accountability by measuring corporate, departmental and individual performance against audit metrics
  • Include communication and training activities that encourage employee participation

A trusted partner can ease the burden and lend much-needed expertise. Look for one that adheres to strict security policies, stays abreast of changing laws, and has a demonstrated track record in defining information management standards. That way, when a call comes in, your first responders will have the tools they need to keep information flowing freely throughout your organization, and they will be able to swiftly respond to audit, litigation and compliance requests.

Iron Mountain “Brings It”

When you team with Iron Mountain, you’ll get a partner that:

Instills compliance confidence
With expertise developed over decades of experience in information management workflows and business processes, your trusted partner will help you know what you have so you can find it faster, use it more efficiently and, ultimately, realize greater value from it.

Mitigates risks for better compliance and discovery
Iron Mountain reduces risk by providing a broad portfolio of document conversion, transport and storage capabilities, helping to ensure an auditable chain of custody.

Infuses efficiencies for improved operations
With a wide array of document imaging and storage capabilities, Iron Mountain can help you drive efficiencies and optimize your most valuable internal resources.

Do you have questions about information management? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your information management challenges.

Related Content:

Merge Ahead: Time for an Information Management Upgrade?

Reducing Risks in a Climate of Constant Change, Part 1

Relocating? Consider These Smart Records and Information Management Moves