Retention Schedules: The Golden Thread of Compliant Information Management
Want to be a compliance and RIM rock star? Start with a detailed records retention schedule—one that applies to all locations and types of records. Here’s the riff on making it happen.
Only 43 percent of participating organizations have a legally credible records retention schedule in every business location.
There’s a good reason those TV home cleanup shows have both a toss heap and a keep pile. Getting rid of all that junk in the garage won’t really pay off unless you have a plan for logically storing what’s left after the garbage truck pulls away.
The same holds true in the real world of business today. Preserving information and systematically destroying records are two sides of the same coin. Thoughtful retention informs the way your company manages intellectual property and supports business processes such as customer service by improving on methods employees use to locate and retrieve documents.
Despite the obvious advantages of smart records retention best practices, however, many organizations have given it short shrift. According to A View Into Unified Records Management: The Iron Mountain Compliance Benchmark Report:
- Only 43 percent of participating organizations have a legally credible records retention schedule in every business location.
- Another 23 percent confess to having no schedule.
- 34 percent have records retention schedules but are questioning their efficacy.
Bright Spots on an Expanding Landscape
While these numbers might not be so encouraging, this year’s Benchmark Report also shows that retention policies are broadening in scope. Many now cover social media content and information hosted in Microsoft® SharePoint® 2010 systems: About three quarters of respondents said they have a retention policy for electronic communication and collaboration.
But the report also shows that although companies may successfully develop retention policies, they often fall short on execution, particularly when it comes to electronic records. Nearly 40 percent can’t or didn’t know if they could apply their retention policies to all formats.
Follow the Long Arm of the Law
Now more than ever, businesses may find themselves caught in a maelstrom of legal and regulatory obligations—from litigation-imposed requirements and corporate governance demands to traditional regulatory compliance, and privacy and security concerns.
Depending upon your industry, your business can be subject to many federal and state regulations. Let these rules and regulations be your guide as you and a trusted partner construct your record retention program.
Here’s a sampling of regulations:
- Securities and Exchange Commission (SEC) Section 17a-4 requires companies to treat email as records and retain accordingly.
- The Occupational Health and Safety Administration (OSHA) requires a five-year retention for employers’ injury logs.
- Government agencies must retain pension and welfare information for six years. They can, however, destroy employment verification forms and some payroll records after three years.
*Reference sources are not related to Iron Mountain Inc.
Close the Gap with Best Practices
Iron Mountain’s report reveals a clear gap between creating a retention schedule and applying it. Closing that gap is critical for any organization setting its sights on the many benefits of unified records management.
To achieve best-practice compliance nirvana, start by implementing a records retention schedule and RIM program. Here’s what to consider:
1. Set your agenda. Define a multiyear RIM roadmap and timeline with goals and specific dates. Doing this not only helps clarify your objectives, it also prevents the project from languishing.
2. Take stock. Identify all physical and electronic records. Determine record locations and their retention models. Include email, instant messages, social media and SharePoint applications.
3. Create an A-List. Critical records from high-risk areas deserve immediate attention. Then move on to less crucial records in physical and electronic formats.
4. Identify the really dead trees (aka inactive paper records), then either archive or destroy them. According to the benchmark report, 39 percent of organizations have adopted, or have at least settled into, an ad hoc approach to managing inactive hard copies; they move them only when they have to make more space. Taking up precious real estate in this way wastes resources. It can also expose companies to unnecessary legal risk: Why keep discoverable documents that you could have easily destroyed?
5. Get the word out. Publish retention schedules internally. Colleagues will more likely buy into and follow an easily accessed and understood retention policy. A vast majority of organizations—84 percent, according to the benchmark report—post retention schedules on a company intranet.
6. Don’t drop the ball on care and feeding. Update retention policies every 12 to 18 months to reflect changes in regulations, your industry and your business—and to accommodate new types of media and new locations.
It’s not easy to keep up with the explosion of records and information management regulations, media types, and advances in storage, search and retrieval technology. That’s why teaming with a trusted and experienced partner makes great sense. Such a set of experienced professionals can help you establish company-wide retention policies, reduce your risk, and keep your RIM in lockstep with evolving regulatory and industry requirements. Think of them as a rock star’s very talented road crew.
Iron Mountain Recommends: Explore the Ultimate Payoffs of Records Retention
Here’s your to-do list:
- Implement a universal retention schedule as well as a document destruction schedule. Make sure these include broad categories of similar records.
- Document the legal and operational reason(s) for saving each file type.
- Establish your retention schedule as part of the company’s standard infrastructure and operating procedures.
Do you have questions about information management? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s Information Management team. You’ll be connected with a knowledgeable product and services specialist who can address your specific challenges.
Repaving Your Rocky Road to Ultimate Preparedness
New Report Reveals Information-Management Opportunities—and Obstacles
Reducing Risks in a Climate of Constant Change Part 2