Golden retrieval
- Article 15 of 26
- M-iD, March 2005
Developing a dependable document retention, retrieval and destruction strategy demands a measured, step-by-step approach
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
If, as generally happens, there are different policies for different units, they need to be combined as much as possible, not only to prevent inconsistencies, but also to get as much benefit as possible from an organisation-wide policy.
While old policies are usually geared only towards paper records, may lack many qualities of a robust records management policy and will not necessarily exemplify best practice, they will describe existing business processes, which can be built upon.
This often prevents a massive exercise in change management from having to take place and fills in the blanks left by regulations and guidelines, which rarely specify actual processes, merely steps or outcomes that have to occur.
It will also ensure that paper and electronic documents do not have significantly different policies, which could cause the two to fall out of sync.
Step three
The next step is to conduct a review of the records created by each business unit. As well as ensuring that the records policy matches existing business processes, consulting with the business units will improve the chances of getting buy-in from them.
Andy Maurice, head of consultancy at Iron Mountain, recommends looking both at what each unit uses in day-to-day business and what is generated less frequently. “You can then identify different types of record classes: you may, for example, be able to treat invoices and purchase orders in the same way; but tax records would have to be treated differently.” Depending on the organisation, says Maurice, there could be hundreds or even thousands of different record classes that need studying.
With those classifications developed, the project team can look at the requirements for each class of record. Regulatory bodies for various vertical markets can often provide details of the regulations that apply to particular record types and the organisation in general. The government can provide details of legal requirements that are specific to the industry and also on more horizontal requirements, such as health and safety records, pensions and so on.
Adam Lee, European marketing manager of Objective Corporation, warns not to rely on either the government or regulatory bodies to provide best practice. “The FSA, for instance, provides a lot of guidance, but no mandatory way of doing things. It likes words like 'robust and demonstrable', which means whatever it wants them to on the day.”
Best practice information, he adds, is more likely to be found from consultancies or other organisations. These need not be in the same market: public sector organisations are generally ahead of the private sector in records management strategies; and legal, pharmaceutical and financial services companies have had to cope with retention and retrieval policies for many years.
Step four
Following the business asset survey and regulation review, the policy team can then start to draw up general guidelines on retrieval practices and decide who should be able to access which documents, although often the exact details will need to be tweaked during the initial stages of implementation.
One important task is to draw up schedules for the retention of documents, including the minimum amount of time documents need to be kept for. “The policy does not need to be too detailed at first, but you need the retention schedules from day one. They are what will kill you if you don't get them right, since that's what the regulators will clamp down on,” says Maloney.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages