Many organizations feel like they have records and information management (RIM) covered. After all, they have a written policy and someone is tasked with making sure it’s followed. But probe a little deeper and you may find that what these companies don’t know about how their records are being handled can hurt them a lot.

Inconsistent policy enforcement, records held beyond their retention term, and unsecured customer data can make it difficult to defend against litigation and lead to regulatory fines. Records may be held in unsecured facilities or storage rooms, difficult to find, and susceptible to damage by flood, fire, or other natural and manmade disasters.

By asking yourself a few basic questions, you should be able to gauge the maturity level of your organization’s program and its effectiveness in mitigating these and other risks.

Who’s in charge?

With the growing importance of information governance, the person responsible for your RIM program needs the authority to create and update policies and more importantly enforce them effectively. If the role is filled by an administrator or low-level manager, it’s unlikely that the program has reached its fullest potential. The same goes for outsourced “mailroom” functions. Your organization needs someone who can navigate among compliance, IT, and other functions concerned with information governance (IG). This might be a director of records information management or even a chief information governance officer (CIGO).

How effective is enforcement?

Having a RIM program or IG policy in place is an essential first step in creating a successful program, but it doesn’t mean much if it is difficult for employees to follow. Best-in-class records management incorporates automation to handle day-to-day tasks such as assigning document-level metadata to track and retrieve individual documents and monitor their lifecycle to comply with individual retention schedules. Documents that have reached the end of their retention schedule should be destroyed in a consistent and secure manner to ensure that the policy and program remain legally defensible.

How do you handle legal holds and audits?

The two largest areas of risk are litigation and regulation. It stands to reason, then, that the best programs address these concerns head-on. In addition to facilitating consistent policy enforcement, your records management system should be able to track and release multiple legal holds at the document level. It should also generate an audit trail for each record with every access and action taken on it.

There are many more aspects to a successful program, including ongoing monitoring and improvement, disaster-recovery planning, and data security. To get an idea of how well your current program is protecting your organization against risk and what steps you should take to improve it, take our new quiz, “What’s Your Document Management Style?

BJ Johnson is the Senior Specialist for Digital Solutions for Access and is a board member for the ARMA – NJ Chapter.