First established in 2002, National Records and Information Management (RIM) Month emphasizes the need for good record keeping and information management in both business and in life. It is celebrated every April and is a great time to conduct a spring cleaning of your records. This month, we’re sharing RIM best practices to ensure your information is secure, compliant and easy to find all year long.
Why do businesses need to invest in RIM?
Records Information Management (RIM) is a corporate function involving the management of all business records throughout their lifecycle from creation to archival or destruction in compliance with the governing guidelines.
From the increasing regulatory environment to the rapid explosion of information, businesses are creating more content while trying to comply with more rules. Not only is there more information, but the formats in which that information is created, managed and stored continue to change. Today, a RIM policy cannot simply cover traditional physical and electronic documents. It must also encompass email, instant messages and social media, as well as where that information is kept, from filing cabinets to file shares, the cloud and mobile devices.
Organizations that do not comply with regulations could face hefty fines or litigation and may even be putting their information at risk of being breached, which can lead to reputation damage and loss of shareholder value. A recent survey by OnePoll revealed that 86.55% of respondents were “not at all likely” or “not very likely” to continue to do business with a company after a data breach. Additionally, stock prices tend to fall an average of 5% once a data breach is disclosed.
A comprehensive RIM strategy is the only way to proactively manage and protect your business information while ensuring compliance. Here are five tips for evaluating and improving your RIM policy this spring:
Focus on information governance (IG)
Information governance consists of all the rules, processes and structures that an organization needs to comply with throughout the creation, management, sharing and destruction of its information. While RIM only addresses the lifecycle of a document, IG takes a broader approach to ensure that all information created aligns with your organization’s goals. Effective IG will reach across the entire organization to ensure that all employees and departments know and follow the appropriate procedures for creating and managing business information.
Identify responsibilities across your organization
A RIM policy is only successful when employees across the entire organization buy-in. This includes members of the executive board or leadership team, as well as employees at every level of the company. Identify someone or a committee of people who can take responsibility for evaluating and improving your RIM program. This may include representatives from each department within the company or a records manager or RIM partner that can help you audit your information and build a comprehensive strategy for creating, managing and destroying your information.
A RIM committee can also help organizations stay on top of the latest rules and regulations, address new issues or concerns as they arise and assist in the continual education and training of employees in RIM best practices.
Develop a records retention schedule
A records retention schedule informs employees how long a document should be kept to ensure compliance. Retention schedules are based on both legal and regulatory requirements, as well as the operational needs of an organization.
Many businesses hold onto documents indefinitely for fear that they may one day need a file they discarded, but keeping information past its retention period is expensive and risky. Not only do businesses waste time and money on prolonged records storage, but expired information can become a liability if exposed during a data breach or litigation. Retention schedules help organizations better organize, manage, locate and retrieve their information while saving time and money and ensuring compliance.
At the end of their retention schedule, barring no audits or litigation holds, all information should be securely destroyed. A haphazard destruction schedule will not suffice. Set up a systematic approach so that all information that has met retention requirements is destroyed as soon as possible.
Write your RIM policy down
As mentioned, every member of an organization should be on the same page when it comes to your RIM policy. Consistency and clarity are key. Establish a company-wide policy that clearly outlines the procedures all employees must take throughout the lifecycle of a document, from creation to sharing and destruction. This policy should address the following:
- Roles and responsibilities of employees
- Records lifecycle
- Records ownership
- Legal holds
- Sharing and access controls
- Records maintenance
- RIM best practices and training
The RIM policy should be accessible to all employees and clearly communicated across the organization. HR may be a strategic resource for the development of ongoing training and education on records management and information security.
Share with care
Whether for an audit, legal reasons or business support, employees should be able to locate and access the information they need, when and where they need it. They also need to be able to share that information with external auditors as requested. Despite the risks associated with emailing sensitive information—the information can be breached, printed or copied, to name a few—49% of business leaders surveyed admitted to having shared corporate data from their personal email accounts. Employees need a way to securely share information while still monitoring who and how that information is accessed.
With a digital document management solution, audits and other business tasks become painless. Documents are shared via a secure timed link and viewed in digital file rooms where you control what can be done with them, including whether they can be printed, downloaded or copied. An audit log records every action taken on the shared information and file rooms can even be set to expire to ensure security.