Would Your Records Management Pass an Audit? An Assessment for Law Firms

Would Your Records Management Pass an Audit? An Assessment for Law Firms

Waqar Ahmad

Your clients have high compliance expectations for law firms like yours. They expect you to keep their information under lock and key, to meet their industry compliance needs, and to defend their best interests at every step.

Managing internal and client records, however, may seem easier said than done. The volume and variety of information you hold is expanding and the definition of a record is changing. Content, personal identifiable information (PII), proprietary information and financial data is created and shared in the form of emails, web forms and even work chats. This data must be securely stored and properly amended with metadata to ensure records are properly destroyed at the end of their designated lifecycles. Moreover, you must be able to access this information easily for legal discovery, holds and transfers — and even change retention dates in the case of holds.

Records management is growing more complex and base-level tactics will no longer suffice. Having digital and paper documents scattered across offices, offsite storage facilities, local servers, computer hard drives and in the cloud can lead to several issues, including:

  • Litigation costs
  • Storage costs
  • Time and efficiency loss
  • Client compliance risk and potential fees
  • Damaged brand perception and loyalty

A modernized records and information management (RIM) program will help your law firm mitigate these risks and improve firm productivity and security. Our latest E-book walks you through the step-by-step process that will help your firm assess and update your current practices, so you can mitigate risk and better serve clients. Whether you’re just developing your firm’s RIM practices or are looking to make improvements, it’s advised that you work with a non-biased third party to conduct an audit.

To develop a successful foundation for your RIM program, there are key questions to ask within five core areas:

  1. Record declaration: Is there a written policy regarding how and when employees should declare a document — including electronic communication — an official record?
  2. Record classification: Do you use identifiers such as document type and creation date to ensure accurate tracking and eventual disposal of individual documents? Are you able to determine the appropriate handling of documents by their activity level?
  3. Record retention schedule: Do you have a designated retention schedule for each record type based on regulatory requirements? Are you able to adjust these schedules and expirations based on new developments or legal holds?
  4. Chain of custody: Are you able to track the location of a document at all times and where it is in its designated lifecycle? Does each record have permanent chain of custody data that outlines when and where information is retrieved, accessed or distributed, and by whom?
  5. Vendor capabilities: Do you have a records partner that assists with best-practice records management, storage and destruction? Can you define their end-to-end capabilities, including document digitization, tracking and retrieval, as well as digital and physical security?

Once you take a hard look at your current practices, you can identify issues or gaps and determine the appropriate next steps. Read our eBook, The Modern Law Firm’s Guide to Records Management , to learn how you can leverage audit results to create an efficient, comprehensive, and scalable policy for your firm.

 

Waqar Ahmad provides 20 years of Information Management expertise to our Global, Enterprise and Legal customers having worked in Europe and US in various senior consultancy capacities.