It is quite hard to imagine the amount of information a business owns and how they plan to manage that with keeping security and compliance in mind. With an information management policy, you can clearly lay out what kind of information should be maintained, how they must be preserved and when they should be disposed. Here is a framework for setting up your information management policy.
1. Understand your Business-Specific Record-keeping Compliance
Before we do anything about setting up an information management policy, it’s good to understand the latest record-keeping compliance from your regulatory and statutory bodies. The amount of rules, regulations, acts and geographical boundaries of these regulatory bodies also differs. They continue to update their policies frequently that it becomes very difficult for businesses to keep pace with the change. Once we know what is needed to be maintained to meet the compliance, the rest becomes easier.
2. Take Inventory of existing Information
Establish a baseline to find out what is that you are protecting. Sources of information, their original point of creation through its end of the journey. This will help shortening the horizon. Also understand how the information has been handled and stored so far. What percentage of information is stored in a physical manner, how much of them in Digital media and what is the gap? Take an inventory of existing storage in the form of paper files stored on-site and off-site. The maximum you can do here will help you assess the support you require.
3. Itemize records for Retention
This is a highly subjective topic for your industry and the type of specific business you are into. However, you will still need to determine what rules apply to your company. Usually records that should be retained fall within one of these four categories:
Form a committee of executives from different business functions within your company so that they bring their perspectives that truly represents your business. Still make sure it is being discussed and agreed unanimously by the top leadership of the organization. Make sure to bring in the expertise of auditors and legal counsel to assist with this process.
5. Deploy & Monitor the Information Management Policy
Ensure detailed processes, comprehensive records management governance policies and more importantly introduce unbiased audits. Establish timelines for each business unit and department for cleaning up their records – for both electronic and paper files. Make this exercise with moderation and as a group activity in a systematic manner so that learning can be passed on easily.
6. Protect Data from unauthorized removal or archiving
Before rolling out the information policy, ensure you have implemented lots of precautions to protect the data in all formats, stored in a centralized place or in a decentralized manner, that users are not able to easily manipulate, make copies, steal information and lose information purposefully. Also make sure to frequently take backups of users who are on the go or working remotely. Ensure every endpoint is protected from copying or transferring information without prior permission. Work closely with the IT Teams to make sure both physical and digital records are preserved in an integral manner.
7. Strictly monitor WFH and BYOD policy
The pandemic has certainly altered the dynamics and businesses need a whole new level of preparedness to ensure business continuity in case of any eventuality. It has become essential that organizations now allow employees to bring their own computers to work. This has serious implications in maintaining a systematic information management because it creates crossover between data that is controlled by an individual versus the company. Consult with Information Technology Teams to effectively pen out meaningful information management policy with these new dynamics being introduced.
Like we said initially it is very difficult to quantify the value of information. At least we can make a sincere attempt on it by starting to take care of the abundance of information – which become KNOWLEDGE, that is so proprietary to the business. Start your efforts in preserving the collective knowledge of your business by establishing a sound information management policy.
Should you need any assistance, consult records and information management professionals (RIM). They are familiar and experts in framing a personalized information management policy for your business. KAYMAN Records Management is one of the Records and Information Management companies in Chennai, India that helps multiple leading businesses manage their information effectively and efficiently.