Records & Information Management Best Practices for the 21st Century

Transcription

1 ATL ARMA RIM 101/201 Spring Seminar Records & Information Management Best Practices for the 21st Century May 6, 2015

2 Martha W. Adcox, CRM Corporate Records Manager Delta Air Lines, Inc.

3 What is Records Management? Records Management Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.

4 What is Records Management? Record Documents created by or on behalf of the company in the course of its business operations, regardless of media. It must meet the following: set policy establish guidelines or procedures certify a transaction become a receipt required to meet statutory/legal obligations to sustain administrative or operational functions

5 What is the Value? Providing legal defensibility by having a consistently followed corporate records retention schedule. Ensuring compliance with federal, state, and industry specific legal and regulatory records management requirements. Decreasing legal and brand image risks by appropriately managing records. Mitigating litigation exposure associated with the records discovery process. Reducing records storage and processing costs for hardcopy and electronic records. Improved productivity through efficient retrieval of hardcopy and electronic records.

6 Basic Program Components Core Components: Governance Process Policy Procedures Retention Schedule RM Training RIM House

7 Basic Program Components What becomes part of your program is based on your organization s needs. Examples of other components may be: Active File Rooms Imaging Centers Shred Program Archive Program Offsite Storage Program Vital Records Program Business Continuity or Disaster Recovery

8 How to Get Started Identify and Document the current RM processes. Examples: Determine volume and growth of electronic records Determine volume and growth of hardcopy records Determine problem areas and how to resolve. Decide what the key needs are.

9 How to Get Started Find an Executive Sponsor. Discuss value of the program Determine hot buttons Discuss where program should sit Successful RIM programs usually are formally established by authorizing boards as ongoing programs within an organization. Means it is not just a records management project or short term project Provides funding and staffing

10 How to Get Started Identify Program Advocates/Champions. They are strong advocates for the RIM Program to others in Senior Management, to management at all levels and to personnel throughout your organization. As an advocate they: Understand and communicate the importance of an effective RIM Program. Influence business areas to be compliant. Generate records management good will.

11 Governance Process Establish the governance process Look at your organization and determine best process. One way: Steering Committee Senior level committee which is responsible for providing vision, direction, accountability, decision making, and leadership for the RIM Program.

12 Governance Process Steps to establishing a Steering Committee ID business areas to be represented. Should be no more than 15 members. Scalable for both large and small organizations. Work with Executive Sponsor to request area representatives. Charter committee. Includes mission, organization, functions, responsibilities, qualification for members, and membership (areas and titles).

13 Governance Process Step to establishing a Steering Committee (Con t) Examples of responsibilities: Establish, sponsor, and charter subcommittees (standing and temporary) for specific RIM initiatives and programs. Raise awareness within their business area of responsibility of the Records and Information Management Policy. Inform RIM staff of any needed changes to the RRS, RIM policy/procedures/guidelines, or additional services required from the RIM program. Assist in implementing processes to appropriately manage electronic records. Assist with audit activities related to RIM within your business areas. Ensure that Records Liaisons are assigned.

14 Governance Process Step to establishing a Steering Committee (Con t) Establish and hold meetings with the Steering Committee. Initially frequent meetings (possibly monthly) Once established potentially less frequent (possibly quarterly) Stay out of the weeds.

15 Governance Process Records Liaisons or Coordinators Responsible for driving the implementation of the RIM Program activities across their area of responsibilities. Charter as a subcommittee to the Steering Committee Examples of responsibilities: Ensure employees within their business area take any mandatory RIM training. Assist in implementing processes to appropriately manage electronic records. Provide business approval for destruction of inactive records stored in off-site record center facilities. Lead area efforts around annual clean-up day activities.

16 Governance Process Train Liaisons. Establish and hold meetings. Get down in the weeds.

17 RIM Program Organization Determine RIM organization

18 RIM Program Organization Where should RIM be placed in the organization? Visible and high enough to accomplish goals throughout the organization. Potential locations: Legal Compliance IT

19 RIM Program Organization Who will lead it? Person trained/experienced in records management What are the staffing needs? Numbers Skill sets What are the budget needs?

20 RIM Mission Statement, Vision and 5 Year Plan Develop mission statement and vision for RIM program. You will never get anywhere unless you know where you re going. Establish 5 year plan, including short term and long term goals. Determine low hanging fruit. Go for it first!

21 Mission and Vision (Examples) Mission Statement To develop and maintain a comprehensive (electronic and paper) Records and Information Management Program through supporting business activities, meeting government and industry regulations and contributing to our competitive edge by maximizing the value of corporate information.

22 Mission and Vision (Examples) Vision 1)RIM provides leadership in information life cycle management through the maintenance of a comprehensive (electronic and paper) Records and information Management program. 2)Records Management will ensure compliance through a risk based approach for the management of internal and external records. RM will be fully integrated enterprise-wide with all global partners by providing: Flexible Solutions Easy access Seamless technology Education Consulting

23 RIM Transformation Map (Example) Governance/ Compliance Records Retention Schedule (RRS) Hardcopy Records Establish Policy Establish mission and vision Established Exec Committee and Chartered US Legal Research- Baseline US Record Retention Schedule (RRS) RL/RC Established RM Assessments - Physical Consolidated Outsourced Vendors Shred Contract established RIM Software Destruction Process established Established Subcommittees and Chartered Established Compliance Audits SOP Development Develop/coordinate RRS Revisions Global Legal Research- Baseline Apply RRS to offsite records RIM Website- Developed Training RIM Software Training Develop/coordinate RRS Revisions Centralized RC Admin RL/RC Training CBT RIM Overview Course CBT RIM Overview Course Revise New Hire Training RL/RC CBT RM Assessments Electronic Sponsorship/ Sponsorship/ Sponsorship/ Sponsorship/ Coordination Coordination Coordination Coordination Compliance Audits Compliance Audits Compliance Audits Compliance Audits Policy/SOP Policy/SOP Dev/Rev Dev/Rev Policy/SOP Dev/Rev RRS Revisions Offsite/Shred Managed Policy/SOP Development RRS Revisions RRS Revisions Consultation/Operational Support Offsite/Shred Managed Global RRS- Develop Destruction Process Implemented Offsite/Shred Managed Global RRS - Implement Consultation/Operational Support Consultation/Operational Support Offsite/Shred Managed Consultation/Operational Support System Decommissioning SOP erm Offsite/Shred Managed New Hire Training Revise Implement erm Strategy CBT RIM Overviews Course Revise Implement erm Strategy Develop erm Strategy RL/RC CBT Revised Implement erm Strategy Implement erm Strategy System Commissioning SOP earchiving SOP Other RIM Program Implement erm Strategy RM Consulting RM Consulting RM Marketing Plan RM Consulting Vital Records Program RM Consulting RM Consulting RM Marketing Plan Archive Program RM Consulting 23

24 Records and Information Policy Develop a RIM Policy. Based on your company s needs. Should include at a minimum: Purpose/scope. Authority and responsibilities. Components of the RIM program. Definition of a record (all information no matter what the format). Format should follow company guidelines (if any). Some organizations develop a high level umbrella policy and some have a detailed RIM policy manual. Approval process for Policy.

25 Records and Information Policy Example Objective Scope Definitions The objective of this policy is to establish requirements for managing the life cycle of company records. This policy applies globally to all company employees. Company Records - Documents created by or on behalf of the company in the course of its business operations, regardless of media. Documents are created by or on behalf of the company when they are created by company employees in the course of conducting company business, or for the company by contractors or other persons or companies with whom the company does business. Records Retention Schedule - A timetable, organized by business function, listing Records Series with associated Records Series Codes which designates the required length of time records must be retained before final disposition. The Records Retention Schedule is approved by the RIM Director, and representatives from the Legal Department and Finance Department.

26 Records and Information Policy Example Policy Statements The Company is committed to having accurate and complete records on which it can rely to effectively manage its operations and to complying with record-keeping and record retention requirements of laws and regulations by which it is governed. All company records are the exclusive property of the Company and its affiliates. Records & Information Management (RIM) is responsible and accountable for planning, developing, directing, and implementing a records management program. RIM will establish requirements and provide key services and guidance for managing company records throughout their life cycle, including a comprehensive Records Retention Schedule. The RIM Executive Steering Committee, a cross functional team, will provide oversight for vision, direction, accountability and decision making for the RIM Program.

27 Records and Information Policy Example Policy Statements Employees must strictly observe all record-keeping and record retention requirements stated in company policies and procedures and in laws and regulations that apply to their responsibilities. Each employee is responsible for the proper management, including retention and disposition, of company records under his or her control. Line management is responsible for compliance with this policy in their respective areas. Employees must retain records in accordance with the Records Retention Schedule. However, records relating to matters subject to ongoing or threatened litigation or any investigation must be retained and cannot be disposed of, even if the retention period has been met on the Records Retention Schedule, except as advised by the Legal Department.

28 Records and Information Procedures Develop needed procedures Since organizations have different needs there is no one size fits all where procedures are concerned. The key to procedures is to be consistent with processes, standardize actions, and ensure appropriate controls are in place.

29 Records and Information Procedures Develop needed procedures (Con t) Examples of procedures which might be of value: Abandoned Records One-Time Destruction Retention Schedule Revision Offsite Storage Vital Records Decommissioning Systems Commissioning Systems Electronic Archiving Backup Tapes Centralized Files Disaster Recovery

30 Records Retention Schedule Defined A timetable organized by business function listing Record Series with associated Record Series Codes which designates the required length of time records must be retained before final disposition. The next session will do a deep dive on developing this core component.

31 Records Management Training Mandatory records management training is essential to help ensure compliance with the Records Management Policy. Various ways to do this such as: Computer based training Town Halls Face to face Webcasts Other training efforts should also be established, such as: Records Liaisons New Employee

32 Establishing The Records & Information Management Program Questions?