Where to start and what to consider in developing policies that can help an institution with record management and security.
The continuous uptick of information and data flooding educational institutions shows no signs of easing up. With increasing use of technology platforms, it’s no surprise that institutions are desperate to manage the escalating flow of information. A key component to managing the inflow of records is to manage the outflow, in this case, record retention.
Increasing regulations and legislation from the state and federal level have also started to ensure that vigilance and retention policies aren’t optional. In addition to legal requirements, relevance and need also come in to play as it relates to retention policies, making it necessary to take a more global approach by developing a record management process based on the entire data lifecycle.
With many institutions making the move to electronic content management, taking that global approach is easier than ever. However, policies for retention and destruction of records must begin with policies on how to capture, organize and use records, whether they’re electronic or paper-based.
This quick-start guide offers an overview of where to start and what to consider in developing policies that can help an institution manage security and information flow.
1. Get Support
Effective record management starts at the top; that means an institution’s leadership has to understand the need for record management, put support behind it and make their support known. In a time where record retention can be handled automatically through the use of technology, resistance to comply is reduced. With the right backing, support to make sure policies are implemented, along with a willingness to work together, will follow.
2. Develop a Plan
Like any operational challenge, managing records and their lifecycle has a greater likelihood of moving from “problem” to “solution” with a plan. Rather than taking the “save everything” approach, digging into the work of developing a strategy gives personnel a roadmap to follow.
A retention policy also reduces risks. As the volume of retained records grows, so do legal risks—holding on to information longer than mandated time periods and deleting or destroying records before they should be, for example. A defined retention policy and schedule is an important component to establishing a good faith effort towards compliance.
A plan needs to:
- Define records–Determine what incoming information is a “record.” A record is technically something that needs to be captured and kept for regulatory, legal or business purposes. If an enterprise content management solution is in place, every indexed document is considered a record.
- Classify records–Organize records into classifications with related functions, process and retention requirements. Index classifications with keywords to make records accessible through search.
- Assign responsibility–Determine who is accountable for each record classification and who has access and authority to make decisions about actions taken with the records.
- Set rules–Configure and document retention and disposition schedules for each classification based on laws, regulations and business needs.
- Understand departmental requirements–A plan should be put in place based on the needs, requirements, and compliance for each department. For institution-wide retention policies, this means having a champion who is involved in developing this plan.
3. Know the Rules
Retention policies go beyond saving space, keeping organized and improving efficiency. Maintaining compliance with federal, state and local regulations requires top priority.
An institution carries the burden of responsibility for knowing and complying with retention and destruction regulations that affect the industry. Continued reliance on paper-based records can carry different issues, making compliance with privacy mandates more difficult, for example.
Leadership support is key to ensuring that resources are available to not only help establish retention and disposition schedules that are compliant but stay on top of changes in regulations.
4. Review and Adjust
Anytime governmental regulations are involved in developing a policy, change is inevitable–at least plan for it to be. As the world of information and data becomes more complex, requirements for how to manage it will no doubt follow suit. A policy needs to include provisions for review to ensure it stays up-to-date with regulations and changes in retention periods. It also should be responsive to changes within the institution. The most effective and efficient way to do that is with a comprehensive plan to work from.
5. Stick with It
A retention policy and schedule provides a one-source knowledge repository for everyone involved in managing an institution’s content through its lifecycle. Well-trained staff will not only understand the benefits (as well as the requirements) of a detailed policy, but they will also have the rules and guidelines needed to implement the policy and schedules. Policy and schedule compliance reduces inconsistencies in retention and destruction decisions, and the likelihood of human error. Electronic content management and business process automation reduces those risks even further by automating the process, along with establishing an audit trail and good faith effort toward compliance.