Records Management Compliance Checklist

Share

compliance-email-header

'Compliance' is a commonplace term in the records management world. This isn't the first blog post to iterate how critical it is to have a compliant RM program. But  we'd like to make something very clear: proper records management is not about ''reaching compliance.' It's about ensuring compliance by implementing and then sticking to the process.

This article breaks this process down into a list to make it easy for your team. We also offer a free, full length RM health checklist below for download.

Repeat after me: Reliability ensures compliance.

Reliability stems from a well documented program and simple-to-follow processes. Because building a compliant RM process is great and all, but sticking to it is what actually keeps your organization's records management compliant.  You may have already seen our RM Health checklist, now we've created  a compliance checklist. This includes simple questions to guide you through two important portions: creating a well-documented compliant process and taking necessary steps to make sure the program is followed.

Part 1: Create and document a compliant process

For a compliant RM process, it's critical to have developed policies and procedures with both your business values and legal requirements in mind. These should cover records storage, timetables, and roles clearly defining who does what. The most important part of creating this process? Making sure that it is well documented and easy-to-follow so there is no confusion after implementation.

We've marked major steps and encourage you to ask the following questions along the way:

a) Perform a Records Inventory

Before any policies or procedures get drafted up, you need to know what you're working with. Conducting a thorough records inventory to identify organizational records will help you get there. During inventory, it is useful to ask:

check-boxes-png-8

What are your organizational records and where are they stored?

check-boxes-png-8Does your organization have both paper and electronic records? If so, have both types been quantified?

check-boxes-png-8

Have you identified the business-critical information?

check-boxes-png-8

Is this business-critical information easily accessible to your organization?

check-boxes-png-8

Has there been any thought towards identifying non-official records (i.e. convenience files)?

b) Build a Classification Scheme and Retention Schedule

Knowing what information you have and where it is stored, you need to set up a classification scheme and  retention schedule appropriate for your organization. Ask yourself the following questions:

check-boxes-png-8

Have you written a classification scheme for  your records?

check-boxes-png-8Do you have too many classifications, could they be cut down and simplified?

check-boxes-png-8Can you align security, including Office of Primary Responsibility/Retention Approvers, with your classifications?

check-boxes-png-8Have you developed a  timetable determining  scheduling around the lifecycle of your records?

check-boxes-png-8

When developing this retention schedule, did you consider best organizational practices?

check-boxes-png-8

Are these schedules fitting for appropriate business units?

check-boxes-png-8

Does the records retention schedule allow for easy records management and evaluation (ex: external audits)?

check-boxes-png-8Are there opportunities for fusing classifications based on shared retention schedules?

c)  Consider Legal and Regulatory Requirements

When creating these retention schedules, it is pertinent   to be aware of applicable legal standards and industry standards to make sure that your process not only adds business value, but also follows regulation.

check-boxes-png-8

Have you considered  relevant  laws on federal, state/province, and local municipality levels that could affect your records management program and retention schedules?

check-boxes-png-8

Have you identified relevant standards, regulations, certifications and best practices around records management that apply to   your specific industry? 

d) Ensure Security

How to ensure the security of your records?  Having clarity of where your information is stored, how it is safeguarded and who has access. Some questions to ask  when building a secure process:

check-boxes-png-8

Where is your information stored? Is your data, in all formats, accounted for?

check-boxes-png-8

How have access controls been set? Who is responsible for what in the records management process, and have they been given appropriate permissions?

check-boxes-png-8

Is your data backed up? Are you able to restore your information in case of a mishap, and if so, how long would restoration take?

check-boxes-png-8

Have you identified which records are vital  for your organization and developed a Disaster Recovery Plan to ensure they are safe if there are any changes? Do you perform regular Vitals Records Reviews?

check-boxes-png-8

Have policies and procedures  been developed ensuring that information with all levels of confidentiality are properly safeguarded and  marked immutable if necessary?

e) Know and Document Who Does What

For compliance, it's key to have set clear definitions around the  roles and responsibilities with your organization's records management so the process is carried out and executed smoothly.

check-boxes-png-8

Have responsibilities and roles been established around all aspects of the records management process (content reviews, audits, etc.)?

check-boxes-png-8

Have records managers and any other relevant users been given appropriate access and permissions for the content?

check-boxes-png-8

Have these roles and responsibilities been clearly communicated and documented so everyone is informed and can refer back to documentation if there is any  confusion?

Part 2: Follow Through.

After a simple, well documented process has been created, you must stick with it to truly ensure compliance.  This requires maintenance, monitoring, and adjusting the process if necessary. Consider the following questions in the steps that lie beyond implementation:

f) Provide Good End User Training

Having a well documented process, establish a training program to get the appropriate departments aligned on all aspects of this process so it  is understood and followed through as efficiently as possible.

check-boxes-png-8

With all aspects of the process implemented, has a training program been established?

check-boxes-png-8

Is this program well documented? Does it cover all aspects of records management and what is expected of appropriate employees and management?

check-boxes-png-8

Does this training program  take into consideration new employees and other changes in the organization?

check-boxes-png-8

Does this training program  get reviewed and  updated regularly to stay current? Are the training sessions provided periodically to keep all employees up-to-date?

g) Audit Regularly

Both regular internal monitoring and external auditing are important to keep tabs on whether the process is being followed and where improvements can be made for increased efficiency and added business value.

check-boxes-png-8

Have both internal monitoring practices and external audits been implemented  with appropriate employees and  agencies? 

check-boxes-png-8

Have these audits been scheduled and implemented to occur on a periodic basis appropriate for your organization?

check-boxes-png-8

Do implemented audits  consider not only how records are being managed but also look at the overall process to consider what can be improved?

h) Expand and Upgrade with Compliance in Mind

Even beyond implementation, the process is not stagnant. As your organization grows, shifts and changes, the process should be able to grow, shift and change to remain fitting and compliant.

check-boxes-png-8

As you build and implement your compliant policies and procedures,  are you documenting everything and considering how the program can be further expanded?

check-boxes-png-8

Can these policies handle minor and major organizational changes: anything from employee changes to mergers and acquisitions?

check-boxes-png-8Are you using the most current version  of your  selected RM solution to hold and manage your records? Is this solution meeting your needs? If not, how can you identify a more fitting alternative?

check-boxes-png-8

Have you considered how to expand your RM program into the broader, information governance space? For example, improved information architecture, data management, business analysis and procedures.

i) Regular Disposition

With everything implemented and regularly monitored, the final step of the records management life cycle is records disposition.   We'll say it plainly: not following through with a scheduled disposition will compromise compliance. Stay reliable, ask the following questions, and execute on your scheduled disposition dates.

check-boxes-png-8

Have you created a disposition policy considering relevant organizational practices and regulations? 

check-boxes-png-8

Are there set responsibilities around who is authorized to preform disposition approval reviews?

check-boxes-png-8

Are the disposition procedures  scheduled and properly executed?

check-boxes-png-8

Does your organization have the  appropriate people and technology to execute  the necessary record destruction?

Breaking down the project and asking the right questions  is critical to ensure that you have built out and implemented a compliant process that meets legal requirements, regulatory standards, and of course brings optimal business value to your organization.  At the end of it all we can't say it enough (so we'll reiterate once more): compliance stems from reliability. So ensure that after all of your hard work building this process out it is well documented and simple enough to follow, and that you have the appropriate tools and support in place for this process to grow and adapt with your organization.

We'd like to support you with this. Download our full PDF of our RM health checklist to ensure your program is compliant:

Health-Check-Preview

RM HEALTH CHECK

Want to learn more? Collabware not only provides  RM solutions with features that meet legal and regulatory standards and certifications, but our Services Team of Information Governance experts can provide consulting and planning guidance to help ensure your project is compliant.

Contact us with your questions or download our free brochure below to learn more about how you can easily achieve RM compliance in the Cloud with our data lake solution, Collabspace:

Collabspace-Brochure-Preview-image

Access Collabspace Brochure

Share

Tagged: Records Management

Related posts

Recent Posts