930Gov Agenda – August 23, 2022

930Gov Agenda

AUGUST 23, 2022


Feith Systems is a proud sponsor of 930gov! We’ll be in attendance and would love to connect with you. Stop by Booth #207 in the Expo Hall to learn more about how our software solutions can help your agency streamline its Records Management program, Case Processes, and digital workflows. We hope to see you there!

If you’re looking for a way to stay up-to-date on the latest trends in government technology, 930gov is the perfect conference for you. With five tracks full of informative content, an Expo Hall full of vendors, and plenty of networking opportunities, you’re sure to find everything you need to take your agency’s IT game to the next level. Register today and we’ll see you at 930gov!

With five tracks to choose from, you’re sure to learn real-world actionable insights:

  1. Records Management
  2. Federal Data Strategy
  3. Zero Trust/Cyber
  4. Cloud / IT Modernization & AI
  5. Enterprise Architecture

Why should I attend?

  • 65 Expert speakers ready to delve deep into government technology ideas, best practices, and more
  • Network with their peers, learn from one another, and find new ways to tackle IT challenges
  • An Expo Hall full of government technology vendors eager to discuss the latest industry advances
  • CPE credits available for participating
  • Registration is free for government/academia/non-profit

Whether you’re a government IT professional, contractor, or just interested in learning about the latest trends in government technology, 930gov is the place to be!

Check out the agenda —

Records Management Track

7:30am – Registration

8:00am – Strategic Focus 2022 & Agency Perspectives on M-19-21

Laurence Brewer, Chief Records Officer U.S. Government
Walter Bohorfoush, Director, Department’s Records Management Office, Department of Transportation

8:45am – Capstone Revisited: So How Is Your Agency Doing with Email Retention?

Since the end of 2016, NARA has required email to be managed in electronic form. On the order of 250 federal agency components voluntarily have adopted NARA’s Capstone approach to meeting their email obligations. How is it working? What challenges have agencies faced? And are agencies considering expanding Capstone to include other types of electronic messages (texts, chats, ephemeral apps) sent by senior agency officials?

Jason R. Baron, Professor of Practice, University of Maryland, College of Information Studies (iSchool) (moderator)
Patrice Davis, CA, Assistant Director, Office of Records Management Policy, FOIA, and eDiscovery (ORMP), Justice Management Division, Department of Justice

9:30am – Visit Exhibit Hall – Networking Break

10:30am – FREEDOM: A Proven Software as a Service (SaaS) Cloud RM Platform

FREEDOM stands for Federal Records Enterprise Electronic Document Management. It was developed to satisfy the ERM needs of any size agency or budget. Reducing costs without compromising enterprise functionality is central to the service’s architecture. The concept is to allow any agency to virtually “turn on” the system, easily configure a few settings, then begin ingesting documents via scanning or electronic uploads into a fully compliant system including all necessary workflows from ingest to NARA disposition.

Babi Das, President & CEO, Data Federal Corporation

11:00am – Protecting Information Through Compliant Data Destruction

Federal agencies are progressing in their transition to a digital-first environment. This environment is evolving quickly due to the nature of technology proliferation. In this session, find out the four key factors driving the need for comprehensive IT Asset Disposition in the Federal Government.

Tyler Morris, Senior Director, Public Sector Programs & Strategy, Iron Mountain

11:30am – EEOC Benefits from FedRAMP Digital Transformation Platform

Manual processes and outdated systems create a lag in responding to FOIA requests accurately and efficiently. Now more than ever, making government records available for citizen access is critical for transparency. How can your agency meet these demands quickly and securely? This session will cover how the U.S. Equal Employment Opportunity Commission (EEOC) is meeting their FOIA request demands by utilizing a FedRAMP FOIA and Case Management solution within the Armedia Content Cloud.

Ray Azarm, Vice President Enterprise Practice, Armedia

Everick Bowens, Customer Service Management Division Director, EEOC

12:00pm – Visit Exhibit Hall – Attendee Networking Lunch

1:30pm – Intelligent Enterprise Content Management

2:00pm – eDiscovery: Recent Developments & What Lies Ahead

Nicholas Wittenberg, Associate VP/Sr Manager, Deloitte and former Sr Legal Counsel, White House Office of Science and Technology (moderator)

Retired U.S. Magistrate Judge John M. Facciola, Adjunct Professor Law, Georgetown University

Glenn Melcher, Special Counsel for eDiscovery, Office of Enforcement, CFPB (pending agency approval)

Michael Sarich, FOIA Director, Quality, Performance, and Risk (QPR), Office of Information and Technology (OI&T), VA (pending agency approval)

3:00-4:00pm – 10th Annual 930gov Networking Reception

Enterprise Architecture Track

7:30am – Registration

8:30am – Real-Time Architecture

Karen Grubbs, Enterprise Architecture Division Director/Deputy Chief Architect, DHS (pending agency approval)

9:15am – Embracing Strategic Portfolio Management

Jeff Chancellor, Principal Systems Engineer, Software AG Government Solutions

9:45am – Visit Exhibit Hall – Networking Break

11:00am – Rethinking EA: The Lighthouse

Over the past decade, the question has shifted from whether there is value in doing Enterprise Architecture (EA) in an organization to how the value of EA can be maintained in an organization. Delivering EA capabilities efficiently in the federal sector continues to be a challenge. In the current maturing information environments, using data-driven analytics is accepted as an important aspect for managing organizations, be it at the enterprise level or at the project level. Enterprise Architecture provides an effective way to supply relevant organizational data. This session will present a case-study for successfully deploying an EA capability that is flexible and responsive at the U.S. Courts Administrative Office (AO) Cloud Technologies and Hosting Office (CTHO) Architecture Branch (AB). The framework structures EA functions as service offerings, enabling the office to ebb and flow EA functions with changing customer needs.

Rosana R. Stoica, Chief, Service and Business Management Staff, U.S. Courts

11:30am – Roadmap to Zero Trust: Lessons from Cloud Adoption

An enterprise architecture roadmap is a strategic blueprint to communicate how an organization’s IT plans can help the organization achieve its business objectives. A roadmap is a tool to visually demonstrate the link between an agency’s IT planning and mission. Some examples of their use include communicating change management plans, implementing digital transformation efforts and to assist with new or changing regulations like Zero Trust.

Tim Owen, Parson Fellow, Director of Advance Programs, Parsons

12:00pm – Visit Exhibit Hall – Attendee Networking Lunch

1:15pm – Enterprise Architecture to Transform Business Operations

Nicole Willis, CTO, HHS OIG
Tracy Bannon, PMP, CSM, TOGAFv9f, SEI SAP, IEEE Senior Member, Sr. Principal/Software Architect & DevOps Strategic Advisor, Mitre
Michael Donofrio, Senior Advisor, Federal Solutions, Tyler Technologies

2:00pm – EA Now and in Future

Cort Coghill, Director Education Operations, FEAC Institute
Mark Bortle, Chief Enterprise Architect, USCG
Chris Beckford, President & CEO, eTRANSERVICES Corp

3:00-4:00pm – 10th Annual 930gov Networking Reception

Cloud / IT Modernization Track

7:30am – Registration

8:45am – The Massive Challenge of Digital Transformation

Kurt DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, Veteran Affairs

10:30am – How to Secure Data in Cloud

Cloud transformation and work from anywhere have changed how security needs to work and understanding these changes to protect people and agency data. This session will focus on securing data in cloud environments and how to provide secure access to the data to include associated cloud risks and policy controls for all users, locations, and devices.

Anil Chaudhry, Director of Federal AI Implementations, AI Center of Excellence, GSA (pending agency approval)
Amy Hamilton, PhD., Sr. Cybersecurity Advisor Policy and Programs, Department of Energy (pending agency approval)
Nathan Smolenski, CISSP, CISM, CISA, CISO, Head of Cyber Intelligence Strategy, Netskope SME, Netskope

9:30am – Visit Exhibit Hall – Networking Break

11:15am – HHS Artificial Intelligence Strategy & Use Cases

Sanja Basaric, Artificial Intelligence Program Lead, Department of Health and Human Services (pending agency approval)

11:45am – Cloud Cost Management

As cloud infrastructure becomes more complex, cloud costs can become a challenge to track. Many public sector agencies, once in the Cloud, are interested in finding cost-effective ways to maximize cloud usage and efficiency. Cloud cost management is the organizational planning allowing an enterprise to understand and manage the costs and the needs associated with its cloud technology. The “pay for what you use” model can result in significant savings, but it can be easy for costs to spiral out of control. This session will cover how an agency can employ a cloud cost management strategy to make the most of their cloud infrastructure and keep costs down.

12:15pm – Visit Exhibit Hall – Attendee Networking Lunch

1:30pm – Cloud First to Cloud Smart – IT Modernization Implementation Lessons Learned

Cloud First policy began during a time when cloud computing was still a relatively new technology in the public sector in 2010. In 2018, the policy shifted to Cloud Smart acknowledging multiple new cloud capabilities that emerged since Cloud First. The new policy was founded on three pillars of successful cloud adoption: security, procurement, and workforce. This panel session will share how agencies are modernizing technologies and practices by harness new capabilities to enable agency mission and improve service to citizens.

Dave Catanoso, Director Enterprise Cloud Solutions, VA (pending agency approval)
Steven Grunch, Chief, Enterprise Cloud Services USCIS, DHS
Robert Sears, Director N-Wave, Enterprise Network Program, NOAA

2:30pm – Professional Development Session: Taking Control of Your Personal Brand

Mark Amtower, Consultant and Founder of the Government Marketing Master continuing professional education program

3:00-4:00pm – 10th Annual 930gov Networking Reception

Federal Data Strategy Track

7:30am – Registration

8:30am – First & Second-Generation Data Officers: Respective Journeys, Lessons Learned, Future Opportunities

Scott Beliveau, Director of Enterprise Data Architecture and Chief of Enterprise Advanced Analytics, co-Lead Product Owner Enterprise Data and Analytics product, Office of the Chief Technology Officer, USPTO
Marseta Dill, PMP, Deputy Chief Data Officer, FAA
Mark Krzysko, Principal Deputy Director, Acquisition Policy, and Analytics; Enterprise Data, Department of Defense
Costi Tudan. Deputy CDO, CISA (pending agency approval)

9:30am – Networking Break

10:30am – Data Collaboration Success Stories

Renata Miskell, Chief Data and Analytics Officer, HHS OIG (pending agency approval)
Mark Montoya, Chief Data Officer, Government Blockchain Assoc and Sr. Business Analyst, FDIC
Karen Wrege, CIO, Directorate of Defense Trade Controls Bureau of Political-Military Affairs, State Department

11:15am – Questions You Need to Ask to Quantify the ROI of your Data Stack

Are you getting more time back than you put in with your analytics project? How long does it take to onboard a new dataset? Who views what dashboards and how long? These, and other questions will better help you understand the value of the data and analytics routinely put together on projects. Often, these questions will unlock differently understandings of what is extremely valuable and what may not be important at all, not just from the immediate stakeholders but from the entire organization.
Mike Carley, Federal Solutions Engineer, StreamSets – A Software AG Company

11:45am – Enabling Modern Data Integration & Data Sharing with a Logical Data Fabric

Fred Baradari, Director Digital Transformation Strategy, Denodo

12:15pm – Networking Lunch

1:30pm – How to Demonstrate Value and Generate Excitement for Data

Justin Marsico, CDO, Bureau of the Fiscal Service, U.S. Treasury

2:00pm – Organizational Data Literacy: Twelve Step Program

Peter Aiken, Associate Professor of Information SystemsAssociate Professor of Information Systems and Anything Awesome, Virginia Commonwealth University (VCU)

3:00-4:00pm – 10th Annual 930gov Networking Reception

Zero Trust / Cyber Track

7:30am – Registration

8:30am – Large Scale Zero Trust Cultural Change: From C-Suite to Practitioners

Many within government IT security community believe for Zero Trust to be successful it is essential to create an organization wide Zero Trust culture. The Zero Trust philosophy requires agencies to get everyone to recognize they have a vested interest in security. Cybersecurity leaders must lead by having the right conversations within their agencies. This kick off panel session at Zero Trust @930gov will gather key government IT security professionals to share how to develop and inspire trust to succeed with Zero Trust.

Brian Gattoni, Chief Technology Officer, CISA
Ida Mix, CISO, Bureau of Industry and Security, Department of Commerce
Torey Vanek, Director of Strategic Product Management for Government and Regulatory, Veracode
Nicole Willis, CTO, Office of Management and Policy, OIG, HHS

9:30am – Visit Exhibit Hall – Networking Break

10:30am – Identity & Access Security: How to Continually Monitor User Access Rights

Ross Foard, IT Specialist (INFOSEC), CISA (pending agency approval)
Jamie Holcombe, CIO, USPTO
Michele Thomas, Deputy Chief Technology Officer, Senior Advisor for Automation Services, OASAM/Office of the Chief Information Officer, U.S. Department of Labor

11:15am – Enterprise Approach to Zero Trust

Randy Resnick, Director, Zero Trust Portfolio Management Office, DoD

11:45am – Zero Trust in the Security Operations Center

Zero Trust is a security framework requiring all users, whether in or outside the agency’s network, to be authenticated, authorized, and continuously validated for security before being granted access to applications and data. Zero Trust is an ongoing process requiring continued refinement as each agency’s business requirements and subsequent technology shifts occur. Continuous monitoring is a core component in any Zero Trust strategy and goes beyond any single security tool. This makes the role of the Security Operations Center (SOC) critical to continually audit and maintain the agency’s Zero Trust security posture. Even if a government agency has a mature Zero Trust implementation securing users, applications and workloads, the agency still needs a SOC for threat detection, response, and risk management. This session will focus on the benefits of automating the Security Event and Incident Management in the SOC to provide security analysts with real-time, actionable data to enable agencies to better investigate and remove threats effectively and efficiently.

12:15pm – Visit Exhibit Hall – Attendee Networking Lunch

1:30pm – How to Apply Zero Trust Methodology into Existing Systems

The Federal Government has acknowledged Zero Trust as an effective means to prevent cyberattacks. But where should an agency begin the process? Following existing cyber security procedures has left some agencies hesitant to begin their Zero Trust journey. This panel of subject matter experts will share ideas on how to augment existing security architecture with Zero Trust principles while allowing agencies to take advantage of tools & technologies already available.

Don Maclean, Chief Cyber Security Technologist, DLT Solutions

2:00pm – How to Create a Comprehensive Zero Trust Strategy

Many agencies are in the process of developing a comprehensive Zero Trust Strategy with the goal of implementation throughout the enterprise. Essential components of a successful Zero Trust transformation include effective communication, changing culture, coordination, adjusting processes, and training personnel. It also involves monitoring, collecting, and measuring data to compare against previously established metrics for success. This closing session will summarize the steps and processes agencies can take to ensure long-term security of their systems.

Monica Montgomery, Deputy Chief Information Security Officer for Management and Strategy and
Deputy Director, Cybersecurity Office, National Geospatial-Intelligence Agency (NGA)
Randy Resnick, Director, Zero Trust Portfolio Management Office, DoD
Andrea Simpson, Chief Information Security Officer / CIO (Acting), FCC
Kynan Carver, DoD Cybersecurity Lead, Maximus, Maximus

3:00-4:00pm – 10th Annual 930gov Networking Reception

To learn more about this event, visit 930gov.com

Protecting FCI and CUI – Federally Compliant Record Repository

Duration: 22 Minutes
Industry:  Government
Speaker:  Ray Davis

Conducting business with the government and its agencies comes with requirements.  The requirements to manage FCI and CUI are growing.  It started with the requirements of NIST 800-171 and has expanded to FAR 52.204-21 and FAR 4.7.  But the changes don’t stop there.  We’ll dive into the CMMC, the Cybersecurity Maturity Model Certification. This is a new certification that has eliminated the federal contractor self-assessments in favor of a 3rd Party Assessment to ensure your compliance.  Yes, you’re going to have to pass an assessment now!

Along with that we’ll discuss how to properly store your sensitive FCI and CUI. Storage isn’t a one-day thing.  You’ll need to manage the storage of your records through the entire information management lifecycle. Once you bring your records into the system, you’ll need to properly tag them and mark them so that only those people that should have access, does.  Yes, that’s a part of the regulatory requirements.

Do you know the difference between a single-tenant system and a multi-tenant system and just what does that mean to the access and security of your information?  We’ll delve into that as well.   By the end of the webinar you’ll be able to self-assess your ability to comply with the new regulations, the new certification, and decide whether it’s a challenge you want to accept on your own or engage with Feith Systems and Software to manage your FCI and CUI.

5 reasons why agencies struggle to meet their FOIA goals

When it comes to Freedom of Information Act requests, it is mandatory to disclose information on time.  Content must be collected, reviewed, and packaged as a response.  That is easier said than done when agency data is scattered, hard to search through, or difficult to collaborate around.   Deadlines are missed, critical records are lost, and sensitive information can spill.

When agencies work their FOIA caseload manually, they struggle to meet their objectives. Here are 5 main reasons why agencies fall short of their goals.


1.  There is no uniform solution across the agency.

Many agencies leave staff without a uniform solution to create FOIA deliverables.  If organizations use legacy desktop clients to house that information, systems can’t communicate with each other, and staff are left to sift through them for content.

Even if systems are connected, IT needs to continuously integrate them to ensure knowledge workers’ access.  That much administrative work consumes human resources.   Documents are searched through manually, information gets lost, and budgets are strained. 

Agencies need a centralized system to meet FOIA deadlines.  The single workbench approach allows knowledge workers to access anything and everything they need to manage FOIA cases.


2.  There are too many complexities to handle FOIA requests manually

The sheer volume of data that agencies capture, process, and archive increases every day.  It is time-consuming to manually search through that much information.  Once captured, agency rules mandate different kinds of redaction for different types of content.  Without the right tools to create a pixel-by-pixel replacement, redacted information may not be redacted at all.  Sensitive data is left visible and released by accident.

When there are hundreds of FOIA requests to create, package, and deliver, it is a challenge to track all of their statuses. There is no way to pinpoint which of those hundreds of requests are more urgent, and which of those due dates are closer.

Automation is the only way to fix this. When cases are automatically created and the content in them can be automatically redacted, time is freed up for knowledge workers to focus on more critical tasks.


3.  Collaboration Challenges

The outcome of a FOIA request is dependent on the communication among those assigned to the case.  The past year has challenged the government to do a large portion of this work from home.  Often the contents of FOIA requests are cross-departmental or even cross-agency, which creates a line of communication between SME’s in different locations.   When there are problems or questions, knowledge workers must ask SME’s for assistance via email.  These emails are often left for several days in the SME’s inbox without an answer, and dead stops put the agency at risk of missed deadlines. 

Knowledge workers must be able to communicate with each other and with the requestor.  When the case is opened, the team assigned to it must keep up communication with the requestor and give them estimates, status updates, and the ability to track the case through its lifecycle.  When this process is done through phone or email, communication is not transparent.  No one knows what the FOIA team has already communicated to the requestor, or what still needs to be said. 

Another hurdle that agencies struggle over is collaborative access.  With no system in place to allow group work, team members will not be able to interact with systems at the same time for collection.  Without the tools to control access, FOIA teams can’t permission content or control who can see what within the case.  When agencies can’t control who can see what sensitive information, FOIA goals are not met.


4.  Poor Access to Data

It is a challenge to keep information organized when there are multiple data types and sources.  Email is a source now, with social media and chat to become sources in the future.  Email search and retrieval is sub-par and will take a considerable amount of time when compared to advanced search features.  Once the information is collected, there is also no way to see both text and metadata at the same time.  If knowledge workers find that they need more information from the eDiscovery side, they have fallen short of their FOIA goals.

When workers cannot interact with their cases, time is wasted.  SME’s should be able to connect to their workstation from any location and on any device.  If they know where they need to work and can get into their cases, the collection process can start immediately.   

A lack of a real Records Management system lives at the heart of this challenge.  With a repository in place, knowledge workers have access to collect and create deliverables.


5.  No Oversight/Accountability

At the end of every FOIA case is a potential audit process.  The work that FOIA teams complete should be entirely defensible. There needs to be a visual tally of everything done to create the deliverable.  Vaughn indexes display that tally of case actions and guarantee transparency.  Certain solutions can create Vaughn indexes automatically, but if there is no solution in place then it is up to an individual to create one by hand.  That process can take up mission-critical time and put the agency at risk of falling short of its FOIA objectives.

Supervisors need oversight tools to be able to meet their own FOIA goals.  When they are unable to see who completed what task or what the status of their case is, there is no accountability.  Cases are not tracked across their lifecycles, and there is no way to tell which action officers are busy and which can take on more work.



Take Control of the FOIA Process

Agencies that manage their FOIA requests with outdated systems and manual practices are in a situation where it is difficult to meet their turn-around time goals.  When it takes hours to search for content and days to hear back from SME’s, time is wasted.

When agencies utilize FOIA solutions to manage their caseloads, their goals are achievable.  Information can be accessed, searched for, collected, redacted on, and packaged for delivery before the deadline.  Teams can work together on content at the same time.  Security features keep sensitive information from the wrong hands, and oversight features allow supervisors to monitor their workers progress and steer them in the right direction.

Feith Webinar – Getting Executive Buy-in for your information governance initiative

Tips, tricks, and the psychology of buy-in

Feith releases free-to-watch content in the form of webinars throughout the year, providing information technology experts with a valuable resource for continued learning. 

Tune in any time On-Demand for our latest presentation.

Getting Executive Buy-in for your Information Governance Initiative


Duration: 25 minutes

Industry: All industries

Speaker: Ray Davis

Summary: In this highly informative webinar, our strategic sourcing expert Ray Davis discusses the ins and outs of getting executive buy-in.  RM/IG is not a “revenue generator,” so building a case around it can be a challenge.  In this webinar, Ray breaks the complicated process of getting executive buy-in into easy to understand sections.   

He goes over topics like identifying your senior champion, who to get on your side and when, and even the understanding of stakeholder psychology. 

We can’t wait to see you there!

SBA’s Paycheck Protection Program (PPP)

Lender Support Technology

SBA - PPP Loan Document Processing

Paycheck Protection Program (PPP) document workflow. Capture all unstructured loan documentation:

  • Borrower Application Form
  • Payroll Records (IRS Form 940 / 941, W-2, W-3)
  • Benefits Information
  • Employee Proof of Nationality
  • Most Recent Lease or Mortgage Bill
  • Utility Bills

Receive from email or forms.  Track Expected Documents.  Send reminders.  Notify applicant to send missing documents.

Fully Auditable Document & Case Management

ready to help you Handle the Flood

With over 5.9 Million businesses in the United States, the Small Business Administration’s Paycheck Protection Program is expected to generate millions of applications for US Banks.

Feith Systems is a 40-year company with the experienced staff to help you during this emergency.

Handle the Evolving Challenge

What we can do for you

Capture Applicant Emails and Attachments

Securely store both applicant email and attachments from your shared SBA Loan / PPP inbox.

Capture directly from your Exchange server.

OCR scanned or photographed documents.

Assign and Track Applications for review

Customizable workflows to assign, review, approve and track PPP applications.

Notify and remind staff of due dates and expected documents.

bundle Documentation and Report to SBA

Bundle applicant documents, producing loan record to deliver to the SBA to help track loan forgiveness.

Scalable System, On our clouds or yours

Built to scale -- Feith can handle millions of applicant forms and emails a day.

Reach out immediately to connect to your existing systems. Integrate with Feith by just dropping files in a directory.

Quick PPP Form

Receive and store PPP form data from your clients.

Ensure that clients upload all required documents before submitting their application.

Securely store form responses in a searchable digital file cabinet, instantly assign it to the staff who needs to review it.

Evolve with the Challenge

The Feith Platform allows you to dynamically change your process as the challenges evolve.

Includes full web SDK, so your technical teams can customize as you go.

Are you ready for PPP?

Wherever you are in your process, we can help you get the rest of the way. Drop us a line to speak with an Adviser.

Should-Do’s vs. Must-Do’s for Records Management

Simplifying The Records Management Process – Part 1:  Must-Do vs Should-Do 

I’m a 30-year records management professional. When it comes to the programs I run, I’m not ashamed to say “I want the WORLD”!   I’m also a realist and I know the world is not always possible, therefore I have to pair my lists into two categories; 

  • Must-Do List 
  • Should-Do List. 

The Must-Do List contains things myself, my staff, or our systems must do.  If not, we’re creating risk.  The Should-Do List contains things that are nice to have happen but do not jeopardize our program if they don’t. 


  1. Executive Buy-In – If you want your program to be accepted with participation by your fellow employees, you have to have Executive Buy-In.  If you don’t, the response you get will be lukewarm at best.  Find your Executive who is willing to promote your program with you. 
  2. Team Up With IT – Managing electronic records successfully means you need to have a great working relationship with IT.  You know records management and what you need the system to “do”.  IT knows their systems and can tell you what they need to make it happen. Work together as a team !!    
  3. Retention Schedule – You must have a retention schedule that is current, verified, and enforced.  Without a retention schedule, you’re just performing document management. 
  4. Access Permissions – Access to records should be limited.  The security and protection of your records is paramount.  Create permissions through establishing Users and Groups so those people who need access get it and those that don’t, won’t. 
  5. Protect CUI and PII – Records must be protected from unauthorized access. Some records need additional protection due to the sensitive information they contain. CUI (Controlled Unclassified Information) and PII (Personally Identifiable Information) are just two examples.   Make sure you have safeguards in place to control who can see what. 
  6. Legal Hold Process – You must have the ability to search, secure, and prevent destruction of all records that relate to an open legal hold.   The process ends with the approval to release the hold on the records once the litigation is over and allows records to return to their original retention life.





  1. Retention Beyond Legal Life – You should be able to retain records beyond their legal retention life with a valid reason.   There should be documented communication between you and the Records Manager to confirm it is acceptable for you to do so and they understand your reasoning. 
  2. Delete Junk/Spam Email ASAP – Junk/spam email clog up your inbox and makes it difficult to find emails you’re looking for.  Set up a schedule to review your email and delete junk/spam as soon as possible. 
  3. Reporting – You should deliver system, customized, and/or ad-hoc reports to individuals in your organization to keep them up to date on your program.  By providing reports, you’re giving them information they need to know that supporting your initiatives was the correct decision. 
  4. Create an Information Governance Council – No matter your terminology records, information, or data are considered an “asset” to be secured and protected.  This happens by involving representatives from your organization to set policy, procedures, and make decisions.  Council members would include HR, IT, Purchasing, Records Management, Audit, Compliance, your vendors and any business units you think should be included. 
  5. Retention Schedule Review/Update – Once you create your retention schedule, the work doesn’t stop permanently.  Laws change and new laws are created. Pick a date and agree on a review of your retention schedule.  “I’m sorry Your Honor, we’ve never updated our retention schedule” is not a statement that you want to make in a court of law. 
  6. Destruction/Disposition – I want you to follow your retention schedule.  If by chance you’re not doing that as consistently as you’d like, just remember one thing; as long as you’ve retained your records for their legal life, if you hold onto them longer you’re not violating any laws.  Just make a point to them on their way to destruction as soon as you can.   

This is an abbreviated look at my two lists.   If your lists are different that’s okay.  We may not be in the same industry or have the same responsibilities.    

The goal is to start with two accurate lists.   Then make sure you’re accomplishing the Must-Do’s and are working to upgrade the Should-Do’s to the Must-Do List.  


Good Luck!