Simplifying The Records Management Process – Part 1: Must-Do vs Should-Do
I’m a 30-year records management professional. When it comes to the programs I run, I’m not ashamed to say “I want the WORLD”! I’m also a realist and I know the world is not always possible, therefore I have to pair my lists into two categories;
- Must-Do List
- Should-Do List.
The Must-Do List contains things myself, my staff, or our systems must do. If not, we’re creating risk. The Should-Do List contains things that are nice to have happen but do not jeopardize our program if they don’t.
- Executive Buy-In – If you want your program to be accepted with participation by your fellow employees, you have to have Executive Buy-In. If you don’t, the response you get will be lukewarm at best. Find your Executive who is willing to promote your program with you.
- Team Up With IT – Managing electronic records successfully means you need to have a great working relationship with IT. You know records management and what you need the system to “do”. IT knows their systems and can tell you what they need to make it happen. Work together as a team !!
- Retention Schedule – You must have a retention schedule that is current, verified, and enforced. Without a retention schedule, you’re just performing document management.
- Access Permissions – Access to records should be limited. The security and protection of your records is paramount. Create permissions through establishing Users and Groups so those people who need access get it and those that don’t, won’t.
- Protect CUI and PII – Records must be protected from unauthorized access. Some records need additional protection due to the sensitive information they contain. CUI (Controlled Unclassified Information) and PII (Personally Identifiable Information) are just two examples. Make sure you have safeguards in place to control who can see what.
- Legal Hold Process – You must have the ability to search, secure, and prevent destruction of all records that relate to an open legal hold. The process ends with the approval to release the hold on the records once the litigation is over and allows records to return to their original retention life.
- Retention Beyond Legal Life – You should be able to retain records beyond their legal retention life with a valid reason. There should be documented communication between you and the Records Manager to confirm it is acceptable for you to do so and they understand your reasoning.
- Delete Junk/Spam Email ASAP – Junk/spam email clog up your inbox and makes it difficult to find emails you’re looking for. Set up a schedule to review your email and delete junk/spam as soon as possible.
- Reporting – You should deliver system, customized, and/or ad-hoc reports to individuals in your organization to keep them up to date on your program. By providing reports, you’re giving them information they need to know that supporting your initiatives was the correct decision.
- Create an Information Governance Council – No matter your terminology records, information, or data are considered an “asset” to be secured and protected. This happens by involving representatives from your organization to set policy, procedures, and make decisions. Council members would include HR, IT, Purchasing, Records Management, Audit, Compliance, your vendors and any business units you think should be included.
- Retention Schedule Review/Update – Once you create your retention schedule, the work doesn’t stop permanently. Laws change and new laws are created. Pick a date and agree on a review of your retention schedule. “I’m sorry Your Honor, we’ve never updated our retention schedule” is not a statement that you want to make in a court of law.
- Destruction/Disposition – I want you to follow your retention schedule. If by chance you’re not doing that as consistently as you’d like, just remember one thing; as long as you’ve retained your records for their legal life, if you hold onto them longer you’re not violating any laws. Just make a point to them on their way to destruction as soon as you can.
This is an abbreviated look at my two lists. If your lists are different that’s okay. We may not be in the same industry or have the same responsibilities.
The goal is to start with two accurate lists. Then make sure you’re accomplishing the Must-Do’s and are working to upgrade the Should-Do’s to the Must-Do List.
- NARA Delivers Holiday Gift in the Form of a Machine-Readable GRS
- Defense Commissary Agency’s rollout of Feith RMA IQ receives prestigious DoD CIO Award
- Video: Transform the Agency, with RMA IQ
- Protecting FCI and CUI – Federally Compliant Record Repository
- 5 reasons why agencies struggle to meet their FOIA goals