An optimal level of compliance for organisations depends greatly on the records management strategy and how this cascades down to a functional unit level.
“In order for an organisation to properly manage records and adhere to regulatory requirements a records management strategy is vital,” says Jessica Tandy, executive director at Bizmod.
The entire organisation needs to understand the strategy and the benefits there, helping to ensure the success of records management.
Tandy recommends putting the following steps in place:
* People: Get organised – Roles to manage overall records governance and practices across all functional units to be established. The Privacy Office should support and drive effective compliance to privacy policies and regulation.
* Strategy & Policy: Get aligned – By defining and directing – what, how, why and who – information will be handled and managed according to regulatory requirements, ensuring responsible handling and securing of information, including destruction thereof.
* Process and Practice: Make it actionable – Establish the processes and procedures across the record lifecycle to ensure standardisation and consistency in handling of information and data including the securing of information at rest and in transit. This includes implementing the right systems and solutions to enhance efficiencies.
* Culture: Make it stick – Communicate and empower people in understanding strategic priorities regarding record management practices and ensure the right training methods and channels are utilised to train employees in institutionalising records management practices. Ensure behavioural change and ownership in how records are managed and handled.
In addition to the strategy an organisation needs to have a records management framework in place. “This will ensure that records management governance, business processes, technology and necessary change management are all aligned in achieving overall business compliance,” says Tandy.
When designing the process for records management the right practices need to be established, enhancing and standardising information and records handling across the organisation, in accordance with policies and regulatory guidelines.
Tandy says that to ensure standardisation and consistency, the records management value chain processes form an important part of the framework. The below process should be established:
* Document/records creation – the creation of records and documents and indexing of records.
* Record maintenance – processing of physical and digital records, which includes the classification and indexing of records to enable better processing and retrieval of records.
* Record access and retrieval – the process for the retrieval and maintenance of records, this also includes applying the retention periods and the processes for management of physical records, if applicable.
* Record disposal (retention analysis) – analysis of retention periods and identifying records for retention and/or disposal. This also includes processes for approval of destruction and obtaining destruction certification or evidence.
* Monitor record keeping performance – manage periodic reviews of the management of records in line with policies and procedures established and including reporting to relevant privacy governance forums.
“This process will not only ensure that the organisation is compliant with governance requirements but also enables the organisation to use information as an asset,” concludes Tandy.