At Recordkeeping Innovation many of our clients are trying to transition from paper based records to recordkeeping in the digital world.
Many of them are facing huge challenges managing the scale and volume of information they receive and need to deal with. Issues such as what documents to keep, how long to keep them – some records are required much longer than others – and who should have access to them.
It is the email messages, word documents, PDF documents, presentations, spreadsheets, scanned images etc. that organisation struggle to manage. This unstructured data forms roughly 90% of an organisation’s information resources according to the Institute of Information Governance (2015).
What are those challenges?
- Email is out of control, with critical business information hidden in inboxes
- Network drives are out of control and documents can be easily edited or deleted
- An absence of routine, regular “housekeeping” processes means information grows, increasing storage costs. This volume also impacts capacity to retrieve useful and relevant information. It is difficult to determine what is of value and the status of documents as records. There is information overload as transactions and volumes increase.
- The context of why documents were created and what they relate to is often missing; particularly if they are in a folder on the network drive that is titled with someone’s name.
- SharePoint is being thrust upon us, but to get it work well in a sustainable way it is complex to configure and may not be worth it.
- There are increased security risks for organisations in the digital environment if information is not controlled well.
- Formats also need to be managed to ensure that information is accessible over time. How can we manage and preserve digital archives?
What are the risks?
Nobody wants to be on “Page One” for the wrong reasons. You need to think about the records that might be needed to support your business, prove your rights and interests as well as defend the organisation in the event of an investigation or incident.
Some of the key risks are:
- Non-compliance with corporate standards or the use of personal records systems means a lack of accountability and review.
- If records are not retained for the full length of time they are needed critical information may be wrongly destroyed, not retained, can’t be found or accessed to verify statements or decisions.
- Inaccurate information may cause the wrong decision to be made.
- Key contextual information is lost due technological obsolescence and can cause financial or legal damage or loss of reputation.
- Lack of governance over information and a failure to provide oversight and control means anything can go wrong. If there is no responsibility assigned no one is responsible for addressing any problems.
- Lack of a clear understanding and rules around the availability, publication, distribution, use privacy and protection of information, release of the wrong information can have catastrophic consequences to an organisation
What can we do?
So how do we manage the challenges and risks faced by organisations in trying to come to grips with this deluge of digital information? This must start at the top. Those responsible for an organization’s information governance must evolve along with rapidly changing technologies. Today, that responsibility spans across the enterprise, involving not only the records and information management staff, but also Legal, Compliance, IT, and business unit leaders – as well as individual employees. With every technological development, organizations have to understand how information is being created, stored, retained, retrieved, and disposed of and implement policies, procedures, and training to ensure those activities are being done in compliance with their organizations’ business, legal, regulatory, and historical needs. Information needs to be governed as a strategic asset.
Poor management of information results in the risk of lost records, severe fines or even jail time. With the stakes high, the amount of organizational content spiralling ever upwards and the number of regulatory requirements growing every day, an information management framework should be put in place. An approach is needed that helps to meet information protection, availability and accessibility requirements within the confines of regulatory and legal compliance, while maximizing operational efficiency and strengthening business continuity.
Your 8 steps to taming the digital deluge
- Assess the importance of the organisation’s information holdings – determine what is vital to your business records. Are you keeping the right records and information? Do you know what you should be creating? In what systems is your information captured? Who has access to the information and how is it used? How is the information organised? Is it tracked?
- Assess all the recordkeeping risks, sensitivity and points of vulnerability and then develop a plan for managing those risks, including proactive mitigation steps. .
- Determine where accountabilities lie for records and information and inform staff of their responsibilities, and make it a performance measure that links in with other corporate strategies, outcomes and measures.
- Acquire the right skills and capability to manage records and information through a program of systematic control.
- Ensure that standards are embedded in business processes, there are sufficient points of review and auditing standards are met. Standards include not only records management standards, but Information Security, Privacy etc.
- Ensure processes are monitored, checked and reviewed. New risks can emerge from different sources and in countless numbers of ways. Risk management requires a continuous improvement approach.
- Keep management informed, in the same way they receive regular updates on personnel and finance assets.
- Take on an incident management approach and ensure a prompt response to mitigate the impacts of risks. Security breaches will occur. Organisations need to detect and response promptly to minimise the harm.
Read more about managing recordkeeping risks in this issues paper prepared by Recordkeeping Innovation’s Directors Kerry Gordon and Barbara Reed for the Governance Institute of Australia.
Recordkeeping Innovation are experts in development and implementation of information management frameworks for better management of information assets and getting control of your digital records. Learn more at http://www.records.com.au/
About the author
Adelle Ford has worked in the information and records management sector since 1979, having been employed in various capacities by both public and private sector organisations. Adelle has developed records management policies, strategic plans and operational procedures for large scale organisations operating in legislatively complex business environments. As a consultant to Pillar Administration, Adelle was responsible for project managing the organisation’s Records Management Program, and designing and implementing policies and procedures. Adelle has experience in TRIM administration and in project implementation. Having conducted a number of functional software specifications, Adelle possesses a sound knowledge of a number of EDRMS products and is experienced in software configuration. Adelle has taught records management courses through Sydney Institute (TAFE).