Records management & compliance: making the connection: organizations must take a proactive and holistic approach to compliance that ensures the business, technological, and legal challenges of records management are addressed.At the Core This article * discusses the importance of a records management program to an organization * defines the concept of information management compliance (IMC (Internet Mail Consortium, Santa Cruz, CA, www.imc.org) An industry trade association founded in 1996 by Paul Hoffman and Dave Crocker that promotes Internet e-mail standards and features. ) * examines the seven key elements of an IMC framework * In response to the WorldCom bankruptcy filing, the Securities and Exchange Commission (SEC) takes swift and dramatic action to deal with what was perceived as a wholly inadequate records management program and imposes an $800-an-hour monitor on WorldCom (now MCI (1) (Media Control Interface) A high-level programming interface from Microsoft and IBM for controlling multimedia devices. It provides commands and functions to open, play and close the device. (2) (Microwave Communications Inc. ). The monitor's task is to ensure that the company "has developed document retention policies and ... has complied with these policies." * A U.S. federal agency notifies a flight school six months after the September 11 terrorist attacks that two of the terrorists have been approved for student visas. The agency admits that its "current system for collecting information is ... antiquated, outdated, inaccurate, and untimely." * The SEC fines five brokerage firms $8.25 million for failure to retain e-mail records. In addition to the monetary penalty, the firms are required to "review their procedures to ensure compliance with recordkeeping statutes and rules." * The former CFO See Chief Financial Officer. and sales manager sales manager n → gerente m/f de ventas sales manager n → directeur commercial sales manager sale n → of a defunct DEFUNCT. A term used for one that is deceased or dead. In some acts of assembly in Pennsylvania, such deceased person is called a decedent. (q.v.) Internet company are indicted INDICTED, practice. When a man is accused by a bill of indictment preferred by a grand jury, he is said to be indicted. on charges of falsifying fal·si·fy v. fal·si·fied, fal·si·fy·ing, fal·si·fies v.tr. 1. To state untruthfully; misrepresent. 2. a. records, among other things. * The CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of a pharmaceutical company is found guilty, sentenced to seven years in jail, and forced to pay a $3 million penalty for obstruction of justice A criminal offense that involves interference, through words or actions, with the proper operations of a court or officers of the court. The integrity of the judicial system depends on the participants' acting honestly and without fear of reprisals. because he "directed another individual to ... delete certain computer files ... containing phone messages he received ... and documents evidencing [his] instructions." Cases of records mismanagement mis·man·age tr.v. mis·man·aged, mis·man·ag·ing, mis·man·ag·es To manage badly or carelessly. mis·man  age·ment n. , improper destruction, and
falsification falsification /fal·si·fi·ca·tion/ (fawl?si-fi-ka´shun) lying.retrospective falsification unconscious distortion of past experiences to conform to present emotional needs. have cost billions of dollars, ended careers, decimated reputations, and caused some companies to wither away. Clearly, something is seriously broken. Although many records management programs probably never functioned as they should have to begin with, for most corporations it was not until the last few years that anyone took notice. Now everyone ostensibly os·ten·si·ble adj. Represented or appearing as such; ostensive: His ostensible purpose was charity, but his real goal was popularity. cares about records. In reality, however, how many records management programs are effective enough to serve business objectives and protect the organization? The Records Program as Business Facilitator and Insurance Policy Records are the way that institutions "speak." Over time, employees transfer, retire, forget, die, or quit. Records, however, are and always will be needed to ensure that the organization continues to function and can protect its business and legal interests. More specifically, records allow organizations--among other things--to perform business planning, deal with customers' needs, protect legal interests, take care of business needs, and comply with laws, regulations, auditors, and courts. Records management is the process of managing the corporate memory in a way that makes trustworthy records readily accessible any time they are required. While these business drivers and generalized legal needs are real, what increasingly drives the discussion today is the organization's goal to be perceived as a good corporate citizen. Corporate directors, executives, and investors all demand assurance that the records management program will not negatively impact them and will provide a degree of protection from claims of wrongdoing wrong·do·er n. One who does wrong, especially morally or ethically. wrong do .Just as they need insurance, companies of size and substance need a records program to ensure that they are covered if and when trouble strikes. In the records management context, that means an organization can demonstrate that it has an effective and institutionalized in·sti·tu·tion·al·ize tr.v. in·sti·tu·tion·al·ized, in·sti·tu·tion·al·iz·ing, in·sti·tu·tion·al·iz·es 1. a. To make into, treat as, or give the character of an institution to. b. way to manage all records and to do what is expected of a good corporate citizen. At minimum, that means that an organization retains records based on sound business judgment and in conformity with legal requirements and considerations. It further requires that records management directives are written and consistently applied to all records and that all employees are taught to follow them. Finally, it requires that records do not get destroyed in anticipation of litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. and that the company can effectively search for all responsive records and make them available to their adversary adversary traditional appellation of Satan [O.T.: Job 1:6; N.T.: I Peter 5:8] See : Devil or a regulator in the context of an audit, litigation, or investigation. Is each organization's records management program properly developed for the new highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" , high-profile use that seems to have taken center stage in today's business Today's Business is a show on CNBC that aired in the early morning, 5 to 7AM ET timeslot, hosted by Liz Claman and Bob Sellers, and it was replaced by Wake Up Call on Feb 4, 2002. environment? When company executives inquire about the status of the records management program, they are probably not referring to file plans or scanning projects. They are asking at a high level whether the records management program has all the components in place today to insulate in·su·late tr.v. in·su·lat·ed, in·su·lat·ing, in·su·lates 1. To cause to be in a detached or isolated position. See Synonyms at isolate. 2. the company if and when it is subjected to records-related scrutiny. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , will their records management program "insure" against the reckless, intentional, or malicious acts of employees or others who have access to the company's in formation crown jewels crown jewels Ornaments used at the coronation of a monarch and the formal ensigns of monarchy worn or carried on state occasions, as well as collections of personal jewelry consolidated by European sovereigns as valuable assets of their royal houses and the offices they ? E-Records Management: Ubiquitous and Flawed Paper records get mismanaged, altered, and destroyed. However, underlying much of the concern around records management is the exponential growth Extremely fast growth. On a chart, the line curves up rather than being straight. Contrast with linear. of, universal reliance on, and commonplace mismanagement of electronic records. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. "How Much Information," a global study released last year by the University of California at Berkeley (body, education) University of California at Berkeley - (UCB) See also Berzerkley, BSD. http://berkeley.edu/. Note to British and Commonwealth readers: that's /berk'lee/, not /bark'lee/ as in British Received Pronunciation. , in 2002, 800 megabytes of new information was created for each person on earth--with 92 percent of it stored on magnetic media, primarily hard drives. An IDC report, "Worldwide E-mail Usage Forecast, 2002-2006: Know What's Coming Your Way," predicted that the number of e-mail messages sent per day will grow from 31 billion in 2002 to 60 billion by 2006. The importance of these gargantuan gar·gan·tu·an adj. Of immense size, volume, or capacity; gigantic. See Synonyms at enormous. gargantuan Adjective huge or enormous [after Gargantua, a giant in Rabelais' numbers is not the mere volume but rather the fact that such technologies are now used to transact An earlier e-commerce system for the Web from Open Market that included order capture and secure order fulfillment using credit cards, ecash and other payment systems. It included customer service and subscription administration capabilities as well as an integrated database for reporting real business. As the sidebar chart indicates, most companies use such technologies as e-mail to conduct important business activities. Yet e-records continue to be mismanaged by companies and governments alike. The U.S. federal government conducted a 2002 study, "Information Management: Challenges in Managing and Preserving Electronic Records," to assess how well it was managing its own electronic records. The study concluded that there were major flaws in its ability to properly retain and manage electronic records: "Records management guidance is inadequate in the current technological environment of decentralized de·cen·tral·ize v. de·cen·tral·ized, de·cen·tral·iz·ing, de·cen·tral·iz·es v.tr. 1. To distribute the administrative functions or powers of (a central authority) among several local authorities. systems creating large volumes of complex electronic records." A 2002 U.S. General Accounting Office Report on information security at the Federal Deposit Insurance Corp. (FDIC FDIC See: Federal Deposit Insurance Corporation FDIC See Federal Deposit Insurance Corporation (FDIC). ) found a similar lack of controls that exposed critical information to "inadvertent or deliberate misuse, fraudulent use, and unauthorized alteration or destruction, which may occur without detection." The recipe for disaster appears already to be on every organization's plate, whether large or small, public or private. Most organizations--even the most sophisticated institutions have a vast and growing volume of electronic records, and much of it is increasing in importance as electronic documents replace their paper counterparts as business evidence. In a recent court case, Flour Daniel v. Murphy Oil Murphy Oil Corporation NYSE: MUR is a petroleum corporation. It is a S&P 500 company. In 2007, it was ranked as the 169th largest company in America on the Fortune 500. The current President & CEO is Claiborne Deming. USA Inc., a litigant litigant n. any party to a lawsuit. This means plaintiff, defendant, petitioner, respondent, cross-complainant, and cross-defendant, but not a witness or attorney. LITIGANT. One engaged in a suit; one fond of litigation. was reminded about how seemingly innocuous in·noc·u·ous adj. Having no adverse effect; harmless. innocuous (i·näˈ·kyōō· records management failures can create big headaches. Because one of the parties did not have a written policy regarding e-mail retention and because the company failed to follow its own disaster recovery backup tape See tape backup. recycling schedule, it was confronted with the prospect of reviewing 19.7 million e-mail messages at a projected cost of $6.2 million. What was a simple problem that could have been easily and inexpensively addressed earlier became a large, expensive problem in the context of the lawsuit. Records Management: A Department of One? Contrary to the popular armed forces advertising campaign touting touting the making of personal representations by a veterinarian to persons who are not clients in an attempt to solicit their business. the success of an "Army of One," a successful records management program requires much more than what any one person can deliver. Sensitive to the post-Enron/Arthur Andersen environment, a Fortune 500 company wanted to audit its records program to ensure it had implemented the essential elements of a viable records management program. The records manager was confident that everything had been done to protect the company. The entire records management program staff consisted of an "Army of One" in a sea of tens of thousands of other employees. While some records management program components were fully developed, only one part of one division-out of seven divisions--had even partially followed a retention schedule. In fact, the requirement to develop and follow retention rules was wholly voluntary. Also, the records manager's purview The part of a statute or a law that delineates its purpose and scope. Purview refers to the enacting part of a statute. It generally begins with the words be it enacted and continues as far as the repealing clause. excluded managing e-records, a function left to the information technology (IT) staff to deal with--or not. The company had no high-level records management policy telling employees what to do about managing records. Selected records-related procedures were available on an internal records management Web site, but they were seldom accessed by anyone except the records manager. Lawyers failed to contact the records manager to seek guidance in finding, preserving, and producing records in the context of litigation, audits, and investigations. Given the highly regulated environment in which they operated and the hundreds of ongoing lawsuits, it was both mystifying mys·ti·fy tr.v. mys·ti·fied, mys·ti·fy·ing, mys·ti·fies 1. To confuse or puzzle mentally. See Synonyms at puzzle. 2. To make obscure or mysterious. and damning that no one bothered to notify the records manger manger cattle trough which served as crib for Christ. [N.T.: Luke 2:7] See : Nativity about the need to preserve the records subject to these actions. This is a case of when--not if--the company will be penalized pe·nal·ize tr.v. pe·nal·ized, pe·nal·iz·ing, pe·nal·iz·es 1. To subject to a penalty, especially for infringement of a law or official regulation. See Synonyms at punish. 2. for not taking records management seriously. Information Management Compliance Something may be better than nothing but, in the end, that something may not be good enough. Today, when one bad news story can send the whole company into a tailspin tail·spin n. 1. The rapid descent of an aircraft in a steep, spiral spin. 2. Informal A loss of emotional control sometimes resulting in emotional collapse. , the records management program requires a much more proactive and hands-on approach, one that recognizes that real protection of business and legal interests comes only with the imposition of a formal discipline that considers what it will look like if and when the organization is judged by courts and regulators--and, possibly, the court of public opinion. Information management compliance (IMC) is a model and methodology that applies compliance principles to any type of information management activity and enables a positive outcome if a records management program is challenged. IMC borrows from and adapts the principles from the U.S. Federal Sentencing Guidelines The Federal Sentencing Guidelines are rules that set out a uniform sentencing policy for convicted defendants in the United States federal court system. The Guidelines are the product of the United States Sentencing Commission and are part of an overall federal sentencing reform to develop a working framework by which one can build, rebuild, or augment a records management program. The guidelines are used by U.S. federal courts to determine what punishment is appropriate for corporate and individual wrongdoers when they violate the law. For years, these same principles have formed the basis of many corporate compliance programs. They can apply to records management activities as well. [See "The Many Uses of Information Management Compliance."] Given the nature and magnitude of today's records related problems, it is prudent to evaluate records management programs, analyzing them against and rebuilding them with the same criteria by which they may one day be judged in court. Applying the Principles of IMC Merging compliance with a records management pro gram is about building a framework to allow the records manager, the company, and all its employees to get it right. It is not and cannot be about guaranteeing results or predicting the outcome in all situations. IMC enables employees to get it right and seeks to protect the organization if and when mistakes happen (and they always do) or when someone intentionally violates policy. The essential elements of the IMC framework include: 1) Good policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental 2) Executive-level program responsibility 3) Proper delegation of program roles and components 4) Program dissemination, communication, and training 5) Auditing and monitoring to measure program compliance 6) Effective and consistent program enforcement 7) Continuous program improvement [1] Good Policies and Procedures Policies and procedures are essential to IMC for two reasons. First, they tell employees what not to do as well as what to do, and how and when to do it. A formal mechanism such as written directives is essential to providing all employees with a consistent message and affecting change across a large institution. At a minimum, they tell the outside world that the company cares enough about a particular matter to have cemented its commitment in a formal and official way. When scrutinized by a court, regulator, or the wary investing public, anything that is perceived as good and reasonable corporate policy and behavior can transform a potentially bad situation into a non-event and one that is more likely to be overlooked as a one-time occurrence. Depending on the nature of the organization and industry, the kinds of written directives will vary as will the messages advanced in them. But most institutions will need a records policy manual explaining, among other things, the following: * Retention * The employee's role in managing records * The roles and responsibilities of the records management infrastructure * How and when third parties should manage company records * Special retention situations impacting electronic records * Issues of ownership, control, classification, and coding of different categories of content * Privacy and many other topics This type of policy leads to a soup-to nuts manual that at a high level helps give retention and records management context and meaning. Equally important, especially in the current records-sensitive environment, is the creation of a policy that directs the preservation of any tangible evidence even potentially relevant to an imminent, threatened, or pending audit, lawsuit, or investigation. "Legal hold" or "records hold" rules should make clear that all records policies are suspended and supplanted by new rules mandating preservation. So, until a particular matter is resolved, nothing is destroyed, even if the regular retention rules would have otherwise sanctioned disposition. In a May 15, 2002, Wall Street Journal article, David Duncan David Duncan (born 1960), is the United States government's star witness in the Arthur Andersen trial. He has said fears over interpretation prompted him to order the shredding of documents relating to Enron. , an Arthur Andersen For the U.S. Supreme Court case commonly known as Arthur Andersen, see . Arthur Andersen LLP, based in Chicago, was once one of the "Big Five" accounting firms (the other four are PricewaterhouseCoopers, Deloitte Touche Tohmatsu, Ernst & Young and KPMG), performing partner allegedly involved in the records destruction scandal leading to the collapse of the accounting firm, said, "I thought this was all entirely appropriate until I received a subpoena subpoena (səpē`nə) [Lat.,=under penalty], in law, an order to a witness to appear before a court. A subpoena ad testificandum [Lat. ." Even if Andersen could have disposed of drafts, work papers Noun 1. work papers - a legal document giving information required for employment of certain people in certain countries work permit, working papers , and working files in the ordinary course of business, after the firm knew or should have known it was likely to be dragged into an investigation involving Enron, the rules needed to change. Apparently, Duncan did not understand the rules. The lesson learned is simple: At the first sign of potential trouble, a company must not suddenly press compliance with rules it had failed to follow, even if the rules would have otherwise allowed them to clean house. When an organization learns it may be involved in any formal proceeding, it is too late for house cleaning. [2] Executive Responsibility The only way records management is going to get the attention and commitment it needs is if someone at the top tells the rest of the organization that records management matters. There is no incentive for all employees, including all business unit heads, to invest limited resources in a program that may not be perceived as helping to deliver profit, productivity, or a healthier bottom line. In fact, records management has been and continues to be viewed as a cost center and unless--and until--the executive makes clear that records management is important, it will not likely receive the attention it deserves. To be effective, records management needs high-level executive support. The executive should clearly communicate to all employees that he or she views records management as central to the management, growth, and fiscal health of the company and that all employees are expected to do their part to manage records. Periodic changes in policy or other significant records management-related events also should be introduced or announced from above. Records management should not expect any day-to-day involvement of the executive, whose role should be limited to sending the right messages, properly funding initiatives, and making sure all other company management works records management into their plans. Frankly, if the employees do not follow the lead of the executive, they are not likely to follow the direction of the records manager. [3] Records Management Delegation IMC delegation is about giving the right employee an appropriate level of responsibility to properly carry out some information management activity. It is about the ability to execute a particular task and the authority to ensure that it gets done as intended. Records managers cannot dictate policy to executives, but they do possess the knowledge to develop and teach policy. Executives, on the other hand, should delegate to the records manger the responsibility to implement the program and must make it clear to all employees that they need to participate actively in making the records management program a success. From top to bottom, responsibility has to be properly delegated at every step to ensure all employees are on board and know what is expected of them, no matter their position in the company. Ultimately, proper records management delegation includes telling all employees that they have some records management responsibilities. In Danis v. USN Communications, various executives were severely admonished for failing to delegate records management responsibility properly. In this case, the chief executive officer paid thousands of dollars out of his own pocket to compensate for his personal responsibility for the company's records management failures. [4] Communication and Training Unless all employees know what to do, the records manger's hard work will routinely be undermined. Simply stated, teaching records management directives may not be effective in every case, but there is a much better chance that employees will get it right if they are trained than if they receive no formal guidance whatsoever. Ongoing communication and training is critical like records management, communication and training are a process, not a project. All new employees would benefit from records awareness training. Some institutions now have annual training for various types of records-related activities. For example, employees who want continued access to e-mail may be required to go though an annual refresher training Refresher training is a form of updating military knowledge of the reservist troops. After one has completed the conscription service, he or she can be called for refresher training for some amount of days. course. Companies taking a more proactive approach to management do so with the belief that it is more productive and less expensive to make training an ongoing activity. Could the result have been different at Andersen if the company had been able to demonstrate that Duncan knew of and was trained on the company's legal-hold policy? Creating, communicating, and training on the policy might have allowed Andersen to place blame for the destruction on the lone-wolf employee. The company could have argued (perhaps successfully) that the individual was exclusively at fault because he alone disregarded company policy that he knew did not countenance the destruction of anything needed for a formal proceeding and that he did so in an apparent attempt to cover up his personal wrong-doing. Andersen, however, was not able to deflect de·flect intr. & tr.v. de·flect·ed, de·flect·ing, de·flects To turn aside or cause to turn aside; bend or deviate. [Latin d responsibility and is effectively out of the accounting business. [5] Auditing and Monitoring The only way a sizable organization can systematically learn about problems with its records management program is by auditing past acts or monitoring current conduct. Learning about problems in the process is essential for IMC, whether it is through audits by employees or technological monitoring for offending of·fend v. of·fend·ed, of·fend·ing, of·fends v.tr. 1. To cause displeasure, anger, resentment, or wounded feelings in. 2. activities. However, once problems are unearthed Unearthed is the name of a Triple J project to find and "dig up" (hence the name) hidden talent in regional Australia. Unearthed has had three incarnations - they first visited each region of Australia where Triple J had a transmitter - 41 regions in all. , they must be addressed. In the Murphy Oil lawsuit, for example, if the party that failed to follow its 45-day disaster recovery backup tape recycling schedule learned that its technology department was not following its own policy and corrected the problem before the lawsuit, it would not have been confronted with a multimillion dollar expense for a fishing expedition Also known as a "fishing trip." Using the courts to find out information beyond the fair scope of the lawsuit. The loose, vague, unfocused questioning of a witness or the overly broad use of the discovery process. into the pool of backed-up messages. [6] Consistent Enforcement IMC can be effective only if a company consistently applies and enforces its own directives. If a records management policy states that the retention rules apply to all records regardless of media, then all electronic records--no matter where they are located--should be subject to the same rules. Yet so many companies routinely limit mailbox A simulated mailbox in the computer that holds e-mail messages. Mailboxes are stored on disk as a file of messages, a database of messages or as an individual file for each message. The standard mailboxes are usually In, Out, Trash and Junk (Spam). sizes, making it all but impossible to manage e-mail records. Worse, many companies purge To eliminate or delete. the contents of the e-mail system without regard to contents after a few weeks, even though statistics show e-mail is how business gets done and the e-mail system is full of business records. Someone must be responsible for applying and consistently enforcing the records management rules with respect to records in voice mail, PDAs, laptop computers, discussion databases, and instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or . The IT department must be advised that "innocently" destroying electronic records by recycling the storage media when it runs out of storage space violates the company's retention rules. Not long ago, a company was forced to pay a monetary penalty for failing to preserve records in the context of a lawsuit. Upon closer evaluation of the destruction of evidence claim, it appeared that retention rules were not applied to e-records. The IT department made up its own rules for retention based on what the system owner decided was necessary. When they ran out of space, he or she simply destroyed otherwise needed evidence. [7] Program Improvement The seventh IMC key is recognizing when the system is not working and doing something about it. When programmatic pro·gram·mat·ic adj. 1. Of, relating to, or having a program. 2. Following an overall plan or schedule: a step-by-step, programmatic approach to problem solving. 3. failures become known, the system may need an overhaul. In one company, for example, instead of having a company-wide method for determining how e-records should be stored and indexed, that responsibility was left to the technology owners' discretion. In the interest of saving some storage space, a technology professional decided to index tens of millions of insurance claims by claim number only. When a regulator asked for all retained claims to be searched by plan name, claimant CLAIMANT. In the courts of admiralty, when the suit is in rem, the cause is entitled in the Dame of the libellant against the thing libelled, as A B v. Ten cases of calico and it preserves that title through the whole progress of the suit. name, and other criteria, it could not be done. The company had to spend millions to search for the requested e-records. Had a company-wide list of indexing criteria been developed and provided to all system owners, the problem could have been averted. It is bad business and a wasteful investment in technology to capture, store, and migrate company e-records but not be able to access them when needed. We live in interesting, albeit particularly unforgiving, times, especially as they relate to records mismanagement. When records-related mishaps bring down companies and their executives alike, it is reasonable for a company to ask itself whether its program is really good enough to protect the company. There has never been a better time to take a closer look at just how good a records management program is and seriously consider applying IMC. In the end, if a program is going to be evaluated by compliance principles, it should be built on the IMC principles. How Organizations Use E-mail Today (as a % of respondents) Responding to customer inquiries 93% Discussing strategy 84% E-filing or responding to regulators 82% Negotiating contracts & agreements 71% Exchanging invoices & payment info 69% Exchanging confidential or sensitive info 65% Discussing HR issues 56% Source: Managing E-Mail in the New Business Reality AIM International and Kahn Consulting Inc., September 2003 (c) 2003 Kahn Consulting, Inc www.kahnconsultinginc.com Note: Table made from bar graph. References "FDIC Information Security: Improvements Made but Weaknesses Remain" (Report to the Board of Directors, Federal Deposit Insurance Corp.). Washington, D.C.: U.S. General Accounting Office, 2002. "Federal Judge Appoints WorldCom Monitor." Reuters. 3 July 2002. Guidelines Manual, [section] 3E1.1. United States Sentencing Commission The United States Sentencing Commission is an independent agency of the Judicial Branch of the United States Government and is responsible for the policy of the sentencing United States Federal Courts. . 2002. "Information Management: Challenges in Managing and Preserving Electronic Records." Washington, D.C.: U.S. General Accounting Office (GAO-O2-586), 2002. Available at http://www.gao.gov/new.items/d02586.pdf (accessed 5 March 2004). Kahn, Randolph A. and Barclay T. Blair. Information Nation: Seven Keys to Information Management Compliance. Silver Spring, MD: AIIM (Association for Information and Image Management International, Silver Spring, MD, www.aiim.org) A membership organization founded in 1943 devoted to creating industry standards and disseminating information about the document management industry. , 2004. Levitt, Mark and Robert P. Mahowald. "Worldwide Email Usage Forecast, 2002-2006: Know What's Coming Your Way." Framingham, MA: IDC, 2002. Available at http://www.idc.com/getdoc.jhtml?containerId=27975 (accessed 5 March 2004). Lyman, Peter and Hal R. Varian. "How Much Information?" Berkeley, CA: University of California-Berkeley School of Information Management and Science, 2003. Available at http://www.sims.berkeley.edu/research/projects/howmuch-info-2003 (accessed 5 March 2004). "SEC, NYSE NYSE See: New York Stock Exchange , NASD NASD See: National Association of Securities Dealers NASD See National Association of Securities Dealers (NASD). Fine Five Firms Total of $8.25 Million for Failure to Preserve E-Mail Communications." Securities and Exchange Commission press release. 3 December 2002. Available at http://www.sec.gov/news/press/2002-173.htm (accessed 5 March 2004). "Six Months after Sept. 11, Hijackers' Visa Approval Letters Received." CNN.com. 13 March 2002. The Many Uses of Information Management Compliance (IMC) IMC can, and should, be applied to all information management activities, including: * Storage management * Document management * Information lifecycle management/ content management * Privacy * Electronic business process management * Business continuity and disaster recovery planning * Information security * Transaction management * Application development and integration * Technology purchasing and acquisition * System configuration and management * E-contracting Randolph A. Kahn, Esq., is the founder and principal of Kahn Consulting and the co-author of Information Nation: Seven Keys to Information Management Compliance. He advises Fortune 500 companies, governmental agencies, and court systems on legal, compliance, and policy issues of information technology and information. He may be contacted at rkahn@kahnconsultinginc.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion