Thoughts on compliance and records management.Compliance and its related Records Management services have become more critical than ever due to our ever changing business landscape. The ability to manage records for legally mandated retention times is a crucial component of Sarbanes-Oxley (SOX) compliance, and expertise in managing corporate records can be a competitive advantage. It is estimated that companies with poor Records Management are likely to spend at least three times as much money on compliance per year as those with comprehensive Records Management programs. Records Management is also a key component of organizational initiatives such as Business Continuity and Disaster Recovery Planning. Accordingly, building a strong Records Management program, inclusive of vital records identification and protection, guards companies against unforeseen events and enables the efficient reestablishment of a firm's financial and operating positions.
An effective and compliant Records Management program is one of the key success factors in the long term viability of quality initiatives.
Organizations are rapidly moving toward evaluating and implementing enterprise-wide document management applications. A strong Records Management foundation, complete with legally compliant Records Retention Schedules and Records Management Policy and Procedures must be in place prior to development or purchase of a document management system. Records Management principles must be built into document management applications as well as the ability to link all entries to the appropriate record series from an approved Retention Schedule. This important integration will allow compliant destruction of records, both physical and electronic, and protect companies from unintentional spoliation of data. The impact of a compliant Records Management program is felt in several areas of an organization. Some areas affected by recent regulatory requirements are: Human Resources: HIPAA compliance is mandatory; Finance functions: SOX and tax code compliance is mandatory (internal controls need to be in place and monitored to ensure the necessary transparency to regulatory agencies and stockholders); Operations: general security/privacy requirements including the Gramm-Leach Bliley Act and the Financial Data Protection Act must be followed; Information Technology/Information Management functions: ISO 15489 requirements and the National Fire Protection Association requirement (NFPA 232, 75 and 909) must be followed.
Compliant Records Management is a specialized role and organizations must endeavor not to fall into the trap of quick fixes to meet seemingly short term Records Management requirements. Decentralization of Records and Document Management functions lead to overlaps, redundancies, inconsistensies and user confusion. Records Management professionals advocate a centralized approach that has been proven effective across industry lines.
While acknowledging that Records Management functions have graduated from the role of a support function to that of a strategic area within compliant, efficient organizations, firms must follow rigorous compliance and governance principles to maximize the value of their Records Management and Document Management investments. Improper methodologies can lead to content clutter as new tools and applications, rather than processes, proliferate in organizations. A Records Management Compliance Program can pay for itself. Records and documents are managed effectively throughout their lifecycle; thus, reducing potential liabilities and penalties to the organization.
BY PHYLLIS L. ELIN, COMPLIANCE OFFICER, BW DOCUMENT MANAGEMENT SOLUTIONS
Phyllis Elin can be reached at firstname.lastname@example.org