Towards an Efficient and Less Risky eDiscovery via an Efficient Records Management Strategy

Posted on October 18, 2011

0


Considering the context outlined in the previous section, any records management solution should at least adhere to the following basic principles:

  • Creates additional flexibility regarding the way records are actually defined within the organization;
  • Supports the management of records as they are currently used (a file plan);
  • Provide a comprehensive and workable strategy for secure and enduring retention of records;
  • Enable the accurate and secure final disposition of records, based on pertinent rules and regulations.
  • Enable the management of documents and record files within the organization to enhanced competitiveness, minimized legal risks and realize timely and adequate responds to an e-discovery or e-disclosure.

Creating a flexible definition of records

Every organization should have its own definition of a record, and this definition should be based on the actual business plan and nature of that organization. The bigger and more complicated the organization, the more complicated the records series (i.e. a numeric matrix of the records in an organization), which is the basic framework upon which a file plan is based.  Because record series can become rather complicated, actual records should be defined based on content (and usability)— thereby allowing the automation of a retention schedule within each of the records series—as opposed to medium (e.g. e-mail) or document type (e.g. letter). This approach is consistent with that defined by the Department of Defense’s influential standard (DoD 5015.2-STD), which, among other guidelines, supports the notion that all documents, including e-mail, be treated according to the defined records series (and file plan).

An organization can define records as project-based collections of information if all records within that collection pertain exclusively to a particular project and if all records have the exact same lifespan (legal obligations on retention). However, a more efficient method is to create a multi-tiered file plan for project records. Using this approach means that records can be defined at the highest level as belonging to a particular project, at which point they can then be subdivided into “content” categories as the file plan is created. This structure allows for the automation of the retention schedule. Although organizations are free to define their records series and subsequent file plans, these items need to take into account the legal framework and jurisdiction where they operate and legal obligations for retention, privacy and disclosure.

Supporting a workable file plan

Any organization that is ready to implement the most up-to-date records management policies, especially to enhance overall efficiency, must consider the following factors in the context of its operation, priorities, and available resources:

  • File recording
  • Workable file structures
  • Classification and metadata
  • Evaluation and prioritization
  • Retention policies
  • Legal obligations
  • Execution of plan
  • Verification structure

Having a solid file plan in place is critical to being able to organize and enhance the efficiency of back-office operations. As previously stated, file plans are directly related to the complexity of an organization and are based on its business needs. Therefore, for the US Department of Defense, for instance, the intricacy of the file plan is enormous, but there is no other workable alternative for an organization of such size and complexity. Smaller or simpler structures within organizations would require a much simpler and more straightforward file plan.

Creating a comprehensive retention strategy

Structuring records serves another goal, namely the length of time that any organization is required to keep records. Keeping all records forever is counterproductive, as this approach would lead to unmanageable sets of data. For example, in the case of some financial organizations this would actually be breaking regulatory requirements of things such as PCI DSS. Rather, records series and file plans provide a structure to allow for the establishment of a retention schedule leading to final disposition.

After a file plan is defined, the implementation of a retention schedule attached to each record series becomes easier. This situation can be further enhanced by setting it up to provide an automated warning message that is sent to appointed officials. These officials can then affect the final disposition of particular records. Legal obligations apply, depending on the jurisdiction where the organization operates. For instance, in most parts of Europe, financial records need to be legally kept in their entirety for a period of seven years, whereas personnel records may need to be kept for up to 72 years, and so forth. In addition, depending on the policies that are mandated by law, an organization may decide to extend its retention schedule if the records in question constitute “substantial records” (i.e. records that are absolutely necessary for the re-start of operations in the event of a calamity and constitute a small percentage of the overall records of the organization). These records are required for the organization throughout its lifespan and should be kept forever.

Disposition of records

After a retention schedule is established, disposition of records can go from permanent archival/inactive status (substantial records) to destruction. Records should strictly follow this retention schedule if an effective records management policy is to be applied.

Retention schedules are complicated, and the only way to effectively apply them is through the use of an automated system, setting alarms and warnings to allow for the implementation of the retention policy. Realistically, no organization is going to perform these activities in a manual way. Logic holds, then, that a retention policy will not be possible without the presence of a strong records management policy that has clear and transparent file plans and records series.

Retention schedules can and should also be suspended in case of extenuating circumstances. In example of a court case, if certain records scheduled to be disposed of fall under disclosure obligations, these records need to be held until further notice. Destruction of this information is considered a crime in itself. Therefore, the retention schedule should have the proper flexibility to accommodate these requirements, regardless of what type of system is implemented to monitor retention processes.

Executing the file plan

The best option is the have a computer controlled filing plan execution with data inside repositories that are controlled by the RMA application. This solution is DoD compliant and is the most efficient and effective of all solutions, working well in both large, complex organizations as well as with small/linear ones. Furthermore, this method reduces the chance of human error and provides for transparent and auditable records management policies. Traditionally smaller organizations shy away from such solutions, scared by potential costs. Efficient EDRMS (RMA) solutions are scalable and costs are directly proportional to the size of the application. Consequently, this solution may well be the most cost-effective one available for any organization.

 By focusing on two components—a file plan and a final disposition plan—and using those two factors to evaluate the needs of particular business units, an organization can then build up a laundry list of the types of records management tools and capabilities they need on an organizational scale. Basing a file plan on content (theme) rather than on medium will also contribute to finding commonalities among the different groups within specific organization, allowing for an easier implementation of a records management policy. In addition, an efficient file plan should take into account particular nuances that will allow customized implementation per area as required.

Realizing timely and adequate responds to an e-discovery

An effective record-management system should enable the management of all assets within the organization, whether these are documents (paper, electronic, email) or record types.  A good system is compliant with the internationally recognized US DoD 5015.2 and Sox standards.

An integrative RM approach leads to enhanced competitiveness, more agility to meet specific customer needs, minimized legal risks, better positioning for higher profits, and supports legal departments to realize timely and adequate responds to an e-discovery or e-disclosure.

Advertisements