City Lights at night

Your Business Needs A Records Management Program

If your business suffered a disaster, could it survive without access to vital company records? Right now, can your business access important documents at a moment’s notice?

If the answer is no to even one of these questions your business is vulnerable.

In previous articles, we explored IT Backup/Disaster Recovery Planning and Security; records management goes hand-in-hand with these two topics. In fact, no business can be fully protected unless they have a comprehensive Records and Information Management System (RIM) in place.

It is imperative that such a large and important undertaking like installing or updating a Records and Information Management program has the support and buy-in at the executive level. Here are some things to consider when implementing RIM:

  • Appoint a Records Management Champion as project leader. This person should have the authority to direct activities across departments as well as possess good negotiating skills since it is likely that internal clashes will happen as the project progresses. In small companies, the project leader may be the owner or partner.
  • In larger companies, a representative from each department should be appointed to work with the Project Leader. The department reps will be responsible for carrying out assignments involving their areas.
  • Each department should classify all documents/data currently in use or on file according to their importance. Once done, documents should be listed by type, importance, and where/how they exist (i.e. hard copy only, digital format, location of document, how are they used, etc.).
  • After the documents/data have been cataloged, they need to be reevaluated so that mission-critical information can be identified across the organization.
  • You may need the assistance of legal counsel or someone who specializes in documents management to make sure that you are aware of the format that certain documents must be kept. Do you have documents that must be kept in hard copy? If so, you need to arrange for the appropriate storage to ensure their continued protection and retrieval when needed.
    • Those documents that must be kept in hard copy due to regulatory requirements, but you need to work with from time-to-time, should be scanned and moved to an appropriate folder on a fully protected server. The hard copies can then be archived.
  • Once you’ve identified all of your documents/data, you need to have them reviewed against your company’s Document Retention Policy.  Regulatory/legal retention requirements can be very complex and may require the council of a specialist.

So, now your company has identified all of their documents and data as well as how long you need to keep this information, you now must figure out how to store and retrieve the information.

  • All hard copy documents should, where possible, be scanned and kept in digital form.Documents that must be kept in hard copy should be boxed and archived in appropriate protected facilities. There are companies that specialize in archival systems (i.e. Iron Mountain, etc.).
  • Digital copies of important documents should be archived on protected servers that are backed up periodically to ensure they are available even after a disaster strikes.
  • All forms used to operate should be digitized and available as templates in a central location where they can be easily updated so your employees are always using the latest versions.
  • As you review the data your company keeps, you’ll most likely find that it is kept in many formats such as database files, Microsoft Office files, text, etc.  As your organization grows, you should be thinking about creating a “Data Warehouse” that stores information in a central location where it can be easily retrieved by appropriate personnel and entered into reports as needed. This will help decrease the need to keep hundreds or thousands of Excel, Word, or MS Access files on individual employee computers where it can compromise the firm’s security.
  • Tracking document versions, who’s working on certain documents, etc. is a huge area that also needs to be addressed in a well-executed RIM program. Collaboration systems such as Microsoft SharePoint can help to manage a company’s Records and Information Management program as well as foster online collaboration between employees.

Now after you’ve installed your RIM program, make sure you periodically review it and close any vulnerabilities you find as well as to ensure that the program grows along with your company. If you fail to review it, you may find it lacking just when you need it the most.

A Documents and Information Management (RIM) program works hand-in-hand with Backup/Disaster Recovery and IT Security to insulate a business, no matter the size, against unforeseen disasters (natural or man-made). Small to medium size organizations are especially vulnerable since they often do not have the funds that are available to mega-corporations. However, there are steps that can be taken to help protect your company even when money is tight:

  1. Identify, classify, and catalog your company’s documents and information as outlined above. Although there is a lot more to executing an effective RIM program, just knowing what and where your data is will be a tremendous help to your company.
  2. Use a document management system such as Microsoft SharePoint to manage your documents and information. Even very small firms can utilize a Managed SharePoint Solution to greatly minimize the financial burden.
  3. Make sure the data in your computer systems is backed up. At the very least, you should be using a Cloud data backup solution such as Carbonite. When possible, you should also include a more robust IT Disaster Recovery solution.
  4. Make sure you keep copies of all applications (i.e. accounting application, Microsoft Office, etc.) at an offsite location so they can be quickly re-installed in replacement computers if necessary.
  5. Protect all IT systems with anti-virus and anti-malware programs. You need both and they must be kept updated and run on a regular basis.
  6. Educate yourself and employees on how to identify and avoid Social Engineering attacks.

This article is by no means comprehensive. Records and information management is an intricate area that all businesses should become familiar with. It is extremely important, especially in today’s uncertain environment that all businesses, large and small take steps to help ensure their survival after a disaster. A great source of information is the Disaster Recovery Journal. The quarterly subscription is free and the information is of great value.

I hope this article has at least raised your awareness on protecting your business during and after a disaster. The key to surviving a disaster is to be prepared before it strikes.