An organization should establish a system that accurately stores and retains information including paper-based and electronic data/records. This system should enable:
> collection / acquisition
> storage / availability / retention
> backup / recovery
> privilege / privacy / security
The system should allow the organization to manage different types of data and documents as appropriate and required.
Principles
> Lifecycle management
> Ability to lock down information and preserve documents
Business Objectives
-
To ensure that the entity has an information management infrastructure in place that facilitates the acquisition, access, storage, availability, backup, privacy, security and retention of information
-
To ensure that effective systems are in place to identify and meet legal, regulatory and business requirements regarding the retention and destruction of both paper and electronic records
Considerations
-
The entity will need knowledgeable resources from many departments to classify information
-
The idea of classifying information and implementing a formal records management program may be a new concept to entities that do business in traditionally non-regulated environments
-
The impact and nature of joint and third-party business arrangements must be considered when managing information and records
-
In many situations, technology will enable the activities of the program
Critical Success Factors
-
Early involvement of business leaders (legal counsel, senior management, information technology) and data owners
-
Employee awareness and sense of responsibility for managing information
-
Incorporating impacts of changes in culture, operations, organizational structure, legal and regulatory requirements