Organizations small and large are responsible for managing the lifecycle of the records and information they produce and receive through business transactions from their creation to their destruction. With the almost unfathomable amount of data and information that is produced on a daily basis, as well as the new technologies and types of records that are now commonplace, organizations that have not reviewed and revised their retention policies for the modern workforce could be putting their companies at risk.
In Part One of our blog, we discussed the who and what of an efficient records retention strategy. Discover the where, when, why and how below.
Where are your records stored?
During your records inventory, you’ll need to identify all your records as well as where they are located. For some information, the records may exist in several locations, in a variety of formats and even in multiple pieces of software. When conducting your records assessment, make sure to identify all storage locations and tools, including:
- Digital Records Management Systems
- On-site Storage Facilities
- Offsite Records Centers
- Secure Off-site Storage Vaults
- Data Centers
- Network Servers
- Backup Servers
- Backup Media
- Enterprise Content Management Systems
- Email, Messaging and Collaboration Servers
- Laptops and BYOD Devices
- Other Software Platforms Including HRIS/HCM, ERP Systems, etc.
As you complete your internal audit, look for records that are duplicated and stored in multiple locations, as well as how efficiently your records can be accessed when needed. If all of your vital information is securely stored off-site but is difficult to access as-needed, a digital solution can help.
When do you keep your records and when do you destroy them?
Now we’re really getting into the essence of retention and destruction schedules. Once you know what information your company has, you need to identify each record or group of records’ specific retention period. Retention periods will vary depending on a variety of things, including:
- Legal and Regulatory Requirements
- Industry Specific Requirements
- Taxation and Financial Reporting Needs
- Internal Administrative Needs
- Historical Requirements / Value
- Company Organizational Culture
- Litigation Holds
Think back to when you organized your information into separate categories. Some documents that are created within your organization will fall into the non-records bucket, however, you’ll still want to determine an appropriate retention period for information that may be useful or contain confidential data that could put your business at risk. Emails, for instance, may need to be discarded at least every thirty days or, depending on the subject matter, may need to be retained so that they are available for discovery and support in the event of legal inquiry and challenge.