Why your business should have an updated records management policy
Written by: Jonathan Jerreat
Publish Date: Feb 13, 2020
Read time: 8 minutes
Since the introduction of GDPR, there has been an increase in the level of compliance required for the likes of records and personal data. Organisations which have not met this level of compliance have since faced the consequences in the form of hefty fines. One of the most important things that an organisation should have is a records management policy.
Often, we tend to find that during the consultative phase for records management solutions, around 70% of the companies that we have spoken to don’t have an updated records management policy. Even more so, under 40% actually implement their policies.
In this article, we’ve put together some useful points to consider for your records management policy - whether it’s an item that should be added to the policy itself or any additional things you need to think about such as training and HR.
The benefits of an updated records management policy
A records management policy should state (on behalf of the company) what your stance of records is and how they should be managed, maintained and stored. The majority of companies already have a records management policy, but it’s important to ensure that your policy is up to date - especially if there are any changes to processes, systems and applications in your organisation.
One of the benefits that comes from having a records management policy (and one that is up to date) is that it can streamline your whole business. Having a records management policy can give employees and stakeholders clear, understandable instruction when it comes to managing and maintaining records and how to implement it in a way that will be free from risk of litigation in the future.
Ultimately, this should be a good opportunity to get your policy refreshed and updated. Take a look at our checklist below for some of the key things you should consider as part of your policy.
Checklist - What you need to consider for your records management policy
Purpose: Explain what the purpose and scope of your organisation’s records management policy is and who should read it (ideally, this should be everyone in your organisation).
What it covers: Your policy should specify who and what aspects of your organisation the policy covers (i.e. does it cover the whole organisation or a particular division? Does it include applications and systems such as email, social media platforms and CRMs?).
Record Types and Formats: The policy should cover every record type and the format they’re held in, in the policy.
Location: Your policy should include details of where records can be located (i.e. are physical documents in a third-party supplier’s storage centre?).
Retention: The policy needs to explicitly state the retention periods for records and whether they apply to specific record types.
Disposition: You need to carefully consider what happens at the end of the retention period for a record (i.e. are digital records to be archived or permanently deleted? Are physical records to be destroyed?).
Security: Your policy should include details of security and protection measures for records (i.e. are some records ‘read-only’? Are access rights restricted to a few personnel?).
Approval: Describe who has approval authority for records and final disposition. Consider additional approval for extremely sensitive records.
Roles & Responsibility: The policy should be clear on who is responsible for maintaining records and their role (i.e. Executive Officer, Policy Owner etc.).
Training: This should be provided to all employees to help them understand how processes are to be implemented.
HR Process: The records management policy should include what happens to records during the employee onboarding and exit processes.
Technical Challenges: Your business should consider any technical challenges that may arise from the records management policy (i.e. do you have the systems capable of physically and/or digitally storing records in a safe, secure environment?).
Policy Expiration: Your records management policy should include an expiration date so that it can be reviewed and updated accordingly instead of being written, filed away and forgotten about.
Streamlining your records management processes through an updated policy can help keep your business on track with GDPR compliance, as well as any other industry-specific legislations that might apply. It will also give you the ability to transparently pave the way for process for employees, reducing risk, human error and security breaches where business-critical records are concerned.
Why not speak to our records management expert to discuss your records management requirements and see how we can help streamline your compliance processes.