- SOLUTIONS & SERVICES
This is Part 1 in a series of 6 posts around creating and executing an effective file plan for your organization.
As we move through this blog series focused on creating a usable, automated and simple file plan we will build the "house" in steps until there is a finished and beautiful looking building. With that in mind, today's post will cover the retention schedule. If you've ever had a new house built, you know there are an incredible amount of moving parts and the schedules involved are what keep the project on track.
Things like the foundation must be laid first of course, followed by the framework of the building. The retention schedule is really the "bones" of this house we're building and getting it right is critical to all of the steps that come after it. What good is a beautiful tile floor if the foundation underneath it is cracking? Alright, enough with the house analogies, let's get into the meat of creating a compliant retention schedule.
As with any project, the first step is to ask some crucial questions that will inform the decisions being made later on down the line. Each organization is unique and thus the retention schedule must be tailored to their industry regulations in addition to company policies and federal, state and local laws.
The records manager (or whomever will be managing this project) needs to ask themselves as well as the organization at large a few questions before diving into the work of finishing a retention schedule.
Before the retention schedule can be effective it must be complete in its scope. This will involve reaching out to all the key stakeholders in every department. Their buy-in is critical in any information governance initiative. In fact, we wrote a blog post about that recently.
It is important that these stakeholders understand the scope of the project, the current state of their department's records management process, and how the changes being made to the retention schedule and file plan will affect these processes. In addition, as mentioned in the question above, key support roles such as compliance must also be defined. Generally this is the inside counsel but that of course depends on the organizational structure.
If your organization is not equipped to handle the retention schedule creation with its current resources (and there are plenty of companies that fall in this category, even larger ones), there are some options for outsourcing this project:
Now that we have properly planned out how to attack this retention schedule creation, it's time to dig in and do some analysis on the information we have discovered.
The first step here is ensuring you have properly identified all of the record classes that will be going into the retention schedule. Again, this is where leveraging your internal stakeholders is key. They will be able to tell you critical information such as:
This next step further moves the project along by taking in the information gathered about the records, including their importance and compliance requirements and forming an actionable strategy that will form the retention schedule.
A crucial piece is the compliance and regulations. This is where an organization must rely on their inside counsel or regulatory consultant and ensure they are following the most updated rules. Having a retention schedule that is not compliant defeats nearly the entire purpose of this project. Of course, there is value to the business and improved efficiency but if we venture back to our house analogy: having a non-compliant retention schedule is like building the house without having a licensed contractor who followed the building codes. It may look good for a while, but eventually it's going to fail and cost you a lot of money in the process. Not to mention, you are breaking the law.
Beyond compliance, this strategy plan should take into consideration the daily workflows of the end users in each department. Keep in mind, the average worker is generally uneducated when it comes to information governance practices in general. Thus, the goal is build a system that automates these processes behind-the-scenes and does not overly disrupt their day.
Now the fun part begins! Beginning to draft the retention schedule itself. Here at RecordLion, we have created our file plan in order to mange our own information, which includes our retention schedule. For the most part, retention schedules follow a similar format including in a columnar format information such as:
The time interval and period is clearly the key here as it is the core of what we are trying to determine. Again, as mentioned, these must be determined based on compliance as well as the frequency and duration at which the record is accessed.
In some instances there may be more than one possible retention for a classification of records. In this case you can either use the longer retention or use a lifecycle engine, such as RecordLion, to ensure that your information adheres to both.
The review process is the next step and should not be underestimated. Complete buy-in from the entire organization is the only way for a retention schedule to be effective. Let all of your stakeholders review the retention schedule and offer notes and changes. Give a firm deadline for when these reviews need to be conducted to ensure the project stays on track.
Once the first round of review is complete, the records manager should set up a detailed review with the inside counsel or compliance team. This confirms that the retention schedule is completely compliant and ready for the final review at the executive level. Who exactly is in this meeting will of course vary from company to company, but C-level approval will be crucial going forward, especially since this project (and the file plan overall) will involve the allocation of resources.
Next week we will discuss the next step in the overall file plan process: mapping the retention schedule to the file plan itself. As we move through this process and add layers, we must still keep in mind the general principles we rely on: automation, simplicity and completeness. This mindset will certify your information governance program is truly effective and providing value to the business.