Creating a usable, automated, and simple file plan is an important part of ensuring records are managed in a consistent manner and that you are protected from legal risks, such as failure to disclose information during a discovery proceeding or the unauthorized leakage of information. The first step in the process is creating a retention schedule, which outlines how long records are kept in accordance with the organization’s obligations and the law.
Questions to Consider
As with any project, the first step you need to take is to ask yourself critical questions about your current state, your goals, and the tools and processes in place, so you can plan your retention schedule effectively. Questions to ask include:
- What does our existing retention schedule look like? What are the weak points?
- Will the retention schedule be functional (recommended/divided by function) or departmental (divided by department)?
- Who will lead the legal compliance efforts?
- How are we going to retrieve the required information for this project?
- What processes and technologies will be needed to maintain this retention schedule?
Plan, Plan, Plan
Like with any project, a retention schedule must have a complete scope before it can be effective. The records manager must reach out to key stakeholders in every department to make sure they understand the project, the current state of the records management process, and what the impact of changing these processes will be. The compliance team must also be defined.
Your organization must work with key stakeholders to identify all the record classes (a.k.a. the types of content) that will be managed with the retention schedule. This information is critical for a deeper understanding into each record, which is required to ensure proper disposition procedures are adhered to. Examples include:
- The general purpose of the record
- How valuable it is to each department
- The workflow the record goes through
- The current retention period (if any)
If your organization is currently not equipped to handle creating a retention schedule, you can outsource the work to a trusted organization.
Creating a Strategy
Now that you have gathered all the needed information, it’s time to put it to good use by forming an actionable strategy. The compliance team must be involved to ensure the most up-to-date rules and regulations are complied with. It’s important to consider the daily workflow of the end user with the goal of building a system that automates these processes behind the scenes and keeps everything as simple as possible.
Creation and Review
Once you have developed your strategy, it’s time to create a draft of the retention schedule. Generally, retention schedules follow a similar format shown in the table below.
The policy is determined when creating a retention schedule. In some instances, there may be more than one possible retention rule for a class of records. You can either use the longer retention period, or a platform like Gimmal Records Management, to ensure that your information adheres to both frequency and duration the record is accessed.
The last step in creating a retention schedule is allowing the key stakeholders and compliance team time to review and offer feedback under a fixed deadline. This confirms that the retention schedule is compliant and ready for C-level approval. This review process will be used for every step moving forward.
Mapping Your Data to the File Plan
With the retention schedule completely built and approved, you must now identify where the records will live and map the data to the file plan. This task may seem daunting, but leveraging the right resources and dividing up the work appropriately will relieve most of the pressure.
Different departments and different types of records will have different requirements, so if you are using any kind of software to manage the information lifecycle (and you should be), it's important that that software can access records stored in multiple repositories.
After mapping your data to the file plan, the organization must collect and report information from each department. Among the key stakeholders, you should bring in the department owners and someone who works directly with data and IT. It is imperative that you provide a template that each team can use in inventorying their files, so the same systematic procedure is followed. This will help avoid confusion and inefficiency.
To ensure your organization’s information governance plan works, stop to evaluate each process with every iteration or milestone. These reviews are a great opportunity to bring up important questions regarding the plan. For example:
- Who creates the records?
- Who uses the records?
- What is the volume of created records?
- How long do records remain current?
- Which records are confidential?
- Which records are vital?
- Who and how many people need access to the records?
The most efficient file plan is one that works well and is easily understood by its users. Following the process above, your organization should be able to keep the plan simple and create a solid foundation moving forward. Now that the retention schedule is complete and mapped to the file plan, we will discuss how to create a classification in the next post. Stay tuned!