This past weekend I did two things of note: I read the newly issued 2012 Iron Mountain Compliance Benchmark Report and then went hiking at Purgatory Chasm in Rhode Island, a natural formation caused by millions of years of tidal activity carving its way through solid granite. As I peered down into the chasm, I thought about how we often speak of filling the gap between actual Records and Information Management (RIM) practice and best practice. And yet, the Benchmark report results indicate that most organizations are dealing with a more substantial rift than a mere gap – more like a chasm.
Here are some of the Benchmark findings:
- 80% of organizations indicate they have a formal RIM policy in place – which is great progress
- An impressive 94% say they have money allocated to spend for RIM this year – which seems incredible given the continuing uncertain economy and the absence of any new trigger events such as SOX (2002) and the amended Rules of Civil Procedure (late 2006)
On the other side of the chasm we learn that:
- 74% have no strategic plan or roadmap to provide direction and intent – or allocate hard won dollars
- 54% have no dedicated staff or administrative support for managing paper and/or electronic records
- Only 15% conduct some form of periodic audit of their programs (not surprisingly this community consists of the most highly regulated industries, such as financial services)
The results of this lack of converting policy to action include 63% of the respondents reporting they spent substantial money responding to trigger events such litigation, investigations, FOIA requests, and more. And 60% continue to allow user-driven ad hoc destruction of records – a dangerous practice as consistency is what judges and regulators expect of RIM programs.
So why the chasm between commitment and ability to practice?
Records and Information Management is big and it’s complex – especially for organizations that champion a decentralized model or are located in many jurisdictions around the globe. And it doesn’t slow down – just as you are finally get some controls around email management, social media crops up along with the use of mobile devices – and we can’t avoid the emergence of SharePoint as our new favorite place to park information – whether a record or not.
Implementation and the on-going sustenance of a RIM program require more than just good intentions. A RIM program requires ownership, a clear direction – along with people to support it, defined practices, and technology that enables its unified management.
In conclusion, I encourage you to use the information from the Iron Mountain 2012 benchmark report to help your organization evaluate your “as is” state, recognize areas for continuous improvement, and create a plan to make your “to be” happen. Remember, perfection is not required but what you do commit to has to be consistent in its practice. To close any of your gaps between commitment and practice, you should focus on:
- A strategy that is visual – Like a map; this will help you stay on track and sell the program to others
- Training – Do it early and often in conjunction with an on-going RIM marketing campaign
- Audit – “Inspect what you expect,” it’s the only way to continually improve and prove compliance
- Unify – Strive for a single policy in a system of record
- Collaborate with IT, Compliance, Legal, Audit, Marketing, business units and other key stakeholders to make RIM happen