Organizations struggling to enforce policies for managing records
Despite greater investments in their information management programs, most organizations still struggle with properly implementing those programs and getting employees to comply with them, putting them at risk for information loss, regulatory non-compliance and litigation.
While an increasing number of companies have one policy for handling paper documents and electronic files, the pervasive growth of new record sources like Twitter, wikis and collaborative software applications like Microsoft SharePoint threatens their ability to keep those policies current and compliant.
A new Iron Mountain report shows companies making strides when it comes to adopting one policy for storing and handling both electronic and physical records. Past reports showed company policies designed primarily for paper records and didn’t account for electronic files and email.
What’s more, these new findings seem to suggest a growing consensus that the practice of records management is really risk management, with a larger percentage – 60 percent in 2012 vs. 25 percent in 2010 – of legal/compliance and audit/risk departments now responsible for implementing, enforcing and auditing policies.
“This year’s report shows promising trends of stronger oversight of information management and better integration of policies for electronic and physical records,” said Harry Ebbighausen, president of North America, Iron Mountain. “At the same time, however, those gains are threatened by whether organizations can consistently apply records management policies across the organization and how well they enforce them through training and auditing. Until you can manage all your records under one program, regardless of format or location, the road to unified records management will remain a rocky one.”
Key findings of this year’s report include:
Ninety-four percent of respondents will apply more budget and staff to information management. The growing investment is noteworthy, particularly given the still uncertain economy. Yet, less than one third (28 percent) indicated they have a long-term, strategic plan with executive-level support for records and information management. Lacking a formalized, executive-sponsored plan, many organizations will continue to spend valuable time and resources struggling to implement and enforce effective, long-term best practices.
Integrated policies for paper and electronic records are on the rise, but adoption is still a challenge. Eighty-three percent of respondents have records management policies that cover both paper and electronic records, and nearly half (48 percent) report that those policies are well integrated into their organization’s data privacy and security policies – a best-practice in information management and a nine percent increase from the 2010 report. But only nine percent have seen those policies consistently adopted.
Training on those policies is lacking. Organizations have made some strides in employee training on records and information management policies (a 25 percent improvement since 2010), but 36 percent of respondents have no formal training or do it on an ad-hoc basis.
Monitoring compliance remains a major challenge. Ensuring employees comply with records and information management policy represents a major challenge for organizations, with 74 percent of respondents indicating they monitor on an ad-hoc basis or not at all. This finding is an 11 percent decline from the 2010 report.
Many report paying money to fix information-related events. Even with more companies adopting comprehensive policies for paper and electronic records, just 37 percent say their organizations consistently apply those policies, leaving them vulnerable to regulatory or litigation non-compliance. Sixty-three percent reported experiencing an event like litigation, disaster, or data loss that cost their company money.