Iron Mountain encourages organizations to adopt a unified records management approach and recommends the following for creation and implementation:
Set Proper Policy – Get the fundamentals right to achieve compliance. Include key aspects such as governance, communication, education/training, and implementation; once defined, roll out this policy to the organization and to include all information types.
Make retention and compliance a priority – Retention covers both the preservation and destruction of information when it reaches the end of its business life and applies to all business records. Effective retention schedules apply to all business records and are regularly updated to comply with changing regulations and business needs.
Information should be easily identifiable and readily available. An organization capable of quickly identifying and retrieving records enjoys a competitive advantage, enhanced productivity, and greater protection from regulatory or discovery non-compliance. Classify information based on key identifiers such as record location, subject, author, date and method origination, system of creation and intended recipient. Then define authorizations and security controls to ensure it is available when it is needed and who should have access.
Protect and dispose of records the right way. Following consistent practices for safeguarding and properly disposing of information reduces the risks of exposure and theft while also helping to control storage costs. Documenting detailed instructions on how records are identified and approved for disposal, as well as the processes for destruction can protect against inadvertent disclosure or improper destruction.
Audit policies and make the organization accountable. Driving enterprise-wide adoption of the records and information management program requires a culture of accountability. Evaluate the success of that program through regular audits that follow defined metrics for success. Make employees accountable for their role in ensuring consistent adherence to policies, and provide visibility, encouragement and support for the overall program at the highest levels of the organization.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.