Because they have taken no inventory, most organizations have no way of knowing what all their information assets are and where those assets are located. This can be a serious liability for any organization.
If you don’t know where your information assets are, how can you comply with privacy regulations, such as the GDPR in the European Union or CCPA? In the same vein, how do you respond to litigation and assure your liability is minimized? These are catastrophic events for organizations that often can be mediated and/or potentially eliminated by installing a simple records retention schedule.
So how do you conduct a records inventory? As the saying goes–follow the paper, follow the Cord. Answering these questions below will be instrumental in creating and implementing a records inventory or retention schedule.
- Where are the records?
- Who has control of them?
- Who has access to them?
- Who receives them – what is the distribution list?
- Who manages the offsite retrieval and preparation of boxes?
- Who manages Email? Is email managed by Inbox size or by records value?
- Is there a shared drive? How many are there?
- Who receives them – what is the distribution list?
- On-premise repository – systems of record or convenience?
- Cloud-based repository – systems of record or convenience?
Tools exist to look for specific types of records across an organization and tools exist which will classify documents based on content to assist in an inventory of digital records. An inventory of hard copy records remains manual. To reduce the mound of paper to go through, implementing a records retention schedule based on the known age of the records is recommended.
If you don’t have a records retention schedule in place, give Western a call today!
0 Comments