Submitted by Bob Larrivee, AIIM Director/Industry Advisor
This is a question every organization should ask and be prepared to defend. A recent article presented by the Associated Press titled “SF drug cases at risk amid crime lab questions”, cites that one of the elements in question as a result of an audit by the American Society of Crime Laboratory Directors is the lack detailed record-keeping for cases. While this is not the only element placing these cases at risk, it is significant enough to be cited which in my view is severe.
One of the things I have stressed regularly over the years with clients, at seminars, and in my classes is that you have to have a sound governance framework in place that addresses not only records but information as a whole for without it, how do you know the information and records you manage is safe, managed properly and not placing your organization at risk? So what is a good information governance framework? I look at it this way, you need to establish a policy and whenever possible, leverage standards in your policy. Look at ISO 15489, MoREQ2, Dublin Core and DoD 5015.2 for guidance.
You have to establish processes that support use of the policies. If you state that all content with a business value must be placed into the corporate repository, how does the use get it there? Where does it fit in your taxonomic structure and what metadata will be used? When you have the policies and processes in place, you then need to provide your user community with the right tools and technology to adhere to the policy and carryout the processes but most importantly, give them appropriate training on how it all works and why. Finally, you need to establish a regular audit mechanism through which you can assess compliance and take corrective actions when needed.
In my view, a strong information governance framework is essential in managing risk and maintaining compliance. Policy, process, standards, people, tools and audit cycles are all vital elements in being able to present and defend our information assets and practices. This must become a standard operating procedure unto itself and the importance understood by the user community at large. Since I do not know the case presented in the article firsthand, the only conclusion I can draw from what was reported is that there is a weakness in their framework that needs to be tightened. So, how about your organization? Would your records keeping practices pass the test?
What say you? How are you addressing record keeping policies? Do you have a story to tell? I want to hear from you.
Looking to learn more about intelligent information and process management?
Join us for the BPM Certificate course in:
San Francisco 05/25/10 - 05/28/10
Join us for the ECM Certificate course in:
Toronto 03/23/10 - 03/26/10
Kirkland 04/13/10 - 04/16/10
Dallas 04/27/10 - 04/30/10
San Diego 05/04/10 - 05/07/10
Denver 05/18/10 - 05/21/10
Calgary 05/25/10 - 05/28/10
Silver Spring 06/08/10 - 06/11/10
Houston 06/15/10 - 06/18/10
We look forward to seeing you there. Do you have several individuals who need training? Contact us to find out how a private class can save you on registration costs.
Bob Larrivee – AIIM blarrivee@aiim.org
Follow me on twitter – BobLarrivee and remember to visit www.aiim.org/training and www.informationzen.org, AIIM’s free social network created just for you.
Bob: In the past many companies 'got religion' with records management only when laws like Sarbanes Oxley were introduced. The policy, process and standards you refer to were put into place, but the people, tools and audit cycles changed, were underfunded or neglected. The organization is fine for awhile, just like a leaky faucet, but eventually there can be a lot of damage. A little bit of funding can go a long way in records management towards personnel training and consistency of audit cycles.
Posted by: Dan Longo | March 17, 2010 at 03:00 PM