You’re working electronically; yet somehow you’re still accumulating paper. You’re keeping the paper, “just in case”. Just in case there’s a computer virus, or an audit, or a business need for the records.
Far from being a safeguard, uncontrolled duplication of records is expensive and risky.
Benefits of Electronic RecordsDigitized or electronic documents require less physical storage, they’re easily searchable, and backup for business continuity can be automated. Although many organizations scan paper records as they arrive, most haven’t implemented a disposition policy to destroy the paper. Today, most documents begin life in electronic format, yet many people continue to print hard copies and add them to paper files.
It’s estimated that the volume of information generated by businesses is growing by 60 per cent each year. At that rate, it’s no longer feasible to keep every document forever, and it’s important to minimize duplication and adhere to legal retention requirements.
Multiple copies lead to unnecessary costs and risks associated with:
• Storage – multiple copies fill premium office space, off-site warehouses, removable media, and network hard drives.
• Mismanagement – multiple copies are more difficult to control, file and retrieve. They increase the likelihood of security breaches or inappropriate disposal. This can result in fines and other sanctions for non-compliance with regulatory requirements; and in the loss of competitive advantage if intellectual property or commercially valuable business intelligence is compromised.
• Litigation – multiple copies mean more places to search during the discovery phase (increasing time and costs). It may also raise questions about the evidential weight of records.
• Business Continuity – multiple copies make it more difficult to identify the subset of ‘vital records’ which must be protected at all costs. This can result in a higher risk of accidental loss, deletion or inaccessibility. Liability insurers are increasingly considering retention policies and discovery-preparedness in their underwriting decisions. Poorly managed records can affect the cost or availability of insurance coverage.
Why then are companies investing time and money to maintain parallel filing systems?
Some companies aren’t sure whether electronic records are legally admissible; or whether paper records carry greater evidential weight. Others are doubtful of the quality and reliability of scanned documents. Many are uncertain about the required retention periods for paper records, email and digital documents.
A records management program can clarify these questions and alleviate concerns – allowing an organization to maximize the value of its business information and minimize the associated cost and risks.
The Solution – a Records Management ProgramGaining control over corporate information can seem daunting. Yet it’s absolutely essential for regulatory compliance. A records management program is a key component to reduce the complexity and cost of any GRC (governance, risk management and compliance) initiative.
Reducing the volume of paper records that must be stored and managed is the first step to moving fully into an electronic working environment. If you don’t take the plunge today, it’ll be twice as challenging next year.
A records management program should include:
• An information management policy which sets out the overarching framework of rules and responsibilities for controlling corporate information. It demonstrates to a court of law that information management is part of normal business operations.
• A classification scheme that identifies the different types of records created or received by the organization. It groups similar records together into categories that are easier to find, use and manage. The classification scheme can be used to indicate which categories of records are suitable for scanning (and which are not), based on the regulatory requirements that apply to particular types of documents.
• A retention policy that’s developed through an analysis of the company’s specific legal obligations, business needs for information to support daily operations, and the interests of any additional stakeholders.
• The secure disposal of records should be carried out on a regular schedule, in accordance with an approved procedure. Local and international case law indicates that courts will approve routine destruction of records in accordance with established procedures. Developing a security policy helps to protect the integrity of corporate information and reduce the risk of a challenge to its authenticity.
Legal AdmissibilityLegal recognition and requirements for electronic records are contained in the Electronic Transactions Law and the Evidence Law. Your records management program should provide a framework of policies and procedures to maximize the evidential weight of scanned images, and reduce the risks associated with destruction of paper files.
Where records are required for legal or regulatory purposes, an electronic record is acceptable if it is maintained in an accessible, perceivable form. It must also be accompanied by contextual information (metadata) which substantiates the provenance of the record – confirming the time, place and the person(s) responsible for creating or receiving the record.
Companies should also examine their specific legal or statutory provisions to identify any requirements to keep records in their “original form”. Such requirements can be met by a record that was first generated as an electronic record. If a document was originally a paper record, some industries require that the paper record is safeguarded and retained for a certain number of years.
Organizations should seek legal advice with regard to the types of documents most likely to be disputed in court, and assess the risks associated with maintaining or destroying the original paper records that have been scanned.
Questions about the quality and reliability of scanned images can be addressed by implementing procedures and technical standards for the conversion process, for quality control and IT system administration. It’s necessary to demonstrate that the image is an accurate representation of the source document via:
a) clearly defining the conversion procedure, which explains any changes applied to the image (e.g. conversion from color to black-and-white, de-skewing, cropping, etc.),
b) capturing and managing the image in a system that can control and track its use and prevent any subsequent modification (establishing an audit trail), and
c) maintaining and operating the system properly.
An audit trail of activity for records, users and systems administrators is important for proving authenticity and demonstrating the record’s ongoing integrity.
As a critical corporate asset, information should also be addressed in plans for business continuity and disaster recovery. The classification scheme can be used to identify categories of records that are vital for ongoing operations. Appropriate strategies can then be devised to ensure the backup and long-term accessibility of those records.
ConclusionsElectronic records offer many benefits for business efficiency. However, they may also expose companies to significant risks, if they’re not pro-actively managed.
A robust records management program combined with an electronic document and records management application, with defined policies and implemented procedures, reduces the costs and risks associated with managing corporate information. It can be used to determine whether paper records are suitable for scanning into digital formats, and to enable the disposal of original hard copies – generating a range of potential savings for the organization, and mitigating the risks associated with retaining multiple, uncontrolled copies.
Bob Leonard, our guest blogger, is the managing director of
acSellerant specializing in online, inbound, content and social media marketing for SMB IT providers.