Would Your Records Keeping Practices Pass The Test? March 24, 2010 By Bob Larrivee, Director & Industry Analyst for AIIM

This is a question every organization should ask and be prepared to defend. A recent article presented by the Associated Press titled “SF drug cases at risk amid crime lab questions”, cites that one of the elements in question as a result of an audit by the American Society of Crime Laboratory Directors is the lack detailed record-keeping for cases. While this is not the only element placing these cases at risk, it is significant enough to be cited which in my view is severe.

One of the things I have stressed regularly over the years with clients, at seminars, and in my classes is that you have to have a sound governance framework in place that addresses not only records but information as a whole for without it, how do you know the information and records you manage is safe, managed properly and not placing your organization at risk? So what is a good information governance framework? I look at it this way, you need to establish a policy and whenever possible, leverage standards in your policy. Look at ISO 15489, MoREQ2, Dublin Core and DoD 5015.2 for guidance.

You have to establish processes that support use of the policies. If you state that all content with a business value must be placed into the corporate repository, how does the use get it there? Where does it fit in your taxonomic structure and what metadata will be used? When you have the policies and processes in place, you then need to provide your user community with the right tools and technology to adhere to the policy and carryout the processes but most importantly, give them appropriate training on how it all works and why. Finally, you need to establish a regular audit mechanism through which you can assess compliance and take corrective actions when needed.

In my view, a strong information governance framework is essential in managing risk and maintaining compliance. Policy, process, standards, people, tools and audit cycles are all vital elements in being able to present and defend our information assets and practices. This must become a standard operating procedure unto itself and the importance understood by the user community at large. Since I do not know the case presented in the article firsthand, the only conclusion I can draw from what was reported is that there is a weakness in their framework that needs to be tightened. So, how about your organization? Would your records keeping practices pass the test?