Manual classification processes meant records were unclassified
Before adopting RecordPoint, the agency was leveraging network drives to manage its information, and records were classified manually, based on either metadata entered manually or by location. As a result, a high proportion of records were not classified and there were a lot of missing pieces.
The agency did not know where records were, and there were duplicate records. There wasn’t enough metadata to know what was in these records.
A lack of information governance made adherence to regulation more difficult, increasing compliance risk
As a government agency, the agency must align with the General Retention and Disposal Schedule (GRDS), which authorizes the disposal of common and administrative records. The agency is also subject to a specific retention and disposal schedule and has additional obligations under the Freedom of Information Act and the Privacy Act.
Due to the poor records management processes outlined above, adherence to these regulations was difficult to guarantee, raising the risk of non-compliance.
The agency is also subject to regular Information Security Management System (ISMS) audits, requiring a strong information governance function. With inconsistent record classification, proving and validating that records management processes were occurring correctly was difficult.
The RecordPoint solution
In-place management streamline records management and consistently classify information.
Upon implementing the RecordPoint platform as its information governance solution, the agency has been managing all its SharePoint Online records in place with the platform. This has allowed for the application of consistent and automatic classification using the metadata-based rules tree, with no need for end-user involvement.
All data passes from the connected SharePoint Online environment through the RecordPoint Intelligent pipeline, which detects signals like data size, type, location, metadata, and sensitivity. Each record category within the File Plan has a retention schedule and is used to assign a disposition action.
An expert team helps get their information governance in order
In 2020, a new version of the General Retention and Disposal Schedule was issued. As part of an engagement with RecordPoint’s experienced consulting team, the agency streamlined its use of the RecordPoint platform.
The agency worked with the team of experts to update the Retention and Disposal Schedule (RDS) in its RecordPoint file plan so that it aligned fully with the change in regulation. Working together, the team also consolidated their classification rules to make it easier for them to maintain.
Consistent record classification and disposal
Thanks to RecordPoint, the agency could classify records without manual intervention, with metadata-based rules classification streamlining retention and disposal. The agency has a customized disposal approval process where a disposal approver signs off on the disposal by approving or rejecting the disposal decision. The platform then allows for defensible disposal by maintaining an immutable certificate of all disposal activities.
Improved compliance with less manual effort
As a result of adopting RecordPoint, all information is now classified under the correct disposal schedules, improving the agency's compliance without any impact on the end user.
Streamlined regulatory compliance
Adherence to regulations is now much easier, as all their records are automatically classified and disposed in line with retention plans, with disposition documented.
Audits have been made easier as they can validate claims and show examples of information assets assessed for information security criticality.