The current digital landscape is one of the most complex and challenging we have ever seen for compliance and records management practices. Apart from the exponential growth in the volume of information created every day, the fact that content is being stored everywhere is also contributing to the compliance problem.
As our organizations embark on their Digital Transformation journey, they are realizing that their records are not only stored in Electronic Content Management Systems (ECM), like SharePoint, but many other places as well.
What Other Content Sources Should We Be Managing?
Each organization is different and most have many content sources to support its business. However, based on our experience, the more common examples of important sources where records are often located are the following:
Manage Content in Email Applications
Email is nowadays one of the main ways of business communication. As it has legal bounding and it is considered evidence of business transactions, it falls into the definition of a record. You might be asking if all emails should be actually considered as records, however the answer will depend on your organization’s internal policy. Entities like the National Archives of each country provides useful guidelines to help you decide. As an example, the National Archives of Australia recommends that if you answer any of the following questions with a “yes” then that email is most probably a record and should be kept appropriately to ensure its preservation and access when required:
- Did I receive or send this email during the course my work?
- Does this relate to a project I am working on?
- Does the email provide approval for an action?
- Does the email provide advice, give a direction or record a decision?
On the other hand, the following are examples of emails that might not be considered records:
- Emails that are for information only
- Trivial emails e.g. meeting reminders and room bookings
- Copies of content that are already being managed as a record
- Internal Newsletters or notices
- Personal and social emails
Manage Content in Shared Network Drives
Shared Drives are commonly used to store electronic content like PDFs, presentations, Excel documents, etc., but they lack in capabilities to ensure proper record keeping, such as preventing deletes, audits, and contextual links. Therefore, it is recommended that organizations start by establishing some strategies to deal with the legacy content and establish policies and guidelines on how to appropriately use shared drives in ways that record keeping can be possible. This not only reduces exposure to big compliance risks but also tackles the big storage costs involved on keeping content forever.
Manage Social Media Content
Social media is used as one of the main mediums for businesses to reach out to the community and new audiences. Additionally, for highly regulated industries, social media communications are subject to legislative requirements so its proper management needs to be guaranteed.
Although not all the information on social media is a record, any content that can be considered an evidence of a business transaction and it is used to perform or report on your business operations, will have to be managed accordingly and go through the retention policy for media content established by your organization.
We like the rule of thumb recommended by the States Archives & Records from the New South Wales government when considering records keeping on social media: “If you need it, manage it. If you don’t need it, leave it.”
Manage Other Collaboration Tools
We and most other organizations are using multiple collaboration tools like Personal File Shares, e.g., OneDrive for Business, and Chat-based Workspaces, e.g., Microsoft Teams and Slack. While these are very different in nature and purpose, when comparing to ECM systems and email tools, they are commonly used to make decisions and store content that represent business transactions. They might not seem obvious content sources to manage, but they expose to risk the organizations that decide to ignore them. Once again, due to their nature, not all the content in these applications needs to be managed. However, internal record management policies should include these sources to ensure records can be identified and managed accordingly.
The above list is not meant to be exhaustive. There will be other content sources that might be critical for you to consider in the context of your business so, as mentioned above, it is critical to start with an internal assessment to understand where your records are and how to identify them.
Two facts that we need to accept are that records don’t reside in a single content source and that users will be adopting new tools overtime to help them maximize their productivity.
Thus, replacing a single content source management approach with a federated one, that addresses other business critical repositories in a centralized way with a global policy and rules, regardless of where your content lives, is the right way to go. So start thinking on your federated strategy and how to unlock compliance to all your content sources today.
RecordPoint can help you manage multiple content sources! Read more in our article Introducing FIRM Techniques to your Organization.