Did you know that the typical documents and records lifecycle puts your organization at risk for fines from non-compliance, or worse lose customer because you don’t have the details? Do you know how to reduce or eliminate these records management risks? At RecordPoint, we’ve come up with a new way of thinking about the documents and records lifecycle that reduces risk and makes the records management process more efficient.
A Typical Document and Records Lifecycle
There are many models out there explaining a typical documents and records management lifecycle. For the purposes of this article we are using generic and simplified version.
- Document Created: The document has been created by an end user and has been uploaded into the document management system.
- Document Managed: End users are collaborating and / or using the document for their everyday work.
- Document Finalized: The document has reached the end of its useful life for every day work and can be locked to prevent further edits. It now should be archived, deleted (if not a record or needed for historical purposes), or managed as a record by being sent to the records management system.
- Records Managed: The document resides in the records management system. It has a category from the file plan assigned and is managed by the associated retention schedule.
- Disposal: The document has reached the end of its retention period and should be disposed.
Activities that occur during this lifecycle include:
- Classification of Information: The document should be categorized so it can be determined if it should be managed as a record, and if so, what category from the file plan applied to the document. This is often done by end users by asking them to select metadata for the document.
- Maintenance: Once the document has been locked for editing it enters a maintenance phase. Activities can include resentencing, fulfilling records requests, and reclassification of documents.
- Dispose: This can involve an approval process and should result in a certificate of destruction with an audit trail.
Risks of the Typical Solution
The problem is, there are a lot of risks associated with this traditional model of document and records management.
- Risk of Deletion: Documents are not assigned a retention period until the document has been finalized and declared as a record. Therefore, during the document created and document managed phases the document could be deleted by an end user since there are no controls in place to prevent deletion. If the document is subject to a regulation and should be retained this opens the organization to a risk of a fine or other penalty.
- Risk of Not Being Declared a Record: There is also a risk that a document that should be managed as a record will not be properly categorized or move to the records management system. Often these systems rely on end users to perform these actions, and users are rarely aware of records management regulations. If a document is not properly declared a record then it won’t be retained properly and again opens the organization to a risk of a fine or other penalty.
- Risk of Non-Disposal: Once a record has reached the end of its retention period it should be deleted. This prevents the document from being surfaced in an eDiscovery or other litigation request, when can be a risk to organizations if the record contains incriminating information.
Modern Records Management
Fortunately, there is a better way to execute the document and records lifecycle, that mitigates all the risks mentioned above. RecordPoint works by automatically classifying documents as soon as they are created, using our automated rules engine, without asking the end users to do anything. Records Managers are then free to govern records activities, rather than manage them, which reduces overall risk in your organization. With this approach our document and records lifecycle has just two parallel processes.
- Manage Content: First we manage content as records from the moment that they are created. This is done by automatically applying the correct file plan category, and therefore retention policy, to the content from being deleted from the beginning. There is no need to lock the content from editing; we can prevent deletion of content while still allowing other editing activities to occur. This ensures that content that should be retained as records are not ever deleted before the end of the retention period.
- Invisible Records Management: End users are not compliance experts and should not be expected to categorize content for records management purposes or properly declare content as records. There is just too much room for error. By performing records management categorization in the background, without asking end users to do anything, we are eliminating the risk of not being declared a record.
Additionally, invisible records management allows us to manage the disposal process more efficiently. Records Managers can see a dashboard of content that needs to be disposed, and be alerted when action is needed. With RecordPoint, they can manage the approval process for disposals and batch up records for bulk disposal. Finally, RecordPoint provides an auditable certificate of destruction that complies with common regulations.
This has been a brief overview of how RecordPoint can reduce risk from non-compliance in your organization. To learn more, please schedule a chat with one of our Records Management experts, or read more below.