1. Review all information (electronic and on paper).
Determine what is out there. Be sure to look at individual PC hard drives, your organization’s computer network, and any information remote employees may be storing. Remember, all of the computers in your organization contain information that will need to be covered by the document management policy. This includes data files, word processing files, e-mails, and image files.
2. Organize the data into categories.
For example, historical and current; temporary and permanent; clients, customers and vendors; full-time and part-time employees; contractors; finance; business strategies; intellectual property; e-mails; legal or regulatory requirements.
3. What is important for your company?
Decide what data you need to retain, how you want it organized, what information should be encrypted, and what security measures should be installed to protect information and limit access.
4. Identify who will have access to specific information.
Some information may be available to most employees on a read-only basis, other data may be accessed only by certain employees with reading and write privileges, and other information may be limited to a select group who will need special passwords and encryption software.
5. Separate documents by retention timelines.
Keep documents with different retention periods separate, if possible. This not only reduces the cost of long-term storage but also helps avoid the inadvertent destruction of a document before its scheduled time as well as potential legal charges of failing to follow retention regulations.
6. Know document destruction schedules.
When documents with different destruction schedules must be combined in one file, be sure the file is kept for as long as the document with the longest required retention is needed.
7. Set a schedule.
Create schedules and methods for maintenance, archiving, and destruction. Allow individual divisions or managers to set their own retention policies, provided they are approved by your legal counsel or an individual designated to oversee policy compliance.
8. Consider setting up centralized controls and systematic enforcement.
It is critical that all employees be monitored to ensure they follow the policy.
9. Explain the policy.
Provide a clear, documented rationale for each section of your policy. Legal storage requirements are likely to change from time to time, so you will need to review the policy periodically to ensure it is up to date. When changes are made, be sure to document them.
10. Make sure they get it.
Ensure all employees, contractors, and vendors understand and sign off on the policy and future updates.
While this may sound overwhelming, it’s easy to navigate with the correct technology partner. For further assistance or to ask questions, contact us for some help.