Most Organisation's Records and Retention Policies Are Incomplete & Inconsistent
Most Organisation's Records and Retention Policies Are Incomplete & Inconsistent
June 21st, 2006: Pushing its Universal Records Management (URM), Stellent's Chief Operating Officer, Dan Ryan, slams records management practices across the board.
While spruiking his company's Universal Records Manager (URM) server, Ryan told 'Enterprise IT Planet' that with legal and regulatory compliance now the major driver in all areas of business (and government) practice, organisations are still taking an 'upside-down approach' records management and retention policies.
By this he meant that rather than creating policies based on the information that they seek to deploy, most organisations are still looking at the information technology that underlies that information. Policies are being based not on what level of compliance the data should be meeting, but instead on what the servers, scanners, storage and networks can provide.
This approach leads not only to inconsistent data retention and management policies, but in some cases, according to Ryan, to some data having no recognisable policy at all.
Stellent's URM, of course, seeks to solve this issue. According to the company, '…it uses an agent architecture to enforce retention policies and schedules in applications and content repository throughout an organisation. This "in-place" functionality enables companies to leave content in its native location rather than moving it to a central repository for records and retention management. This server also facilitates legal discovery activities and applies litigation holds to relevant content throughout the enterprise".
This approach addresses the same point made by PolicyPoint's Andrew Stein in in the latest print edition of IDM. Stein makes a point often taken up by those people within an organisation who create and attempt to enforce records management policies: "Many organisations spend time and money crafting beautifully written, complete policies that articulate in detail employees' obligations and responsibilities, and then publish them believing the job is done.
Most people never read the policies printed in the company manual or published on its intranet (other than enthusiastic inductees perhaps). If you refute this, let me ask you 'how do you know?' Knowledge of policies should be considered mandatory, but if it isn't mandatory to know, then why have policies at all? Why bother?
A twist on the old 'tree falling in the woods' conundrum is this: if a policy exists but no one knows or understands it, does it have any effect? There must be some measurement of employees' awareness of a policy".
Records management is more than IT? Comment here.
Related Article:
Service Delivered Compliance