7 Ways to Strengthen Your Records Management Policies for 2020


As we say every year, January is the perfect time to review and update your records management policies and best practices. Each new year brings about new challenges and threats when it comes to records and information management and your internal policies should be ever-evolving to reflect that.

As you head into a new year, consider setting aside time to review these 7 elements of your records management policy to ensure they are up to date with the latest information and regulations set out for your specific industry. And if you haven’t established your own policies, this loose framework can help you get started off on the right foot.

Know the Threats

One of the most important factors of developing a robust records management policy is ensuring you know the risks associated with the information your organization uses every day. It’s also important to know the rules and regulations for your industry to ensure that your internal policies are in line with the requirements set forth by the appropriate governing bodies.

Once you have reviewed the risk factors and identified new ones, develop a process for educating and informing your employees and staff about the risks and the steps they can take to ensure you maintain the integrity of the records and information you manage.

Review Storage Security Measures

Take a look at the security specifications set out in your company’s policies and procedures documents about the appropriate ways to use, store and destroy personal and proprietary information. Make sure the outlined security measures reflect risks as they exist in today’s information management landscape.

Review Retention Schedules

Take time to review and update records retention schedules and adjust, as necessary, for changes in regulatory requirements for your industry. Now is also a great time to ensure that your records retention schedules are being met and that files are being purged and securely destroyed accordingly.

Review Secure Destruction Procedures

As we mentioned above, secure destruction is an important part of the records retention process. Once records become outdated or are no longer needed, your organization should have clear policies for how that information is handled and what constitutes appropriate destruction. Be sure to review the steps and update any language to reflect regulatory changes since your last policy update.

Review Your Employee Training and Communication Approaches

Employee training and education is one of the key factors in the success of your records management programs. It’s important that your staff know and understand the importance of maintaining the integrity of your information, what steps to take if they suspect an accidental or intentional breach, and what common threats they should be aware of in their day to day work.

Now is a great time to review when and how you communicate with your employees about these procedures and how often you should send out updates and reminders on best practices and evolving risks.

Review and Update Disaster Recovery Plans

In the event of a fire, flood, hurricane, tornado or other natural disasters how will your business recover lost information? Your disaster recovery plan should outline not only how you will recover after the disaster occurs but the proactive steps you are taking to backup information and records to protect them before disaster strikes.

Review and Update Data Breach Procedures

The number of data breaches that occur each year continues to climb. It’s more important than ever to have data breach procedures in place. No one wants to think about how they will handle a situation like that, but having a clear plan helps you avoid fumbles and missteps on the road to recovery. A few things you’ll want to consider are:

  • What employees should do if they suspect or uncover a breach
  • How will the company react? How will you notify impacted parties? How will you communicate with the public about a breach?
  • What measures you are willing to take to recover the information
  • What legal and financial implications exist because of a breach?
  • What do long-term impacts of a breach look like for your business?