Whether you’re a store front, processing payment information all day, or a doctors office handling piles of personal paperwork, having a document policy is a key component of protecting data and protecting your company. While there is a lot of focus on creating firewalls and protecting your digital data and cloud computing structures, it’s important to remember that paper still poses a threat and your biggest defense is having a detailed document policy in place.
DOCUMENT POLICIES ARE NOT A CHOICE
Creating a document policy isn’t just a protective measure, having one in place is required by law. The FACTA Disposal Rule, GLB Safeguards Rule, and HIPPA all require document policies to be in place for those handling sensitive information. There are many resources out there that can help you create a document policy for your business, including ARMA’s “The Principles” and the NAID compliance Toolkit, a program we have in place at Augusta Data Storage to help you develop document policies. Regardless of the tools you use to develop your policy, having one in place is a must. If you’re wondering what you might need to include, here are a few “must-haves,” as listed in the NFIB Small Business Guide to Document Retention. This list of items and ideas will give you a great jumping off point for developing your document policies and outlining not only how you will dispose of old documents, but how you will save, store, and protect the documents you do keep on hand.
Identify the Types of Records your Document Policy will Focus on
Before you decide how to properly manage your records, you need to know what kinds of records your company deals with day-to-day. This requires a thorough evaluation of the entire office, including individual PCs, the company’s computer network, and any records being stored by remote employees.
You should be looking not only in a variety of places, but for a variety of file types, such as data files, word processing files, emails, and images. Once this data has been gathered, it’s time to categorize, compiling records of a similar nature. Categories commonly refer to the type of document, the information it holds, or its relevance to current company business, such as:
- Historical and current
- Temporary and permanent
- Clients, customers, and vendors
- Full-time and part-time employees
- Intellectual property
- Legal or regulatory requirements
Knowing what types of documents your office most commonly produces will help you decide which management policies work best for securely maintaining your records.
Decide How Long your Document Policy will Keep Records
CREATE A DOCUMENT RETENTION SCHEDULE
To avoid any serious legal ramifications or security risks, establishing a document retention schedule is of the utmost importance. This schedule should cover maintenance, archiving, and destruction, helping you decide how long documents should be kept and making sure everyone in the office sticks to the same timeline.
The best document retention schedule balances a document’s required retention period with its usefulness for the company. That way, you won’t keep anything longer or shorter than necessary, minimizing the risk of any legal issues or security breaches. Once you no longer need a confidential document for company business and its retention period is over, it should be shredded by a third party professional, rather than stored, to prevent any issues down the road.
WHO CAN YOU TRUST TO CREATE RETENTION SCHEDULES?
If you allow department heads to create their own retention schedules, be sure the task is handled by someone you trust to follow every guideline. Afterward, have your office’s legal or policy compliance counsel approve the end result.
Most importantly, stay on top of document retention requirements, as every federal agency has its own rules, and they’re constantly changing. Make sure your employees are organized and updated to keep your business in the clear.
Decide how you will Store all Documents
Figuring out what storage system works best for your company fully depends on the personal needs of your business and employees. Developing both a long and short term storage plan will keep the office running smoothly, while documents stay secure and organized.
CREATE A SHORT TERM STORAGE PLAN
Short term storage needs can vary for every department and individual, so it’s important to analyze what’s necessary at every level when mapping out the best system for your office.
ASSESS DEPARTMENT STORAGE NEEDS
Determine how much storage each department will need, allowing for plenty of extra space, as documents always accumulate more quickly than expected. Departments that share a large number of documents among different employees will likely need a number of shared file cabinets. When it comes to predicting how much space the office will need, invest in the larger option. That way, your company won’t have to work in a cramped system that requires constant reorganizing.
PROVIDE DOCUMENT STORAGE FOR EACH EMPLOYEE
Once you’ve taken care of storage needs on the department level, take a similar look at storage on the employee level. To avoid a mess of exposed documents on each employee’s desk, ensure all employees have access to a lockable cabinet or set of drawers for files they work with regularly and need to store close by. This way, they can responsibly keep sensitive documents safe and out of sight when not in use.
USE SECURE CONSOLES
Once a department is done with a confidential document and its retention period ends, it only poses a risk to the company, taking up space as it waits for its shredding date. Secure consoles provide a safe way for employees to dispose of documents, as they’re kept locked away until they can be properly destroyed. Placing these consoles in high-traffic areas throughout your office will keep your storage system tidy and confidential.
OPTIMIZE YOUR LONG TERM STORAGE NEEDS
DEVELOP A FILE NAMING SYSTEM
Establishing a simple, consistent file naming system for use throughout the office is especially important for records in long-term storage. With an effective file naming system, employees will be able to efficiently pull a document out of storage, no matter how long it’s been inactive. Each storage labeling system should be clear and individual to your business’s needs, so that long term archived records are easy to uncover.
CONSIDER OFF-SITE STORAGE OPTIONS
If your company seems to always have a growing amount of documents that aren’t going anywhere anytime soon, you may want to consider off-site storage for your long term records needs. Rather than buying an endless amount of file cabinets prone to mess, off-site storage facilities offer climate-controlled, highly secure document storage that will put your mind at ease and keep your office space neat.
Decide How your Documents Should be Destroyed
Once you have a schedule establishing when your company’s documents should be destroyed, you have to determine how that destruction is going to happen in a way that’s secure and efficient. Shredding is known to be the safest form of document destruction when outsourced to a professional media destruction company, as these companies have the technology to shred documents well beyond any possible reconstruction. As well, a professional service can provide you with an official Certificate of Destruction, promising that your documents have been completely and securely destroyed.
Outsourcing this responsibility to a professional company ensures your documents stay securely handled under the best practices until their final point of destruction. Not having to worry about this process, your employees will be able to focus on their own workloads. You can even adopt a shred-all policy for your office, so that documents not in need of storage can be disposed of immediately, freeing up much-needed space.
Determine how your Document Retention Policy will be Enforced
SPREAD THE WORD
Before you can enforce your document retention policy throughout the office, your employees have to know exactly what that policy is. Making sure everyone in the office is on the same page is the first step toward secure and consistent records management.
After you’ve announced the new policy to the office as a whole, organize smaller training sessions, so that workers can further understand the processes in general, as well as how they specifically apply to their departments.
ESTABLISH TEAM LEADERS
Delegating to team leaders, such as department heads, will help ensure thorough dissemination of information throughout the office. Each employee will have someone they can refer to for questions or issues, and each department will have someone making sure employees stick with the policy. After training, these team leaders can keep lanes of communication open as your office adjusts to the new system, encouraging a smooth transition.
With so much new information, it may take a while for the office to internalize every process, and that’s okay. Until then, hanging up convenient, helpful reminders is an easy way to keep things running smoothly. Post flyers with important tips to remember where employees will need them most, such as by file cabinets and recycling bins. That way employees can efficiently follow through with processes without always having to look up a guideline.
Employees unaware of their own mistakes are a common cause of system breach, so keep those in your office accountable and consistent. Make sure employees know how important it is for them to adhere to these guidelines. Meanwhile, stay committed to enforcing the new system until your office is a well-oiled machine.
Determine How you will Evaluate the Effectiveness of your Document Policies
No matter how much time and energy you put into designing your records management policies, you may discover that your processes aren’t effective in practice. Establishing a periodic review process will enable you to regularly evaluate your office’s day-to-day records management practices to stay efficient and up-to-date.
SET DATES AND ESTABLISH A TEAM
To be sure your business handles assessment regularly and thoroughly, recurring evaluation dates should be officially established throughout the office. As an important step in maintaining your records management policies, these responsibilities should be carefully delegated to a team of workers with the necessary time and care. Beyond conducting internal assessment, they should also monitor any external changes that might affect policy or trigger the need for an update, such as new legislative regulations, industry changes, or machinery innovation.
CONDUCT PERFORMANCE REVIEWS
Conducting performance reports will allow you to take note of how your organization manages each specific process through focused evaluations. These reviews can then also be used to show regulating authorities that each aspect of your business is in compliance with their policies.
GATHER FEEDBACK FROM EMPLOYEES
Feedback from employees at every level is another effective form of evaluation, especially when it comes to the practical application of your processes. While an open communication system will encourage employees to speak up, discussion times should still be scheduled as a formal platform for sharing ideas on specific topics. Meanwhile, team leaders have an opportunity to discover how well their staff really knows each policy.
Once you are able to identify these key pieces of your policy, begin working on developing written procedures for each section that are clear and precise, so that the same policies can be maintained throughout the various departments in your organization. Then ensure that you take the appropriate steps to seek out certified professionals like Augusta Data Storage for any portion of your policy that may need to be outsourced, including records storage and destruction. Contact one of our account managers today to learn more about the tools we have developed to help you manage your Records Information Management processes.
While all of this advice is based on industry standards and best practices, informed by records management professionals, it can in no way substitute or replace speaking with your company’s legal and accounting partners, as well as any regulatory organizations in your industry. Only these bodies can truly advise you on your how information should be managed and protected for secure practice, in compliance with regulations.