For IT, compliance, and legal departments, records management is one of the oldest problems in the book. It’s seen as a costly, time-intensive, and daunting effort. And as such, it is often dismissed by decision-makers as something that can be figured out "tomorrow." Even among organizations that have well-documented retention and disposal policies, records management programs are rarely followed and maintained to a meaningful degree. All the while, the volume and variety of enterprise records continue to grow at a rapid pace, with the associated risks increasing in reach and severity.
There are several factors at the center of this issue. First is that most senior decision-makers, particularly the C-suite and in-house legal, believe that their records problems are too great and that their organization simply does not have the budget or resources needed to support records management requirements. In turn, many look the other way, leaving records managers stuck without the executive sponsorship they need to execute programs.
For example, a Forrester Research study found that alignment between records management and its primary sponsors—IT and legal—has been steadily declining for several years. Between 2017 and 2019 (the most recent years Forrester studied), the number of records management professionals who were included in IT planning and vendor selection dropped nearly 10%. Moreover, while general counsels have historically been the most supportive sponsor for records initiatives, their involvement declined from 41% in 2015 to 32% in 2017 to only 25% in 2019. The study also found that a lack of stakeholder alignment was a worsening challenge and the top barrier to successful records management for roughly one-third of organizations. In the period since that study, IT and legal leaders have encountered a flood of added responsibilities and pressures relating to the pandemic—including accelerated demand for digital transformation projects, business continuity issues, resource shortages, and managing remote work environments—which has likely pushed records management even further down their list of priorities.
The overwhelming nature of data today is another difficult reality standing in the way of records management progress. Email retention alone is a significant hurdle, which is often started and stalled again and again within large organizations due to decision overwhelm. Add emerging data sources such as collaboration platforms and cloud file sharing applications to the equation, and organizations are faced with the prospect of managing records across potentially hundreds of systems and a vast universe of information. Because records management is essentially the end game of the information lifecycle—which tends to stay out of sight, out of mind until a compliance violation or data breach occurs—many organizations continue to avoid it rather than take on such a weighty task.
A Visible Solution
Unfortunately, the cost and risk of insufficient information management have become too substantial to overlook any longer. But there’s also an alternative to spending significant time, money, and resources on massive records management overhauls.
Most IT leaders are heavily invested in business process optimization initiatives that introduce automation and efficiency into a number of systems, including those also create records. SIM’s Taking the Pulse of IT study found that alignment of IT with the business and digital transformation were among IT leaders’ top five priorities for initiatives and spending in the near term, meaning that there will likely be a steady flow of such initiatives in the months and years ahead. Projects within these categories can easily, with little to no added cost, incorporate records management requirements to achieve compliance in parallel with the creation of modified business processes and new data models.
New business process optimization projects will typically require the definition of cohesive rules and standards for how the system will integrate with other systems and automate certain functions, such as signatures or routing. As that’s being developed, it’s very straightforward to also build in records compliance with the addition of criteria for identifying and classifying records and automating a standardized retention and disposal schedule for them. Records categories can be grouped according to their function within the process or disposition requirements. With that foundation, a common disposition strategy can be assigned to each group and set as a rule within the new system, automating retention compliance for all records that flow through it.
Essentially, because records are simply data artifacts that flow through a new system or process, they can be addressed with just the addition of another requirement in the system. Doing this enables teams to mitigate legal and compliance risk while also boosting the ROI and impact of their business process optimization investments.
Many organizations have backed themselves into a corner with their data because they’ve designed systems—including those that generate and store records—for business function only, not for compliance. But there is a way to achieve both ends while maintaining cost-effectiveness and efficiency by integrating records management requirements with existing and upcoming business process optimization efforts. Doing so boosts ROI and reduces the risk of a costly penalty, reputational damage, or other fallout resulting from a records violation.
Chris Schassler is a Senior Director within FTI Technology’s Information Governance, Privacy & Security (IGP&S) practice.