1 1 Building RIM Programs Chattanooga Chapter of ARMA International by Helen Streck President and CEO Kaizen InfoSource LLC

2 2 Answering the Proverbial WHY? Why spend money on an RIM Program: – Lowest productivity of employees in U.S. ever – Different departments trying to solve their part of the puzzle alone Least effective team work in solving an enterprise issue Ever evolving technology and company demands Duplicate work by employees – Cost of chaos – hard numbers and total lost value – Information the new currency – Inoperability between systems – no info connection – Bad press – is it worth the risk? – Is compliance a real “Why?” 2

3 3 What is a Program? 3 Programs do not have start and end dates Have governance or rules Have a budget allotted Have staffing Have a mission, strategy, and ongoing initiatives and activities

4 4 What a Program is NOT? 4 Programs are NOT projects Retention Schedules and Policy(s) are not Programs Assigning RIM oversight to non-RIM professionals Hoping file shares will clean themselves up Rules without training and education

5 5 Benefits of RIM Documents compliance with laws and regulations Increases employee productivity Reduces expenses (e.g. servers and offsite) Reduces risk exposure Reduces eDiscovery costs 5

6 6 Area of ROI with a RIM Program eDiscovery savings Storage costs Improved ability to search and find Improved ability to mine data Increased employee productivity 6

7 7 Where to Start? 7 1.Know where your organization is today 2.Identify pain points 3.Determine the mission of the RIM Program 4.Identify initiatives and resource requirements 5.Define the rules 6.Build the governance 7.Apply Change Management

8 8 Start with an SWOT Start with a SWOT – Assessment of Strengths, Weaknesses, Opportunities and Threats – Describes your current electronic information state – Identifies gaps between current state and best practices Then recommend next steps based on risks, priorities, and resources 8

9 9 9

10 StrengthsOpportunities  Executive/Corporate Secretary Support  RMP staff commitment  Improved collaboration with IT  Good vendor services for hard copy storage  Commitment of Records Manager  Existence of RMP policy and procedures  Expand scope of RIMP to include all information types  Revise rules, controls and processes and to be comprehensive in the appropriate documentation  Defining and building formal partnerships both internal and external  Creating educational courses to increase understanding and knowledge  Updating RIMP strategy, mission and scope in line with industry best practices WeaknessesThreats  Lack of RIM professional staff on RIMP team  Formal partnerships with other departments  Outdated policy, records retention schedule and procedures  Lack of adequate procedures  RIMP scope does not include all information  Increased volume of information in multiple formats  Increased litigation and demands for more information access and preservation  Increased risk of data loss or exposure of private information due to uninformed employees  Loss of vital or critical data for Company operations  Increase demand on corporate resources to store, find and access information because of lack of classification

11 Benefits of a SWOT Objective view of the state Tool to obtain consensus and buy in Suggests RIM is an ongoing effort and identifies areas of risk Serves as an internal marketing tool to raise awareness and senior-level support A place to work from to build the strategy and initiatives 11

12

13 Elements of a RIM Program 13 Mission/Vision Governance – Policy, Retention Schedule, Standards Training and Education Process(es) – Procedures Automation Accountability

14 Conflict of Ownership and Accountability Departments own the work process and product deliverables Organization “owns” the data Documentation and the need for standardization Understanding the risk of poor documentation Productivity vs. Compliance (us vs them) 14

15 Retention “An organization shall maintain its information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.” 15

16 Using the Retention Schedule List of records series Primary level of classification Primary level of classification Associated documents Defining metadata at the primary level Length to maintain each series Risk of “over-keeping” data 16

17 Importance of Classification RIM provides good classification – Document/Data categories – Identification of records vs. non-records – Legal identification of retention requirements – Workflows across departments – Classification/Index/Taxonomies – Multiple views – people and computers 17

18 What Protection and Security? Protection and security – Private information – knowing if entire category is confidential and/or private – Security classes of information – Rights and access to the various classes – Protection of restricted/classified information – HIPAA and other laws and regulations – Procedures and standards 18

19 Vital and Important Information The loss of important information may disrupt business but not jeopardize the mission. Important records may be cost prohibitive to replace. Important records are not required to have special protection, but often they do. 19

20 What is the Vital Records Component of RIM? It’s the systematic, comprehensive, and economical control associated with vital information It prepares an organization for nearly any threatening situation. It has evaluated the risks and determined the necessary level of protection. 20

21 Keys of Managing Vital Information Identifies information that MUST be available during or after a disaster to resume business Identifies potential and existing exposures to risk for a class of documents Establishes ways to measure and evaluate such risks Determines actions to remove or reduce risks Implements Change Management for improved behaviors Provides ongoing scrutiny against future risks 21

22 Conundrums of RIM 22 Starting after years of amassing data Takes time to build Needs resources for a time before ROI Getting Management’s attention to the need Building in “doable” steps Defining who is in charge of the team – accountability Applying change management so employees are enabled to make change

23 BUILDING AN RIM PROGRAM 23

24 Steps and Elements of RIM Program 1.Conduct a SWOT 2.Assign accountability and responsibility for the Program 3.Identify the internal and external partners 4.Define the strategy and approach 5.Develop the right level of Governance 6.Develop an implementation plan and training 7.Train employees and implement procedures 8.Develop and implement Change Management and Communication 24

25 Develop Governance Policies – Records and Information Management Policy Retention Schedule - Primary level classification Standards and Procedures – Multiple procedures for active, inactive, legal hold, etc. 25

26 Legal Holds Component Legal holds can suspend disposition while actual or pending litigation is in process. Need documented procedures Coordination between Legal and RIM Be sure employees know 26

27 Session Summary What is a RIM Program Where to Start RIM Team Building the Framework Special Considerations – DRBC – Privacy – Security 27

28 Closing Notes The scope of RIM for information is broader than just storing the records. There are many factors that affect good recordkeeping—standards, litigation, disasters, privacy. They all must be addressed in an RIM program. Start with know what you have Develop a strong team 28

29 THANK YOU! Helen Streck President and CEO Kaizen InfoSource LLC 29