Do you need a rationale for why records management is essential to day-to-day, as well as overall, business operations? Records management and information governance professionals often have to justify to the C-suite and the larger organization why their programs are indispensable. One way to do this is by demonstrating that your organization's information assets - the data and records that are integral to everything your organization does - are directly tied to both business processes and business goals.
Business Processes and Goals - What You Do Every Day:
A business process is a collection of linked tasks which result in the delivery of a service or product to your client. Business processes are typically repeated many times and are often carefully designed. Once completed, the set of activities and tasks will accomplish an organizational goal.
Improving and refining your business processes only helps your bottom line - resulting in higher efficiency and lower operational costs. Examples of business processes include the various steps that are performed for:
Onboarding new hires
Billing a client
Administering benefits
Producing a part on a production line in a manufacturing facility
Completing an inventory
Handling customer complaints
Data and Records - Essential for Keeping Your Doors Open:
Data and records are organizational assets that are integral to running your business. They could be employee files managed by your Human Resources department, data from studies on the new product you're developing, environmental monitoring results for regulatory compliance, test results for a patient, or a prospect contact list.
Data and records can be in digital or hard copy format, are typically generated or received and then maintained throughout the organization. They can be stored in various areas from the Office Manager's desk to servers in the cloud – including even at third parties.
These records and data are essential to your business operations and goals - in fact, you'd be hard pressed to find a business process or goal that doesn't rely on them. You rely on the generation, preservation and accessibility of these records in order to operate.
And not having ready access to your records can have dire consequences for your bottom line. Not being able to access your pharmacy license, drilling permits or business registrations when a regulatory inspector shows up unannounced could result in heavy fines or your operations being suspended - or worse yet, terminated. When you've got equipment in the field and employees on site, not being able to work due to a paper trail error can get expensive very quickly.
This makes a strong case for why careful and strategic management of your organization's data and records is essential to doing business, whatever industry or field you may be in - but especially if you are highly regulated. Various functions in many industries such as healthcare, manufacturing, pharmaceuticals, banking, financial, oil and gas, utilities, government agencies and nonprofits are required to keep records for specific periods of time and can be penalized for non-compliance.
The Link Between Records Retention and Business Processes:
Creating and maintaining a database of all records that are generated and received enables you to tie them to business processes. While you are going through the process of creating your organization's records database it would be very beneficial to gather additional metadata for each record type:
What format or media the record is in
Who the custodian is
If it contains privacy information like personal identifiers or health information
What level of security the record is - public, internal, confidential
If a third-party vendor keeps the record
Where duplicates exist
What software application/s it's stored in
What the retention period and destruction instructions are
What regulations and legal citations govern those records
Once you have a database, or inventory, of all records necessary for business needs and regulatory compliance you can start to analyze them in relation to business processes - and tie each type of record to each business process it is used in.
For instance, while creating the database you may learn that certain records are used for multiple business processes such as payroll, benefits management and employee training, and that these records are duplicated across multiple departments numerous times. You may also learn that they are held in various formats and locations, such as software applications, hard copies in desk files and on various employees’ hard drives. As you may know, keeping multiple copies increases the likelihood that they will become ROT (redundant, obsolete and trivial), wastes time as employees search for the most updated version, and impedes efficiency as employees attempt to complete business processes. Accessibility and discovery are hindered, and storage costs are increased.
Duplicate copies also increase the risk of noncompliance with records retention and destruction which can result in fines and penalties. Is each person who holds a duplicate copy of a record destroying it within the appropriate time frame in compliance with business needs and regulatory requirements? E-discovery during litigation is sure to locate these duplicates which can reflect poorly on your organization.
Once you’ve built a database of your organization’s records and identified each business process each record type is related to, you can confidently proceed to improving those business processes. Having a clear understanding of overlapping business processes and their associated records also enables master data management, which is the comprehensive method of linking an organization’s critical data to one master file that acts as the main point of reference. This streamlines data sharing, allowing employees and departments to de-duplicate records and access only the most updated information.
The Link to Records Retention:
The next step is linking retention periods to each record type in your newly created database. This will provide clear guidelines to all employees for what needs to be kept and for how long. Now that you know each business process that each record is tied to, you can have cross-departmental conversations to identify what the most appropriate retention period is. Of course, record retention periods must be based on regulatory minimum retention periods and may involve some legal research into federal and state laws and regulations. You may also choose to uphold a longer retention period for a record if it serves an identified business need. Once you’ve mapped retention periods to record types you have a records retention schedule.
The Link to Data Security and Software Applications:
Creating a records database and retention schedule generates a deeper understanding of what you have, which enables data security. If during the database creation process you choose to gather metadata such as the record’s security level and what PII (personally identifiable information), PHI (personal health information) and PCI (personal credit information) is in each record type, you will be identifying key information that will be essential in determining risk in the event of a data breach or cybersecurity incident.
In today's world, organizations keep most of their records in software applications. As organizations move to new software applications, maintaining legacy applications that hold data and records until they can be defensibly destroyed is becoming a common challenge. A comprehensive records retention schedule can account for the records held by your organization, including within current and legacy software applications, and give clear guidelines for minimum retention periods. As legacy applications become obsolete, records retention schedules that identify each record's location can be invaluable as that information is migrated to new software applications.
Storage and maintenance of records can be expensive, but is essential for compliance - and is often less expensive than fines and other penalties from litigation or those imposed by regulatory bodies for noncompliance. In addition, destroying records as soon as possible (in compliance with regulatory requirements and business needs, of course) saves money on storage and retrieval fees.
The Link to Penalties for Non-compliance:
Maintaining all the records required by laws and regulations for the specified amount of time can be daunting. But complying thoroughly and consistently eliminates, or at the least greatly decreases, the risk of fines and penalties from regulating bodies or litigation. Knowing what the specific penalties are for noncompliance in your industry can be a key talking point for demonstrating the importance of effective records management to your C-suite:
For health care organizations, what would the approximate cost be to your organization if an inspector revoked your pharmacy license or drug administration authority because of a "paper trail" error involving drug inventory records, controlled drug logs or permits?
For the oil and gas industry, what are the drilling, refining or equipment rental costs per day? How much would it cost if you couldn't operate for one week because of a permit paper trail issue?
For tech, financial, manufacturing, nonprofits and other industries: What are the fines and other penalties involved for noncompliance with the EU's GDPR regulations? Google, Facebook, Twitter, Spotify, Netflix, Amazon and Apple have each been fined up to $50 million for noncompliance with the EU's GDPR regulations. Do you know which privacy data elements you keep on your EU resident employees, contractors and customers, and are you prepared to destroy that information in compliance with the regulation's "right to be forgotten" requirements?
Consistently Tying Records Management to Business Processes:
In meetings, emails and other communications with your C-suite and management, continually tie how your organization's data and records are essential to various business processes and goals. Making a consistent effort to do so will pay off in the long run. This is easy to do, as we discussed above - for instance, Human Resources and Payroll can't operate efficiently without instant access to all employee records and time cards.
Chaotic management of data and records leads to weak, inefficient systems that create demoralized employees and higher operational costs. Consistently communicating how proper management of records enables employees to do their jobs more effectively, and the benefit this has to the bottom line, is key.
Make sure that you have a place at the table when your organization focuses on improving business processes (likewise, if you are in a management role, ensure that the employees that manage data and records have a seat at the table). Being a part of that team will give you opportunities to help streamline processes while you share important information about required retention, compliance, existence of records and related software applications.
Using Games or Visual Aids to Illustrate the Value of Records Management:
They say a picture is worth a thousand words, so use the power of visuals to wow your C-suite whenever possible:
iGMapware's Queen Gwendolyn's Information Kingdom illustrates the importance of understanding where records are, knowing what privacy information is stored and maintained, and how they're managed.
Use statistical visual aids such as Domo's Data Never Sleeps
Various records management software exists that can guide records retention and enable regulatory compliance. Software applications like iGMapware enable users to view deep metadata about each type of data and record across their organization, while mapping that data to retention rules. This includes each record type’s:
Format and media type/s
Custodian
Privacy identities and elements (for example, social security numbers, personal phone numbers and addresses for contractors are stored in records held by the legal team, etc.)
Level of security - public, internal, confidential
Third-party vendor/s who maintain and store the records
Location, including duplicates
Software application/s it's stored in
Retention period and destruction instructions
Regulations and legal citations that govern it
Reach out to the iGMapware team to discuss if our software would be a good fit for your organization's data management and retention schedule needs.
References:
Appian. Definition of a Business Process. Retrieved 04-12-2019 from: https://www.appian.com/bpm/definition-of-a-business-process/
Domo. Data Never Sleeps 6.0 [Digital image]. Retrieved 04-12-2019, from https://www.domo.com/learn/data-never-sleeps-6
iGMapware. Queen Gwendolyn's Information Kingdom. Accessible on the iGMapware home page or YouTube at: https://youtu.be/nKzEpqLP_so
Nuix. Find one out of 3 billion cans of beans.
Ramesh, Anjana (12-15-2017). Quora. Retrieved 04-18-2019 from: https://www.quora.com/Why-is-business-process-management-important-to-organizations
Simplicable. 14 Examples of a Business Process. Retrieved 04-12-2019 from: https://simplicable.com/new/business-process-examples
#oilandgasrecords #pharmaceuticalrecords #utilitiesrecords #bankingrecords #manufacturingrecords #healthcarerecords #healthcarerecordsmanagement #financialrecordkeeping #regulations #Regulatoryrequirements #privacyinformation #businessprocess #whatisabusinessprocess #RecordsRetention #recordsmanagement #informationassets #recordsmanagers #businessoperations #businessgoals #businessprocesses