Six Steps to Information Management Compliance

Six Steps to Information Management Compliance

• 1.
  compliant records management information management compliance ..................................... to comply With today’s regulations and demonstrate good faith efforts in the event of litigation, a records management program must include documented policies and procedures covering retention and disposal, as Well as proof of training, communication, and enforcement throughout the organization. siX steps to compliant records management Read our six-step Compliant Records Management Program methodology to assist with the development and ongoing improvement of your records management. ORGANIZE IMPLEMENT Determine your program scope, then define roles and Your implementation should be rolled out as a responsibilities at three levels: governance, implemen- formal program, with communication and training tation, and administration. components tailored to specific audiences. ASSESS MANAGE Identify and inventory ALL records and their loca- It is critical to plan and budget for ongoing tions. This includes paper, e-mail systems, servers program maintenance, enhancement, and and platforms, and your abilities to hold and retain enforcement (at all levels within the organization). these records. AUDIT DEVELOP For your ongoing program to remain compliant, Develop a realistic retention schedule and well-docu- you must establish clear accountability. Regular mented, enterprise-wide policies to ensure that similar audits should be incorporated into your standard records are treated in a similar manner regardless corporate internal audit process. of format — a significant characteristic of a legally credible program.
• 2.
  compliant records managementlegislation summary changes in the regulatory environment require that companies be more diligent and accountable in the handling of their records. Here is a summary description of important legislation that may affect your records management practices. PIPEDA FACTA This Canadian federal privacy act protects the per- The Fair and Accurate Credit Transactions Act sonal data (of Canadians, both paper or electronic (FACTA) was designed to reduce identity theft. It format). Also review the Canadian provincial laws requires proper disposal of any consumer informa- for a full understanding of privacy laws. tion to protect against unauthorized disclosure and formal programs to identify, detect and respond to “red flag” indicators of identity theft. RULE 26 This amendment to the Federal Rules of Civil Proce- dure addresses the discovery and disclosure of elec- STATE PRIVACY LAWS tronic records information relevant to civil lawsuits, There are more than 40 state and local laws increasing pressure on corporations to proactively governing records management and disposal, manage records in order to facilitate the electronic many with mandates regarding notification discovery process when personal and private information is inadvertently disclosed. SARBANES-OXLEY This act establishes enhanced standards for all U.S. public companies and public accounting firms, HIPAA including new disclosure requirements and harsh The Health Insurance Portability and Accountabil- penalties for persons responsible for accounting or ity Act limits the use and disclosure of personally- reporting violations. CSOX is Canada’s version of identifiable healthcare information to protect this law. such information. The 2009 Stimulus Bill expands HIPAA to business associates. GRAMM-LEACH-BLILEY This act requires that financial institutions take steps to ensure the security and confidentiality of their customers’ nonpublic personal information, to better protect customers from identity theft. schedule a meeting with an iron mountain professional today. call 1-800-899-4766 or visit ironmountain.com/compliance © 2011 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated. US-RM-PH-726-06-002