Records Management Policies

Why are there challenges?

What’s wrong?

There are several key things going on:

  1. Compliance is on the rise and organizations have not managed that well (e.g., HIPAA, GDPR, CCPA, etc.)
  2. Organizations typically rush to put in technology in place to fix “an information problem”, in essence they band-aid the problem.
  3. Systems are being designed inefficiently, as organizations fail to think about the impact and value of the information on the organization overall.
  4. Many organizations fail to give the proper authority and responsibility for the information going into their systems.
  5. Overall there is a lack of a holistic approach to the implementation of information within organization!
  6. Information is shared in so many diverse ways, email, text, social media, apps, cloud, etc.


As a result, there is a need to make good decisions when it comes to policies and procedures that govern the way records and information will be used within an organization.  Some organizations require many different policies to assist with the information governance.  However, at the very core there should be a Records Management and Disposition Policy, as it is the backbone of the rest of the information policies.  The Records Management and Disposition Policy has some high-level components:

  1. What are records and how are they managed (e.g., the Records Management and Disposition Policy itself)
  2. How long records will be kept (e.g., Retention Rules)
  3. How electronic records will be addressed (including email, databases, etc.)
  4. How records will be preserved in the event of audit/investigation/litigation (e.g., the Records Hold Policy)

Organizations must have clear directives, and it is critical that policies be implemented and understood by all employees.  Further, organizations should avoid technological mistakes by having clear objectives on how the electronic technologies are implemented, changed, managed and how the information is stored.  Lastly, organizations need to consider all the devices and ways electronic information is shared today, and they need policies to plainly indicate if personal use of company resources is ok, whether company use on personal resources is ok, and how they will handle social media posts and privacy issues. 

Our Specialties

Get In Touch For a Free Consultation

Records Management + Information Governance

Records Policy programs

Retention Schedule Development

Risk Assessments

Records inventory analysis

Inventories + Archiving