In order to adhere to the raft of current regulations and legislation, such as Sarbanes Oxley and the Companies Act 2004, businesses are required to retain corporate information. However, it is highly questionable whether many organisations actually have a clear understanding of what their obligations are to become compliant. An essential point that must be addressed is the organisations ability to understand what information should be retained and for how long. The penalties that companies face for not being able to discover and retrieve the correct information within requested timeframes can be severe, so it is essential that corporate information is safely retained in a format where it cannot be altered. In Butler Groups opinion, the only effective way that this can be achieved is through the successful deployment and use of a Document and Records Management (DRM) solution.
Butler Groups Report on Document and Records Management makes the following points and recommendations:
An ignorance of the obligations under current and pending regulations and legislation to retain information will cost organisations dearly as regulators get tougher on companies that fail to discover and retrieve information.
Few organisations outside of the public sector understand the difference between Records Management (RM) and Document Management (DM), and how the way they are retained can directly affect a companys ability to comply with industry regulations.
There needs to be a change in company culture from secretive to public, individual to corporate, and paper to electronic. As many workers do not trust e-systems and may be reluctant to use a DRM solution, any such system needs to be transparent. Sophisticated workflow functionality within DRM systems can automatically categorise and store documents while the user is unaware that any such system is in operation.
Getting employees to store documents and records in a public place is key. At the moment, approximately 80% of an organisations knowledge capital is held on employees personal drives, and not on a shared resource. Ownership of documents and records is required, with a dedicated Records Manager responsible for keeping proper policy in place.