Does Your Business Have a Solid Information Retention Policy?
It may be tempting to hang on to every document and every email message we create and receive because we think there’s always a chance it will be needed again. But hanging on to information just to be safe can harm your business because federal law says that, during an audit, all records on hand can be looked at, regardless of age. So what should business owners do to get and stay organized?
Here are some items to consider when developing a retention plan for your business:
- Know your data – Unless you understand your company’s records, you won’t know what to protect and for how long. Determine what type of information drives your company as well as what information is needed to get your business up and running after a disaster. Successful retention policies will target the following types of information and records: employment records, account records, tax and legal records and electronically stored information.
- Know your compliance obligations – Various local, state and federal regulations provide guidelines that are valuable as you build a retention policy. Among them are the Health Insurance Portability and Accountability Act (HIPAA) and the Fair and Accurate Credit Transaction Act (FACTA).
- Establish a backup schedule – Backups can be time consuming, but it is a critical step in safeguarding your organization’s information. Determine a backup schedule that will record your business activities on a daily, weekly and/or monthly timeframe.
- Keep record of information content – Get organized by recording the contents of information in boxes or on tapes. This will make it easier to go back and find documents and to determine what can be destroyed at a later date.
- A retention policy is only as effective as its implementation – Policies should be easy to follow and should include periodic audits. Review policies on an ongoing basis to allow for adjustments in the organization’s operations and changes in technology.
- Execute the retention policy across all departments – To allow for ease of sharing of information make sure your retention policy is functional across all departments. Track where documents and records are kept, how the information is stored, who has access to the data and the types of backup schedules used.
The retention policy your company creates should identify the records that need to be maintained and contain guidelines for how long certain information should be kept and how the documents should be destroyed.
For more information about record retention planning, visit www.ssbrm.com.