UK-RM-EXT-220115-001 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

1

SEE INFORMATION

DIFFERENTLY

R E C O R D S A N D I N F O R M AT I O N M A N A G E M E N T

G E T T I N G I T R I G H T F R O M T H E S TA R TT H E B A S I C S O F A D O P T I N G C O M P A N Y - W I D E I N F O R M AT I O N M A N A G E M E N T P O L I C I E S

UK-RM-EXT-220115-001 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

2

A Q U I C K G U I D E T O G A I N I N G

W I D E R A C C E P TA N C E

Success in records and information management takes planning, organisation and a strategy for taking control of physical and digital records from creation, through active use, secure short, long or permanent storage and planned disposition. Done well, records and information management helps your organisation limit information risk, manage costs and lay the foundation for successful data analytics.

Your information management policies are the bedrock of getting a return on your information. But planning for the adoption of your policies is a step that a surprising number of organisations neglect to take. Research from Iron Mountain and PwC indicates that only 26% of European mid-market organisations have training programmes to brief employees on information risk (Beyond Good Intentions – The need to move from intention to action to manage information risk in the mid-market, 2014). What’s more, the same research indicates that less than half of the surveyed organisations have a strategy for the secure disposal of technology, hardware and confidential or sensitive records. The problem of managing information isn’t just a matter of having a policy, but of ensuring that policy becomes a part of the way people in an organisation do their jobs.

UK-RM-EXT-220115-001 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

3

2

The buy-in of senior leadership gives traction to your plans for policy adoption. Your board may not wake up in the morning with information policy as their first thought but th they are concerned with serving and retaining customers as well as balancing costs and revenue. Your committee should include:

Critical business functions

Legal/compliance

Records and information management

Privacy

IT

Data officer

The relationship between information management and the legal and compliance landscape is important. Involving business units who are on the front line of customer service or who regularly need to share information will help to include the perspectives of end users. Establish regular meetings and a reporting plans.

1

It sounds simple. But, in fact, it’s easy to fall victim to a siloed mentality and lose sight of the commercial direction your organisation is taking. The policies you craft to speed up processes and improve compliance may not work unless they also make sense to the people who use them. Your colleagues may prefer to continue with old ways of working because they feel there is nothing really wrong with the status quo. The key to successful change is ensuring that your ideas and aims are linked to shared priorities. Information is an asset and a resource as well as a responsibility. Aligning your priorities to wider business aims gives you a better chance of managing its value. Plus, if funding is an issue making your business case will be more straightforward.

CREATE AN INFORMATION GOVERNANCE BOARD OR COMMITTEE

KNOW YOUR WIDER BUSINESS GOALS AND PRIORITIES

S T E P S T O T H E U N I V E R S A L A D O P T I O N O F I N F O R M AT I O N P O L I C Y

1 2 3 4 5 6CREATE AN INFORMATION GOVERNANCE BOARD OR COMMITTEE

KNOW YOUR WIDER BUSINESS GOALS AND PRIORITIES

ASSESS POLICIES

DEVELOP POLICIES

PLAN FOR IMPLEMENTATION

COMMUNICATE AND EDUCATE

7MEASURE YOUR PROGRESS

Change can be a daunting prospect. A clear plan helps you make progress and ensures you’re aligned with the needs of your organisation.

The key to successful change is ensuring that your ideas and aims are linked to shared priorities.

UK-RM-EXT-220115-001 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

4

43

Your policy assessment should examine:

Technologies, including mobile and social

Processes and work flows

Procedures

Resources

Education

By identifying gaps, you’ll be able to determine what prevents policies from being adopted. For most organisations, this is not a simple check list. It may start by knowing what you have, where you keep it and who has access.

Use what you learned about business priorities and policy gaps to pinpoint where to start making step-by-step progress. Your records retention schedule is vital, but that’s not the limit of your policy decisions. Consider:

Paper

Email

Mobile

Computer and other devices

Processes, procedures and workflows are based on a foundation of stable, enforceable policies. Consider too the importance of balancing security with access, collaboration and efficiency. Your written policies should also include:

Acceptable use policy

Incident response plan

Business continuity

Put a timeline for regular policy review in place. Your mobile device management, document retention and privacy policies will evolve and you’ll need to change them to keep up with new developments.

ASSESS POLICIES DEVELOP POLICIES

Social media

Cloud

Backup

UK-RM-EXT-220115-001 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

5

In order for change to succeed, you should consider the mindsets and priorities of the people you’re asking to adopt policies. Teams in customer service may not be as passionate about information governance as you are. Make your policies easy to adopt and ask your business leaders to act as examples and champions. Policies should be clear, applicable and straightforward. Ask for help and insight not only from your committee, but from people at all levels and with different needs.

It’s not enough to tell people what to do. You should also engage them with your aims and ideas. Develop a plan that uses different channels to get your guidelines and processes across. Some people will enjoy a webinar; others a written guide and a few may need a one-on-one meeting. Training can take different forms. Many organisations find that eLearning can introduce and develop new skills and thinking in an easy-to-digest format. If you can nominate information stewards in different departments or teams, you can build a culture of information policy awareness. Keep an open door and schedule records management brown bag lunches where you answer questions and take suggestions.

5

6

7

Policies are empty unless people are engaged and making changes. Your plan should include milestones, and a detailed approach to measuring how well your policies are being adopted. Consider including hard measures like numbers connected to secure disposition of documents or files transferred to off-site storage facilities. You can also set up measures for attending training and surveys to get a clearer idea if people are adapting to policies.

PLAN FOR IMPLEMENTATION

COMMUNICATE AND EDUCATE

MEASURE YOUR PROGRESS

Training can take different forms. Many organisations find that eLearning can introduce and develop new skills and thinking in an easy-to-digest format.

UK-RM-EXT-220115-001 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

Or, download our slides to present your case for consistent information policy to your senior management

To learn more about information policies and governance, get our solution brief

IN THE UK CLICK HERE

IN THE UK CLICK HERE

IN IRELAND CLICK HERE

IN IRELAND CLICK HERE

L A S T W O R D S

Gaining universal acceptance of information management policies

requires the move to a culture where information is understood,

respected and valued.

SOLUTION BRIEF

1 R.O.I 1800 732 673 | N.I. 08445 60 70 80 | ironmountain.ie08445 60 70 80 | ironmountain.co.uk

HOW THIS AFFECTS YOU

✓ Information is a business asset. A unified document management programme should be at the centre of your strategy for managing the risks and value of your information. The ability to monitor the movement and use of documents in digital and paper formats puts you in control of business processes. You can also securely retain the documents you’re legally required to store and destroy the documents you’re no longer obligated to keep. And, with the right programme in place, you can retrieve the information central to your business processes in either digital or paper format. By getting teams involved in the early stages of developing practices and procedures, they can influence decisions and smooth the process of adopting new ways of working.

STEPS TO TAKE

1. Determine how information is stored, transferred and disposed of across your business. Look at different departments and locations.

2. Define the technology and practices that will support and improve your business practices.

3. Get your people involved so they can offer insight and help with adoption.

4. Develop and design controls.

5. Work with your HR department to create and deliver company-wide training.

6. Agree Key Performance Indicators for all parts of the business.

7. Monitor your programme and your progress.

BUSINESS CHALLENGE

INDUSTRY FACTS:

You’ve tried to put information management policies and procedures in place, but they aren’t being followed. You didn’t expect best practice to start happening overnight, but you did think people would be more interested. Different teams seem to have their own ways of not using guidelines. These range from people who haven’t got the message to the downright irresponsible, and it’s your job to inspire and educate them all. And that applies not only to managers and their teams, but your board of directors as well.

Your aim is to treat information as a holistic issue- one that everyone and every department should be involved in. Policies and procedures for document retention and destruction, authorised access, secure storage, removal and digitisation should be universally applied. By putting in place technology, training and measurement criteria, you can monitor your programme’s effectiveness and determine how different parts of the business respond to it.

INFORMATION PROMOTERMake information everyone’s responsibility

OPPORTUNITY

insight

Only 26% of companies have training programmes to brief employees on information risk issues1

80% of companies have formal policies but 64% lack companywide adoption2