I.                     Policy Statement

This document states the Company policy for effective management of (company) records, including their accessibility, protection and retention.

 

II.                    Policy Objective

The purpose of a Records Management Policy is to define the framework for an effective records management program, the goal being that employees and others authorized by the Company have the information they need for effective decision-making, operations, and risk management.

 

III.                  Definitions

A.       Information

Information is data organized into components that are a product of a process or are used by a process for company decision-making and operations. 

 

B.       Record

A Record is Information stored on any type of media with the intent to preserve the official business of the Company. Types of records are:

 

ü        Standards - Guidelines used to measure quality.

ü        Procedures - Steps that make up a process.

ü        Definitions & Rules - Commonly understood meaning of the terms and elements we

communicate to our customers, and the specific rules under which we operate.

ü        Trends & Metrics - Values used to measure our position in relation to our standards,

goals, and expectations.

ü        Relationship Records - Documents that evidence the Company’s contractual

relationships.

ü        Transaction Records - Documentation of individual events, which impact our contractual

relationships or financial results.

ü        Internal Communications - Documents memorializing our internal communication.

ü        External Communications - Documents memorializing our external communication.

 

 

C.       High Quality Information  -   High quality information is:

 

ü        Accurate - within an acceptable, disclosed error tolerance.

ü        Appropriate - of the right type, and at the right level of detail.

ü        Cost-effective - striking a balance between the cost of gathering/managing the

information, and the opportunity cost of making the wrong decision based on inadequate

information.

ü        Complete – all relevant facts are included.

ü        Consistent - proven, over a period of time, to be of high quality, and therefore can be

trusted.

ü        Timely - available at the time of need.

ü        Relevant - meaningful to the question at hand or the business process for which it’s

being used.

ü        Reliable - credible so the user has confidence in it.

 

 

D.       Life Cycle of a Record

The Record is created, used, stored and eventually destroyed.  This is known as the Life Cycle of a Record.  Here is the definition of an effective lifecycle.

 

1)       Creation - Employees and other authorized parties produce records in a variety of formats, using different equipment and technologies.  They do this to fulfill or as a result of a business need.

 

2)       Distribution and Use  - Records are accessed by or transmitted to those who need them and have

access rights to them, and upon receipt, are used in the conduct of business.

 

       3)    Active Storage and Maintenance - Records are organized and filed in storage devices, and

maintained for active reference.  During this stage, the Records are frequently used and should be quickly and easily accessible to those needing access and so authorized.

 

4)       Inactive Storage and Destruction/Archival - Records that decline in value or become inactive are removed from storage in prime office space.  They may either be destroyed immediately if they have no further value, or transferred to an inactive storage facility for the duration of their retention life, and then destroyed or archived.

ü        Retention and Disposition - Most Records are of temporary value and at some point, as defined by the Corporate Retention Schedule, will become useless and will be discarded.  The majority of Records fall into this category. 

ü        Archival Preservation - The few Records that never lose their value, as defined by the Corporate Retention Schedule, are preserved permanently in an appropriate archive for ongoing historical reference or preservation purposes.

 

 

IV.                 Company Roles

A.       Company As Information Owner

The Company is the ultimate owner of the Information it produces to support its business and to meet any legal requirements.

 

B.       Author

An Author is the person who creates a Record in the course of fulfilling a job function.

 

C.       Record User

A Record User is the person who utilizes a record in the course of fulfilling a job function.

 

D.       Record Custodian

The Record Custodian is the person who maintains a record for the Record Owner.

 

E.       Record Owner

A record is the product of a process, and the Record Owner is the person accountable for that process. 

 

This is typically the manager in charge of the functional area.  The Record Owner is assigned at the discretion of the functional area’s management.  The Record Owner is assigned to manage records produced by processes organized around one or more cost centers.

 

F.        Security Manager

The Security Manager and his/her team controls access and/or establishes standards and rules for access to Company information resources, in accordance with the (company) Information and Security Policy and Standards.

 

G.       Records Management Team

The Records Management Team works with the Company to manage their records to the degree appropriate to ensure the information’s usefulness to the Company in effective risk management, decision-making, and operations.

 

H.       Offsite Storage Contact

The Offsite Storage Contact is an employee in the Record Owner’s department or division who is designated to administer offsite storage services, such as packing records, ordering records, distributing records, and returning records to offsite storage.  This person has access to records stored under one or more cost centers, at the discretion of their area’s management.  They are trained in the processes and procedures for administration, and have access to the offsite storage administration system in order to perform these duties.  This is not a dedicated position, but an additional responsibility assigned by the department’s manager.

 

I.         Records Management Steering Committee

A steering committee provides guidance and governs the direction of the (company) records management program through decision-making, support, leadership, and communication. The Steering Committee is comprised of senior members including, but not limited to, records management, internal audit, claims/compliance, operations, and legal. 

 

J.       (company) Management

The management team holds ultimate accountability for compliance with the Records Management Policy and its standards in each of their respective areas.  

 

K.       Internal Audit

Internal Audit is responsible for periodic audits to assure appropriate adherence to the Records Management Policy through identification of risk.

        

       M.   Continued Business Operations

The CBO Team works in coordination with the Records Management Team and their designated representatives throughout the company to ensure appropriate CBO plans and procedures are in place with regard to both processes, and the information and records required for those processes, in a CBO event.

 

 

V.                   Components of Effective Records Management

A.       Accessibility

 

1.       Accessibility Statement – Those authorized by the Company will have appropriate access to

              Company records and Information resources needed for effective decision making and operations. 

              Appropriate accessibility will assure the records’ ongoing safety and quality, as well as protection of

                the privacy rights of customers under applicable federal and state privacy laws.

   

2.       Accessibility Standards 

a.       Access to information will be granted on the Record Owner’s authority.  Those access rights will be monitored to ensure proper measures are taken to protect them. Monitoring will be executed according to the section defining Protection, set forth below.

b.       Information will be organized so it is appropriately accessible to meet business needs and mitigate risk.

 

3.       Continuing Business Operations (CBO) - Records will be accessible in the event of record 

       corruption or loss resulting from natural or human disasters by creating back-up copies, storing physical

records offsite, and duplicating electronic records both onsite and offsite.  Records will be backed up

to ensure accessibility against loss or corruption of operating systems, applications and data files. Appropriate backup and recovery procedures will be implemented and maintained for use in emergency or disaster situations so that access interruption is minimized.  The Company CBO plan will determine record classifications and accessibility requirements for each record, as required for business operations and risk mitigation.

 

4.       Record Media for Accessibility Needs

a.       Paper – Paper is best used for records that are accessed infrequently, but need to be maintained for legal retention requirements.  Paper is also best used for records that are accessed for only a short time during the distribution and use lifecycle of the Record.

b.       Electronic - This media is best used for records that are originally created electronically (i.e. word processing files, spreadsheets, e-mail, etc.), or records that are accessed frequently or concurrently by multiple users.

c.       Scanned Image - A form of electronic media achieved by converting paper, microfilm, or some physical medium to electronic. This media is best used with records that need to be accessed frequently or concurrently by multiple users for an extended period of time.

d.       Microfilm – This media is best used with records that are too voluminous to be stored effectively on paper, yet have some ongoing accessibility requirements and require long-term retention.  (Microfilm also refers to microfiche).

 

5.       Record Location for Accessibility Needs

a.       Offsite storage will be used to hold records with low accessibility.  This storage will be used

       primarily for inactive records that must be retained according to the Corporate Retention Schedule.

       Access to records in offsite storage will be granted to those employees who are responsible for the

       operational processes that create or use the specific records.  

b.    Onsite storage will be used to maintain records with high accessibility.  Storage location will be selected in order to meet accessibility requirements for effective decision-making and operations, as well as risk management.  Records will be stored in accordance with their security classification, as outlined in the section defining Protection, set forth below.

 

 

B.       Protection

Information will be protected from unauthorized access or inadvertent change or destruction.  The specifics of these requirements are included in the (company) Security Policy and Standards.

 

 

 

C.       Retention

 

1.       Retention Statement -

Records will be retained for as long as they are operationally useful and legally required, as defined by the Corporate Retention Schedule. 

 

2.       Retention Standards -

a.       An inventory of Company records and their retention requirements will be established and maintained.

b.       A Corporate Retention Schedule will be established and maintained.

 

3.       Destruction Standards –

a.       Records will be destroyed in accordance with their retention period.

b.       Records will be destroyed following the company Destruction Procedures.

c.        Records will not be destroyed if they are the subject, or it is anticipated that they may be the subject, of a legal or formal request for access, even if the retention period has expired.

Records that reach their designated retention limit will be disposed of in a manner commensurate with their Security Classification (see (company) Security Policy and Standards).