As security risks continue to evolve effective records management becomes critical to business resilience In addition to protecting sensitive company and client information records management policies reduce storage and operational costs ensure compliance with applicable regulations and manage overall information growth PROTECTING YOUR INFORMATION Why proper records management is good for business BY ANDREW BROOSLIN STAFF VICE PRESIDENT LITIGATION SENIOR COUNSEL FM GLOBAL AND SARA SWEENEY ASSISTANT VICE PRESIDENT LITIGATION COUNSEL FM GLOBAL Moreover not only does keeping information longer than necessary expose a company to more risk in the event of a data breach but studies conducted by Gartner Inc the world s leading IT research and advisory company demonstrate that the value of information declines significantly over time Given this exposure companies should consider implementing a formalized records management policy to govern the identifica tion retention and destruction of company records on a worldwide basis In doing so a threshold distinction must be made between records and non records FM Global s policy defines a record as any information created received or maintained by FM Global for business purposes and or legal or regulatory requirements Records take many forms and include FM Global Risk Reports insurance policies financial reports claims reports and client or prospect infor mation Records at FM Global contain both company and client information and data some of which can be highly sensitive In order to effectively manage records information used in each department and business unit is categorized and outlined in the company s Records Retention Sched ule which identifies and describes the records owned and controlled by each department or business unit Every record category is assigned a retention period that is the length of time the record is required to be kept In the absence of a law or regu lation specifically mandating a particular retention period the retention period in the schedule takes into account the needs of the business unit the client and FM Global i e the purpose of the record and how long the company reasonably needs to keep it to meet its business obligations One of the most important aspects of any records management policy concerns the handling of records at the conclusion of the retention period Under FM Global s policy Information Owners and Information Custo dians or those responsible for compliance with the policy are instructed to securely discard records in accordance with the com pany s Information Security Policy once the appropriate retention period is reached Of paramount importance to both FM Global s Records Management Policy and Information Security Policy is the safe guarding of nonpublic sensitive informa tion from unauthorized disclosure based on business need to know requirements Therefore the manner in which records are managed and then destroyed under a records management policy goes hand in hand with an organization s information security efforts Consequently records that have reached their retention period and contain confidential pro prietary or nonpublic information including that of employees clients or prospects must be destroyed in a manner that renders them inaccessible and unreadable In fact for all types of information including accounting finance corporate records research and personnel records most companies are purging records seven to 10 years after creation FM Global s retention periods vary significantly in length given the wide array of records it manages and the company s unique business needs Retention periods run the gamut from five years to per manent Records with a permanent retention period are typically historical records of the company or records used in FM Global data analytics One final important point to note is that implementation of a records management policy is a team effort While Information Owners and Information Custodians pro vide the necessary guidance to employees in reviewing understanding and following the Records Management Policy within their respective business units the involvement of stakeholders at all levels is critical to ensuring adherence to the policy When it comes to data protection and cyber security issues the landscape is ever evolving and businesses must keep pace Providing a coherent process and procedure for employees to follow permits the proper management of records and ensures that those records are managed consistently across all global operations 26 REASON ISSUE 1 2017

Hinweis: Dies ist eine maschinenlesbare No-Flash Ansicht.
Klicken Sie hier um zur Online-Version zu gelangen.