HOW IT WORKS

How It Works: Compliant Records Management Programme

Iron Mountain employs a proven, six-stage methodology in working with customers to develop a Compliant Records Management programme.

1. Organise – Determine the scope of the programme - business unit, corporate-wide, international, etc. - and establish organisational roles and responsibilities at the governance, implementation, and administration levels.
   
   
2. Assess – Identify what records exist and where they are located; examine existing policies and procedures; identify risk areas and exposure; analyse legal retention requirements and access requirements; evaluate existing implementation capabilities; and build a master plan.
   
   
3. Develop – Identify record types; inventory all data repositories; create a cohesive and comprehensive records classification scheme; identify recordkeeping requirements for all jurisdictions; assign retention periods based on legal requirements, risk considerations, and operational needs; and develop a comprehensive records retention schedule that provides consistent rules across the enterprise.
   
   
4. Implement – A phased approach in which we first implement the comprehensive base programme, then implement the best opportunities for win, prioritised by risk and business value. We tailor umbrella company policy and procedures for each application; apply retention schedules to existing records; design and roll-out training by audience; and launch a formal programme.
   
   
5. Manage – To effectively manage security, access, and integrity of data, we enforce classification and destruction review via reports and safeguards; maintain training, communications, and certification programmes; update retention schedule, policies, and procedures; plan and budget for programme maintenance, enforcement, audit, and enhancement; and ensure appropriate business unit oversight.
   
   
6. Audit – Review all key components annually, identify deficiencies, benchmark against audit metrics, lobby for compliance buy-in, and assess risk management and cost management effectiveness with the records management steering committee, being prepared to recommend improvements and decide on corrective actions.