In this article, we’ll explore the link between RIM and M&A, and review how a strong RIM program can help support your M&A activities in terms of maximizing deal value, minimizing roadblocks, mitigating risks, and streamlining integration.

The Link Between Records Management and Mergers & Acquisitions

First, let’s take a closer look at the link between RIM and M&A. RIM is the practice of identifying, organizing, maintaining, and accessing information assets throughout their lifecycle. This includes everything from physical documents and files to digital data and information systems. A strong RIM program can help organizations manage their information assets efficiently and effectively, ensuring that information is accurate, accessible, and secure.

During the M&A process, information plays a critical role in due diligence, valuation, and integration. It’s important to have a clear understanding of what information is stored where, how it’s stored, and what its potential value is. Having a strong RIM program in place can help ensure that all necessary information is identified, organized, and accessible— minimizing risks and maximizing value.

Maximize Deal Value

One of the most important ways that a strong RIM program helps to support M&A activities is by maximizing deal value. During the M&A process, potential partners need to have a concrete understanding of what information your organization has and what it’s worth. An accurate understanding of where your records and information are located instills confidence in any potential partners, which can translate into more value that’s able to be negotiated.

However, before any due diligence activities take place, it’s critical to have a handle on what’s stored where, how it’s stored, and what its potential value is. Whether it’s a hard drive or a box of physical records, until you know exactly what’s inside, it has no value. From inventory and customer records to billing and employee records, when the data requested during due diligence is provided quickly and accurately, it instills confidence with a potential buyer. This, in turn, makes it more likely that the deal will proceed successfully.

Minimize Roadblocks

Due diligence is a critical part of any M&A process, but it’s also the most time-consuming. Any additional time added to this stage of the M&A process can rack up legal and internal expenses quickly. Fast and efficient sharing of information during this stage is crucial. Moreover, you’ll want to be sure that it’s accurate and up to date.

This is where having your information management team or external professionals involved as early as possible in the process is beneficial. Not only are they likely to have the most complete knowledge about what information is stored where, but their specialized knowledge can accelerate the process– a huge advantage.

However, it takes more than just a rockstar team of RIM professionals to have a solid information management program. Due diligence can take hundreds of billable hours from attorneys and employees months’ worth of time to complete. To minimize this roadblock, you’re pressed to manage all your information across its lifecycle in an integrated fashion.

You can dive deeper into that topic by reviewing our integrated information management roadmap.

Mitigate Risks

With privacy law enforcement on the rise, cybersecurity, and data breaches are becoming a top risk factor— both before and during M&A processes. To mitigate these risks, both parties should first establish a way of sharing information, such as a data room or secure document management system. It’s also recommended to have a complete assessment done early in the process to determine:

• How and when will information sharing occur?
• What are the requirements of the M&A agreement?
• How will the chain of custody be managed?
• Will there be auditability of information access?
• Which documents are critical to due diligence?
• What are the compliance and privacy considerations?

Streamlining Merger and Acquisition Integration

When two companies merge, they bring together their respective records and data systems. This can result in a complex and time-consuming integration process, especially if the records and data are not well managed. A strong records management program plays a crucial role in streamlining the integration process by providing a structured approach to managing the records and data of both companies.

A strong records management program can help identify duplicate or redundant records, enabling the integration team to prioritize the consolidation and management of the most critical data. This can result in significant time and cost savings, as well as the reduced risk associated with data inconsistencies or errors.

Additionally, a well-structured records management program helps to ensure that the merged company has a clear understanding of its data assets, enabling it to identify opportunities for improvement and innovation. This allows the merged company to develop new products, services, or business strategies based on a more comprehensive understanding of its data assets, providing a competitive advantage in the marketplace.

Conclusion

Having an organized and optimized RIM program is not only helpful for M&A processes but also for day-to-day operations. Digitizing key business documents and having them in a securely sharable format can make business processes run smoother and prevent unauthorized access or release of information.

Read our Mergers & Acquisitions Playbook, Managing Information Through Transition, for more details on how to ensure your corporate information is ready to withstand the rigors of information-sharing requirements.

The post The Importance of RIM in Driving Company Merger and Acquisition (M&A) Success appeared first on Access.

Our mission is to empower you with the latest regulatory and provisional information you need to do your job as efficiently and confidently as possible. We’ve researched a variety of areas, including data privacy and security, records retention, financial services, payment processing, workplace safety, and back-office refresh to provide you with a comprehensive update.

We also include notations in italics, where applicable, if the regulatory updates have been added to our IG and retention management software, Virgo, as a courtesy to active clients.

We’re committed to keeping you informed with the latest regulatory and provisional information. Thank you for your continued readership and stay tuned for future updates!

California – New Disclosure Obligations for Lenders:

A new commercial financing disclosure regulation proposed by the California Department of Financial Protection and Innovation (DFPI) took effect on December 9, 2022.

• Providers of sales-based financing (commercial financing transaction repaid by a recipient to the financer as a percentage of sales or income, in which the payment amount increases and decreases according to the volume of sales made or income received by the recipient) are instructed to maintain specific documents relating to estimated monthly sales, income, or receipts projection while they are in effect and for a period of 4 years thereafter.

Cited in Virgo as, “CAL. CODE REGS. tit. 10, § 930” under the subheading, “Commercial Financing Disclosures – Estimates – Sales-Based financing – Historical Method”.

• Financers must provide a copy of compliant disclosures whenever they provide a specific commercial financing offer and maintain a copy of the evidence of transmission for a period of at least 4 years following the date the disclosure is presented to the recipient. Providers shall maintain a copy of each disclosure that it generates for the same period.

Cited in Virgo as, “CAL. CODE REGS. tit. 10, § 952” under the subheading, “Commercial Financing Disclosures – Duties of Financers and Brokers”.

California – Online Marketplaces Laws:

Beginning July 1, 2023, online marketplaces must require high-volume, third-party sellers to provide specific information, including contact information, bank account number, and the name of the payee for payments issued by the marketplace. This information must be kept by the online marketplace for no less than 2 years.

What is considered an “online marketplace”? Under these new laws, a wide range of consumer-focused digital platforms may qualify as marketplaces. In addition to covering marketplaces allowing third parties to buy and sell products on their platform, marketplaces that facilitate third-party payments for consumer products are also covered, as are marketplaces facilitating or enabling third-party shipping and delivery of consumer products.

Cited in Virgo as, “CAL. CIV. CODE § 1749.8.3” under the subheading, “Online marketplace; information maintenance”.

New York – Warehouse Worker Protection Law:

Effective February 19, 2023, the Warehouse Worker Protection Act (WWPA) seeks to protect warehouse workers from unreasonably demanding work quotas. A new recordkeeping rule requires employers of 100 or more employees at a single warehouse or 500 or more employees at one or more warehouses to preserve accurate records of the following:

1. Each employee’s own personal work speed data;
2. The aggregated work speed data for similar employees at the same establishment; and
3. The written descriptions of the quota that such employee was provided.

These records shall be maintained throughout the duration of each employee’s period of employment. After an employee’s separation, records relating to the 6-month period prior to the date of the employee’s separation must be preserved for at least 3 years after separation.

Cited in Virgo as, “N.Y. LABOR LAW § 784” under the title, “Warehouse Worker Protection Act”.

New York – New Compensation Transparency Law:

On December 21, 2022, New York Governor, Kathy Hochul, signed the state’s compensation transparency bill into law. Effective September 17, 2023, all private employers with four or more employees are required to include salary ranges and a job description for all advertised jobs, promotions, and transfer opportunities. For positions that are paid on a commission basis, the advertisement must include a “general statement” along the lines of “compensation shall be based on commission.”

An employer shall keep and maintain necessary records to comply with the requirements of this section including, but not limited to, the history of compensation ranges for each job, promotion, or transfer opportunity and the job descriptions for such positions, if such descriptions exist.

Cited in Virgo as, “N.Y. LABOR LAW § 194-b” under the subheading, “Payment of Wages – Mandatory disclosure of compensation or range of compensation”.

Survey Report: ARMA International’s 2021 Information Governance (IG) Maturity Index

ARMA International’s 2021 Information Governance (IG) Maturity Index Survey and Report, sponsored by Access, aligns with the organization’s Information Governance Implementation Model (IGIM). It was designed to be a simple and repeatable assessment of IG maturity across the seven key…

Check out the eBook ›

United Kingdom – New Requirements for Internet-Connectable Products:

This new Act, which became law in December 2022, imposes security-related requirements for organizations that make, import, or distribute any products capable of connecting to the internet or a network.

Noteworthy records retention requirements state that manufacturers of “relevant connectable products” must maintain records of any investigations carried out by the manufacturer in relation to a compliance failure and any compliance failures relating to the product for 10 years. Similarly, importers of these products must also maintain records of investigations done by the importer in relation to a compliance failure, or suspected compliance failure by the importer or the manufacturer for 10 years.

Guidance from the Department for Digital, Culture, Media & Sport includes a list of products governed by this Act, including:

• Smartphones
• Connected cameras, TVs, and speakers
• Connected children’s toys and baby monitors
• Connected safety-relevant products such as smoke detectors and door locks
• Internet of Things base stations and hubs to which multiple devices connect
• Wearable connected fitness trackers
• Outdoor leisure products, such as handheld connected GPS devices that are not wearables
• Connected home automation and alarm systems
• Connected appliances, such as washing machines and refrigerators
• Smart home assistants

Cited in Virgo as, “Product Security and Telecommunications Infrastructure Act 2022, c. 46, Art. 12”.

USA – New Cybersecurity Obligations for VA Contractors:

The U.S. Department of Veterans Affairs (VA) updated its contractor cybersecurity and privacy practice regulations. These efforts include better-protecting contractor systems that handle sensitive VA information and establishing breach notification requirements. Government contractors take note— these regulations stipulate how records must be maintained and include rules relating to secure destruction.

48 CFR 852.204-71(f)(4): When information, data, documentary material, records, and/or equipment is no longer required, it shall be returned to the VA or the Contractor/subcontractor must hold it until otherwise directed. Items returned will be hand carried, securely mailed, emailed, or securely electronically transmitted to the Contracting Officer or to the address as provided in the contract or by the assigned COR, and/or accompanying BAA. Depending on the method of return, the Contractor/subcontractor must store, transport, or transmit VA sensitive information, when permitted by the contract using VA–approved encryption tools that are, at a minimum, validated under Federal Information Processing Standards (FIPS) 140–3 (or its successor).

(f)(6): The Contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the contract or to preserve electronic information stored on the Contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed.

(f)(10): If the Contractor or subcontractor discloses information on behalf of VHA, the Contractor and/or subcontractor must maintain an accounting of disclosures. Accounting of Disclosures documentation maintained by the Contractor/subcontractor will include the name of the individual to whom the information pertains, the date of each disclosure, the nature or description of the information disclosed, a brief statement of the purpose of each disclosure, or in lieu of such statement, a copy of a written request for a disclosure and the name and address of the person or agency to whom the disclosure was made.

Cited in Virgo as, “48 C.F.R. § 852.204–71” under the title, “Federal Acquisition Regulations System – Department of Veterans Affairs” and subheading, “Solicitation Provisions and Contract Clauses – Information and Information Systems Security”.

USA – New FDA Rule for Traceability Records for Certain Foods:

On November 15, 2022, the FDA issued the final rule on Requirements for Additional Traceability Records for Certain Foods to establish traceability recordkeeping requirements beyond those in existing regulations for persons who manufacture, process, pack, or hold foods included on the Food Traceability List (FTL). These new requirements allow for faster identification and rapid removal of potentially contaminated food from the market, resulting in fewer foodborne illnesses.

At the core of this rule is a requirement that persons subject to the rule who manufacture, process, pack, or hold foods on the FTL maintain records containing Key Data Elements associated with specific Critical Tracking Events for 2 years from the date of creation.

The FTL final list includes:

• All fresh-cut fruits and vegetables
• Certain other fresh produce: leafy greens, cucumbers, peppers, tomatoes, tropical tree fruits, sprouts, herbs, melons
• Certain fresh and frozen finfish
• Fresh and frozen smoked finfish
• Fresh and frozen crustaceans
• Fresh and frozen molluscan shellfish, bivalves
• Certain cheeses
• Shell eggs
• Nut butters
• Ready-to-eat deli salads

Various citations in Virgo from, “21 C.F.R. § 1.1305” through “21 C.F.R. § 1.1455” under the subheading, “Additional Traceability Records for Certain Foods: Traceability Plan”.

European Union – New Cybersecurity Law:

The new EU-wide cyber law, Directive 2022/2555 (NIS2 Directive), entered into force on Monday, January 16, 2023. It sets a baseline for cybersecurity risk management measures and reporting obligations for all sectors classified as high criticality, such as:

• Energy
• Transport
• Banking
• Financial market infrastructures
• Health
• Drinking Water
• Wastewater
• Digital infrastructure

Various citations in Virgo under the title, “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)”.

To learn more about how to address records retention, data privacy, and security requirements more efficiently, request a call with an Access expert or request a product demonstration of Virgo.

The post Access Legal & IG Quarterly Update – Q1 2023 appeared first on Access.

This can be due to a variety of things: sensitivity of the deal, not understanding the value that the records and information team can provide to support the deal, or fear of sensitive information leaks or data breaches from either party.

While part one and part two of this blog series focuses on how to prepare yourself ahead of time, in this final mergers and acquisitions post, we’re going to give you a game plan for when things don’t go as you wish they had and you find yourself in a time crunch.

Step 1: Assess the Situation

We’ve all been there.

You’re quickly looped in on a project that sounds extremely exciting… until you hear the deadline you’ll need to hit is uncomfortably close. Too close. As panic-inducing as these situations can be, the most important step is to remain calm and assess the situation.

This means getting as much accurate information as you can on the deal and organizing it into a way that can then be turned into an actionable game plan.

These might be actions like:

• Determining the key contacts from both companies
• Creating a small core working team within RIM who will be dedicating their time to the project
• Creating a secure, central collection space for information

If these actions have already been taken, gain access to them immediately and get your footing on what else has already happened to avoid duplication of work.

Step 2: Prioritize & Set Expectations Properly

Regardless of the amount of pressure you’re under to meet a deadline, be sure to review the full scope of the project to ensure you’re able to meet the requested deadlines while mitigating risk of a mistake or leak.

This means talking to the core M&A deal team and figuring out what needs to be done immediately to meet the needs of both organizations while also protecting the personal identifiable information (PII) that may be in both systems.

If you discover that the scope of the project is too large for your team to execute with confidence, you should move on to the next step.

Step 3: Advocate for Extra Resources

Situations such as M&As are the reason that having a strong information management process and system in place is critical.

Either way, your team may have other, existing projects they’re working on that include critical business processes.

To prevent throwing off the team’s project roadmap by having them taken away from these standard business processes and/or projects, speak to your leadership team about bringing in extra team members or resources to support this additional load.

Some things you might do in this step include:

• Find an external partner with experience in sophisticated integration management processes who can help accelerate completion with best practices.
• Pull team members with relevant experience from other departments who can help.
• Seek expert advice and support to ensure a smooth integration and help mitigate potential risk of lost information.

Survey Report: What the Pandemic Taught Us About RIM and Managed Services

Since the start of the pandemic, companies have quickly pivoted to meet evolving client needs and have shifted employees to hybrid and remote work models. As a result, digitization has become a key business priority to enable convenient information access…

Check out the eBook ›

Step 4: Integrate Yourself into the Process

Every M&A deal that’s successful includes a cross-functional team representing all departments or functions with a master source of data, as well as subject matter experts who can add value through understanding the contents of files and what should be included.

Find a way to collaborate regularly and keep abreast of their latest activities while lending your records and information management team’s insights and expertise in optimal ways.

Other actions that are important to do:

• Determine the potential volume and type of information you will be receiving by requesting access to the Virtual Data Room.
• In the unlikely event the IT team has not been briefed, be sure to loop them in as well as they’ll have many of the same data concerns as the RIM team.

Step 5: Conduct a Post-Mortem

Even though the deal has been closed and the announcements have been made, your work must continue to enable future success.

Your team should be proud of the work they’ve done under pressure, but there are several important things to discuss with your leadership team to prevent last-minute scrambles like the one you just experienced.

As an information management leader, you should have a post-mortem meeting with the internal team to discuss how to be more successful going forward. You’ll want to discuss the following:

• Impress upon leadership that it is key to have the information management team involved as early as possible.
• Ensure your information management team has the appropriate staff and budget to effectively manage any future deals.

Conclusion

M&A deals remain steady and will continue to be a part of business.

If you missed either of the earlier blogs, you can find part one here and part two here.

For a deeper dive into the intersection of information management and mergers & acquisitions, check out our eBook, Managing Information Through Transition: The Mergers & Acquisitions Playbook.

Read The New M&A Playbook Now!

The post Mergers & Acquisitions: 5 Things to Do When Your Team Learns After the Fact appeared first on Access.

Digital transformation can’t happen without a strong information management program.

In last week’s blog, we talked about the ways that M&A initiatives can benefit from a strong records and information management (RIM) program.

This week we’re going to continue the discussion about M&A-related activities; specifically, we’ll cover the types of information challenges that can pop up during the various stages of a deal and how to overcome them.

Pre-Deal Challenges

Whether you are part of the merging or acquiring entity, it is essential to fully understand from the outset what information assets need to be managed. Here is how to tackle a few common problems before due diligence even begins:

Information management team isn’t informed about the deal ahead of time

It’s important to have a strong information management system and processes in place. But if yours is weak, impress upon leadership that it is key to have the information management team involved as early as possible.

Bringing the information management team into the fold ahead of a deal will allow them enough time to get the “house in order”. Otherwise, if a deal is imminent and resources are short, it may make sense to dedicate/hire external resources to help prepare information ahead of a deal. Bad data or unorganized information can cause significant deal delays or even cause a deal to fail.

Insufficient resources / headcount

The value of a deal can often hinge on the information that you have and know how to access. Information management should not be an afterthought. Ensure your information management team has the appropriate staff and budget to effectively manage this process.

When/if it makes sense, hire an external partner with the expertise and experience in sophisticated integration management processes to assist you through the transition.

Integrating new files / systems

If you’re on the acquiring side of the house, make sure you have a competent IT team queued up to help you through the process of integrating digital records and systems. Additionally, an information management partner with a strong background in digital transformation processes can support you and the team in converting paper files to electronic format so you can ensure a smooth and secure integration while mitigating the potential risk of lost information.

Maintaining privacy and confidentiality

One of the biggest risks during M&A is the potential of a data breach. Privacy compliance and regulatory requirements are constantly evolving so be sure everyone involved in the deal is aware of how to mitigate those risks.

Information Management: From Clay Tablets to the Cloud and Beyond

Information management has evolved dramatically over the centuries. The very first records were written over 5,000 years ago on clay tablets by the ancient Sumerians, and today our information can be accessed with the click of a button.

Check out the Webinar ›

Negotiation / Deal Stage Challenges

During the negotiation stage of an M&A deal, a lot of time will be spent on due diligence. There can often be extremely tight timelines and deadlines that pop up out of nowhere.

While you can’t always be ready for everything that happens during a deal, you can prepare for many by thinking ahead about potential pitfalls and how you can avoid them entirely or manage them when they do arise.

Dealing with uncertain timing

It is vital to have a strong working relationship with the IT team. By working alongside them, you’ll be able to strategize together and anticipate potential roadblocks before they happen, including risks related to the timing of information transfers. You can also plan ahead to determine what can be done to mitigate that risk and prepare accordingly.

Integrity of information

One of the biggest challenges that can happen as you’re integrating data is having duplicates or redundant copies. Make sure you understand which files are the master records and which are just redundant data. In addition, be aware that regulatory requirements are constantly evolving. You may acquire non-compliant information and need to be ready to deal with it accordingly.

What Happens Next?

Once the purchase agreement is finalized, all stakeholders can be officially advised of the M&A details, and the final work of completing the deal begins.

During this stage, records will be prepared, file inventories will be created, and data will be transferred to the acquiring company.

Continuing to monitor the progress during the post-closing stage of the deal will help to minimize the chances of budget shortfalls and time delays while ensuring that the deal achieves its intended targets.

Conduct proactive monitoring to spot potential problems before they affect operations. Monitoring should include management reports and KPI checks as well as interviews with frontline staff.

It’s never been more important to ensure that your corporate information is ready to withstand the rigors of information-sharing requirements. Don’t get caught unprepared! Your company’s next merger or acquisition could be right around the corner.

Continue learning and getting more tips – wherever you are in your information journey – by reading our new M&A eBook, Managing Information Through Transition – The Mergers & Acquisitions Playbook.

Read The New M&A Playbook Now!

The post Information Challenges During Mergers & Acquisitions (and How to Overcome Them) appeared first on Access.

Why?

HBR writes that in most deals, “companies too often pay the wrong price and integrate the acquisition in the wrong way”. In other words, overestimating what the company is worth or underestimating how difficult the integration will be.

That’s where having a strong records and information management (RIM) program in place can be vital.

During the first of this three-part series, we’ll talk about the link between RIM and M&A as well as explore the different ways that RIM can help benefit M&A processes.

1. Maximize Deal Value

An accurate understanding of where your records and information are located instills confidence in any potential partners. This can translate into more value that can be negotiated because of a concrete understanding of what information you have and what it’s worth.

Therein lies the problem, however.

Whether it’s a hard drive or a box of physical records, until you know exactly what’s inside, it’s valueless. It’s critical before any due diligence activities take place that you have a handle on what is stored where, how it’s stored, and what its potential value is.

That said, it’s about more than just putting a value on the information itself. From inventory and customer records to billing and employee records, when the data requested during due diligence is provided not only quickly, but accurately, it instills confidence with a potential Buyer. This in turn can add additional value or assurance that the deal will proceed successfully.

2. Minimize Roadblocks

Due diligence is a part of any M&A process and is always the most time-consuming. Any additional time added to this stage of the M&A process can rack up legal and internal expenses quickly.

Fast and efficient sharing of information during this stage is crucial. Moreover, you’ll want to be sure that it’s accurate and up to date.

This is where having your information management team or external professionals involved as early as possible in the process is beneficial. Not only are they likely to have the most complete knowledge about what information is stored where but their specialized knowledge can accelerate the process – a huge advantage.

Due diligence can take hundreds of billable hours from attorneys and employees, and months’ worth of time to complete. It takes more than just a rockstar team of RIM professionals to have a solid information management program. This comes down to managing information across its lifecycle in an integrated fashion.

Check out our integrated information management roadmap to dive a bit deeper into that topic.

Survey Report: What the Pandemic Taught Us About RIM and Managed Services

Since the start of the pandemic, companies have quickly pivoted to meet evolving client needs and have shifted employees to hybrid and remote work models. As a result, digitization has become a key business priority to enable convenient information access…

Check out the eBook ›

3. Mitigate Risk

With privacy law enforcement on the rise, cybersecurity and data breaches are becoming a top risk factor both before and during M&A processes. Data reported by Forbes found that an astounding 40% of M&A deals involved one party uncovering a previously undisclosed cybersecurity leak.

To mitigate these risks, both parties should first establish a way of sharing information such as a data room or secure document management system.

There should also be a complete assessment early in the process to determine:

• How and when will information sharing occur?
• What are the requirements of the M&A agreement?
• How will chain of custody be managed?
• Will there be auditability of information access?
• Which documents are critical to due diligence?
• What are compliance and privacy considerations?

4. Streamline Integration

Whether it’s a merger, acquisition, or divestiture, at the conclusion of the deal, information will have to move from one system to another or be separated entirely.

This makes integration another potential barrier to deal success. Reasons for this can range from incompatible technology and outdated paper files to non-compliant records, or differing processes.

Relying on internal expertise may not be enough. The solution is to seek expert advice, possibly from a third party with experience in post-acquisition integration, to streamline data transfer and keep business running as usual.

Conclusion

Obviously, an organized and optimized RIM program isn’t just helpful for M&A processes but for day-to-day operations in general.

Having key business documents digitized and in a securely sharable format can make your everyday business processes run smoother, prevent unauthorized access or release of information, and can give you a better understanding of what records should be retained or destroyed.

It’s never been more important to ensure that your corporate information is ready to withstand the rigors of information-sharing requirements. Get all the details you need to be successful by reading our new M&A Playbook, Managing Information Through Transition – The Mergers & Acquisitions Playbook.

Read The New M&A Playbook Now!

The post 4 Ways Your M&A Initiatives Benefit from a Strong Records and Information Management (RIM) Program appeared first on Access.

The challenge is that the process can be tedious and difficult to do if you don’t have a clear approach or understand best practices for creating or updating your RRS.

This week we’re going to talk about how to properly build a modern records retention schedule that can be easily updated on a regular basis.

What is Included in a Records Retention Schedule?

During our recent webinar kicking off our Retention Schedules from A-Z Series, Access’ manager of Consulting Services, Andrea Lipari, defined a records retention schedule as:

“a comprehensive list of record series titles that indicate the length of time each series is to be maintained. It may include retention in office areas, off-site storage, as well as when and if such a series may be destroyed or transferred to another entity, such as archives.”

These series should represent similar business processes or activities that are retained for the same amount of time after which they can be properly dispositioned.

To give a more concrete example, let’s consider records related to applicants who do not end up being hired. According to SHRM, the minimum amount of time that you should keep records of this type is one year. This means those application records should be grouped into a record series with other HR records that need to be kept for a minimum of one year, after which they should be destroyed.

Grouping records like this is commonly known as the Big Bucket approach to building your retention schedule.

What is a “Big Bucket” Approach to Retention Schedules?

The Big Bucket approach focuses on having fewer retention buckets or series in order to support consistency and compliance while avoiding confusion.

When you have fewer large buckets that are grouped by similar activities or processes, it is possible to keep the number of possible buckets to a manageable size. For instance, if every department was creating a set of policies and procedures and the organization has 30 departments, you would end up with a retention schedule that is not only unwieldy but confusing. End-users would have no idea which bucket a particular record belongs to. This can cause all sorts of headaches down the road. At Access, we advocate the big bucket approach because it is far more functional.

To go back to our previous example of policies and procedures, when you organize groups by business processes, you are able to consolidate those buckets into one record series for policies and procedures across the entire organization.

As Brenda Barnhill noted during Retention Schedules from A-Z, “we always think more is more. it isn’t always the case. Bigger buckets actually make it easier for auto-classification tools and humans to assign correction retention.”

How to Create a Record Retention Schedule for Your Business

Now that we’ve outlined the approach, it’s time to start building or updating your RRS.

• Start with research. Consider that a domestic-only, US company in a highly regulated industry can be subject to as many as 15,000 to 20,000 regulations. While creating your RRS, you should consider:
  • Existing laws
  • New laws
  • Laws at every jurisdictional level (local, state, federal)
  • New laws being considered
• Use what’s already there – leverage relevant company policies, records inventories, and/or retention schedules – Andrea shared that her best tip for researching your information is to include your company’s website. Never underestimate what you can learn from your company’s website. It’s a treasure trove of information.”
• Focus on the back-office functions first. Those operations will make up 80% of the big buckets and are likely to cover most of the records generated at your organization.
• Shift to specific needs – Once you’ve created the more common back-office functions, focus on creating the next set of new record series for industry/company specific records.
• Review Your project team should take a look at the first draft classification scheme  first and then have relevant sections reviewed by SMEs across the organization.

All told, it should take about 12-16 weeks and you should end up with somewhere around 100 to 150 buckets.

Updating Your RRS

Creating or updating your Record Retention Schedule has never been a one-and-done sort of project. Today, the stakes are higher than ever and the risks of non-compliance are exceedingly expensive.

Trends suggest that the laws and regulations governing retention aren’t going anywhere and are actually increasing in number. Privacy regulations are increasing to the point that, as Gartner reports, by 2023, 65% of the world’s population will be covered by some sort of privacy policy, which is up from 10% in 2020.

With this constant change, it’s important that you update your retention policies regularly in order to remain compliant. If your team is struggling to keep up with the rapid pace, there’s a tool that can help you streamline your privacy and retention policy updates with continuously updated legal research covering 220+ jurisdictions around the world.

To learn more, watch our recent webinar, Retention Schedules from A-Z, or click on the following link to get a free trial of Virgo – our retention schedule management software.

Get Your 90-Day Trial of Virgo Now!

The post Record Retention Schedules – What’s in Them, How to Develop One and More! appeared first on Access.

Within the next 4 years, Gartner predicts that we’re going to see a dramatic shift from using multiple Software as a Service (SaaS) applications to using fewer applications that centralize the management of activities.

The combination of increasing cloud storage costs and overall decreasing budgets due to a variety of influences makes choosing and investing in the right technology a much higher-stakes proposition than it was a few years ago.

In this week’s blog, we’ll explore how to build a business case for adopting a centralized document management platform to manage records.

Step 1: Identify the Business Problem

The first step of an effective business case isn’t about technology.

It’s about identifying the problem that needs to be solved.

Technology is intended to solve a particular problem or set of problems. Understanding the challenge is the first step to finding the best solution ahead of any investment.

Unfortunately, what people end up doing is buying first, implementing later, and then discovering that they’ve got expensive, and oftentimes, very, very expensive failed technology installations.

One example of a business that tackled its challenges logically and successfully was Eclaro. Eclaro, a global staffing organization, was dealing with a paper-intensive process that simply wasn’t scalable.

For starters, Eclaro’s remote teams did not have secure, easy access to documents. This caused work to be delayed and hampered productivity. Additionally, the processes themselves were labor intensive and increased the chances of losing or mishandling paperwork. Once Eclaro had thoroughly identified their issues, they realized they needed a document management solution that integrated with their ERP so they could service clients more quickly, efficiently, and with a higher degree of accuracy. Read more about Eclaro’s story here.

Step 2: Creating the Business Case

When crafting the business case for investing in document/records management software, you should focus on concrete benefits to the whole organization, not just single departments.

For instance, a centralized document/records management software can help with:

• Cost savings – By reducing the number of employees required to complete manual tasks, document management software reduces costs associated with hiring new staff members.
• Improved productivity – Automation allows employees to focus on higher-value activities while freeing up time to work on projects that require human attention.
• Increased efficiency – With automated processes, workers spend less time searching through paper files and manually entering data into databases. This frees them up to do more productive, higher-value work.

In another case study example, when American Seafood Group was looking to reduce the amount of time that its HR department and employees were devoted to administrative functions, they focused on the improved impact that HR teams could have if they weren’t bogged down in employee paperwork, compliance, and crew orientation.

Digitizing their paper-based process through a centralized document management software solution, they were able to reduce time spent on admin tasks by 35%. Learn more about their successful experience here.

Survey Report: What the Pandemic Taught Us About RIM and Managed Services

Since the start of the pandemic, companies have quickly pivoted to meet evolving client needs and have shifted employees to hybrid and remote work models. As a result, digitization has become a key business priority to enable convenient information access…

Check out the eBook ›

Step 3: Evaluating Records Management Software Solutions

Every technology has some upsides and some downsides, with constant risks and challenges.

Balancing those risks with the needs you’re trying to serve is an exercise that you absolutely must go through and it is not an easy one.

No solution has an “easy button”, as much as we’d love that to be the case.

Traditionally, any form of an easy button ends up being the next generation of technology, whether that’s imaging systems, cloud-based computing, or the next hot tech.

Therefore, the best advice we can give is simple:

You should not invest in any technology before doing significant planning and understanding of what problem(s) you need to solve and how it can be solved by specific records/document management software.

That makes it all the more important to spend time during step 1 evaluating the exact problem you’re looking for software to solve.

Step 4: Implementing and Maintaining

The final two steps, implementing the software solution and maintaining it are likely going to be the largest investment and most time-consuming part of your process as it tends to stretch on for long periods.

Following are some ways that you can make the implementation and maintenance processes more seamless:

• Keep the team together – During the process of creating the business case, you will undoubtedly involve a variety of stakeholders in the process. Keep that team meeting regularly to do check-ins on what’s working and what isn’t to ensure the smoothest implementation possible.
• Train, then train again – Research shows that “the average company has 254 applications, but regular usage among employees remains low”. Training regularly and incorporating your new process into employees’ day-to-day activities can maximize adoption rates.
• Communicate your wins – When going through the implementation process, you’re likely to get some quick wins and improvements that happen quickly. Be sure to celebrate those wins even though it may take a while to recognize the full results.

Curious to learn more about choosing a document/records management software that will help your organization solve its most pressing information management issues? Request a demo or arrange a discussion with one of our solutions specialists today!

Request A Demo Now!

The post Document Management Software: Building a Business Case appeared first on Access.

Just as we set out to do when we first launched last year, in this second quarter of 2022, we aim to ensure that you have all the latest regulatory updates and provisional information you need to do your job as efficiently as possible and with the utmost confidence.

We also include notations, where applicable, if the regulatory updates have been added to our IG and retention management software, Virgo, as a courtesy to active clients. We look forward to continuing to provide these updates throughout this year and beyond. Following is the latest on that front.

New & Noteworthy Legislation in the United States:

• California

• • CAL. GOV’T. CODE § 12946(a). Effective January 1, 2022, employers must now retain “all applications, personnel, membership, or employment referral records” for 4 years from the date the records were created, or the date the employment action was taken. Prior to this amendment to Government Code section 12946, these records only needed to be kept for 2 years.

• Virginia
  • CODE ANN. § 59.1-577(B)(5). Virginia’s governor recently approved legislation to amend the Virginia Consumer Data Protection Act (VCDPA).
    • The new language adds an exemption to the right to delete. Specifically, the new language states that data controllers that have obtained personal data about a consumer from a source other than the consumer shall be deemed in compliance with a consumer’s request to delete such data by either: (1) retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the consumer’s personal data remain deleted from the business’s records, and not using such retained data for any other purpose; or (2) opting the consumer out of the processing of such personal data for any purpose except for those exempted pursuant to the VCDPA.
  • Utah
    • New Consumer Privacy Act
      • Applies to for-profit entities that (1) conduct business in Utah or target products and services to consumers who are residents of the state, (2) have annual revenues of at least $25 million, and (3) meet one of two threshold requirements:
        • Annually control or process the personal data of 100,000 or more Utah residents (“consumers”); or
        • Derive over 50 percent of gross revenue from the “sale” of personal data and control or process personal data of 25,000 or more consumers.
      • Businesses subject to the UCPA will generally find that their compliance efforts for other state privacy laws offer a significant foundation for UCPA implementation as they build for its December 31, 2023, effective date.

Adventures in Digitization: The Digitization Playbook for Energy Companies

Access recognizes that there is not a one-size-fits-all approach when it comes to moving through the digitization process, and that’s why we created this playbook.

Check out the eBook ›

As always, over the coming months, the Access Legal Research Team will be conducting new research and reviewing existing research in the following jurisdictions:

• Argentina
• Australia
• Austria
• Belgium
• Brazil
• Canada
• Chile
• China
• Colombia
• Croatia
• Czech Republic
• Germany
• Djibouti
• France
• India
• Iraq
• Japan
• Kuwait
• Lebanon
• Mexico
• Netherlands
• Panama
• Philippines
• Singapore
• Slovenia
• Turkey
• South Africa
• UAE
• US
• UK

To learn more about how to address records retention, data privacy and security requirements more efficiently, request a call with an Access expert, or request a product demonstration of Virgo here.

Request A Free Trial Now

The post Access Legal & IG Quarterly Update – June 2022 appeared first on Access.

Is there an important distinction?

“Records Management” as defined by ARMA, “is the professional field dedicated to information …[that] requires ongoing maintenance, whether it be for evidentiary or specific business purposes.”

ARMA defines information management, meanwhile, as follows: “Information management (IM) is the practice of ensuring a consistent flow of organizational information through a defined lifecycle that starts with its conception or capture through to its archival or disposition.”

In a lot of cases, including on this blog, they are referred to as a combination of the two disciplines under the title “Records & Information Management (RIM)”.

So what then, is the difference between the two disciplines?

Both are concerned with making sure information flows into and out of an organization when needed, that it gets to where it needs to be and is accessible by the right people when and how they need it.

The longer, more precise answer requires a look into the history of the discipline which we’re covering today, so we’re going to take a look at where the information profession is headed.

The Goals of Records Management and Information Management

As long as there have been written works worthy of preservation, there has been a need to manage that information.

Thousands of years ago, (we’re talking Sumerians, Ancient Egyptians, and the like), this fell to the purview of archivists and librarians.

Fast forward a few millennia to the industrial revolution and there are two major forces at play: the printing press, the precipitous rise in varying types of businesses, legislation, and taxes that required exact record keeping to stay in line with the law.

These records that were kept then were necessary and a part of the process of doing business.

Now, in the digital age, the amount of information created in the course of doing business continues to exponentially increase both across systems and media types.

And yet, only about 5% of this information is considered a record.

Either way, whether it’s information on Microsoft Teams chat logs, a comment on a calendar, or a working copy of a document, the other information created still exists and needs to go through the typical information lifecycle including eventual dispositioning.

The true answer of what the difference is between the two disciplines comes down to a syllogism of sorts: all records are information but not all information is considered a record.

Both disciplines can and should coexist, though only a record deserves the attention of being managed directly.

Is it a Record or Not?

If only a record needs to be managed, how do you identify what a record is in the midst of terabytes of data?

The amount of data only continues to increase exponentially every day – especially with the proliferation of hybrid and remote work.

Traditionally, when a discovery process or audit needed to be done, the practice, in place for literally decades, was to hire a team of contract attorneys. The challenges with this method are obvious: it is slow and costly, and often inaccurate and inconsistent.

Many of today’s solutions rely on automated classification and software solutions that leverage technology like Artificial Intelligence (AI) coupled with Machine Learning (ML) algorithms to understand what’s in a document. They can also automatically apply the correct metadata. Solutions on the market today are undoubtedly faster than a team of attorneys but the accuracy sometimes leaves much to be desired.

While these solutions have come a long way, there’s still work to be done to enable truly unsupervised AI to be unleashed upon a pile of unstructured data and result in a nice neat structured data set in the end.

3 Tips for a More Cohesive RIM program

Unfortunately, there isn’t a quick and easy fix to enable optimal RIM. One can’t expect all business to come to a complete halt in order to take stock of what records and information an organization has, where it is, and what’s to be done with it. It’s a process.

In the meantime, we have three tips to start integrating into your RIM program to help effectively separate the records from the information.

1. Eliminate as much noise as possible

Work closely with your IT teams to put automated retention schedules in place so that things like Microsoft Teams chats or other files aren’t left to sit indefinitely.

1. Shift toward a digital-first approach wherever possible

In today’s work-from-anywhere environment, paper records are a roadblock to sharing information across an organization. Identifying paper-intensive processes and digitalizing them can make that information easier to find, easier to store, easier to enable version control, and easier to delete when needed. This can be invaluable ahead of an audit.

1. Invest in technology that makes sharing easy without sacrificing security

Even with digital files, there’s still a need to be able to share that information in a secure fashion so that your organization doesn’t risk a data breach. Investing in a document management system that allows for the creation of digital file rooms provides the balance between access and security.

Conclusion

As long as there is information, specialized professions like records and information management will be necessary to keep a close eye on an organization’s most valuable asset: its data.

If you’re looking to future-proof your program to effectively manage both records and information, it’s time to start your journey towards building an integrated information management program.

Find out more in our eBook, Integrated Information Management – A Roadmap with Considerations for Properly Assessing Your Organization’s Information Priorities.

The post Records Management vs Information Management: Is There a Difference? appeared first on Access.

But manually managing records is expensive, inefficient, time-consuming, and error-prone, which is why many businesses turn to an electronic records management system. 

An electronic records management system helps businesses achieve their operational and compliance goals more easily and efficiently while reducing the cost of record management. But which is the right record management system for your organization? In this article, we explore five electronic records management features you should consider before deciding.

What Is an Electronic Records Management System?

Electronic records management systems are a software solution for managing the records lifecycle, from ingestion and storage to disposal. They provide secure storage and access while automating some of the more complex aspects of compliant records management, such as encryption, chain-of-custody reports, document searches, and secure document destruction. 

Businesses should expect their electronic records management systems to provide a friction-free process for collecting digital and physical records. That includes options to scan physical documents immediately or as they are required, as well as to deliver hard copies or digital copies with short lead times. In addition to storing documents, an electronic records management system should also provide intuitive web interfaces for accessing, searching, and generating reports. 

5 Key Features to Look for in Electronic Records Management Systems

Electronic records management systems vary widely in sophistication, user-friendliness, and the tools they provide. If your business is considering adopting a record management system, we recommend you look for and ask potential vendors about these five must-have features. 

Secure Data Storage

Many of the most significant data breaches happened because records were stored insecurely. Sensitive data is valuable to criminals, and they will exploit any gap in security to access and exfiltrate data. A security gap might be as simple as forgetting to lock a filing cabinet that contains medical records or as complex as improperly configuring cloud storage access permissions and encryption. 

An electronic records management system protects users against these kinds of mistakes. Your chosen solution should offer world-class physical security, industry-leading data encryption, both at rest and in motion, and access logs so you know who has accessed your data and when.

Flexible Access Management Tools

The secure storage of sensitive information is only one component of a comprehensive record management system. Your employees must also be able to access records quickly and efficiently to facilitate business operations and satisfy auditing and reporting requirements. Furthermore, access must be tightly controlled via an identity and access management system that allows organizations to assign granular permissions to authorized users. 

When assessing electronic records management systems, ensure they provide an intuitive interface with tools for searching and adding records, requesting record delivery, and generating reports. 

Industry-Specific Compliance Capabilities

Regulatory compliance is one of the biggest record management challenges businesses face. Sensitive data is subject to a host of regulatory standards with rigorous requirements, including HIPAA, FERPA, FACTA and SOX,  and many more. The rules differ depending on the data type, and they change frequently. 

Your electronic records management system should be able to help you to comply with relevant regulations throughout the document lifecycle with features such as chain-of-custody management and reports, record retention and destruction schedules, and compliant digital storage and record delivery systems. 

Adventures in Digitization: The Digitization Playbook for Energy Companies

Access recognizes that there is not a one-size-fits-all approach when it comes to moving through the digitization process, and that’s why we created this playbook.

Check out the eBook ›

Record Retention Scheduling

How you dispose of records is just as important as how you store them. Regulatory standards compel businesses to keep records for a specified period, after which they must be disposed of securely. The method used to destroy records depends on their form, whether that’s physical, stored on a cloud platform, or on tapes and hard drives. 

When you’re investigating an electronic records management vendor, be sure to enquire about record retention scheduling and secure destruction. You should expect them to offer one-time and scheduled shredding services for paper documents and the secure destruction of various digital storage media. 

The Ability to Integrate With Business Systems

Your business already leverages a range of solutions to create and manage documents. You shouldn’t have to transition to an entirely new system to implement compliant records management. Instead, a record management system should adapt to your existing processes. For example, if you use Microsoft Office 365 or DocuSign, be sure to ask vendors whether their electronic records management systems integrate with those products to provide comprehensive record management as part of your existing processes. 

Find the Electronic Record Management System That’s Right For You

We’ve focused on five of the essential features electronic records management systems should have, but there are many more we could have included, such as priority delivery for electronic and physical documents, scan-on-demand services, and a physical location near your offices. 

If you’re looking for an electronic records management system that combines all of these features and more, visit our Records Management Services and Document Storage Solutions or contact a record management specialist today.

The post How to Choose the Right Electronic Records Management System appeared first on Access.