RM: Compliance rules, litigation advances
Being prepared is not primarily a matter of having RM software installed. "Companies need to have policies in place, a data classification system, clear roles and acknowledged ownership of the records," says Vivian Tero, senior research analyst at IDC. "There needs to be a method of uniformly enforcing a retention policy across the enterprise.
Culture of compliance
Highly regulated industries such as energy and pharmaceuticals are actually in a better position to meet those expectations than companies that are less accustomed to such demands. For example, the Food and Drug Administration (FDA) has longstanding regulations about record keeping for pharmaceutical products. "These industries understand regulations and know they must comply," says Galina Datskovsky, CEO of MDY, which produces records management software. "Researchers in the pharmaceutical industry are aware that a notebook is a record, and knowledge is widespread about how long the records must be kept."
In contrast, businesses such as retailing or software development have not had a long history in records management from a compliance viewpoint. "There are regulations that apply to these industries," Datskovsky continues, "but they are not as highly visible." Therefore when new requirements such as Sarbanes-Oxley emerged, the organizational culture had a more difficult time adjusting. Clear guidelines along with a strong educational program can gradually change the culture, and RM software can be set up to automate much of the process.
MDY's flagship product, MDY FileSurf, manages both physical and electronics records, "One of the most important trends right now," Datskovsky says, "is federated records management. Companies want to apply policies to manage the records in place, rather than migrating them to a central repository." Whether the company's concern is compliance or e-discovery, the ability to access all relevant records is critical.
RM drivers converge
The two key drivers for records management--compliance and risk management--are not the same, but neither are they completely independent of each other. "These two areas are very interrelated," says Robert Markham, principal analyst at Forrester Research. "Both of them have the same underlying roots, with the chief legal office looking at the organization's financial and legal risks. Although compliance still dominates, risk management for litigation is growing, and may well overtake compliance in the coming years."
In either case, organizations that are challenged to produce records will need to do so in a timely and comprehensive fashion or face the danger of debilitating penalties.