Gone are the days that it is good to keep everything “just in case”. The cost and associated risks with keeping every document ever created or received, whether in electronic or hard copy format, is becoming more and more important with a more fundamental need to be able to identify and locate documents easily.

Document identification is one of the main driving factors behind creating a document management plan – but policies are also necessary to ensure that the organization is ready in case of litigation.

Defensively disposing of unneeded documents limits the amount of information that can be subpoenaed during litigation. Starting a document management effort does not need to be overwhelming and can be undertaken in steps and phases.

Here are 5 document management best practices to get you started:

1. Evaluate record retention requirements that govern your industry

Before any actions are taken it is critical to understand what the rules are that govern the document control requirements in order to determine what you need to keep. There are federal, state, legal and regulatory requirements that determine how long, and for what types of documents the organization needs to acknowledge when creating their document management plan. Below are some examples of the requirements that you should keep in mind during the planning stage:

  • Business Needs: Historic preservation vs. the cost of keeping the materials
  • Legal or Regulatory Requirements: Understand your federal and state requirements (Sarbanes Oxley, IRS, OSHA, etc) and retain any documents for the mandated time period.
  • Litigation-Specific: Do you have a litigation response plan? Any active or reasonably anticipated litigation will override any ongoing document management process, so all documents that you have cannot be destroyed.

2. Define a business record before creating a document retention policy

Once you have determined what documents you must legally preserve, then it is important to start applying the same concept to specific business needs. Being able to classify what documents and document types you have is important and necessary in order to build the plan of whether to destroy, keep and for how long. Some examples are:

  • Correspondence
  • Project materials
  • Legal records
  • Employee-related records (HR, Payroll, etc)

Once you classify what the different types of business record are, then you should document the decision and ensure that there is a plan to implement the decisions and processes across the organization.

3. Determine document storage method

Storage decisions include planning to support the search and retrieval of paper, electronic and email documents. First you must figure out where the documents will be stored so they are easily located if necessary. Paper is relatively easy to understand, electronic data, however, is not so simple. Knowing how each type of data is stored is important, for example emails are usually stored in mail outboxes as well as on system archives or other application servers, loose files can be saved to network locations, local hard drives, etc.

It is also a good idea to work with someone who has experience with managing electronic data and information governance consultants can help you create policies with a special attention paid to ESI.

It would be a good thing to develop a “data map” around who stores what where (this is covered below). You do not have to retain everything that has ever been generated or received. This is why a retention policy is imperative and incredibly helpful in preserving only the necessary data. Should a legal issue arise, it is just as dangerous to keep everything, as it is to not keep potentially relevant data.

Moving from paper to electronic records

How to handle paper documents is a point that should be considered in this stage of the process. While most of the document management plans focus on going “paperless” this does not mean that it is essential. Going paperless will mean that hard copies that are needed will have to be converted to an electronic format for storage and management.

Decide if going paperless is necessary. Determining the volume of documents that would ideally be converted will give a cost estimate of converting that population to electronic format. Of course, having electronic version will be easier to search for and identify but there is a cost to do that. Of special note when thinking about going paperless is to validate if certain documents or records must be kept in original format that have signatures or other information that must be kept in original format.

4. Create eDiscovery data map for retrieval

It’s important to know where all your information is located, and keep the log current. Maintaining an outline of where electronic materials and hard copy documents are stored, and who has access to them allows any information to be easily located if needed.

Document Identification and Retrieval

Once documents have been classified and those that need to be kept have been identified, how can those be easily identified and accessed? If the decision has been made to convert all paper documents to electronic format – the identification and utilization of software applications designed for managing documents can be undertaken. But what about paper? If paper is being maintained, indexes created around the documents that may be stored in an offsite location or even onsite is the general approach.

5. Create and Implement Specific Document Retention Policies

When creating a document management protocol, the management, retention and defensible disposal of email and other electronic communications tends to be the most intimidating aspect of the process. This part can be managed easily if time is taken to properly plan and define specific business records as noted above. Policies can be created around nearly all forms of business communications:

  • Email retention policy: When creating policies around email retention, it’s also important to consider other ways in which employees may be communicating about work projects.
  • BYOD policy (Bring Your Own Device): This allows employees to use their personal device for work purposes.
  • Mobile device management policy: This is similar to a BYOD policy, but tends to be broader, and focuses on the use of mobile devices, regardless if they are personal or sanctioned by the company.

Once the policies and procedures have been established, set a document retention schedule (and keep it). This does not need to be overly complicated, but it is important to have one. Train employees on the new policies, and effectively communicate how they will be reinforced. Keep the policies up to date, and make sure that any new forms of communication are considered.

Document management and control can be a complicated and daunting process, but ignoring document management is a bad idea and will only hurt your company in the long run. It is easy to feel overwhelmed by the thought of beginning this process, but take it one step at a time. It is also a good idea to work with someone who has experience with managing electronic data and information governance consultants can help you create policies with a special attention paid to ESI.