 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 13 Jul 2007 06:56:43 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Hey Rick
How's life in the "Peg".
To add to Larry's usual thoughtful post.
Risk Management is a complicated business function that is being emphasized
by many organizations that have concerns with compliance and business
continuity. I have conducted several risk assessments and gap analyses for
organizations including a program plan for risk reduction.
From a records management perspective, (if you are hunting for categories of
risk, Rick?) the areas to be addressed might include.
Regulatory Risks - Is the organization complying with all legislation or
standards that suggest or require records retention?
In Canada this includes federal and provincial legislation as well as Rules
of Court. Federal standards such as CGSB as well as professional standards
such as engineering or medical profession standards. Contractual
obligations must be met and some concerns such as international legislation
should be addressed. International standards such as ISO15489 and ISO 17779
although not compliance should be followed.
Information Risks - Is the organization effectively managing the storage and
retention of information both physical documents as well as e-mail &
e-documents?
This includes assessing vital records concerns such as physical storage,
security, fire-risk mitigation. Accessibility of e-documents, e-mail and
attachments may be a concern. Security of e-documents and its management
should be reviewed including permissions, use of encryption and navigational
tools for access groups.
Legal Risks - Is there any legal liability in current records storage or
retention practices?
This refers to retention schedules, disposition practices, freeze-hold
mechanisms etc. Management of contracts and agreements is also of
particular concern as this outlines the obligations of the organization.
Operational Risks - Is there any concern for the organization's ability to
conduct business related to current data storage & asset inventory
management?
This involves the entire gamut of threat assessment and categorization of
records as essential or vital. Vital records program activities such as
duplication, dispersal and protection must be reviewed.
Liability Risks - Is there any personal or organizational liability with
respect to current records-keeping and retention?
In Canada see such cases as Canadian Dredge & Dock Co. v. The Queen, [1985]
1 S.C.R. 662 (S.C.C.) which outlines liability whether acknowledged or not
by management or boards of directors. Also Personal information liability
questions should be addressed. Privacy & Personal Information requirements
vary depending on the jurisdiction. Several law firms in Canada have
conducted research on litigation and records-keeping, however no-one has yet
addressed likelihoodof litigation or relative cost impacts.
As an aside the risk levels identified in the DIRKS manual appear well
thought out e.g. significant, moderate . trivial. However, DIRKS is more
often better on theory than practice.
Regards
Jim
Jim Connelly, CRM
[log in to unmask]
8 Oakdale Place
St. Albert, Alberta
T8N 6K6
1-780-460-7089
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
|
|
