I'd like to help advance this thread, gingerly.

In an effort to not be self-promoting, I'm going to try to make this 
sound as much as possible like a National Public Radio underwriting -- a 
spare description:

KPMG LLP has a service line named Records Risk Management.  It sponsored 
a booth at ARMA in San Antonio and will also exhibit in Baltimore.  The 
team includes CRMs, attorneys, CPAs, project managers, and industry 
specialists.  The team's primary function is to assess organizations' 
risk from their Records Management programs in terms of regulatory 
compliance, litigation, reputation, operations, and business 
continuity.  The team presents its findings to organizations' 
leadership.  If there is a gap between the assessed situation and the 
desired situation, the team offers a transformation methodology to 
mitigate or eliminate the gap.  Team members contribute to ARMA chapters 
with speakers, articles, and thought leadership.

Full disclosure: I am employed on this KPMG team.

Gordy Hoke
(507) 534-2293

Larry Medina wrote:
> On 7/12/07, R Weinholdt <[log in to unmask]> wrote:
>>
>> Has anyone ever done a risk assessment for their records management
>> program
>> other than for vital records. I was wondering which areas of a records
>> management program risk was assessed against. An example that I can 
>> think
>> of
>> is Records Retention Schedules. If an organization doesn't have any then
>> there is a certain risk associated with that. Are there others.
>
>
> Rick-
>
> One of the greatest risks I'm aware of is the improper level of 
> protection
> being provided to information assets while in storage and transport. 
> This is
> true for both paper based and electronic forms of information.
>
> Many RIMs either fail to properly assess the risks inherent to improper
> construction, insufficient fire protection, lack of environmental 
> controls,
> exposure to outside possible threats (adjacent businesses or other
> elements), delivery vehicles not properly suited to prevent damage to, or
> loss of, assets, etc.   Few RIMS are aware of NFPA232 requirements, or 
> have
> ever asked whether a storage facility has been inspected by a registered
> fire engineer, if there is an emergency protection plan, and how often 
> it's
> exercised.
>
> Another major risk is related to exposure of privacy or otherwise 
> protected
> information while in storage. This also applies to paper based and 
> even more
> to electronic forms of information.  Most firms should ensure a Business
> Associates Agreement exists when information is stored commercially, and
> should also have a practice in place if records are stored internally to
> ensure privacy is protected.  When it comes to electronic information, 
> its
> critical to ensure YOUR information isn't stored with the information of
> others in a commingled manner on common servers, or streamed on common 
> tapes
> or discs.
>
> Finally, I'd suggest that the inability to effectively train employees or
> apply consistent practices to the management of records across an
> organization to avoid early destruction of information assets, apply 
> legal
> holds, or ensure long-term access to information stored in proprietary
> formats or on media that can become obsolete.
>
> Larry
>

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]