Iron Mountain Incorporated : New Report Shows Organizations Struggling to Implement and Enforce Policies for Managing Records, Despite Increasing Spend
05/21/2012| 08:40am US/Eastern
SharePoint and social media records further challenge information
ecosystems, driving the need for unified policies for physical and
Iron Mountain to present report findings during May 24 webcast
Despite greater investments in their information management programs,
most organizations still struggle with properly implementing those
programs and getting employees to comply with them, putting them at risk
for information loss, regulatory non-compliance and litigation. And
while an increasing number of companies have one policy for handling
paper documents and electronic files, the pervasive growth of new record
sources like Twitter, wikis and collaborative software applications like
Microsoft SharePoint threatens their ability to keep those policies
current and compliant.
These are two of the lead findings from a new report released today from
information management company Iron Mountain Incorporated (NYSE: IRM).
Now in its third edition, Iron Mountain's Compliance Benchmark Report
examines the information management practices of more than 3,000
organizations - public, private, government and non-profit - providing a
state-of-the-industry assessment of how well information is being
protected, made available and destroyed.
Last issued in 2010, this recent version of the report shows companies
making strides when it comes to adopting one policy for storing and
handling both electronic and physical records. Past reports showed
company policies designed primarily for paper records and didn't account
for electronic files and email. What's more, these new findings seem to
suggest a growing consensus that the practice of records management is
really risk management, with a larger percentage - 60 percent in 2012
vs. 25 percent in 2010 - of legal/compliance and audit/risk departments
now responsible for implementing, enforcing and auditing policies.
"This year's report shows promising trends of stronger oversight of
information management and better integration of policies for electronic
and physical records," said Harry Ebbighausen, president of North
America, Iron Mountain. "At the same time, however, those gains are
threatened by whether organizations can consistently apply records
management policies across the organization and how well they enforce
them through training and auditing. Until you can manage all your
records under one program, regardless of format or location, the road to
unified records management will remain a rocky one."
Key findings of this year's report, subtitled "A View into Unified
Records Management," include:
Ninety-four percent of respondents will apply more budget and staff
to information management. The growing investment is noteworthy,
particularly given the still uncertain economy. Yet, less than one
third (28 percent) indicated they have a long-term, strategic plan
with executive-level support for records and information management.
Lacking a formalized, executive-sponsored plan, many organizations
will continue to spend valuable time and resources struggling to
implement and enforce effective, long-term best practices.
Integrated policies for paper and electronic records are on the
rise, but adoption is still a challenge. Eighty-three percent of
respondents have records management policies that cover both paper and
electronic records, and nearly half (48 percent) report that those
policies are well integrated into their organization's data privacy
and security policies - a best-practice in information management and
a nine percent increase from the 2010 report. But only nine percent
have seen those policies consistently adopted.
Training on those policies is lacking. Organizations have made
some strides in employee training on records and information
management policies (a 25 percent improvement since 2010), but 36
percent of respondents have no formal training or do it on an ad-hoc
Monitoring compliance remains a major challenge. Ensuring
employees comply with records and information management policy
represents a major challenge for organizations, with 74 percent of
respondents indicating they monitor on an ad-hoc basis or not at all.
This finding is an 11 percent decline from the 2010 report.
Many report paying money to fix information-related events. Even
with more companies adopting comprehensive policies for paper
and electronic records, just 37 percent say their organizations
consistently apply those policies, leaving them vulnerable to
regulatory or litigation non-compliance. Sixty-three percent reported
experiencing an event like litigation, disaster, or data loss that
cost their company money.
In response to these findings, Iron Mountain encourages organizations to
adopt a unified records management approach and recommends the following
for creation and implementation:
Set Proper Policy - Get the fundamentals right to achieve
compliance. Include key aspects such as governance, communication,
education/training, and implementation; once defined, roll out this
policy to the organization and to include all information types.
Make retention and compliance a priority - Retention covers
both the preservation and destruction of information when it reaches
the end of its business life and applies to all business records.
Effective retention schedules apply to all business records and are
regularly updated to comply with changing regulations and business
Information should be easily identifiable and readily available.
An organization capable of quickly identifying and retrieving records
enjoys a competitive advantage, enhanced productivity, and greater
protection from regulatory or discovery non-compliance. Classify
information based on key identifiers such as record location, subject,
author, date and method origination, system of creation and intended
recipient. Then define authorizations and security controls to ensure
it is available when it is needed and who should have access.
Protect and dispose of records the right way. Following
consistent practices for safeguarding and properly disposing of
information reduces the risks of exposure and theft while also helping
to control storage costs. Documenting detailed instructions on how
records are identified and approved for disposal, as well as the
processes for destruction can protect against inadvertent disclosure
or improper destruction.
Audit policies and make the organization accountable. Driving
enterprise-wide adoption of the records and information management
program requires a culture of accountability. Evaluate the success of
that program through regular audits that follow defined metrics for
success. Make employees accountable for their role in ensuring
consistent adherence to policies, and provide visibility,
encouragement and support for the overall program at the highest
levels of the organization.
Iron Mountain will share the full results of the 2012 Compliance
Benchmark Report: A View into Unified Records Management during a
webcast with ComplianceWeek on May 24 at 2 p.m. ET. To register
for the webcast and obtain a free copy of the report, visit http://www.ironmountain.com/Company/Events/2012/May/24.aspx.
About Iron Mountain
Iron Mountain Incorporated (NYSE: IRM) provides information storage and
management services that help organizations lower the costs, risks and
inefficiencies of managing their physical and digital data. The
Company's solutions enable customers to protect and better use their
information so they can optimize their business and ensure proper
recovery, compliance and discovery. Founded in 1951, Iron Mountain
manages billions of information assets, including business records,
electronic files, medical data and more for organizations around the
world. Visit www.ironmountain.com
or follow the company on Twitter @IronMountain
for more information.
Christian T. Potts, 617-535-8721
Kristen Georgian, 617-520-7042
© Business Wire 2012