You want to be confident that your company shreds the right documents at the right time — every time.
As the person responsible for records management or regulatory compliance, you need a defensible program to retain and later destroy information in paper and digital records. But how do you ensure your company’s document shredding and disposal practices can stand up to the scrutiny of auditors and regulators, or lawyers in a court case?
There’s no shortcut to secure document shredding. Taking a shortcut means risking disclosure of the private information that belongs to your business, your employees and your customers. Doing so also exposes your company to legal and financial liability and potential damage to your brand. So don’t go there.
Here’s how to get rid of records at the end of their usefulness in ways that protect the information they contain and ensure you comply with laws, regulations and all agreements.
First Step: Identify and Track Every Document
Every paper document, file, carton and bin in which records are kept should be identified with a unique code that can be scanned to start a closed-loop process. This step creates the chain-of-custody proof that‘s needed as evidence of your company’s compliance with rules for how information is supposed to be handled. The codes also improve productivity by reducing the time employees need to locate and retrieve a document.
Be sure to train all employees so they know how to create, store and retrieve documents with the proper identification code.
Next, every document should be scheduled to be stored for the period required to comply with the laws, regulations, internal policies or contracts with third parties. Keeping the documents around longer — or hanging onto multiple copies of a document — opens up your company only to more legal risks. Doing so also adds time and expense to search for the information to respond to discovery requests in legal and regulatory investigations.
Retention time usually is listed as the number of years a record must be kept from the date it was created. Other options to consider:
Last, rely on advanced information governance software to establish a retention schedule along with an automated process for review of documents at the end of their life cycle:
An automated information governance process is the best way to ensure your company economically manages information across multiple operating units, departments and systems while also mitigating legal and regulatory risks.
Next Step: Heading for Shredding
When the scheduled retention time has been reached, records must be destroyed in ways that protect the personal, financial and health information that’s critical to your company, employees and your customers. Secure shredding can occur onsite at a company’s location but typically happens offsite at a vendor’s document-destruction facility. What’s important is that you do shred because it’s the most secure way of disposing of information.
One last step: Ask whether the shredding vendor is certified by the National Association for Information Destruction. Certified companies are required to follow procedures to secure shredding and can help you protect your company’s information throughout the disposal process.
Our new e-book, “Your Complete Guide to Information Management,” includes tools and how-to guides to help you build your company’s records retention and document shredding schedule.