Processes and Governance

Governance processes and procedures

Support the effective administration of a records management and information governance program.

Ensure compliance with the records retention policy and schedule.
Capture, classify, manage, and dispose of all types of records and information.
Review, create, and update policies as needed.
SET UP AN INTRODUCTORY CALL

White Paper

Developing a Data Retention Policy to Meet Privacy Data Minimization Requirements

Recorded Webinar

Using M365 to Create a Personal Data Inventory

Article

Should You Combine Your Privacy and Records Management Programs?

How we help

The development of governance processes, procedures, guidelines, and reference materials helps program managers, record coordinators, and employees comply with the records retention policy and schedule and manage the overall information governance program.

Using a set of foundational best practices, we work with organizations to review, create, and update their processes and procedures.

Explore our governance processes and procedures services

Governance Processes and Procedures

Review, create, or update records management and information governance processes and procedures.

Learn more

If you’ve been asking yourself…

“What is our procedure for policy and schedule change requests?”

“How do we handle departing employee records, voicemail and chat guidelines, email management, scanning guidelines, and paper records management?”

“Do we perform periodic compliance audits and self-assessments?”

…you’ve come to the right place.

Learn more about our services and explore related resources below.

Related resources

Recorded Webinar
Creating a Modern, Compliant, and Easier-to-Execute Records Retention Schedule for Privacy and AI
A well-designed schedule not only ensures regulatory compliance but also fosters collaboration with business units, reduces conflicts, and supports automation of classification and disposition processes. 
Access resource
Recorded Webinar
Information Governance 101
Gain an overview of the essential building blocks of an effective program including records and data retention, privacy and data minimization, and the role of technology, processes, and training in making governance sustainable. 
Access resource
Recorded Webinar
Using M365 to Create a Personal Data Inventory
Rather than investing in expensive and complex tools, organizations can take a more practical, scalable, and compliant approach by leveraging Microsoft 365 to manage personal data inventories more effectively.
Access resource
Access all resources

What We Do

Our governance processes and procedures services

Although most records should be classified and managed through a routine automated process, additional processes and procedures are needed to capture, classify, manage, and dispose of records and information created or received outside of these everyday processes. This includes, but is not limited to, departing employee records, voicemail and chat guidelines, email management, scanning guidelines, paper records management, compliance audits and self-assessments, annual records clean-up, M&A and site closures, and policy and schedule change requests.

We review and develop procedures, process documents, and other materials in accordance with best practices to support the administration of a records management and information governance program.

Assessment and Roadmap
Industry Benchmarking

Governance Processes and Procedures

We review, create, or update records management and information governance processes and procedures.

These processes and procedures should give program managers, records coordinators, and employees sufficient direction to comply with the records retention policy and schedule. 

We work with you to determine the specific processes and procedures, which can include, but are not limited to:

    Departing employee records

    When employees leave, some of their information may have value for the organization or their successors. Organizations should have processes for classifying, managing, and storing their work-related information not already in appropriate repositories to ensure the department or function does not lose knowledge and that potentially important documents are not abandoned, deleted, or otherwise lost as a result of the departure.

    Voicemails and emails can constitute discoverable documents in litigation or regulatory matters, creating potential eDiscovery liability if this information accumulates on personal devices or in other places. Organizations should develop specific guidelines on how these messages are saved or deleted. Guidelines should inform users on best practices for drafting, securing, and disposing of these messages. To defend the process if undergoing scrutiny during litigation, organizations should also develop protocols for ensuring compliance and auditing implementation, including whether employees are following email record retention and destruction rules and preventing ‘underground archiving’.

    Despite the prevalence of electronic communications, many organizations still create and store paper records. Companies need procedures for proper onsite management and storage of paper records, how to organize, box, and send paper records to offsite storage, and how to retrieve those records when they are needed onsite. Equally importantly, companies need a robust process for deleting expired records, especially at offsite storage vendors.

    Audits and program assessments should be conducted periodically to ensure that document retention practices are following policies.

    Periodic “Records Clean-Up Days” within the company or individual departments/business units, particularly around paper records, help ensure consistent execution.

    When a company merges with or acquires another, or divests itself of a business unit, there are always records that must be considered and organized. Companies that foresee acquisitions or divestitures should develop procedures for integrating, sharing, or migrating information. Furthermore, as part of the due diligence process, organizations should develop information governance assessment processes to identify any potential compliance risks in acquisition targets.

    A records retention policy and schedule should not be static. Every month, organizations create or receive new types of records and business needs change. Procedures should exist for requesting revisions to the policy and schedule and then revising these (and other processes and procedures) accordingly.

    Process for managing electronic and hard-copy information for employees who work from home.

    Policies for managing company information stored on employees’ personal devices, and procedures for auditing the mobile device policy to ensure compliance.

    Standard processes for the creation, document retention, management and expiration of SharePoint sites.

    Connect with a member of the Contoural team to learn more about our information governance consulting services.

    SET UP AN INTRODUCTORY CALL

    As an independent provider, Contoural does not sell or resell any products, take product referral fees, or provide discovery services such as matter-specific document identification, document collection, or document review. Our advice is based solely on the needs of our clients and is not driven by the sale of products.