The MER Experience
The 25th Year of Delivering Premier Electronic Records Management Education

IG Solutions – Comprehensive Information Governance Auditing Made Easy

By Craig Grimes tad, on June 01, 2015 | @IronMountain

Easy and Comprehensive?  Aren’t these at opposite ends of the spectrum?  They don’t need to be.  Iron Mountain has an auditing process that is fully comprehensive, with minimum effort from the workforce, and the auditing team.  Labor intensive interviews and investigations are only performed as warranted by the data.  But before we get into more detail on this, let’s establish some parameters:

  • Information Governance audits are performed at the pleasure of the company. These are   internal audits with no legal or regulatory required processes to follow or even any requirement to perform the audit in the first place (one reason why many companies haven’t matured their program to this level yet).
  • Information Governance audits are conducted against requirements. It is a good thing to check yourself against “Best Practice” (and Iron Mountain can help with that also), but checking against best practice is an assessment of the maturity of your program, not a measure of workforce compliance with your requirements.
  • Requirements are found in policies and procedures with specific “requirements language” such as must, shall, and will. Using words like should, might, or could provides the opportunity for variation of activity, including no activity at all. It also invites time wasting non-productive discussions on definition and intent. Much better to preclude all of that with clear, non-negotiable requirements language. If you need assistance with developing or re-writing policies with “requirements language”, Iron Mountain can help with that also.
  • Audits are a way of life; a regular, normal, ongoing business activity. Audits should be designed and conducted in a way that not only provides a snapshot in time of where you are, but are foundational for necessary corrective follow-up and the next audit.

Read more . . .

Craig Grimestad

Craig Grimestad is a Senior Consultant with Iron Mountain Consulting. His specialty is designing Records and Information Management core components with a sub-specialty for RIM auditing. He considers RIM implementations to be efficiency improvements. His passion is for the establishment of corporate Information Governance that extends from the Board Room to the desktop for all employees. Craig holds a Masters of Science degree in Engineering from The University of Illinois. Prior to joining the Iron Mountain Team in 2008, Craig was Records Manager for the Electro-Motive Division of General Motors where he participated in the development of the GM Corporate RIM program. He implemented and managed Electro-Motive Division’s RIM program. Craig is a recognized thought leader with a regular column and occasional feature articles in iQ magazine (the journal of RIM Professionals Australasia), featuring his blog series “The Psychology of Records Management”.

Are you a blogger?

Please visit our Submissions page to find out how to submit an original article, or if you would like us to repost one of your best.

Bob Williams is the founder and president of Cohasset Associates, Inc. and founder of the National Conference on Managing Electronic Records, (MER).Mr. Williams is renowned for his leadership in addressing the legal, technical, and operational challenges associated with the life-cycle management of records, especially electronic records.  He has edited two definitive legal research studies: Legality of Microfilm and Legality of Optical Storage.  His also has overseen many industry white papers focused on compliance the SEC’s requirements for the storage of computer stored information (CSI).As a renowned speaker, Mr. Williams has given more than 1,000 presentations at briefings, seminars, and conferences throughout the United States as well as in Europe and South America.Mr. Williams’ primary focus now is organizing, running, and co-chairing the MER, Cohasset’s nationally renowned conference on managing electronic records