Call Today! 501.525.5752

Blog Archives

Leveling the playing field against data breach loss

July 26, 2016
Pirvacy and push pin

Protecting your privacy and your customers information from a data breach is a top priority

Leveling the playing field against data breach losses

When it comes to losing information, it’s not a matter of if, it’s matter of when. By and large data loss is not intentional and comes from instances such as lost phones, tablets and laptops; misplaced or improperly disposed of documents. In the information industry, losing information like this may be referred to as a “data breach.”

You against professional data thieves

Regardless of the cause or intent, the miscreants who are after your information when you do let it slip – for the most part, are experts at stealing information – after all, that’s their job. So for most businesses and organizations it’s a priority to level the playing field against professional data thieves.

What to do and where to start is the big question – and Arkansas Records Management has the answers.  The company recently partnered with CSR Professional Services, the nation’s leading provider of breach reporting, data-loss readiness and help after a breach. They specialize in leveling the playing field against data breach losses.

Being ready – before, during and after a breach

CRS LOgo

CRS Professional Services levels the playing filed

CSR Professional Services offers a two-pronged approach to handling data breaches: Data breach readiness which helps a subscriber harden their operations against data loss – and data breach reporting. Unbeknownst to most business people there are legal and regulatory requirements which kick in once a breach has occurred. It’s an alphabet soup of bureaus, agencies and offices which have statutory authority to demand these reports. CSR Professional services, facilitated by Arkansas Records Management, makes these reports and documents their actions to subscribers.

Big service, small price

“All of this sounds good, but cost prohibitive,” says David Reagler, president of Arkansas Records Management. “Nothing could be further from the truth,” Reagler said. “A business can subscribe to the full protection of CSR Professional Services for less than the cost one decent business lunch per month – and we’re happy to explain the process with absolutely no obligation.”

Records indexing priorities

November 3, 2015
records indexing questions

Records indexing makes searching for and accessing your information quicker and easier.

David Reagler on records indexing

We get two main questions about records indexing. The first is, “what is records indexing?” The quick answer is: think of indexing as creating a trail or map to make finding your records easier and faster.

The next question we hear is customers asking for clarification on how to go about indexing, such as, “should we go with carton-level records indexing, file-level records indexing, or scanning?”

That’s a good question, but it doesn’t have a completely simple answer. Each one of these techniques has its place in a well-managed records system. Which one you use and when you use it depends on depends what information is contained in these records, how important this information is to your organization, and how often you need to access the information.

Understanding the differences in records indexing

Carton level indexing

Carton level records indexing is the capturing the information typically written on the outside of the carton, such as: Accounts Payable Invoices –“ A” through “Dec”, 2007, destroy date 2015.

 File level indexing

File-level records indexing includes the carton level information plus information on each file in the box, such as Acme Pest Control, account number 2303, Best Pizza, account number 4567, Charles Tire Repair, account number 9876, and other information as needed.

Scanning

With scanning, you make images of the listed invoices, along with other supporting documentation kept in the file such as bills of lading, copies of the checks, debit memos, and other relevant paperwork.

The answer is to prioritize

For me, here’s how I prioritize

  1. How often do I access these records? Hourly, daily, monthly, every six months, yearly or on demand.
  2. How important are these records? If I lost them, what would be the impact on my business? Devastating, serious, major inconvenience, minor inconvenience, or a slight bother?
  3. How voluminous are these records? Am I drowning in the paper these records are written on?
  4. How long do I need to keep these records? Months, years, or decades or forever.

Priority levels

Paper records

Records created on paper, that I rarely access, but need to store for compliance reasons or peace of mind, are prime candidates for carton-level indexing. I make sure that the destruction date is entered in our records management system so that once there is no need to store them, they can be disposed of properly, with a full audit trail.

Important records

Extremely important records such as contracts, insurance claims, board room minutes, and tax returns, are prime candidates for scanning, but I often store the originals if the retention is longer than 10 years. I want instant access, but demand automated destruction, once the retention period has been met.

Personal health and required records

I strongly recommend file-level indexing for personal health information and other regulated types of records that I am required to keep, but still don’t access on a daily basis.  For instance, clinics often have charts for former patients. To me, it doesn’t make financial sense to scan these charts. The vast majority of these patients will likely never visit the clinic again. However, if we enter the patient name, medical record number, and date of birth, we can instantly find these patients when needed. Then the clinic can re-enter this information into their electronic health records system.

Remember these three things: Prioritize, prioritize, and prioritize

With records management, we always have to prioritize. We have limited folks to do the work. We have limited resources to pay for the work. And we have limited time in which to do the work. So we prioritize.

Thanks,

David Reagler

 

 

Managing records and information in network drives

September 29, 2015
Network drive terminal

Though network drives are not the ideal location to store sensitive information, the practice is widespread. This article helps you understand how to manage records and information on shared drives,

The up and downsides of managing records and information in network drives

Many of the organizations that we work with store their records on network drives. Here’s our take on the up and downsides of storing records in a network drive. First and foremost, all information that your organization receives, creates or uses as part of business activities should be managed as a record. The article

This includes digital information such as:

  • Word and other text files
  • Speadsheets
  • Emails
  • Databases
  • Images
  • Audio and video files
  • Presentations
  • Scanned materials
 

Network functionality as a records management tool

On its own, a network drive does not provide the functionality needed to effectively manage information and records in accordance with established standards.

However, network drives are sometimes used in organizations with limited resources or as a temporary solution prior to the implementation of a system with greater records management functionality.

The National Archives of Australia has a fantastic article with advice on managing your information on a network drive. The article lists risks, and ways to minimize these risks.

Records management in shared drives, step-by-step

Here are steps you can take to improve the management of records in shared drives, but it requires a systematic approach and significant ongoing effort.

1. Understand the risks

  • Records stored in network drives can be easily altered or deleted by anyone who has access to the drive.
  • It is difficult to create audit trails to indicate who has modified or deleted records and therefore difficult to demonstrate the authenticity, integrity and trustworthiness of uncontrolled records in network drives.
  • Appropriate metadata (information about the records) is often missing, and there are no links between documents and their business context.
  • Network drives are often poorly managed, resulting in large volumes of uncontrolled information. This becomes difficult to manage, takes up network space and makes it inefficient to access and re-use information.
  • It is difficult to find relevant records in network drives
  • It can be difficult to be sure of the status of information, for example, whether it is a draft, final or official version.

2. Reduce the risks by

  • Establishing an information governance framework
  • Communicating with staff and provide training
  • Developing tools, guidelines, and procedures such as an agreed folder structure and conventions for naming folders and documents
  • Actively monitoring and managing the network drive and providing ongoing support

Find out more

The article goes into detail on how to move forward and improve your situation. For more information, click here to see the article. If you want even more information, give us a holler and let’s talk.

Thanks for reading.

David Reagler, Certified Records Manager

President, Arkansas Records Management

The advantages of scheduled shredding

August 25, 2015
There's more to shredding than meets the eye

A scheduled shredding program provides a predictable and accountable solution to document destruction and disposition of daily working papers.

“Have someone shred that” is the extent of far too many organizational shredding programs. And while any shredding is better than no shredding in today’s litigious, over-regulated business climate, a professional, scheduled shredding program offers a level of protection and accountability that few organizations are equipped or staffed to handle in-house. Think of it as “handing off my problems to someone else.”

Those problems are not remembering to shred, piles of sensitive documents gathering dust and mold in forgotten corners, closets or perhaps even a self-storage facility — none of which bode well for information security and regulatory compliance.

But wait, there’s more. Think about the daily flow of memos, invoices, mail, printed emails and other normal paper traffic that may contain details of your operations (or your customers) that eventually wind up in a dumpster. Dumpsters are smorgasbords for information and identity thieves. Simply put, forget the waste basket and put those information laden scraps in one of our shredding consoles.

So a scheduled shredding program helps you know what records to keep, for how long, and what to destroy when — and keeps your daily business operations away from sticky fingers and prying eyes. Now, we’ll make it easy, check out our FREE SHREDDING OFFER at the bottom of this page.

Arkansas Records Management Shredding Truck

Our shred document pick up service provides clear cut chain-of-custody handling. We also provide on-site shredding.

Here’s how we can help:

  • Analyze your records and regulations and develop a records retention program
  • We monitor and notify you when records are due for destruction and take care of the destruction
  • Provide secure destruction of daily waste documents
  • Set up a secure off-site records storage, access and disposal procedure if necessary or desirable
  • Provide a clear-cut chain-of-custody records and certificates of destruction that will meet regulatory compliance and stand up in court.
  • We also provide secure hard drive and media destruction

You get:

  • Peace of mind
  • Increased usable space
  • Provide secure destruction of daily waste documents
  • Saved employee time and effort in searching through files, piles and boxes
  • HIPAA compliant destruction
  • A higher level of document security
The Arkansas Records Management paper shredder

Our state-or-the-art shredder cuts and tears paper for maximum secure destruction. All of the output from our shredder is baled and immediately shipped to a paper mill that manufactures toilet paper.

Free Shredding Coupon

Click on the coupon to download. Bring it to Arkansas Records Management for 100 pound of free paper shredding.

Give us a call at 501-525-5752 and let’s have a no-obligation talk about your specific requirements. Even better download our coupon for 100 pounds of free paper. Bring the coupon and your 100 pounds of paper and we’ll let you watch it shred. Call today or download and visit.

Are you an identity theft candidate?

May 20, 2015

Are you an identity theft candidate?If you have not asked yourself that question, perhaps you should reconsider since identity theft is a growth industry, the practitioners of which are always on the lookout for new and fertile fields. You included. A simple procedure is to consider the “ifs.”

The “Ifs” of identity theft

  • If you don’t shred business mail, those pesky mail solicitations, extra copies, receipts and other data laden documents around your office, you are probably a good candidate for identity theft
  • If you don’t personally know and trust who cleans your office, you are probably a good candidate for identity theft
  • If you aren’t sure who might “dive your dumpster,” you are probably a good candidate for identity theft
  • If you do your own shredding with less than stringently-applied fanatic-level rules of shredding procedure, you are probably a good candidate for identity theft
  • If when the shredder goes south, you reroute waste paper to the dumpster, you are probably a good candidate for identity theft.
If any of these statements ring true, your risks are more than problems created by compromising your oen identity. If through your less-than-secure disposal of confidential information you facilitate theft of another person’s identity, you can be liable for their damages. But all is not lost. We have a really good solution.

The “LSODDI” solution

We strongly suggest the “LSODDI” solution: “LET SOME OTHER DUDES DO IT” We are those dudes.

  • We shred everything, mail, file folders, boxes, books, maps, pictures, brochures, reports, and more. Our state-of-the-art doesn’t just shred, it tears and shreds.
  • We assume the risks and liability, meaning you have one less thing to bug you and rob you of sleep
  • We are eminently affordable – We can shred your stuff for less than you can at about a dime a pound – do the math and smile
  • Everything we shred is recycled. Everything we shred goes directly to a paper mill where it is turned into facial tissue or toilet paper. Considering that some of the documents you shred may be IRS forms, there may be some personal satisfaction in store for  you
  • No long-term commitment. It’s not necessary to sign a five-year commitment to a shredding firm. When you hire us, you’re the boss. You start when you want to. You stop when you want to.

Give us a call at 501.525.5272 for a down-to-earth, no nonsense conversation about how we can help you with your shredding issues.

Information Governance

April 6, 2015
Information Governance

Note to self: Learn all you can about information governance. Consider it due diligence

Information governance: Getting a handle on information growth

If you have not yet heard the term “Information Governance,” make a mental sticky note to become more familiar with the term and the issues it addresses. Few will argue the point that new sources of information and methods of disseminating that information are growing exponentially. The need to manage that burgeoning information flow grows on a parallel track whether we like it or not: Enter “Information Governance,” the means by which we get a handle on managing that information growth.

An organized direction

Information governance is a set of structures, policies, procedures, processes and controls created to manage information at an organizational level. Information governance properly implemented enables organizations to address present and future regulatory, legal, risk, environmental, and operational requirements

Information governance is risk management

What does this mean? In a nutshell, the risks and costs of electronic discovery and compliance are so massive that litigation readiness has escalated to new heights in the corporate hierarchy of urgency. Information governance takes the concepts of records management and uses those concepts to circle the wagons and manage all information within an organization.

IBM defines information governance as a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management.

Why do businesses and organizations care? Here are the benefits

  1. Manage risk
  2. Cut costs
  3. Gain Visibility
  4. Simplify e-discovery
 

Defining records and records relationships is the key

In records management, a crucial facet is defining and classifying which documents are “records” and which are not. Records are to be retained and managed differently than other documents. Think “record relationships.” For instance, if a firm has a policy that all contracts and supporting documentation is to be kept for 10 years, any e-mail messages that contain a contract or supporting documentation MUST be retained for 10 years.

With information governance, these practices are expanded even more. Even the metadata that describes information content and electronic information location has to be managed as well. Otherwise, the cost to produce electronic information for litigation support or regulatory compliance becomes unmanageable and cost-prohibitive.

Information equipment is included

Not only are the documents and information managed, but the physical equipment that houses information such as servers and laptops and smartphones as well. IG encompasses a much broader spectrum that records and information with the focus on risk management.

To learn more about Information Governance, I recommend visiting the website   htthttp://www.aiim.org/Resource-Centers/Information-Governancep://www.aiim.org/

Thanks for looking,

David Reagler, MBA, CRM
President,
Arkansas Records Management

 

Arkansas Business of the year finalist

March 3, 2015
The Arkansas Records Management Staff

The Arkansas Records Management professional staff is customer centered and service driven.

Arkansas Records Management named finalist in Arkansas Business magazine award program

Arkansas Records Management of Hot Springs, Arkansas, was recently named one of four finalists from the entire state in Category I of the 27th annual Arkansas Business magazine Arkansas Business of the Year awards program. Readers of the magazine make the nominations and an independent panel of judges select the finalists and winners.

Arkansas Records Management opened it’s doors for business in 2006 and has seen steady growth since then. “Our business has grown 25 to 30% every year,” says David Reagler, president of the company.

This rapid growth spurred a move from their original location in the family’s mini-storage location in Hot Springs to a storage complex at 156 Stanage Drive in Hot Springs. The location includes 20,000 square feet of warehouse and office space. In late 2014, the company bought an adjacent 22,000 square foot facility. “This additional space positions us for continued steady growth and enhances our customer service capabilities,” Reagler said.

The Arkansas Business of the year awards are conferred in three categories according to the number of employees: Category I, 1-25 employees; Category II, 26-75 employees, and Category III, 76-300 employees. The program also names the Arkansas Nonprofit Organization of the Year, the Nonprofit Executive of the Year, and the Business Executive of the Year.

See additional information on the Arkansas Business Awards Program here and here.

David Reagler named Certified Records Manager

January 8, 2015
David Reagler, MBA, CRM

David Reagler, MBA, CRM, president of Arkansas Records Management

David Reagler, our company president, was recently named a Certified Records Manager by the Institute of Certified Records Managers of Albany NY. The institute is an international certifying organization of and for professional records and information managers.

The certification process requires a candidate to meet certain educational and records management work experience requirements prior to admission. A candidate’s application to enter the certification process is reviewed and must be approved by the institute’s Certification Standards Committee prior to being admitted to sit for the certification process. Candidates, once admitted, must successfully pass a six part examination before being considered for the Certified Records Management designation.

Six examinations before certification

ICRM Certification logo

Only certified records managers may display this logo.

The examinations are administered by an independent international testing service, Pearson VUE, headquartered in Bloomington MN. Pearson VUE has numerous offices in the United States and worldwide. The first five examinations separately test candidate’s knowledge of:  Management principles and the records and information program (RIM); Records and information creation and use; Records systems storage and retrieval; Records appraisal, retention, protection and disposition; and Records technology. Each of these examinations consists of multiple choice questions. Candidates must successfully pass the first five examinations prior to sitting for the sixth and final examination which consists of essay analysis of given records management case studies.

A long process

Once a candidate completes all six examinations, the Certification Standards Committee reviews the candidate’s test results prior to conferring the Certified Records Manager designation.  The entire process normally takes one to three years.

Reagler is one of only seven Certified Records Managers in Arkansas and one of only two who work in a records management company. The other five work in corporate records management departments.

Cyber crime

December 16, 2014
cyber crimer vulneratility

A recent report commissioned by Verizon showed 71% of breaches examined were on businesses with less than 100 employees

Cyber Crime: Unfortunately, a growth industry

The September/October issue of Information Management, a publication of the American Association of Records Managers, reported that cyber-crime is adversely impacting economies around the world. The article went on to say that businesses worldwide have been suffered damages between $375 billion and $575 billion dollars.

If you watch the evening news, you easily recall the recent attacks on Target, Home Depot, and Sony Entertainment, businesses which one would expect to employ some of the best cyber protection. That tells us the cyber-criminal element continues to probe around the clock — and they are good at what they do.

Not just big businesses

A recent article in Forbes reports on the 2012 Data Breach Investigations study commissioned by Verizon. Researchers in the study examined 855 data breaches. The results of the study showed that small businesses bore the brunt of these breaches: 71% of the attacks were on business with 100 employees or less. The 2013 report reports the trend is continuing as small business attacks are on the increase.

Besides the costs in dollars, cyber-crime has cost as many as 200,000 jobs in the United States and 150,000 jobs in the European Union.

As more business functions move online, and consumers connect to the internet, cyber-crime will continue to grow, according to the article, Cyber-crime hampers innovation by reducing the rate of return to innovators and investors.

The big picture

The article advocates governments to begin serious, systematic efforts to collect and publish data on cyber-crime so that firms can make better, more informed decisions with regard to risk management, policy, and related records management practices.

Key concepts from the article are:

  • Companies must do more to protect their networks
  • Nations need to strengthen cyber-defense
  • Government must be involved in the efforts

Closer to home

Closer to home, the best protection is off-site backup. Other measures include timely secure-and-certified records destruction, frequent password changes, diligent personnel screening, good physical security, and deciding who needs-to-know.

David Reagler, MBA, CRM

President, Arkansas Records Management

Email security: what to ask, what to do

November 6, 2014

The email security questions you should ask

Lap top computer with email security risk

This article explores questions that should asked about email security.

Any time you allow your staff access to your email system, you put your organization at risk. Accidental or intentional misuse or abuse of email by employees can and does create headaches and financial loss for employers.

Lost productivity, lawsuits, and portable equipment theft are just some of the workplace risks.

History shows that email abuse and misuse is not limited to hourly employees. Chief executives, attorneys, and other high-level personnel are equally guilty of involvement in and perpetration of email misuse.

It’s in the book

Email Rules BookNancy Flynn and Randolph Kahn have written a book called “E-Mail Rules.” It is a business guide to managing policies, security, and legal issues for E-Mail and digital communication. Both authors are authorities in electronic and hard copy records management, and offer practical ways to evaluate your workplace for risk.

The book has many self-assessment tools, and action plans based on how you and your employees/co-workers answer the self-assessment questions. For example, one self-assessment asks:

  • Are your employees allowed remote access to the company email system
  • Do you have portable device policies?
  • Are employees using the company email account for personal business and shopping?
  • Does your company retain copies of all business email?

Sample privacy statements are included in the book, as well as other valuable documents. The book includes key electronic records management subjects such as:

  • Managing business emails
  • Email retention
  • Email retention versus backup
  • Outsourcing email storage and retention
  • E-discovery, listservs, and destruction of evidence are all addressed in detail.

If reading this blog fills you with fear and panic, please contact us at Arkansas Records Management. Like all records management issues, we can help you improve your company situation very quickly.

Since so much rides on email security, the return on investment is easy to document and sell to upper management.

We can help

Remember, our mission at Arkansas Records Management is to help you access your information instantly, while complying with all applicable regulations and laws.

Arkansas Records Management provides Email security services to customers in in Hot Springs, Little Rock, Benton, Arkadelphia, Pine Bluff and many other Arkansas cities. Contact us to find out more. Call 501-525-5752 or use the contact form above.

Contact Us

About Your Team

Arkansas Records Management is a professional service company based here in Hot Springs, Arkansas. We serve organizations throughout the state and our staff eats, sleeps, and breathes files, indexed fields, retention schedules, and audit trails. As records become more and more complex, and the task of properly managing your firm's documents is a key and often overwhelming task.

Read More

Quick Contact Info

156 Stanage Drive
Hot Springs AR 71901
Tel. 501.525.5752
Fax 501.525.2638

Contact Us