Call Today! 501.525.5752
When it comes to losing information, it’s not a matter of if, it’s matter of when. By and large data loss is not intentional and comes from instances such as lost phones, tablets and laptops; misplaced or improperly disposed of documents. In the information industry, losing information like this may be referred to as a “data breach.”
Regardless of the cause or intent, the miscreants who are after your information when you do let it slip – for the most part, are experts at stealing information – after all, that’s their job. So for most businesses and organizations it’s a priority to level the playing field against professional data thieves.
What to do and where to start is the big question – and Arkansas Records Management has the answers. The company recently partnered with CSR Professional Services, the nation’s leading provider of breach reporting, data-loss readiness and help after a breach. They specialize in leveling the playing field against data breach losses.
CSR Professional Services offers a two-pronged approach to handling data breaches: Data breach readiness which helps a subscriber harden their operations against data loss – and data breach reporting. Unbeknownst to most business people there are legal and regulatory requirements which kick in once a breach has occurred. It’s an alphabet soup of bureaus, agencies and offices which have statutory authority to demand these reports. CSR Professional services, facilitated by Arkansas Records Management, makes these reports and documents their actions to subscribers.
“All of this sounds good, but cost prohibitive,” says David Reagler, president of Arkansas Records Management. “Nothing could be further from the truth,” Reagler said. “A business can subscribe to the full protection of CSR Professional Services for less than the cost one decent business lunch per month – and we’re happy to explain the process with absolutely no obligation.”
We get two main questions about records indexing. The first is, “what is records indexing?” The quick answer is: think of indexing as creating a trail or map to make finding your records easier and faster.
The next question we hear is customers asking for clarification on how to go about indexing, such as, “should we go with carton-level records indexing, file-level records indexing, or scanning?”
That’s a good question, but it doesn’t have a completely simple answer. Each one of these techniques has its place in a well-managed records system. Which one you use and when you use it depends on depends what information is contained in these records, how important this information is to your organization, and how often you need to access the information.
Carton level records indexing is the capturing the information typically written on the outside of the carton, such as: Accounts Payable Invoices –“ A” through “Dec”, 2007, destroy date 2015.
File-level records indexing includes the carton level information plus information on each file in the box, such as Acme Pest Control, account number 2303, Best Pizza, account number 4567, Charles Tire Repair, account number 9876, and other information as needed.
With scanning, you make images of the listed invoices, along with other supporting documentation kept in the file such as bills of lading, copies of the checks, debit memos, and other relevant paperwork.
Records created on paper, that I rarely access, but need to store for compliance reasons or peace of mind, are prime candidates for carton-level indexing. I make sure that the destruction date is entered in our records management system so that once there is no need to store them, they can be disposed of properly, with a full audit trail.
Extremely important records such as contracts, insurance claims, board room minutes, and tax returns, are prime candidates for scanning, but I often store the originals if the retention is longer than 10 years. I want instant access, but demand automated destruction, once the retention period has been met.
I strongly recommend file-level indexing for personal health information and other regulated types of records that I am required to keep, but still don’t access on a daily basis. For instance, clinics often have charts for former patients. To me, it doesn’t make financial sense to scan these charts. The vast majority of these patients will likely never visit the clinic again. However, if we enter the patient name, medical record number, and date of birth, we can instantly find these patients when needed. Then the clinic can re-enter this information into their electronic health records system.
With records management, we always have to prioritize. We have limited folks to do the work. We have limited resources to pay for the work. And we have limited time in which to do the work. So we prioritize.
Many of the organizations that we work with store their records on network drives. Here’s our take on the up and downsides of storing records in a network drive. First and foremost, all information that your organization receives, creates or uses as part of business activities should be managed as a record. The article
This includes digital information such as:
On its own, a network drive does not provide the functionality needed to effectively manage information and records in accordance with established standards.
However, network drives are sometimes used in organizations with limited resources or as a temporary solution prior to the implementation of a system with greater records management functionality.
The National Archives of Australia has a fantastic article with advice on managing your information on a network drive. The article lists risks, and ways to minimize these risks.
Here are steps you can take to improve the management of records in shared drives, but it requires a systematic approach and significant ongoing effort.
The article goes into detail on how to move forward and improve your situation. For more information, click here to see the article. If you want even more information, give us a holler and let’s talk.
Thanks for reading.
David Reagler, Certified Records Manager
President, Arkansas Records Management
“Have someone shred that” is the extent of far too many organizational shredding programs. And while any shredding is better than no shredding in today’s litigious, over-regulated business climate, a professional, scheduled shredding program offers a level of protection and accountability that few organizations are equipped or staffed to handle in-house. Think of it as “handing off my problems to someone else.”
Those problems are not remembering to shred, piles of sensitive documents gathering dust and mold in forgotten corners, closets or perhaps even a self-storage facility — none of which bode well for information security and regulatory compliance.
But wait, there’s more. Think about the daily flow of memos, invoices, mail, printed emails and other normal paper traffic that may contain details of your operations (or your customers) that eventually wind up in a dumpster. Dumpsters are smorgasbords for information and identity thieves. Simply put, forget the waste basket and put those information laden scraps in one of our shredding consoles.
So a scheduled shredding program helps you know what records to keep, for how long, and what to destroy when — and keeps your daily business operations away from sticky fingers and prying eyes. Now, we’ll make it easy, check out our FREE SHREDDING OFFER at the bottom of this page.
Give us a call at 501-525-5752 and let’s have a no-obligation talk about your specific requirements. Even better download our coupon for 100 pounds of free paper. Bring the coupon and your 100 pounds of paper and we’ll let you watch it shred. Call today or download and visit.
If you have not asked yourself that question, perhaps you should reconsider since identity theft is a growth industry, the practitioners of which are always on the lookout for new and fertile fields. You included. A simple procedure is to consider the “ifs.”
We strongly suggest the “LSODDI” solution: “LET SOME OTHER DUDES DO IT” We are those dudes.
Give us a call at 501.525.5272 for a down-to-earth, no nonsense conversation about how we can help you with your shredding issues.
If you have not yet heard the term “Information Governance,” make a mental sticky note to become more familiar with the term and the issues it addresses. Few will argue the point that new sources of information and methods of disseminating that information are growing exponentially. The need to manage that burgeoning information flow grows on a parallel track whether we like it or not: Enter “Information Governance,” the means by which we get a handle on managing that information growth.
Information governance is a set of structures, policies, procedures, processes and controls created to manage information at an organizational level. Information governance properly implemented enables organizations to address present and future regulatory, legal, risk, environmental, and operational requirements
What does this mean? In a nutshell, the risks and costs of electronic discovery and compliance are so massive that litigation readiness has escalated to new heights in the corporate hierarchy of urgency. Information governance takes the concepts of records management and uses those concepts to circle the wagons and manage all information within an organization.
IBM defines information governance as a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management.
In records management, a crucial facet is defining and classifying which documents are “records” and which are not. Records are to be retained and managed differently than other documents. Think “record relationships.” For instance, if a firm has a policy that all contracts and supporting documentation is to be kept for 10 years, any e-mail messages that contain a contract or supporting documentation MUST be retained for 10 years.
With information governance, these practices are expanded even more. Even the metadata that describes information content and electronic information location has to be managed as well. Otherwise, the cost to produce electronic information for litigation support or regulatory compliance becomes unmanageable and cost-prohibitive.
Not only are the documents and information managed, but the physical equipment that houses information such as servers and laptops and smartphones as well. IG encompasses a much broader spectrum that records and information with the focus on risk management.
To learn more about Information Governance, I recommend visiting the website htthttp://www.aiim.org/Resource-Centers/Information-Governancep://www.aiim.org/
Thanks for looking,
David Reagler, MBA, CRM
Arkansas Records Management
Arkansas Records Management of Hot Springs, Arkansas, was recently named one of four finalists from the entire state in Category I of the 27th annual Arkansas Business magazine Arkansas Business of the Year awards program. Readers of the magazine make the nominations and an independent panel of judges select the finalists and winners.
Arkansas Records Management opened it’s doors for business in 2006 and has seen steady growth since then. “Our business has grown 25 to 30% every year,” says David Reagler, president of the company.
This rapid growth spurred a move from their original location in the family’s mini-storage location in Hot Springs to a storage complex at 156 Stanage Drive in Hot Springs. The location includes 20,000 square feet of warehouse and office space. In late 2014, the company bought an adjacent 22,000 square foot facility. “This additional space positions us for continued steady growth and enhances our customer service capabilities,” Reagler said.
The Arkansas Business of the year awards are conferred in three categories according to the number of employees: Category I, 1-25 employees; Category II, 26-75 employees, and Category III, 76-300 employees. The program also names the Arkansas Nonprofit Organization of the Year, the Nonprofit Executive of the Year, and the Business Executive of the Year.
David Reagler, our company president, was recently named a Certified Records Manager by the Institute of Certified Records Managers of Albany NY. The institute is an international certifying organization of and for professional records and information managers.
The certification process requires a candidate to meet certain educational and records management work experience requirements prior to admission. A candidate’s application to enter the certification process is reviewed and must be approved by the institute’s Certification Standards Committee prior to being admitted to sit for the certification process. Candidates, once admitted, must successfully pass a six part examination before being considered for the Certified Records Management designation.
The examinations are administered by an independent international testing service, Pearson VUE, headquartered in Bloomington MN. Pearson VUE has numerous offices in the United States and worldwide. The first five examinations separately test candidate’s knowledge of: Management principles and the records and information program (RIM); Records and information creation and use; Records systems storage and retrieval; Records appraisal, retention, protection and disposition; and Records technology. Each of these examinations consists of multiple choice questions. Candidates must successfully pass the first five examinations prior to sitting for the sixth and final examination which consists of essay analysis of given records management case studies.
Once a candidate completes all six examinations, the Certification Standards Committee reviews the candidate’s test results prior to conferring the Certified Records Manager designation. The entire process normally takes one to three years.
Reagler is one of only seven Certified Records Managers in Arkansas and one of only two who work in a records management company. The other five work in corporate records management departments.
The September/October issue of Information Management, a publication of the American Association of Records Managers, reported that cyber-crime is adversely impacting economies around the world. The article went on to say that businesses worldwide have been suffered damages between $375 billion and $575 billion dollars.
If you watch the evening news, you easily recall the recent attacks on Target, Home Depot, and Sony Entertainment, businesses which one would expect to employ some of the best cyber protection. That tells us the cyber-criminal element continues to probe around the clock — and they are good at what they do.
A recent article in Forbes reports on the 2012 Data Breach Investigations study commissioned by Verizon. Researchers in the study examined 855 data breaches. The results of the study showed that small businesses bore the brunt of these breaches: 71% of the attacks were on business with 100 employees or less. The 2013 report reports the trend is continuing as small business attacks are on the increase.
Besides the costs in dollars, cyber-crime has cost as many as 200,000 jobs in the United States and 150,000 jobs in the European Union.
As more business functions move online, and consumers connect to the internet, cyber-crime will continue to grow, according to the article, Cyber-crime hampers innovation by reducing the rate of return to innovators and investors.
The article advocates governments to begin serious, systematic efforts to collect and publish data on cyber-crime so that firms can make better, more informed decisions with regard to risk management, policy, and related records management practices.
Closer to home, the best protection is off-site backup. Other measures include timely secure-and-certified records destruction, frequent password changes, diligent personnel screening, good physical security, and deciding who needs-to-know.
David Reagler, MBA, CRM
President, Arkansas Records Management
Any time you allow your staff access to your email system, you put your organization at risk. Accidental or intentional misuse or abuse of email by employees can and does create headaches and financial loss for employers.
Lost productivity, lawsuits, and portable equipment theft are just some of the workplace risks.
History shows that email abuse and misuse is not limited to hourly employees. Chief executives, attorneys, and other high-level personnel are equally guilty of involvement in and perpetration of email misuse.
Nancy Flynn and Randolph Kahn have written a book called “E-Mail Rules.” It is a business guide to managing policies, security, and legal issues for E-Mail and digital communication. Both authors are authorities in electronic and hard copy records management, and offer practical ways to evaluate your workplace for risk.
The book has many self-assessment tools, and action plans based on how you and your employees/co-workers answer the self-assessment questions. For example, one self-assessment asks:
Sample privacy statements are included in the book, as well as other valuable documents. The book includes key electronic records management subjects such as:
If reading this blog fills you with fear and panic, please contact us at Arkansas Records Management. Like all records management issues, we can help you improve your company situation very quickly.
Since so much rides on email security, the return on investment is easy to document and sell to upper management.
Remember, our mission at Arkansas Records Management is to help you access your information instantly, while complying with all applicable regulations and laws.
Arkansas Records Management provides Email security services to customers in in Hot Springs, Little Rock, Benton, Arkadelphia, Pine Bluff and many other Arkansas cities. Contact us to find out more. Call 501-525-5752 or use the contact form above.