Business Lexington Article - To Keep or Not to Keep
By Elizabeth Lucas Guest Column
With today’s businesses inundated with documents like never before, the question of what to keep has become more complex for business owners as well. Deciding where to start often stops individuals, particularly when discussing the development of a Document Retention Plan (DRP). When contemplating the fate of their swelling filing cabinets and computer archives, businesses should consider the following items: the kinds of documents, business processes are in place, access required, rules governing document archival and destruction, and responsibility for ensuring rule compliance. While this is not necessarily a comprehensive list, it is a list that will get you started on the path to developing a DRP.
Document retention plan teamBehind every great initiative is a solid, representative team. Form your organization’s team utilizing employees from all organizational levels, representing all organizational needs. For most businesses, organizational needs can be divided into three succinct areas, including business process, information technology and management, and legal and compliance. Business process owners tend to be concerned with daily operations, including information access and retrieval. Information technology and management’s focus is on system control and performance as well as system security. This team tends to be responsible for data back up, disaster recovery and data migration. The last group, the legal and compliance team, is concerned with document policy and procedures, litigation readiness, and document retention, archival and destruction. The legal group must be able to say unequivocally that the DPR is in place and is being followed by employees.
The team’s primary goal is to develop a blueprint for the DRP containing flow chart procedures, litigation lead information (who will testify as to processes/procedures/directory structure/etc.) and document categorization information. Additionally, a training program for employees should be coordinated and implemented in conjunction with other organization training initiatives. Moreover, DRP team members should work with legal and compliance representatives to ensure compliance with the DRP.
Once implemented, the DRP team is charged with reviewing, updating, and revising the plan on an annual basis.
Document assessmentThe first step in developing a DRP is to identify and categorize your organization’s documents. Simply put, your business records can probably be divided into two categories — business and legal. The types of documents include paper documents and electronically stored information (ESI). Paper documents are self-explanatory, whereas ESI could include photos, databases, web pages, chat, text messages, e-mail, native documents (e.g., Word, Excel, PowerPoint, computer-aided design (CAD) drawings) and audio files.
Every department will have different documents, therefore it is essential to ascertain all departments’ documents. For example, marketing will have business slicks, frequently used language and return on investment (ROI) information while human resources will have payroll, personnel records, and worker’s compensation information as well as other pertinent documents.
In addition to different departments, the DRP should take into consideration different groups of employees, namely the remote employee, or the organization’s 24-7 employees. In the world of laptops, external thumb drives and cell phones in which we live, these tools provide an additional source of storage for business documents. The DRP should include information about how the documents stored on these devices are generated, revised, managed, retained and, eventually, destroyed.
Once the document types are identified, each must be categorized. The categorization of the documents at a minimum should include correspondence, financial data, calendars and contacts, database information, word processing documents, personnel records, and marketing and sales materials. The organization must identify where the documents are stored (e.g. individual laptops/PCs, network file servers, PDAs, cell phones, Blackberries, home computers or back-up systems) how the documents are maintained, and who has access (network and remote).
Document workflowAfter the DRP team has compiled a flow chart for documents, the next logical step is to analyze each document against a series of questions. How are documents accessed? Who needs access, and what security do employees possess today and in the future? What documents require approval? How is the approval process handled? Is there a way to streamline the approval process to increase employee productivity? Is technology being used to accomplish these tasks? What areas of the organization need business process improvement? What is the plan for disaster recovery (for each document category or for the entire collection of organization documents)? What organizational information is shared internally or externally with other organizations/agencies (frequency and method of communication)? The answers to these questions for each category of records should be documented.
Document retention scheduleState, regulatory, and country (for multinationals) policies and procedures regarding document retention differ. Research is required following categorization of organization records to determine how long documents must be retained, in what format the documents must be retained, and what policies/procedures govern document destruction. The table below depicts some examples of document types and possible retention guidelines:
Document Retention ScheduleState, regulatory, and country (for multi-nationals) policies and procedures regarding document retention differ. Research is required following categorization of organization records to determine how long documents must be retained, in what format the documents must be retained, and what policies/procedures govern document destruction. The table below depicts some examples of document types and possible retention guidelines:
| Type of Document | Retention Schedule |
| Audit Records | 7 years |
| Bank Statements | 3 years |
| Contracts | End Date of Contract plus Statute of Limitations (SOL) |
| Correspondence, General and Schedules | 2 years |
| Correspondence, Legal and Important Letters | Permanently |
| Correspondence, Routine with Customers/Vendors | 2 years |
| Employment Applications | 3 years |
| Employment Records | Statutory Requirement, varies |
| Financial Statements (Year-end) | Permanently |
| Intellectual Property Records | Life of Patent plus SOL |
| Inventory Records | 7 years |
| Invoices to Customers or from Vendors | 7 years |
| Regulatory and Compliance Documents | Statutory Requirement, varies |
| Real Estate | Ownership plus SOL |
| Tax Records | 7 years |
These are just a few examples. There are, of course, many more. It is best to seek legal counsel regarding your organization’s documents and corresponding retention schedules. In addition to document retention, there are rules and regulations governing document destruction. The DRP should address each document category both from a document retention and a document destruction perspective.
Document retention solutionsSo what is the answer to the million-dollar question: What documents should my organization keep? It depends. Understanding what your organization has, where it’s stored, who has access to it, what business processes are in place, what rules govern document archival and destruction, and who is responsible for ensuring rule compliance ultimately determines what documents must be kept and in what format the documents should be retained. Potential tools to assist in the retention and access dilemma include electronic records management systems (ERM), document and content management systems, paper-based systems, or any combination of these. Regardless of the tools utilized, the key to document retention is an effective, comprehensive, well-implemented plan to ensure the most secure future for both your essential documents and your company.
Elizabeth Lucas is practice manager in the litigation support area at VeBridge, a nationally recognized provider of document management, litigation support and digital asset management products and services, based in downtown Lexington.
