Six Stages to Reduce Costs, Risks and Complexity of Compliance

Regulatory compliance is an absolute necessity in today's business environment. With growing numbers of regulations from the local, state, federal and industry levels; increasingly severe risks and penalties for non-compliance, including fines, customer and shareholder lawsuits; and the resulting loss of market share and competitive leverage—it has never been more important to keep your organizational house in order.

A compliant records management program helps ensure that your organization is compliant with all relevant regulations. A properly designed and implemented program will help you proactively manage e-discovery requests to control your litigation risks and costs. It will also allow you to leverage your company's information assets for operational efficiencies that lead to competitive advantage. Both costs and risks are reduced, while providing much greater control and access to information.

A Proven-Effective Six-Stage Program

Based on experience designing and implementing compliant records management programs for some of the world's leading organizations, we recommend a six-stage approach. All six stages are designed to promote consistency—the central theme and success factor. This article provides a high-level introduction to our proven six-stage approach.

Stage one: organize to create a records management infrastructure.

• Determine your program scope.
• Gain executive-level commitment.
• Establish a steering committee.

Stage two: assess your current program.

• Evaluate your current program status.
• Use risk assessment tools to benchmark against industry peers.
• Identify your most substantial gaps and greatest risks.
• Create a master plan to address and close these gaps. Stage three: develop key program components and metrics.
• Create one universal records retention schedule that captures all of the records regardless of media.
• Document policies and procedures.
• Define audit metrics to measure the effectiveness of your program.

Stage four: implement as a program.

• Implement a base program first.
• Design and roll out training that is tailored for specific audiences.
• Implement technology to assist with program management.

Stage five: manage your program through monitoring and enforcement.

• Enforce classification and destruction review with on-line monitoring tools (such as Iron Mountain Connect™).
• Maintain training, communications and certification programs.
• Update retention schedule, policies and procedures regularly.

Stage six: audit your program on a regular basis.

• Incorporate into your internal audit function.
• Benchmark against your audit metrics and other companies in your industry.
• Recommend improvements and get approval for corrective actions.

---

Iron Mountain Incorporated (NYSE: IRM) helps organizations around the world reduce the costs and risks associated with information protection and storage. We offer comprehensive records management and data protection solutions, along with the expertise and experience to address complex information challenges such as rising storage costs, litigation, regulatory compliance and disaster recovery. Founded in 1951, Iron Mountain is a trusted partner to more than 90,000 corporate clients throughout North America, Europe, Latin America and Asia Pacific. For more information, visit our website at www.ironmountain.com/crm.