Posted on: September 15, 2016in Blog
5 Document Management Best Practices for Beginners
Gone are the days that it is good to keep everything “just in case”. The cost and associated risks with keeping every document ever created or received, whether in electronic or hard copy format, is becoming more and more important with a more fundamental need to be able to identify and locate documents easily.
Document identification is one of the main driving factors behind creating a document management plan – but policies are also necessary to ensure that the organization is ready in case of litigation.
You can also prepare for litigation by making sure your organization knows how to respond when there is a reasonable expectation of litigation. Download the guide and get started on your workflow today.
Defensively disposing of unneeded documents limits the amount of information that can be subpoenaed during litigation. Starting a document management effort does not need to be overwhelming and can be undertaken in steps and phases.
Here are 5 document management best practices to get you started:
1. Evaluate record retention requirements that govern your industry
Before any actions are taken it is critical to understand what the rules are that govern the document control requirements in order to determine what you need to keep. There are federal, state, legal and regulatory requirements that determine how long, and for what types of documents the organization needs to acknowledge when creating their document management plan. Below are some examples of the requirements that you should keep in mind during the planning stage:
- Business Needs: Historic preservation vs. the cost of keeping the materials
- Legal or Regulatory Requirements: Understand your federal and state requirements (Sarbanes Oxley, IRS, OSHA, etc) and retain any documents for the mandated time period.
- Litigation-Specific: Do you have a litigation response plan? Any active or reasonably anticipated litigation will override any ongoing document management process, so all documents that you have cannot be destroyed.
2. Define a business record before creating a document retention policy
Once you have determined what documents you must legally preserve, then it is important to start applying the same concept to specific business needs. Being able to classify what documents and document types you have is important and necessary in order to build the plan of whether to destroy, keep and for how long. Some examples are:
- Project materials
- Legal records
- Employee-related records (HR, Payroll, etc)
Once you classify what the different types of business record are, then you should document the decision and ensure that there is a plan to implement the decisions and processes across the organization.
3. Determine document storage method
Storage decisions include planning to support the search and retrieval of paper, electronic and email documents. First you must figure out where the documents will be stored so they are easily located if necessary. Paper is relatively easy to understand, electronic data, however, is not so simple. Knowing how each type of data is stored is important, for example emails are usually stored in mail outboxes as well as on system archives or other application servers, loose files can be saved to network locations, local hard drives, etc.
It is also a good idea to work with someone who has experience with managing electronic data and information governance consultants can help you create policies with a special attention paid to ESI.
It would be a good thing to develop a “data map” around who stores what where (this is covered below). You do not have to retain everything that has ever been generated or received. This is why a retention policy is imperative and incredibly helpful in preserving only the necessary data. Should a legal issue arise, it is just as dangerous to keep everything, as it is to not keep potentially relevant data.
Moving from paper to electronic records
How to handle paper documents is a point that should be considered in this stage of the process. While most of the document management plans focus on going “paperless” this does not mean that it is essential. Going paperless will mean that hard copies that are needed will have to be converted to an electronic format for storage and management.
Decide if going paperless is necessary. Determining the volume of documents that would ideally be converted will give a cost estimate of converting that population to electronic format. Of course, having electronic version will be easier to search for and identify but there is a cost to do that. Of special note when thinking about going paperless is to validate if certain documents or records must be kept in original format that have signatures or other information that must be kept in original format.
4. Create eDiscovery data map for retrieval
It’s important to know where all your information is located, and keep the log current. Maintaining an outline of where electronic materials and hard copy documents are stored, and who has access to them allows any information to be easily located if needed.
Document Identification and Retrieval
Once documents have been classified and those that need to be kept have been identified, how can those be easily identified and accessed? If the decision has been made to convert all paper documents to electronic format – the identification and utilization of software applications designed for managing documents can be undertaken. But what about paper? If paper is being maintained, indexes created around the documents that may be stored in an offsite location or even onsite is the general approach.
5. Create and Implement Specific Document Retention Policies
When creating a document management protocol, the management, retention and defensible disposal of email and other electronic communications tends to be the most intimidating aspect of the process. This part can be managed easily if time is taken to properly plan and define specific business records as noted above. Policies can be created around nearly all forms of business communications:
- Email retention policy: When creating policies around email retention, it’s also important to consider other ways in which employees may be communicating about work projects.
- BYOD policy (Bring Your Own Device): This allows employees to use their personal device for work purposes.
- Mobile device management policy: This is similar to a BYOD policy, but tends to be broader, and focuses on the use of mobile devices, regardless if they are personal or sanctioned by the company.
Once the policies and procedures have been established, set a document retention schedule (and keep it). This does not need to be overly complicated, but it is important to have one. Train employees on the new policies, and effectively communicate how they will be reinforced. Keep the policies up to date, and make sure that any new forms of communication are considered.
Document management and control can be a complicated and daunting process, but ignoring document management is a bad idea and will only hurt your company in the long run. It is easy to feel overwhelmed by the thought of beginning this process, but take it one step at a time. It is also a good idea to work with someone who has experience with managing electronic data and information governance consultants can help you create policies with a special attention paid to ESI.
- 7 Factors to Consider Before Creating an Email Retention Policy
- The Fundamentals of Document Management [Infographic]
- Q&A from our Preservation Costs Webinar with Judges Panel
- Good Record Retention Policies Help Thwart Government Sanctions
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted June 21, 2017
Control Litigation Costs by Making the Most of Your Internal Capabilities
Posted June 15, 2017
Shanghai OSAC Quarterly Meeting
Posted June 15, 2017
5 Ways to Reduce eDiscovery Costs Before and During Litigation
Posted June 07, 2017
Defensible Deletion Strategy: Getting Rid of Your Unnecessary Data
Posted May 31, 2017
How Does the EU-US Privacy Shield Affect Cross-Border Discovery?
Posted May 24, 2017
Unique eDiscovery Challenges with Mobile Device Data and How to Solve Them
Posted May 17, 2017
How to Comply with 21 CFR and HIPAA Data Retention Requirements
Posted May 11, 2017
4 Key Advantages of Conducting Remote Depositions
Posted May 03, 2017
eDiscovery in International Dispute Resolution: What Experts Want You to Know
Posted April 27, 2017
China Expands Data Transfer Requirements for its Cybersecurity Law