Ask These Questions to Gauge Your Records Management Compliance
Wed, Jun 24, 2015
By: Jim Beran
Many business look to secure document shredding to stay compliant with current records laws and regulations. While document destruction is necessary, records management compliance involves more than just making sure your business records are properly destroyed.
In fact, there are helpful questions to ask yourself to ensure your records management system is fully compliant. As you go through the list, be sure to answer the questions as accurately as possible to keep your business on the right track.
Once you determine your current compliance status, your business is in a great position to determine how much time and effort a qualified records management company can save you, or whether your current records management company is handling information correctly for you.
Records Management Compliance Questions
- Is your company responsible to comply with laws regarding records management?
- HIPAA – governing medical records
- FERPA – governing educational records
- GBLA – governing financial records
- FACTA – governing private information maintained by any business
- Do you and all your employees fully understand compliance requirements for any and all laws that apply?
- Do you have a system in place including policies and procedures to ensure compliance?
- Do you currently store sensitive records in hard copy on your premises?
- What security measures do you have in place to prevent a break in?
- What controls are in place to determine who has access to sensitive information?
- Are you appropriately insured in case of these occurrences or in case of a natural disaster?
- Do you currently store sensitive records digitally on your premises?
- Are your servers/workstations secure from cyber-attack?
- What protocols are in place to address accessing and/or sharing digital files?
- Do you currently store sensitive records offsite?
- Is the storage facility or records management company fully compliant with all the laws you are responsible to uphold?
- Is the facility properly insured against loss of records in case of a break in?
- Do you have access to sensitive data for as long as necessary?
- Do you have a plan in place for secure destruction of hard copy and digital records once they are no longer needed?
As addressed in the questions above, it's important to note that not only your company's records management policies be fully compliant, but also any third party that handles your records. If you’re currently working with a records management company to handle document storage, secure shredding services, retention scheduling, or any other service that involves sensitive records, make sure they qualified and can guarantee they are compliant with all these laws.
If you have any questions about records management compliance, or you want to find out if a records management company is right for your business, read our free guide, Is Your Small Business in Danger?