How to develop and implement an effective RIM policy.

• Author: Richardson, Blake E.
• Position: RIM UNDAMENTALS - Records and information management

Business policies provide an organizational framework in which employees are expected to operate. Effective policies provide clear directions and expectations, enhancing consistency and eliminating employee "guess-work" factor. Policies should cover a multitude of topics, from business ethics to sexual harassment to travel and entertainment and, yes, records and information management (RIM).

Of course, not all policies are created equally. While some policies leave the employee with a clear understanding of what to do, others are ambiguous, leading to misinterpretation and inconsistent behavior. It is difficult to govern behavior with policies employees cannot understand. So, keep the language simple. Avoid verbosity, acronyms, and complex sentences. Policy writers must also keep in mind that they know the subject matter much better than most readers do.

It is important to note that a policy should communicate to employees what to do, not how to do it. The policy message can quickly become lost when individual procedural steps are incorporated. Employees are left to separate what they should do from how to do it. However, it is appropriate in a policy document to say that procedures related to a policy exist and where they are.

Policies communicate specific guidance and expectations that they will be complied with - both internally and externally. But, employees must have the necessary resources to comply; a policy must not set up employees for failure.

Basic Policy Components

The following sections describe basic policy components that should be included.

Purpose

A policy should begin by stating its purpose and what it addresses. Here is one example of describing the purpose of a RIM policy:

This policy is intended to assist all employees in effectively managing the organization's records and information. It will help ensure that all records and information necessary for fulfilling operational, legal, regulatory, and tax responsibilities are readily accessible and retained for the appropriate period and properly disposed of when their retention period has expired and they have been approved for destruction or deletion.

Scope

A policy scope summarizes the policy and identifies whom it applies to. For example, "This policy applies to all company and temporary employees as well as contractors, and it governs the management of physical and electronic information."

Glossary

Because a policy often includes terminology that some employees might not know, always include a glossary. Electronically posted policies often contain hyperlinks to each definition.

Audits

Inform all parties included in the scope that policy compliance is subject to internal and external audit.

Basic RIM Components

After establishing basic policy components, focus on RIM-specific topics that will help ensure that...