Tuesday, May 26, 2009

What Executive Responsibility Means (Key #2: Executive Level Program Responsibility) - Highlights of chapter 11 of the 2d ed. of Information Nation

There are several things that senior executives can do to get the message across to all employees that IMC is important to the organization, is a core part of its day-to-day operations, and is central to its success. A statement from the CEO accompanying the Records Management policy, or located on the intranet site which houses Information Management policies, or inserted in an e-mail reminder to employees, provides the needed emphasis.

An Executive Information Management Council, containing representatives from such departments as Legal, IT, Human Resources, Finance, Records Management, Business Risk Management, Tax and Audit, Compliance, and affected business units, should have organization-wide responsibility for ensuring that the Information Management program is properly implemented throughout the company, and that needed policies and procedures are in place to address operational, legal and technical needs and requirements.

Find out what happens when executives remove records from the organization when they depart. The second edition of Information Nation, available from John W. Wiley & Sons, also describes how the chief executive can be held liable for information management failures. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, May 18, 2009

Executive Leadership, Sine Qua Non (Key #2: Executive Level Program Responsibility)-Highlights of chapter 10 of the 2d edition of Information Nation

The second Key to Information Management Compliance is executive level program responsibility. The success of an IMC program, or any program, is dependent upon the commitment of the organization’s senior management team. They must step up and take responsibility for the program’s development, implementation, and ongoing improvement.

Executive leadership is an absolute prerequisite (sine qua non). High-level, visible executive involvement and responsibility makes clear that IMC is a priority for the organization and is central to its success. Unless senior management makes Information Management activities a core responsibility, employees have little practical incentive to take their responsibilities seriously.

If the program is not pushed from the top, and, for example, comes out of the records management department, the directives will not be given priority. This happened at one of Kahn Consulting’s large clients, and the program did not get on track until the CFO and general counsel got behind it.

Funding is also critical to the success of IMC. A failure to adequately fund an Information Management program will not only contribute to its demise, but will also send the message to employees, board members, and shareholders that the organization does not take Information Management seriously.

The second edition of Information Nation, available from John W. Wiley & Sons, also describes how the chief executive can be held liable for information management failures. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Tuesday, May 12, 2009

Information Management Policy Issues (Key #1: Good Policies and Procedures) - Highlights of chapter 9 of the second edition of Information Nation)

The protection of company information is one of the key policy issues facing organizations. Software companies, for example, are often faced with high turnover in their programming staffs. Programmers will frequently make copies of the programs they create for their employers for their personal use. They may use the programs as part of their “portfolio,” examples of their work they can show to other potential employers. They may reuse the code in other projects so that they don’t have to reinvent the wheel. These practices can run up against the employer’s desire to maintain the confidentiality of their own proprietary information.

One company had apparently taken impressive measures to keep its information confidential. Each employee was required to sign a confidentiality agreement which explained the value placed on confidentiality at the company and prohibited them from taking confidential information upon their departure. Extensive steps were taken from a technology standpoint to protect information assets. Non-disclosure agreements were required when sharing information with outside entities, and documents were marked confidential and tracked using tracking software.

Nevertheless, when the company sued a programmer for taking information from the company, the court found that these measures were “barely sufficient to qualify as reasonable!” Find out what the court had to say in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Friday, May 1, 2009

Making Good Policies and Procedures (Key #1: Good Policies and Procedures) - Highlights of chapter 8 of the second edition of Information Nation

A policy and procedure structure is an essential part of making good policies and procedures. This is particularly important in large organizations with many departments having diverse needs, in order to ensure that the policies work together as seamlessly as possible. High level policy tools include:

-- a high-level Information Management and Records Management Policy Manual, which is the foundation for all other IMC policies and procedures created or adopted throughout the organization;

-- organizational retention rules, which provide retention periods for different categories of records in the organization;

-- an electronic records policy, which can be useful for bringing specific focus to electronic records issues, and

-- a Legal Hold policy, for informing affected individuals and departments when normal IMC practices must be suspended due to anticipated or commenced investigations, audits, or litigation.

Clear and unambiguous directives are important to make sure that employees understand organizational IMC objectives, and to limit interpretation, which helps to provide greater certainty about the outcome of a dispute. Clarity is important, because courts typically interpret ambiguities in favor of employees, rather than the employer who drafted the language of a policy in dispute.

The second edition of Information Nation, available from John W. Wiley & Sons, lists other characteristics of good policies and procedures. For more information, see http://www.informationnationbook.com/.

Comments? Contact the author at infonation@kahnconsultinginc.com.