Let’s start by asking what is an information policy? Though organisations will vary on the scope of a policy, it is generally a document that has been approved by senior management that covers how employees create, access, store, and dispose of information whether of a personal or business nature. It should cover all the information assets held by the organisation, including emails, and be easily accessible to all staff – perhaps on the intranet or held within the ‘policy’ folder of the business. Aspects of it could also be available for the public, particularly if your organisation is subject to freedom of information legislation.
It needs to define such topics as what a record is, how long it’s likely to be kept for before requireing review or dispostion, where records are to be stored, how long records stay active for, which records are vital to the organisation, how emails and their attachments ought to be stored, the procedure for setting up records, the policy for accessing and returning records, which templates to use for which record types (such as invoices, payslips, annual reports and so on), what metadata needs to be catured, and how these clauses of the policy are to brought together.
It needn’t be just a policy for records handling, either. Other policies such as staff conduct on the internet, whether to include the entire string when sending replies or forwards of emails, use of the corporate information from a home computer or wirelss network, and what the limit of information to be stored on hard-drives or email folders is can also be included to ensure all such relevant topics are covered and available in one place.
Not every organisation has an information management policy, and many conduct their business admirably without one. Certain instances will alert such organisations to the needs for one, however, and invariably this will be at that critical ‘its too late’ moment. If, for example, a senior staff member or their secretary leaves abruptly and their information – both physical and electronic – is in a shambles. Alternatively, and I hope this never happens to you, reader, is if a disaster strikes. Knowing how to get the business back on its feet would be all but impossible if no information management policy is in place.
The usefulness of an information policy to those organisations that have them will be self-evident, however. Right from the start, when new staff come into the organisation, a significant part of their induction will be training on aspects of the information management policy. For example, whenever new files need to be created, it’s imperative that a standard is used to capture all the required metadata in a consistent manner so it can be found at a later stage, so an information management policy will introduce consistency of record handling right from the start of a new employee’s career in your organisation..
Courts can take particular interest in such policies, especially if numerous files have been destroyed. An information management policy can direct the judge to a consistent reason for their destruction. Without one, it can seem arbitrary and perhaps done with the intent of covering something up.
Finally, where an information management policy is well marketed and there is buy-in to it, everyone in the organisation will be aware that their peers expect them to behave in a certain manner for the good of the entire organisation, and this has a profound unifying effect on the management of information throughout the organisation. People will trust one another to implement the policies in their day to day tasks, and find the accessibility of information that other people have created to be a great boon to their own work.
In later editions of Information Handyman we’ll be looking into creating stages of an information management policy in a lot more depth.