How to Implement a Records Retention Program for your Business
If you have boxes and piles of business records sitting idly in your office, there’s a good chance that you can get rid of some of them. But just as holding on to records longer than necessary can create identity theft liability issues, tossing documents too soon can result in a failure to meet audit and litigation requirements. Knowing which of your records to keep—and for how long—is essential in ensuring legal and regulatory compliance, as well as for supporting key business functions.
It’s common for many small business owners to apply the “seven year” retention rule to their entire records inventory. Seven years may be an adequate retention period for the following documents:
- bank statements
- accounts payable and receivable
- purchase orders
- expense reports
- vendor invoices
However, seven years should not be used as a blanket retention solution for all of your business records. Instead, it’s important to develop a records retention program that guides the lifecycle of all of the different types of records your company maintains and utilizes.
Finding guidance and resources
The scope of a records retention program varies from business to business. Highly regulated, larger organizations with multiple departments have more complex considerations than smaller businesses. However, no matter the size of your company, your records retention program will ultimately include the following processes:
- purging and destruction
Since California statutes and regulations affecting your business can be very complex, it’s important to verify applicable retention periods with your legal counsel. Your accounting and human resource advisors will also be able to provide you with retention guidelines for financial and personnel data.
A valuable reference on records management is ARMA (The Association of Records Managers and Administrators,). They have published an excellent guide, entitledGenerally Accepted Recordkeeping Principles:
1. Principle of Accountability: A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited.
2. Principle of Integrity: An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability.
3. Principle of Protection: An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection.
4. Principle of Compliance: An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies.
5. Principle of Availability: An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information.
6. Principle of Retention: An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.
7. Principle of Disposition: An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies.
8. Principle of Transparency: An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties.
If you are storing records off-site, your professional records storage and management vendor can also provide you with valuable tools and resources for organizing, accessing, retrieving and securely shredding documents and files.
The importance of a written policy
Accurate records retention requires having a formal records retention policy that can be followed throughout your company. Your policy should account for both electronic and hardcopy documents and include the following:
- retention periods
- destroy dates
- litigation hold procedures
While a written records retention policy should be strictly followed, it’s important to revisit it periodically for accommodating changing requirements and allowing for necessary revisions.
Training your staff on retention policies
It’s important to train employees how to classify, label, store and dispose of company records. Luckily your records storage and management vendor can also provide your staff with tools that will allow them to follow your records retention program while maintaining productivity. Your solution provider can offer the following options:
- file-level indexing
- one-time file purges
- scheduling of pickups and deliveries through the web
- active file management
Pacific Records Management provides records storage and management solutions for businesses throughout Fresno, Stockton, Sacramento, Modesto, and Napa and Solano Counties. For more information, please contact us by phone or fill in the form on this page.