ARMA Boston Spring Seminar 2011 Jesse Wilkins, CRM

2  Developing an policy  Identifying and classifying messages as records  Managing the inbox better – by managing less  Better collaboration WITHOUT

4  policy elements  Policy statements  The policy development framework

6  Every organization’s policy will be different ◦ Public vs. private sector ◦ Regulatory requirements, both horizontal and vertical  There are some common areas that should be addressed  Lots of references and examples available

7  Purpose  Scope  Responsibilities  Definitions  Policy statements  References

8 This policy has three purposes: 1. Establish definitions relevant to the management program 2. Describe usage policies relating to 3. Describe security and technology policies relating to Scope: This policy is applicable to the entire enterprise.

9  Responsibilities for policy development and maintenance  Responsibilities for policy administration  Responsibilities for compliance with policy

10  Uncommon terms  Common terms used in an uncommon fashion  Acronyms and abbreviations

11  Many different elements available  Detailed in the next section

12  List any references used to develop the policy ◦ Internal strategic documents ◦ Records program governance instruments ◦ Statutes and regulations ◦ Publications ◦ Examples and templates

13  Detailed instructions for complying with policies ◦ Often separate document(s)  Each of the policy statements will have one or more procedures  May be specific to process, business unit, jurisdiction, and/or application

15  Most common element of policies today  Typically addresses things NOT to do: ◦ Obscene language or sexual content ◦ Jokes, chain letters, business solicitation ◦ Racial, ethnic, religious, or other slurs  May address signature blocks ◦ Standardization, URLs, pictures

16  Guidance on writing s ◦ Wording and punctuation ◦ Spell check and grammar check ◦ Effective subject lines  Guidance on etiquette  Guidance on addressees

17  Whether personal usage is allowed  Any limitations to personal usage  Separation of personal and business usage within individual messages  Personal account access

18  Whether is considered to be owned by the organization  Responsibility for stewardship of messages, both sent and received  Privacy and monitoring  Third-party access

19  is a medium, not a record type or series  messages can be records  Other information objects that might need to be treated as records ◦ Read receipts ◦ Bounced messages

20  can be subject to discovery  Assigns responsibility for communicating legal holds  Describes whether or not disclaimers will be used and how  May outline privilege issues

21  Outlines whether encryption is allowed ◦ What approaches to use  Whether digital signatures are allowed ◦ What approaches to use

22  Most often found as part of general policies for remote workers  Requirements for mobile devices  Requirements for web-based access  Synchronization and login requirements

23  Addresses whether will be archived  Addresses whether personal archives will be allowed  May address backups – but backups are not archives  May also address public or managed folders

24  Attachment limitations ◦ Whether they can be sent at all ◦ Size limitations ◦ Content type limitations  Attachments vs. links  Content filtering  Encryption and DRM

26  Approach to developing and implementing a policy  Ensures that policy development is consistent with organizational goals  Ensures that policy meets legal and regulatory requirements

27  Policy development requires time and energy from users and stakeholders  So does policy implementation  Ongoing compliance will require auditing and communication  None of this happens without management support

28  Policy should address the entire enterprise  Stakeholders should include: ◦ Business unit managers ◦ End users ◦ Legal, RM, IT ◦ External customers and partners

29  What changes are being introduced? ◦ Processes, technologies  What are the desired outcomes?  What behavioral changes should result?

30  Legal research  Organizational research  Public research ◦ Standards and guidelines ◦ Benchmarking  Consult with similarorganizations  Analyze the results

31  Collaborative and iterative process  There are a number of resources available to provide an policy framework  These are starting points and need to be customized for your requirements

32  Review by legal, HR, users  Ensures it is valid  Ensures it will work within existing organizational culture  Change management

33  Policy is reviewed by business managers, senior management  Complete revisions as necessary  Approve the policy

34  Communication  Training  Auditing

35  Monitor for compliance with policy  Solicit feedback about policy  Provide refresher training as required  Consider whether to retain previous versions of the policy  Plan for periodic review and maintenance

36