Records Management
Self-Assessment Questionnaire

Do you have a records retention schedule? Are you wasting valuable resources and space to store documents that could be destroyed? Are you prepared to produce data in the event of litigation?

 

Assess your company's current records management practices by completing the following questions to the best of your knowledge. Then, click on the "Results" button to review your records management effectiveness.
 

1. Does any type of a Records Management program exist at your company today?

A fully matured records management program is implemented across the entire company and is part of the corporate culture. The company recognizes how this helps them with the business, legal and compliance issues.
A records management program is readily and systematically available sporadically throughout the company. Employee awareness and education is in place.
The company recognizes that a recordkeeping practice is important but a program does not exist.
It is virtually impossible to obtain information about the organization or its records in a timely fashion.

 

2. At what level does your company have managerial support for records management?

Records management activities are fully sponsored by a senior executive of the organization and he/she is responsible for all strategic aspects of the program's success.
Senior management is aware of the records management program and a records management role is defined for ongoing initiatives.
No senior executive is involved or responsible for records management. A person is assigned the tactical activities of records management.
No senior management involvement and a records administrator role does not exist.

 

3. Does the company have a Records Retention Schedule?

A record retention schedule exists and is reviewed and updated on a regular basis.
A record retention schedule exists and is consistently applied throughout the organization.
A retention schedule is available but does not encompass all records, did not go through official review and is not well known around the organization.
There is no current documented record retention schedule.

 

4. Do you ever review and dispose of unnecessary physical or electronic documents based on a defined disposition policy?

An official disposition policy exists, is understood by all, and is consistently applied throughout the organization.
An official records disposition policy exists; however the policy is not consistently followed across the organization.
Some record disposition guidelines exist; however, they are not enforced.
No documentation is disposed of in accordance with policy, standards, and applicable laws.

 

5. Do you have measures in place to ensure records are not altered from their original content?

There is a clear definition of metadata such as signatures and security for all systems and paper records to ensure the authenticity of records.
The organization has metadata assigned to a document to ensure its authenticity.
No formal process is defined for storing metadata with the record nor is there a chain of custody for records in the organization.
There are no defined processes for ensuring the origin and authenticity of a record.

 

6. Does your records program comply with state and federal laws as well as the organizations policy?

The organization complies with laws and regulations related to the handling of internal records and documents. An enterprise records management policy exists as well.
Laws and regulations are identified related to internal records but compliance is inconsistent.
The organization has defined some rules and guidelines that govern its business documents; however, the policies are not complete and there is no apparent or well defined accountability to compliance.
There is no clear definition of the records that the organization is obligated to comply with.
 

7. Do you protect your physical and electronic records to ensure that the information is kept confidential, private and privileged?

There are systems in place such as locked filing cabinets to ensure the protection of information. Auditing of compliance and protection is conducted on a regular basis
The organization has a formal written policy on the protection of confidential information. Employee training and awareness is available.
Some protection of records is performed such as a written policy, employee training and awareness on how to protect company information but this is inconsistently performed throughout the organization.
No consideration to record protection is given. Records are stored with minimal protective controls.

 

8. Are your records kept in a manner that ensures timely, effective, accurate retrieval of needed information?

We can locate and retrieve our documents on a regular basis and as needed during a legal discovery request.
Most of the time it is clear to the organization where to find documents.
Finding records is inconsistent throughout the organization. There are some policies on where and how to store documents. Legal discovery of documents is inconsistent and complicated.
Records are not readily available when needed and it is unclear on who to ask when records need to be produced.
 

Based on your records management self-assessment answers, you received a score of:
 
Refer to the matrix here for a list of document management risks associated with your company.