Information Management
Self-Assessment Questionnaire

Do you have a record retention schedule? Are you wasting valuable resources and space to store documents that could be destroyed? Are you prepared to produce data in the event of ?

 

Assess your company's current records management practices by completing the following questions to the best of your knowledge. Then, click on the "Results" button to review your document storage effectiveness.
 

1. Does any type of an Information Management program exist at your company today?

A fully matured information management program is implemented across the entire company and is part of the corporate culture. The company recognizes how this helps them with the business, legal and regulatory compliance issues.
An information management program is readily and systematically available sporadically throughout the company. Employee awareness and education is in place.
The company recognizes that a record retention schedule is important but a program does not exist.
It is virtually impossible to obtain information about the organization or its records in a timely fashion.

 

2. At what level does your company have managerial support for information management?

Information management activities are fully sponsored by a senior executive of the organization and he/she is responsible for all strategic aspects of the program's success.
Senior management is aware of the information management program and a document storage management role is defined for ongoing initiatives.
No senior executive is involved or responsible for information management. A person is assigned the tactical activities of document storage.
No senior management involvement and a information management administrator role does not exist.

 

3. Does the company have a Record Retention Schedule ?

A record retention schedule exists and is reviewed and updated on a regular basis.
A record retention schedule exists and is consistently applied throughout the organization.
A record retention schedule is available but does not encompass all data, did not go through official review and is not well known around the organization.
There is no current documented record retention schedule.

 

4. Do you ever review and dispose of unnecessary physical or electronic documents based on a defined disposition policy?

An official disposition policy exists, is understood by all, and is consistently applied throughout the organization.
An official document disposition policy exists; however the policy is not consistently followed across the organization.
Some document disposition guidelines exist; however, they are not enforced.
No document is disposed of in accordance with policy, standards, and applicable laws.

 

5. Do you have measures in place to ensure documents are not altered from their original content?

There is a clear definition of metadata such as signatures and security for all systems and paper records to ensure the authenticity of records.
The organization has metadata assigned to a document to ensure its authenticity.
No formal process is defined for storing metadata with the document nor is there a chain of custody for documents in the organization.
There are no defined processes for ensuring the origin and authenticity of a document.

 

6. Does your document storage program comply with state and federal laws as well as the organizations policy?

The organization complies with laws and regulations related to the handling of internal documents. An enterprise information management policy exists as well.
Laws and regulations are identified related to internal documents but compliance is inconsistent.
The organization has defined some rules and guidelines that govern its business documents; however, the policies are not complete and there is no apparent or well defined accountability to compliance.
There is no clear definition of the documents that the organization is obligated to comply with.
 

7. Do you protect your physical and electronic documents to ensure that the information is kept confidential, private and privileged?

There are systems in place such as locked filing cabinets to ensure the protection of information. Auditing of compliance and protection is conducted on a regular basis
The organization has a formal written policy on the protection of confidential information. Employee training and awareness is available.
Some protection of documents is performed such as a written policy, employee training and awareness on how to protect company information but this is inconsistently performed throughout the organization.
No consideration to document protection is given. Documents are stored with minimal protective controls.

 

8. Is your information kept in a manner that ensures timely, effective, accurate retrieval of needed information?

We can locate and retrieve our documents on a regular basis and as needed during an ediscovery request.
Most of the time it is clear to the organization where to find documents.
Finding records is inconsistent throughout the organization. There are some policies on where and how to store documents. Ediscovery of documents is inconsistent and complicated.
Information is not readily available when needed and it is unclear on who to ask when documents need to be produced.
 

Based on your information management self-assessment answers, you received a score of:
 
Refer to the matrix here for a list of document storage risks associated with your company.