|
Welcome: You are responding to a survey that will provide feedback on the status of your organization’s records program. Each response is important, so please answer the questions as completely as possible. A brief definition of a generally accepted recordkeeping principle is provided at the beginning of each section to help you understand the purpose of the questions.
Canon Business Process Services defines “Records” as information created, received and maintained as evidence and information by an organization or person in pursuance of legal obligations or in the transaction of business (ISO 15489), regardless of media (paper, microfilm, electronic etc.).
This questionnaire will take approximately thirty to forty-five (30-45) minutes to complete. There are no right or wrong answers, just the responses you believe best fit your organization’s situation. Your survey responses will remain strictly confidential and data from this research will be reported only in the aggregate. Your personal information will be coded and will remain confidential. Thank you for your time and participation in this survey. The results will be analyzed and will be used to provide guidance to your company in the coming months. Please begin by clicking on the Continue button below. |
| |
|
|
|
Principle of Accountability: The responsibility for recordkeeping is formally designated to senior executives to ensure program development and program implementation. Policies and procedures are documented, formally approved, and communicated to personnel. |
| |
|
|
|
How is the function of Records Management organized in your organization? |
| |
|
|
|
|
What is the role of the Records Manager in your organization? |
| |
|
|
|
|
How is Records Management viewed within your organization? |
| |
|
|
|
|
How would you define the scope of Records Management in your organization? |
| |
|
|
|
|
What level of visibility and authority does records management have in your organization? |
| |
|
|
|
|
Does your disaster recovery plan cover hard copy? |
| |
|
|
|
|
When was the disaster recovery plan last reviewed? |
| |
|
|
|
|
Are your Records Management procedures easy to find? |
| |
|
|
|
|
Does your organization have a Records Management email policy? |
| |
|
|
|
|
To what agency or organization regulations is your company accountable? (Choose One) |
| |
|
|
|
|
Principle of Transparency: The requirement that every organization must create and manage the records documenting its recordkeeping program to ensure that the structure, processes, and activities of the program are apparent and understandable to legitimately interested parties. |
| |
|
|
|
Which statement describes how your organization views the importance of Records Management? |
| |
|
|
|
|
How easily can employees access information in your organization? |
| |
|
|
|
|
What type of controls around information access are in place in your organization? |
| |
|
|
|
|
Which system does your company use to differentiate between official record copies and duplicates? |
| |
|
|
|
|
Does your company cover Records Management procedures in its new hire orientation? |
| |
|
|
|
|
Does your company require periodic training on Records Management procedures for existing employees? |
| |
|
|
|
|
Does your company include Records Management procedures when onboarding new vendors, or initiating strategic partnerships? |
| |
|
|
|
|
Are your company’s Records Management policies and procedures available electronically on the intranet? |
| |
|
|
|
|
Are terminated employees’ computing devices analyzed for business records at exit? |
| |
|
|
|
|
Does your company have an enterprise-wide records repository? |
| |
|
|
|
|
Principle of Integrity: The ability to prove that a record is authentic and unaltered. Authentication requires proof that a document comes from the person, organization, or other legal entity claiming to be its author or authorizing authority. |
| |
|
|
|
What is the process for authentication in your organization? |
| |
|
|
|
|
How is the “chain of custody” process defined in your organization? |
| |
|
|
|
|
What is the process for confirming the integrity of Records Management in your organization? |
| |
|
|
|
|
What is your process around integrity audits? |
| |
|
|
|
|
Are employees allowed to bring their own devices, such as smartphones, tablets or external storage devices to work? |
| |
|
|
|
|
Does your organization operate corporate wikis, blogs or social media applications? |
| |
|
|
|
|
Who monitors those wikis, blogs or social media applications for business-related postings? |
| |
|
|
|
|
Are private clouds addressed in a policy that is used to back up personal devices such as tablets, smart phones, and laptops? |
| |
|
|
|
|
What information management systems are utilized? (select all that apply) |
| |
|
|
|
|
|
Where is data stored? (select all that apply) |
| |
|
|
|
|
|
What information sharing tools are used? (select all that apply) |
| |
|
|
|
|
|
Do you permanently remove the information from information sharing tools? |
| |
|
|
|
|
Principle of Protection: The requirement that a security structure is in place so only personnel with the appropriate level of security or clearance can gain access to varying levels of information. |
| |
|
|
|
How is privacy of information handled in your organization? |
| |
|
|
|
|
What types of access controls are in place? |
| |
|
|
|
|
What policies are in place around storage and transmission of information? |
| |
|
|
|
|
What compliance measures are in place? |
| |
|
|
|
|
How often does the company conduct a test of the privacy protections in place? |
| |
|
|
|
|
Principle of Availability: The ability to identify, locate, and retrieve the records and related information required to support business activities and having an efficient and intuitive set of methods and tools to organize records. |
| |
|
|
|
How available is information when you need it in your organization? |
| |
|
|
|
|
What statement best describes the availability of records in your organization? |
| |
|
|
|
|
What tools do you have at your disposal to aid with retrieval of records? |
| |
|
|
|
|
What is the state of your legal discovery process? |
| |
|
|
|
|
Is there an enterprise-wide classification plan in place? |
| |
|
|
|
|
Is remote access provided to business records? |
| |
|
|
|
|
How does an employee know that a record exists? |
| |
|
|
|
|
When does the records department know that a record exists? |
| |
|
|
|
|
Does the records department provide instruction on record creation? |
| |
|
|
|
|
Are barcodes used when creating a hardcopy record? |
| |
|
|
|
|
Has your company ever settled a lawsuit because responsive materials could not be found? |
| |
|
|
|
|
Has your company ever paid a fine to a government agency because records could not be produced in an audit? |
| |
|
|
|
|
Principle of Compliance: The adoption and enforcement of policies to direct and control recordkeeping and ensure proof that the organization’s activities are conducted in a lawful manner and legal requirements are being adhered to. |
| |
|
|
|
What guidelines exist in your organization around compliance? |
| |
|
|
|
|
What is the process for following those guidelines? |
| |
|
|
|
|
What is the structure for managing compliance in your organization? |
| |
|
|
|
|
What is your organization’s approach to the “Hold Process”? |
| |
|
|
|
|
When was the last recordkeeping compliance audit conducted? |
| |
|
|
|
|
Has your company undergone any of the following audits? (Select all that apply) |
| |
|
|
|
|
|
Has your company experienced a judgment of spoliation or adverse inference because records could not be produced for court? |
| |
|
|
|
|
Principle of Retention: The concept of document life cycle, which is the time period from the creation of a record to its final disposition, which addresses legal and regulatory compliance, fiscal accountability, operational business needs and historical information. |
| |
|
|
|
What is the status of records retention in your organization? |
| |
|
|
|
|
How is the Retention Schedule managed? |
| |
|
|
|
|
How familiar are employees with the Retention Schedule and what is their role in it? |
| |
|
|
|
|
What types of records does your organization's Retention Schedule cover? |
| |
|
|
|
|
Does the Retention Schedule apply to shared drives? |
| |
|
|
|
|
Does the Retention Schedule apply to back up tapes? |
| |
|
|
|
|
How often is the Retention Schedule updated? |
| |
|
|
|
|
Does your company hold an annual clean up day for records? |
| |
|
|
|
|
Is there a procedure to ensure that records that are eligible for destruction are, in fact, destroyed? |
| |
|
|
|
|
Principle of Disposition: At end of lifecycle, there is a schedule in place for the destruction, return to clients, transfer to another organization in connection with a divestiture, or transfer to an historical archive of records. Disposition can be suspended in the event of pending or ongoing litigation or audit. |
| |
|
|
|
What is the process for disposition in your organization? |
| |
|
|
|
|
How is the process of disposition managed in your organization? |
| |
|
|
|
|
Do individual employees have the right to delete electronic records from shared and personal drives? |
| |
|
|
|
|
Are there guidelines that cover data stored on office equipment such as multi-function devices, replaced workstations, and replaced laptops? |
| |
|
|
|
|
How is the destruction of electronic records documented? |
| |
|
|
|
|
Do you believe all corporate goals related to Records Management are being met? |
| |
|
|
|
|
If not, what remains to be done? |
| |
|
|
|
|
| Are there any comments you would like to make regarding any of the above questions? | | |
|
|
|