Policy & Procedures
NSA can help you design and implement guidelines that are
intended to serve as support in the development of a Policy and
Procedures for all levels of your specific business needs. We
provide guidance in the writing of policies and procedures based on
our expertise knowledge of differential organizations. We help you
develop documents specific to your business that will address
specific regulatory requirements for policy and procedure content
in your industry.
Even though there are specific regulatory requirements for
content of Policy and Procedures documentation, the policies and
procedures themselves should be a reflection of the philosophy and
actual practices of the business. In other words, a policy and
procedure program shouldnot bean exact recitation of the
regulations; rather it should be the business' way of implementing
and being in compliance with the regulations.
An effective Policy and Procedure program is created in such a
clear, concise, and easy to follow way that anyone, whether a new
or experienced employee, administrator, vendor or third party
facilitator, can understand the context of the program
Information management policies and procedures for your business
are an important "how to" component in implementing the compliance
model. It establishes corporate policies and procedures and
strengthens your program by assigning the governing standard for
managing your program. It also defines how to maintain the
program's classification system at the departmental level. Just as
it is at the corporate level, a detailed policies and procedures
manual is perhaps the most important aspect of maintaining an
information management program at the user level.
It's simple: a policies and procedures program represents a
guide for the practical and appropriate application of your
corporate policies and procedures regarding the management of your
information. At the same time, it establishes the responsibility
and processes for individual users to manage the information that
they utilize.
Having appropriate, practical policies and procedures relating
to the management of your organization's information helps your
business know what information they own and are responsible for. It
also helps them understand the methodology for the storage,
maintenance and potential destruction of that information.
The business policies and procedures can serve as an excellent
training tool for new staff and a source of reference for existing
staff. This documentation is also crucial to review and update when
your organization changes the way it controls, stores and processes
information.
The program should contain policies, procedures and guidelines
on all of the components of a viable Records Management Program
including:
- Policy statement
- Program objectives
- Record identification
- Application of the classification and retention schedule
- Record type (paper, electronic)
- Security
- Privacy
- Storage environment and structure
- Record maintenance
- Responsibilities: management and staff
- Updating the system
A defined and documented policies and procedures program is what
allows you to ensure your organization reaps all of the benefits of
your information management programs. Not only does it outline
expectations, authority and responsibility for your information
management activities, it also ensures that your personnel will
know how to properly treat records in the file creation, active and
inactive phases of the information management lifecycle. Finally,
it assures that information is available to appropriate users on a
timely basis!
|
