The ABC's of defensible disposition
Defensible disposition is the final stage of the information lifecycle and a critical component of any records and information management program. Read this whitepaper to understand the principles and actions needed to implement a successful practice.
What is defensible disposition?
With few exceptions, all information has an end-of-life point. At that time, a decision must be made to either destroy it or keep it for archival or data mining purposes, a process called document disposition. Key to the disposition decision-making process is an organisation’s legally defensible records retention schedule (RRS). Once a decision is made to destroy — or keep — records, the process must be conducted in a manner that is compliant with the organisation’s policy. This might mean secure disposition of paper records or degaussing of magnetic tapes. If records must be kept for a valid business reason, it could mean anonymising them before moving them to a data lake.
Defensible disposition is making decisions about what data can be disposed of based on an official policy and then either moving it to a secure archive or destroying it in a compliant way.
What is a records retention schedule (RRS)?
To manage official business
records properly, organisations
must have an official, authorised
records retention schedule.
Schedules are constructed by
researching how long records need
to be kept in all the jurisdictions
in which an organisation does
business. In most cases, an
organisation’s legal department
is responsible for final approval of
the research results provided by a
vendor or an internal team.
The schedule lists the functions
of an organisation — such as HR,
accounting, sales and marketing
— along with all the groups or
classes of records and examples
of each. Records are defined
as information that is created,
received, and maintained as
evidence and information by
an organisation or person in
pursuance of legal obligations
or in the transaction of business.
For each class of records, such as
accounts payable and receivable
or personnel, a retention rule is
assigned based on regulatory, legal,
and operational requirements
that specifies the length of time
the records must be retained.
For example, the rule might
require that records be retained
for 10 years after creation or
seven years after an event has
occurred. In fact, some people
prefer to call the records retention
schedule a destruction schedule
to discourage over-retention and
promote disposition.
Organisations must also make
policy decisions about how long
data and information that is not
considered official business
should be kept, whether in paper
or electronic format.