Océ RNA Maturity Model Questionnaire

Exit Survey »

Welcome:
You have been identified by your management as one of a small number of people with the business acumen necessary to complete this questionnaire so every response is required. It will take approximately 45 minutes to complete the questionnaire.

There are no right or wrong answers - just the answer that you think best fits the situation at your company at this time.

Your survey responses will be strictly confidential and data from this research will be reported only in the aggregate. Your information will be coded and will remain confidential. If you have questions at any time about the survey or the procedures, you may contact Michael Field at 212-502-1489 or by email at [email protected].

Thank you very much for your time and attention to this tool your management will use to guide the company in the coming months.

Please start with the survey now by clicking on the Continue button below.

Implementation of Records Management Principles

In each of the following sections, pick the answer for each question that best describes the current situation at your firm. There are no ‘right or wrong’ answers, just what is currently implemented at your company. In order to answer these questions, you do not need to be a Records Management expert, but to help you understand purpose of the questions a short definition is provided within each section.

Principle of Accountability

Accountability embodies the following: Responsibility for recordkeeping is formally designated to ensure program development & program implementation. Policies and procedures are documented, formally approved, and communicated to personnel. The program is monitored for compliance; any areas requiring improvement are identified and improvements are implemented. Governance is established through the organization, assigning defined roles and responsibilities Auditability, the process designed to prove the program is accomplishing its goals while seeking areas for improvement to further protect the organization and its records, is in place.

Implementation of Records Management Accountability: Organization Structure

Records Management is not a well formed organization; RM operational aspects report to multiple functional managers

Records Management department is a recognized department but operates without direct senior management oversight and control

Records Management reports in to a Director level position

Records Management reports in to a VP level position

Records Management reports in to C-level position

Existence and Scope of a Records Management Functional Manager

No identifiable Records Manager position exists or Records Management oversight is an administrative role distributed among non-dedicated staff.

Records Management functional manager is in place but doesn't own electronic records

Records Management functional manager is in place and owns both paper and electronic records

Records Management functional manager is in place and is a director level or equivalently high level officer

Records Management functional manager is in place and reports to a C-level position

Records Management Orientation

Records Management is tactical, i.e. focused on day to day activities only, and is disorganized

Records Management is tactical, focused on day to day activities only, but is well organized

Records Management is mostly tactical with some strategic, long term initiatives

Records Management has strategic and tactical aspects integrated

Records Management’s strategic goals are elevated to top level consideration as impactful to the overall corporate well-being

Records Management Scope

Records Management operations handle paper records for a cluster of local departments

The Records Management operations’ scope encompasses the entire company but processes paper records only

Records Management operations’ scope encompasses the entire company and covers both paper and electronic records

Records Management is integrated companywide, covers all media forms and the importance of RM is visibly recognized by senior management

Records Management Visibility

Only the departments that actively use the records management functions are aware of them

Some departments that don’t normally handle documents know to check with Records Management when they have a document related project

There are ongoing Records Management active initiatives within the company; senior management has awareness of Records Management

Records Management has full executive sponsorship which in turn makes most department aware of its functions

Senior management has ownership of Records Management and the high visibility makes everyone aware of the importance of records management

Would you say all corporate goals related to accountability are being met? If not, what remains to be done?

Principle of Transparency

Transparency embodies the requirement that every organization must create and manage the records documenting its recordkeeping program to ensure that the structure, processes, and activities of the program are apparent and understandable to legitimately interested parties and that the records documenting the program and its activities are reasonably available to them.

Transparency Adoption

No emphasis on the importance of Records

Some realization of the importance of Records

Records Management is taken seriously in the organization

Records Management is an essential part of the organization’s corporate culture

Records Management is a key component of information governance in the organization

Access to Information

Access to information is difficult; requests are not readily accommodated;

Access to information is limited;

Information is readily available

Software tools to assist access to information

Transparency Implementation

No established controls for information access exist

Control of information access exists in some areas but is not systematic

Information has systematic availability; there is a written policy regarding transparency

Information access is monitored for compliance

There are continuous improvement programs covering transparency

Would you say all corporate goals related to information transparency are being met? If not, what remains to be done?

Principle of Integrity

Integrity embodies the following: the ability to prove that a record is authentic and unaltered. Authentication requires proof that a document comes from the person, organization, or other legal entity claiming to be its author or authorizing authority.

Integrity Authentication

There is no defined process for authentication

There is some data for authentication such as indices for physical records and metadata for electronic records but there is no systematic process

There is a formal process for integrity authentication

There is a clear, well established process for integrity authentication with high level requirements

There is a clear, well established process for integrity authentication with high level requirements that is applicable to new systems as they are developed

Chain of Custody

Chain of custody processes are ad hoc, vary by department and are not trustworthy

There is an emerging process but no formal process for chain of custody

There is a formal process for chain of custody covering physical and/or electronic records

The process for chain of custody has security and signature requirements allowing for both physical and electronic records

There is a clear, well established process for chain of custody with high level requirements that is applicable to new systems as they are developed

Integrity Processes

Integrity processes are ad hoc, vary by department and are not trustworthy

There is an emerging process but no formal process for integrity but local variations exist

Compliance of the integrity process has been verified

The integrity process is advanced to the point metadata is integral with the RM process

The integrity process is consistent across the enterprise and is explicit as to the requirements

Integrity Audits

Integrity audits are not conducted

Integrity audits are conducted but are not regular

There are regular integrity audits that are easy to execute because of the integration of the process

Would you say all corporate goals related to information integrity are being met? If not, what remains to be done?

Principle of Protection

Protection embodies the following: protection requires an appropriate security structure so only personnel with the appropriate level of security or clearance can gain access to the information. Further information is secure from “leaking” outside the organization. Finally, an organization’s audit program must have a clear process to ascertain whether sensitive information is being handled in accordance with the protection policies.

Privacy Protection Adoption

No consideration is given to the protection and/or privacy of information in the records being managed

Some consideration is given to the protection of information privacy

A formal written policy and supporting procedures exist for the protection of information privacy

Systematic protection of sensitive information is provided by implemented procedures and applications

The protection of information including the privacy of records has recognized value at the senior management level; because of this inadvertent disclosure is rare

Access Controls

Access control to a record is assigned by the author or individual records manager

Access control is centralized but not uniform and automated

Uniform procedures and automated systems provide access control protection

Continuous improvement programs exist to make sure access control stays compliant and tracks technology changes

Storage and Transmission

The storage and transfer of information and records is not regulated by policy and is at times haphazard

A policy exists for some aspects of storage and transmission of managed information but it is not complete or not well implemented

There is a formal written policy and implementing procedures covering the key aspects of records and information asset storage and transmission

Systematic protection of information and records is provided by a uniformly applied policy and assisting technology

Continuous improvement programs exist to make sure the storage and transmission protection stays compliant and tracks technology changes

Compliance

Monitoring and enforcement of protection policies is decentralized

Information is protected by a written policy but it has limitations

Compliance audits are conducted in regulated areas of the company; employee training is provided

Compliance audits are conducted on regular basis across the enterprise; employees are trained and tested for competency

Compliance to the protection policy has senior management attention including audit information review

Would you say all corporate goals related to information protection are being met? If not, what remains to be done?

Principle of Availability

Availability embodies the following: the ability to identify, locate, and retrieve the records and related information required to support its ongoing business activities; having an efficient and intuitive set of methods and tools to organize the records of the organization; providing employees and agents with sufficient training to utilize these tools successfully; and removal of obsolete or redundant records in adherence with the organization’s records retention policies.

Availability of Information When and Where Needed

Records and other information assets are not readily available

Records retrieval mechanisms have been deployed in some areas

There are established standards for availability for guidance

Clear policies exist and are implemented to make records and information readily available when and where needed

Policies and processes concerning the availability of information are reviewed and supported by senior management as business drivers

Availability Organizational Issues

Retrieval of records takes time and the 'official' version is hard to identify

There is spotty implementation of retrieval mechanisms; no standards exist as to how readily information should be available to knowledge workers

The ‘Official' version of a record is identifiable and retrievable 'most of the time'

Records and information assets are consistently and readily available so employees have ready access to the information they need to do their job

There is organized knowledge worker training on availability; continuous improvement programs exist to make sure implementation is state of the art

Tools for Availability

Automated retrieval tools to assist availability are few; information is lacking indices, metadata, and/or locators

No standard tools are deployed enterprise-wide; some classification and/or retrieval tools exist in some areas

Consistent classification, storage and retrieval mechanisms are deployed across the enterprise

There is a centralized inventory of identified information assets that is used to assist access to records

Information access processes and tools are continuously upgraded to realize the ROI of availability

Legal Discovery

Legal discovery is a difficult due to issues of availability

Legal discovery is more complicated & costly than it should be; inconsistent availability of information is an issue

A well defined, systematic process exists to execute legal discovery

All appropriate systems in place to implement the legal discovery process including an automated hold process

Continuous improvement programs with senior management support exist to make sure the legal discovery process is state of the art

Would you say all corporate goals related to availability are being met? If not, what remains to be done?

Principle of Compliance

Compliance embodies: adopting and enforcing suitable policies to direct and control its recordkeeping, assuring the recordkeeping system contains information showing that the organization’s activities are conducted in a lawful manner, and legal requirements such as requirements to maintain tax or other records.

Compliance Adoption

Clear guidelines for records retention don’t exist; compliance with applicable regulations is not defensible

Some policies and implementing procedures related to compliance exist but are not complete

Relevant laws and regulations have been identified and addressed by compliance programs; compliance is highly valued in the organization

Records are retained and linked to compliance metadata or other evidencing mechanism

Policies and procedures are in place so no adverse consequences are expected due to compliance failures

Compliance Implementation

Records are not managed in accordance with generally recognized principles

Some compliance policies and operational procedures have been implemented but are not complete

There is systematic, principled Records creation, capture, storage and disposition enterprise wide

There are systems to capture and protect; employees are trained on the systems; regular audits document compliance

All of the audit gaps have been addressed and there is a program for continuous improvement

Compliance Organizational Issues

Compliance activities are decentralized; there are no compliance standards; there is no oversight of compliance

Sporadic compliance policies exist but there is no accountability

There is a strong code of business conduct integrated into Records Management and Information Governance policies

Audits and reviews are conducted; remedial action is taken whenever needed

Auditing results are reviewed by senior management; continuous improvement is a top level mandate

Legal Hold Process

No defined or well understood legal hold process exists

A legal hold process exists but is not integrated with Information Management and discovery processes

An integrated legal hold process exists but is for critical systems only

An integrated, repeatable, enterprise-wide legal hold process with defined roles exists

The legal hold process is integral with the organization’s Information Management, records management and discovery processes

Would you say all corporate goals related to compliance are being met? If not, what remains to be done?

Principle of Retention

Retention embodies: the document life cycle, which is the time period from the creation of a record to its final disposition; addresses legal and regulatory compliance, fiscal accountability, operational business needs and historical information.

Retention Schedule

No Retention Schedule or other official procedure for actively controlling the life cycle of documents based on their classification and applicable laws exists

A Retention Schedule has been created but is not actively communicated nor well implemented and/or the Retention Schedule is not updated or maintained

A formal Retention Schedule exists and is in general, consistent use

The Retention Schedule is in use and is reviewed and adjusted whenever needed by an effective process

In addition to having an up to date and well deployed Retention Schedule, the overall principles of retention are a senior management priority

Retention Implementation

Rules and procedures are haphazard; a retention schedule may exist but is not identified, trained on and centralized

Retention schedule does not encompass all records or all needs

Defined retention related goals exist and procedures to realize these goal, such as a retention schedule , are being implemented

Records retention is well implemented due to major attention with ongoing improvements

Retention is an integrated Information Management process applying to all business info and integrated into applications; stated goals related to retention are all met

Retention Organizational Issues

Employees retain and dispose potential records based on perceived needs

A Retention Schedule exists but is not well known; little or no training on the retention procedures is done

Employees are aware of the Retention Schedule and many are able to apply it

In general, employees understand how to classify records and process reccords in acccordance with the Retention Schedule; training on the Retention Schedule procedures is in place

Information is consistently retained for appropriate periods of time

Would you say all corporate goals related to retention are being met? If not, what remains to be done?

Principle of Disposition

Disposition embodies the following: destruction, return to clients, transfer to another organization in connection with a divestiture, or transfer to an historical archive; if records are converted or migrated to new media, disposition of the previous media; suspension in the event of pending or ongoing litigation or audit.

Disposition / Transfer Process Adoption

No documented processes for disposition exist

Preliminary guidelines for disposition have been established

Official procedures for disposition have been developed

Disposition procedures have been adopted and are understood by all

Disposition processes are consistently applied and effective; further, the processes are regularly evaluated and improved

Disposition / Transfer Process Implementation

Individuals take actions without documented processes

There is sporadic enforcement and auditing of disposition processes

Disposition policies and procedures are not standardized; but a collection of individual departmental procedures is in place

There is consistent application of disposition procedures across the enterprise; further, electronic information is expunged, not just deleted

The disposition process covers all records, on all media; the disposition process is assisted by technology and integrated into applications and data storage

Legal Hold Process Ability to Halt Disposition Process

No Legal Hold process is in place across organization

There is a recognition of the need for Legal Hold and some awareness of the requirements

An official Legal Hold policy and procedures have been developed

The Legal Hold process is defined, understood and used consistently as evidenced by monitoring

The Legal Hold process is defined, understood and used consistently; to further assure no inappropriate disposition occurs, the process is assisted by technology

Would you say all corporate goals related to disposition are being met? If not, what remains to be done?

Are there any comments you would like to make regarding any of the above questions?