Global organisation improves compliance with clear data retention policies
Introduction
This global organisation is made up of independent professional services firms providing audit, legal, tax and advisory services. It operates in 143 countries and territories with more than 275,000 partners and employees working in member firms around the world.
Business drivers
This international business receives, creates and maintains significant volumes of information and data about and on behalf of their clients, which are stored on over 400 different systems and platforms.
The company has an obligation to manage and maintain these records – not only to uphold compliance with their own legal and regulatory obligations – but also to meet specific client requirements.
Some of their clients also have the right to audit how their records are managed, so ensuring records are well managed is essential to both their business income and their professional reputation. The organisation was concerned that it was retaining records after their retention periods had expired and urgently needed professional advice to address these concerns.
Key requirements
Metataxis was approached to provide expert information and records management retention advice and support over an 18-month period.
We were asked to:
- Review existing information and records management practices
- Develop an information management strategy and associated implementation roadmap
- Review the existing records retention schedule
- Undertake an audit of how well retention is applied across all their systems
- Provide expert advice and guidance to effectively implement new retention and destruction policies
The Metataxis approach
To kickstart the project, we initially undertook a short scoping study to understand and identify the scope of the records management challenge. Based on the results of this scoping study, we were then able to develop a clear information management strategy and present a high-level approach to remediation.
The high-level remediation actions that we proposed and then continued to support the business included:
- Review and further development of appropriate policies and guidance
- Full review and update of the retention schedule
- Complete systems audit, which resulted in the creation of an information and systems asset register
- Defined criteria and a decision tree for the destruction of legacy information and records (both paper and digital)
- Assessment criteria and an associated decision tree to support business areas to prioritise the remediation of their systems and platforms and successfully implement destruction of time-expired records
Business benefits
As a result of the work, this global organisation obtained a clear and comprehensive view of the size of all their system’s non-compliance with records retention.
They also had a detailed remediation plan for each of these systems, which each business unit was able to work through to address any non-compliance issues. We were also able to provide the Company Board with greater clarity on the information risk they were facing and assurance of which systems were, and which systems were not, managing records in line with the retention schedule.
More success stories
Records remediation addresses compliance challenge
Learn how we helped how a a multinational insurance firm maintains compliance and saves storage costs with a new records remediation programme.
Addressing records management retention
Read how we helped a global organisation maintain compliance and professional reputation with clear records management retention policies.
Information strategy delivers clarity
Discover how a new information management strategy helps a UK regulator confidently address information governance challenges.
