Non-compliance in the regulatory environment can result in significant fines or penalties. There are numerous laws, regulations, and standards relating specifically to the management of records, evidence, and information received or created by organizations. Some of these requirements are not well-publicized, so research and understanding is necessary to identify applicable statutory requirements, legislation, and professional standards and to define retention periods that minimize risk.

Organizations should understand the need for and develop the best practice processes that will allow for properly established strategic classification plans, disposition and retention schedules, and migration and technical conversion plans. In an analysis of strategies, design, and implementation relative to electronic records and information, consideration should be given to the following critical questions:

• Has a formal risk assessment been undertaken and a subsequent report been prepared that identifies existing dangers to your organizational records?
• Has a formal design of the organization's records system "Roadmap" been completed? Take into account the strategies, tactics, requirements, and documented deficiencies that emerged in prior investigatory stages?
• Has the formal design been structured to include specific user roles, access rights management, authentication mechanisms, and other tools to ensure the integrity of records against unauthorized alteration?

Percento Consulting assists its clients in determination and evaluation of strategies, design, and implementation of technology solutions that allow organizations to operate efficiently while mitigating risks associated with discovery compliance issues.