[00:00:01] Speaker A: Hello. Thank you for joining us. This is what Counts, a podcast created by Trailblazer Consulting. Here we highlight proven solutions developed through our experience working with companies across various industries, and we talk about how you can apply these solutions to your company. We share our experience solving information management challenges like creating and implementing your records retention schedule, creating an asset data hierarchy, or helping with email management. The this is Lee and in this episode, Moore and I will talk about policy as it refers to Trailblazer Framework and where the devil and the details lie under that section.
[00:00:39] Speaker B: All right, so to catch everybody up in case you aren't hanging on our every word, we introduced our Information governance Framework about two episodes ago, talked about the different parts of an information governance program, and then in our most recent episode, we talked about the devil in the details when it comes to governance roles and responsibilities, not letting things fall through the cracks, bringing together parts of the organization that maybe don't always work together because they're sort of in divide and conquer mode and how that impacts your ability to do a good job managing your information.
So now policy.
Many, many years ago when I did one of my first presentations on records management, I had a big megaphone looking thing on my slide that started with policy as the most important thing and that fed into your sort of traditional triangle of people, process and technology and that you couldn't jump to people, process and technology if you didn't have the policy. Because the policy when it comes to record keeping is, is the what it's how do you, how do you know what your people, process and technology should be pointed at?
So I often say you're not doing records management for records management's sake. And that is true. You are doing this because it's going to help your business in some way. It's going to make you more efficient. It's going to help you find new insights in your data. It's going to make you operate safely, it's going to help you remain in compliance with all applicable laws and regulations so that you're allowed to continue operating. It's going to help you keep track of who owes you money so that you can be profitable in your or at least so you can be solvent and have revenue coming in. Understanding your cost versus what your revenue is is going to help keep you profitable. So the records that underlie all of those parts of your business are the reason we're here talking about information governance and your policies are where you get to articulate what's important.
So I think I've said before the policy statements are typically short. They're declarative. We will follow all the rules. We will maintain the records that show that we follow all the rules.
The devil in the details. When it comes to policy, there's a couple of them.
One, it's not making. Not trying to make your policies so detailed and perfect that you can anticipate every way that anybody might ever possibly argue with you about it or find a way around the policy. And I know, Lee, that you are. I saw you smile there, remembering one of our clients that you worked with for a long time trying to get to that perfect, perfect, perfect policy document.
[00:03:42] Speaker A: Yeah. Trying to fit this policy in a corporate setting that also had field offices and just wanted to anticipate every single action, every single question that either one could have, either corporate setting or the field office setting, and try to write that into a policy. I mean, you just. You're just stretching yourself way too far.
[00:04:06] Speaker B: Yes. You're trying to anticipate all these. I felt like that she was trying to anticipate argument like. And loopholes and ways around it. And so one of the things that I learned from that experience was if you're so worried about people arguing and not following your policy, then let's rethink the policy, because it needs to be something that's clear and it doesn't have to stand alone. Remember our. I've said before, it's not enough to just write a good policy. You have to have a program behind it. You have to have process and technology that supports implementing that policy.
You can't write a policy that's impossible to follow.
So that's one of the things, the second thing around policy is really understanding and doing, spending time analyzing what are the most important policies as it comes to information. And typically, those policies should reflect and support your company goals, your organizational goals. So safe operation, profitable operation, growth, legal operation, all of those things focused on how do you run your business? And then how does information impact that for good or for worse, better or worse? And how can you write a policy to help you do that?
And there's kind of a negative, sometimes a negative connotation about policy. Like, we don't need no stinking policies. People know what to do.
But it's. But that is actually, I think, patently untrue. It's just something people tell themselves because you have policies, you just might not have written them down.
So getting the support to write the policy down is part of this. For instance, it seems reasonable to say, if you have a contract with a vendor and that vendor fails to deliver, then your company policies don't have another contract with them. But if you have multiple groups that are allowed to make contracts and one feels like, well, they always got what they needed from this contractor, so who cares about the other three that didn't and there's no rule against it, then how do you, then how do you move forward? And you might want to try and enforce it through a system by blocking people's access to that contractor. Nope, you can't pick them to make them a contract.
But that's kind of a weak approach because ultimately they're going to be able to get around it. If there's no written policy, there's no supported policy on that. Or how do you deviate from insurance requirements? Insurance requirements might be set out by part of your company that has the biggest risk. It might be a safety insurance requirement or environmental hazard insurance requirement. And you've set these very high standards because you have some contractors that are doing risky work for you. They are doing construction or they are doing, they are managing hazardous materials or volatile materials. And you need to have significant insurance requirements on those companies because insurance requirements are somewhat of a barrier to entry to the market. So the companies that meet that requirement are more well resourced, more established, able to get the insurance and able to keep the insurance, which means that they aren't having accidents all the time. That makes sense if the, for the part of your business that's in that high risk area, but the part of your business that is, you know, trying to manage a system implementation probably doesn't need that same level of safety insurance requirement. But if the only group that wrote it down is the, the high risk group, does everybody have to follow it? And if everybody doesn't have to follow it because you don't have a policy about that, then people start making up their own minds. And you might have a field group that says, oh, it's not that risky, we want to use these guys. So these policies and, and the consistency of them and the ability to have them apply to your company not as a one size fits all, but risk based or value based or in some other way that goes back to, you got to have the right people in the room. You need that governance structure to agree on these policies.
And once you've got the governance in place, we go next to policy because that sets the stage for the rest of the program.
[00:08:59] Speaker A: Yes, I'm glad you did that. I'm shaking my head because you tied it back into governance, which is a key component. Obviously we talked about that, but there are exceptions, right? And if one group makes an exception, that's not going to be good enough. It needs to be a governance committee or a group that understands what the exception is and puts that in place. We all know the rules are made to be broken. I'm just kidding about that. But as long as your company knows, the whole company knows what rules you're breaking, what exceptions you're making, then it's key one offs. Not that that's called a workaround. Those are not good for your organization.
[00:09:40] Speaker B: Right. Workarounds turn into big problems sometimes.
So we've got the, we don't need no stinking policies and we've got. Rules are made to be broken. The last one that often comes up is ask forgiveness, not permission.
And in the absence of a clearly stated policy and a policy that is published and communicated and that there's training around and follow up. One of the things we didn't talk about in the governance episode is you set the whole stage. You give everybody their roles and responsibilities, you train them, you have to follow up and make sure they're doing it. So we talk about compliance monitoring and it can be low key. Just, you know, as a form comes in that asks can we destroy these records here? They've met their retention requirement, here's the reason for it. And we've checked with legal and there's no legal holds. That's a compliance monitoring situation. And you can back that up by seeing did more things get deleted than were approved or are things being stored where we in the central location or is there nothing in the central location? But there's a lot of stuff in sort of random network locations that are uncontrolled. So these are ways that you can look at compliance monitoring and having your policies clearly stated, clearly communicated. That's your basis for going to the next step, which is the compliance.
How do we check? Are we following the policy?
All right, so that's a little bit of a deep, a little bit of a deeper dive into details around policy making in the information governance space and next time process.
[00:11:29] Speaker A: Can't wait. If you have any questions, please send us an email at
[email protected] or look us up on the web at www.trailblazer.us.com. Thank you for listening and please tune in to our next episode. Also, if you like this episode, please be a champion and share it with people in your social media network. As always, we appreciate you, the listeners.
Special thanks goes to Jason Blake, who created our music.
