Data & Records Management – Important Components for Success
By John Bree
When faced with a challenge to develop a new programme, enhance an existing process to meet new requirements or respond to an Audit and/or Regulatory finding, the importance of foundational and operational components cannot be overstated. TGP’s approach is thorough and comprehensive.
As a first step, a records and data inventory project will be initiated to determine where and how records are currently stored, and the cost. TGP will perform a complete end to end data/records lifecycle review to identify and accelerate real operational and cost efficiencies, coupled with enhanced regulatory compliance.
A successful review process will track data and records from “Point of Creation” through Routine Usage, Data Tagging, Cross Functional Sharing, Data-set Reduction, Data Enhancement, Privacy/Confidentiality Ratings, COB storage, Long Term Storage, Legal Holds, Retrieval, and ultimately Destruction.
Within these 11 Steps are a number of important considerations that must be carefully addressed. For example, an important consideration in Retrieval is a clear understanding of the original platform/system at the creation stage and complementary platforms/systems throughout the lifecycle to ensure that these platforms/systems will be maintained until record retention is no longer required. Data and records that are maintained where a platform/system has been or will be decommissioned need special consideration.
High Level Considerations:
- Creation: Automated or Manual; Internal or External; Originator or Receiver
- Routine Usage: User analysis to determine frequency of routine program support versus incident retrieval
- Data Tagging: Can a tracking component be assigned at initial entry point and maintained throughout the process?
- Cross Functional Sharing: All internal and external users who require the dataset for routine and reconciliation type functions
- Data-set Reduction/Enhancement: Is the dataset changed during the lifecycle? For example, SWIFT transactions are sometimes stripped of unnecessary data or enhanced during the process. Travel Rule compliance.
- Privacy/Confidentiality Ratings: Initial rating may change during the lifecycle and storage/access must be based on the final rating.
- COB vs. Long Term Storage: Formal transition and corresponding tagging as dataset move from COB and Disaster Recovery status to permanent storage.
- Legal Holds: Processing Legal holds at various stages in the lifecycle and addressing platform/system availability timelines
- Retrieval: Routine for adjustment/reconciliation as well as eDiscovery type situations
- Destruction: One schedule for all types to ensure maximum jurisdictional retention requirements are met, or annual updates to ensure compliance with Regulatory requirement changes.
Speak with TGP’s team of specialists about a comprehensive review. Our teams will bring decades of expertise and practical, hands-on, industry experience to address your priorities. We will make sure all relevant stakeholders are consulted, developing compliant, practical and efficient retention policies and procedures to meet your company’s needs and challenges.