Are You Keeping your Business Information Past its Expiration Date?


Just like the milk in your refrigerator, information has a shelf life. Unfortunately business information does not come pre-stamped with an expiration date. It is up to each business to develop their own best dates, after which information becomes no longer needed. It is then up to the business to responsibly get rid of their business information, otherwise it may continue to take up more and more valuable space and resources costing time and money.

One of the first steps a business can take is to list the types of information held by the business. This listing is formally called a retention schedule. Then for each type of information an expiration date is determined. These dates are formally called retention periods.

How does a business determine these dates? There are typically three main considerations when calculating these expiration dates:

  1. Business Need: the information is still needed to run the business
  2. Law: a law requires the information should be retained for a certain number of years or once some event has occurred
  3. Audit: in the event of an audit, the business would be required to have this information.

The rationale for determining the retention period should be documented, including any legal citations. This will come in handy if a judge ever questions why your business destroyed certain information, or if you are trying to remember how you came up with a certain retention period.

A retention schedule should include in addition to the names of information types and their retention periods, a brief description of the information type. In the event of multiple copies of an item, an information owner should be designated to be responsible to retain the “official” copy.

Retention schedule example:

Name Description Information Owner Retention Period
Accounts Payable Records of amounts owed or paid to outsiders Accounting Dept Year End + 7 Years
Accounts Receivable Records of amounts owed by outsiders to the business Accounting Dept Year End + 7 Years
Chart of Accounts Listing of all accounts used in the General Ledger Accounting Dept Life of Business
Banking Records of bank accounts Accounting Dept Year End + 7 Years
General Ledger Complete record of the financial transactions of a business Accounting Dept Life of Business
Benefits Administration Records of the payment of benefits to employees Human Resources Dept Termination + 6 Years
Personnel Files Records of individual employees Human Resources Dept Termination + 6 Years

Remember, the retention schedule is meant to be a living document. As your business creates new information types, they should be added to your retention schedule. Periodically the rationale for retention periods should be reviewed, especially if new law indicate a change in retention periods.

Note: if your business anticipates it will be involved in litigation, the relevant business information must not be destroyed. The retention period for the relevant business information is suspended, formally called a legal hold. The information is put on legal hold until the litigation is complete or no longer anticipated. Once the legal hold expires, the original retention period for the information is restored.

Nitza Medina-Garcia, Certified Records Manager, Records and Information Management Consultant

Contact us today! Let us help you create a retention schedule to meet your business’s needs.

InfoCompass Business Solutions

Top 5 Email Tips to Tame Your Inbox


Is your email inbox overflowing and wish you could get it under control? Below I share my top 5 email tips and my system for managing my inbox.

  1. Send less email: If you send less emails, you will get less email replies. Makes sense, right? Instead of email, use the phone or walk over to your colleague’s desk or set up a short in person chat with your client.
  2. Acknowledge email receipt: Replies do not need to be a novel. A short response of “Got it”, “Thanks” or “Will do” will help the sender know that you did indeed receive the email and have read it. Otherwise, you may get a follow up email asking to confirm receipt.
  3. Manage email subscriptions: Newsletters, social media groups such as those on Linkedin, or article feeds can clog up your inbox. At least quarterly take time to reassess if you are deriving value from these subscriptions. Do you like the content, but are just receiving too many individual emails? Many subscriptions allow you to customize your settings to get a daily digest instead of individual emails. If you find you are not getting value from your subscriptions, you can unsubscribe from the email subscription all together. You can also set up email rules to directly route emails to an email folder for Newsletters for later reading.
  4. Schedule email tasks: Managing emails as soon as they come in will make you a slave to your inbox. Instead, schedule 1 or 2 times in your day to manage your inbox. You may also want to turn off the email notifications alerts on your computer as well to help eliminate distractions.
  5. Manage email using a simple system: Use a simple system to take control of your email according to your priorities. Here is mine:

Review/respond to emails

  1. 2 minute rule – I like the 2 minute rule from David Allen of Getting Things Done. If you can review or respond to the email in less than 2 minutes finish it now. Delay will mean it will take more time to deal with the email later.
  2. More than 2 minutes – schedule time for it in your calendar to do later. If you will not be able to respond to the email fully within a day, you can always respond to the sender with a short email letting them know you are working on the reply.

Sort/file email

  1. Create a simple filing system to process your emails. I suggest creating folders such as: Action, Waiting, Reference, and Records folders. Action and Waiting folders help manage tasks relating to emails, instead of cluttering the main Inbox. Reference type folders are for emails that retain their value for a limited time (newsletters, email subscriptions, sales, etc.). Records folders can be used to retain business records, if you do not have a document/records management system in place. You can create folders for each of your Clients, Projects or a Supervisor, etc. Ultimately over time these Records folders will grow in size and you will need to store these emails in a more suitable records system for their required retention, or risk the wrath of your IT system administrator.
  2. Use Rules to automate filing regular emails. For example, you can create a Newsletters folder and create a rule to automatically file all new newsletters into this folder. This removes clutter from your inbox and allows you to read these lower priority emails when it fits your schedule.

Clean up email

  1. Use AutoArchive to automatically clean up folders. Remember that Newsletters folder you created? Wouldn’t it be nice to automatically delete emails after a month? Outlook lets you do this with its AutoArchive feature. You can set individual folders to delete email when it reaches a certain age. This feature is great to use for managing short term unimportant emails.
  2. Schedule a quarterly review of your email folders for unimportant emails that can be discarded. It may be difficult to fit in email clean up at the end of a quarter, so you may want to schedule this task at the beginning of the following quarter. Set aside some time to clean up your inbox and folders to ensure your email system is humming along. This is also the time to think about implementing any adjustments to your system, always remembering to keep things simple.

Do you have any additional email tips to add? I’m always looking for better ways to manage email. Please leave me a comment below.

Nitza Medina-Garcia, Certified Records Manager, Records and Information Management Consultant

Contact us today! Let us help you create strategies to optimize your email processes.

InfoCompass Business Solutions

Is Malware in Mobile Apps Putting Your Business at Risk?


Many businesses utilize smart phones and tablets to conduct business on the go. However, many do not have a formal mobile device policy on what mobile apps can be downloaded on  company devices. This can leave businesses vulnerable to cybersecurity attacks from mobile devices.

ARMA’s Information Management Magazine recently published an article on “Unsecured Mobile Apps Are Putting Organizations at Risk” where they reported mobile malware infection has increased to over 16 million infected devices in 2014.

Why are mobile apps such a cybersecurity risk? ARMA also goes on to cite recent research by the Ponemon Institute on behalf of IBM that found the following six reasons:

  1. In the rush to release new apps, the apps are released with vulnerabilities hackers can exploit.
  2. Most apps are not tested or infrequently tested.
  3. Malware infections are increasing because of the lack of business resource to combat infections.
  4. Not enough money is allocated to securing mobile apps. Of the average $34 million used to develop an app only $2.2 million, or 5.5% is allocated to security.
  5. Most businesses do not have in-house mobile security expertise.
  6. Most businesses do not have polices that define what is acceptable use of mobile apps on business devices. This puts the business at risk for data breaches, ransom ware (thieves hold your business information hostage until a ransom is paid) and denial of service attacks and much more.

What can your business do to combat malware from mobile apps? Here are some next steps:

  1. Ask yourself, does your business have a policy on mobile device use? No? Then, now is a great time to formally document a policy regarding acceptable use of mobile devices including appropriate mobile apps to download.
  2. Do you want individuals to self-monitor, or will you have your IT department bless new mobile app downloads. Both strategies have their pluses and minuses. With self-monitoring you give individuals the freedom to choose which apps are most likely trustworthy apps, but you may have the risk that a less than technical person may download the one app that cripples your business. On the other hand if you have mobile apps only available from the IT department, you can create a bottleneck and inhibit business agility.
  3. Train employees on proper cyber security procedures regularly. Include mobile app choices in your cyber security training.
  4. Audit compliance with business policies regularly.

Nitza Medina-Garcia, Certified Records Manager, Records and Information Management Consultant

Contact us today ! Let us help you create strategies to protect your business information.

InfoCompass Business Solutions