An Untapped Potential

In the past few years, crisis, cultural shifts, and financial woes have led to a rise of complexity in maintaining our policy systems within our institutions. Meeting all the regulations can be challenging, as they are constantly changing. In addition, institutions are feeling the pressure from regulators, internal staff and faculty, and the community at large to maintain the regulations. Challenges faced yesterday are not the challenges we will face tomorrow or next year. Do you have the confidence that your policies could stand up to regulatory scrutiny? Does this mean that we need to become even more resilient and inventive – is there any untapped potential out there?

As policy leaders we have learned that we need systems and processes to get things done. But is that enough? Even the most skilled person today is challenged with the immense workload of continuous changes and updates required for policy management. Even the way we distribute, collect, account for and present changes has undergone enormous change. It is not just a check list and process – we need to manage risk, ensure data security and privacy while balancing access and inclusiveness and external influences – it all seems daunting, and to top it all off, failing to comply with the ever-evolving regulations can lead to costly fines and lawsuits.

We are looking virtually everywhere for indicators of change, racing with time to have key policies, procedures and training completed to be compliant. Today, no one is standing waiting for the next change to come down the hall, which makes it even more important that we work with synergy across the institution.

We must support and arm ourselves with the tools, processes and technology that facilitate clear communication. We need to define the review and reflection process of our policies, cultivate open discussion and dialogue all while engaging with other departments and units about the need for change, seek an understanding of the barriers for everyone and then provide the necessary follow up to make the needed changes for lasting growth and compliance.

In September, I wrote “Don’t wait for a crisis to create an efficient policy management system.” That ‘safety net’ is one great way to engage a team to ensure compliance, a tool that builds structure – whether you are a small scale operation or a larger scaled institution, a system and a plan is critical. A plan gives both leaders and others a path forward and provides the principles needed to navigate change. In December 2022, Michele Gross (University of Minnesota) wrote “The First Element: Meeting at the Intersection of Policy and Compliance” - outlining the first of seven elements of a compliance program and the importance of the system to frame our compliance at our institutions. For those who may not be aware, the seven elements of a legally effective compliance program are:

1. Policies & Procedures
2. Chief Compliance Officer/Compliance Committee
3. Education & Training
4. Reporting
5. Monitoring & Auditing
6. Enforcement
7. Responding To Issues

GRC 20/20 Research, LLC wrote “A Tsunami of Change Overwhelms Compliance,” which states that some institutions have broken processes and insufficient resources to manage compliance. I know that there is not one size fits all -- there can’t be. This is why we must continue to evolve – we should rearrange our priorities when we have too much of anything as Sara Gigeroff (University of New Brunswick) wrote in her blog What’s In Your Closet? (Feb 2023). More importantly she states that communicating, setting boundaries, purging, and revaluating are all key elements in managing our policy framework…and our closets!

There's no time like the present to simplify. Legacy systems are expensive and difficult to use. Manual processing is far too time-consuming and in a hybrid environment its not effective. I say m ake retention simple for users and administrators, so they don’t have to interact with files in a separate, siloed repository or go through cumbersome, manual processes. We must invest in this process for it to be effective. Who can remember five-sheet carbon paper? Now that was cumbersome! We have evolved since carbon paper, but some institutions are still stuck in the dark ages when it comes to making a compliance program a priority.

Who is your untapped potential – identify them and get them on board. This process, more than ever, needs support and buy-in from our leadership and other stakeholders across the institution to be successful (more hands make less work). Beware of analysis paralysis – encourage administrators to work with broad strokes. Show them how proactively setting the boundaries for document lifecycle management, rules for sharing and record management classifications can make work simpler, more consistent and save money. If it was possible to make policies ‘fun’ I would say do that too!

Other areas that untap that potential are field experts like our colleagues at ACUPA . They are an excellent way to leverage all our tools – garner support and encourage others to join in the conversations and become members.

It only takes one incident, one mistake, one error to mark an institution’s reputation and erode trust. In my opinion, our untapped potential may simply be harnessing the power of workplace collaboration and an ability to accelerate the processes to protect our most valuable information.

Protect the Records You'll Need to Restart Operations Quickly

Disasters, in the form of fires, broken water pipes, floods, and other unforeseen natural and man-made events, can happen at any time. Many of us have been involved with developing and publishing emergency preparedness policies and plans for our colleges and universities. Many institutional IT groups already have data backup and recovery in mind as part of their emergency preparedness plans. But emergency preparedness applies to each and every one of us -- and records protection needs to be a part of that conversation.

Each one of us has records stored in our computers and offices regarding the business we undertake on a daily basis. Have you and your organizations considered what records you'd need to replace after a disaster to allow you to restart operations as quickly as possible?

If you work for a state institution, you may already have state requirements regarding identifying and protecting essential records, also referred to as vital records. However, even if your college or university is a private institution, I urge you to consider adding essential records protection to your emergency preparedness policies and plans.

Identify and Backup Essential Records

Before disasters occur, it's important to identify what records are essential, create backups of the records, and store those backups in offsite locations. Offsite backup of essential records is key to “surviving” a catastrophe.

To identify essential records, you'll want to review your records and consider the following:

• What are the functions you or your unit will be unable to perform if the record is destroyed?
• What is the need for you or your unit to perform a particular function?
• What are the consequences to your unit or institution, including loss of rights or inconvenience, if the record is destroyed?
• Is there a need for the record to be replaced or reconstructed quickly?
• What time, money, and labor costs would be involved to reconstruct the record?
• Are there replacement sources available for the record?
• What media format is used (e.g., paper, computer hard drive, digital drive or cloud, disc, microfilm)?
• What is the accessibility of the format after an emergency?

Use the above prompts to audit your records and develop a list of the essential record types that you hold. Then schedule regular backups of your essential records and store the backups in an offsite location. For example, my policy office regularly backs up our policies in-progress and policy archives, as well as unit administrative records. Because our work is mostly managed electronically, we worked with our IT group to establish a shared drive for storing our backups that's located in a server housed in a building that's a considerable physical distance away from our office building.

Be Prepared

It’s crucial to consider the importance of your records and how to protect them, as well as to consider the minimum amount of time you need to keep those records. Don't let an unexpected event stop you in your tracks.