With RIM Demands Growing, It is Time to Act Legal Management Consulting

or to bookmark this page

Click here to bookmark this page

Click here to remove bookmark

With RIM Demands Growing, It is Time to Act

Most large organizations have a global records and information management (RIM) program, even one as barebones as a basic policy, a retention schedule, limited in-house counsel time, and outside counsel responsible for updating the policy at set intervals or in the wake of new laws and regulations. However, such programs often focus solely on mission-critical records maintenance, especially in companies and industries subject to direct regulatory reporting requirements, and may introduce a host of unnecessary security and compliance risks. 

Companies With an Inadequate RIM Program May Face Several Risks

  • Too Much Data
    Often, more data is retained than necessary because records managers may not be enforcing records maintenance principles with the business and stakeholders. This can not only create unnecessary day-to-day storage costs but also too much data can cause delays in responding to discovery requirements, create a nightmare scenario for legal personnel tasked with discovery, and result in significant costs during litigation or regulatory investigation. 
  • Retrieval Challenges
    Standard retrieval tools may not be used without a consistently defined RIM process, making it difficult to find and cost-effectively retrieve relevant records. 
  • Non-compliant Data Disposition
    Often, data and other records are disposed of without consideration of potential consequences, sometimes to avoid maintenance costs. This can create legal or regulatory exposure and the potential for significant fines and other penalties. 
  • Privacy Concerns
    If you don’t know what you have or where it is, how can you comply with the various privacy regulations such as GDPR, CCPA, NYDFS 500 and others? How can you handle data subject access requests (DSARs)?

In the absence of a broad-based RIM program, these risks can materialize quickly. A pressing question for leadership is, what level of investment might produce an effective RIM program that aligns with corporate objectives and risk appetite? Whether centralized, decentralized or a hybrid-federated model, an effective RIM program can support transparency and visibility that is vital in a world that increasingly values data protection, privacy and security.

Defining a RIM Program
  • Policies and Procedures
    An organization needs guidance to understand how to create, maintain and dispose of records in a defensible manner. The tools generally used to establish this guidance are policies, such as a RIM policy and retention schedules, which include defining record types and associated required maintenance periods (sometimes including how records should be maintained), and procedures—the specifics of what end users should do to comply. These guidelines may be influenced by government regulations, business needs or other various requirements. 
  • Oversight and Reporting
    Generally, RIM is an enterprise function. For the RIM program to be able to gather information and report on how the program is operating, the RIM program needs to partner with other parts of the organization, such as lines of business (LOBs), HR, IT and other functions, depending on the organization’s structure. 
  • Operations and Delivery
    Depending on the organization, the RIM program may be responsible for delivering technology capabilities, training or advisory roles. From this perspective, LOBs and other functions are clients of the RIM program. 
  • Stakeholder Engagement
    Stakeholders across the enterprise can be diverse; it’s imperative that the RIM program adapts to the diverse needs and receives support from stakeholders across all business units and departments.


When and How Do You Secure Outside Experts?

The expertise to design and implement well-formulated RIM strategies that are consistently enforced without slowing the business process can be challenging to source within an organization.

Experts with a proven track record across companies of varied sizes and diverse industries can bring a more efficient approach and garner wider internal buy-in. 

Look for RIM providers that can work with leading technologies to deliver robust solutions inclusive of:

  • Records management needs assessment and GAP analysis
  • Records management policy and procedures development
  • Legal hold policy development and implementation
  • Development of retention and destruction policies and procedures
  • Implementation of imaging and document management systems
  • Analysis and best practice advice regarding email management
  • Creation of training and communication plans and procedures
  • Evaluation of enterprise content and hierarchical storage management systems

Count on Duff & Phelps’ frontline expertise to enhance your RIM program. Talk to one of our experts today.

With RIM Demands Growing, It is Time to Act 2020-07-08T00:00:00.0000000 /en/insights/publications/information-governance/organizations-global-records-information-management-program /-/media/assets/images/publications/featured-images/2020/rims-program.jpg publication {7FCB75E6-D40F-4DAA-9A0F-4B869A8E762F} {ABF5003B-CDDB-43F4-A7A5-CF54ACF36699} {67F76C2C-C03D-4CD7-8519-7B9E0B3905DD} {3A0DC725-90C1-431F-A181-557E209D83A0} {454BC04E-A36C-4DE1-A6F5-66EAAC9BC166} {8F506B1B-A962-453B-A950-146154314F3D} {580AC03A-AF03-4AA3-AA90-46C3A9A7E8BD}

Other Areas We Can Help

COVID-19 Contingency Plans for Independents and Hotel Chains

Contract Management

Capture the value of contracts through M&A due diligence, acquisition integration and daily contract management.

Contract Management
Senior Managers and Certification Regime (SM&CR) and Covid-19

Managed Services

Processes and strategies to manage and optimize information produced through M&A, divestitures and integration.

Managed Services
ESMA Consults on Guidelines on the Assessment of Leverage Related Systemic Risks and Leverage Limits

Information Lifecycle Management

Key insights and data management solutions to unlock value in physical and electronic files.

Information Lifecycle Management
Duff & Phelps Disputes

Legal Operations

Help to optimize key legal processes through improved management of work product and vendors.

Legal Operations



Develop Your Legal Vendor Cyber Risk Management Program


People, Process and Technology in a Legal Vendor Cyber Risk Management Program


Augment Your Legal Vendor Cyber Risk Management Program