Records and Information Management (RIM) Services

Processes and strategies to optimize information produced through M&A, divestures and integration.
Contact Us
Transform your records and information management (RIM) for risk reduction and value creation with practical workflows and safeguards to help ensure you are in compliance and protecting data.

Most large organizations have a global records and information management (RIM) program, even as simple as just a basic policy, a retention schedule, a computer use policy, limited in-house counsel time, and outside counsel or consultants responsible for updating the policy at set intervals or in the wake of new laws and regulations.

Now, more than ever, RIM needs to work hand-in-hand with Compliance, IT, InfoSec, HR and the DPO.  To do that, RIM needs to be a part of a comprehensive Information Governance (IG) program.  Often RIM programs focus solely on mission-critical records maintenance, especially in companies and industries subject to a direct reporting requirement to a government or other external agencies and regulators.

Foundations of an Effective RIM Program

Policies and Procedures

How does a company understand how to create, maintain, and dispose of records in a defensible manner?  Solid policies are needed to establish the necessary guidance, such as a RIM policy and the associated retention schedules.  These include definitions of record types, how those records should be maintained, and procedures end-users need to abide by to comply. These guidelines may be influenced by user input, government regulations, business requirements or other various mandates – including legal hold.

Program Governance and Reporting

A successful RIM program is usually an enterprise function. For the program to be able to gather information and report on how the program is functioning, it needs to partner with many other parts of the organization, such as lines of business (LOBs), HR, IT, compliance, executive leadership and other functions.  As records become more important and regulated, even some corporate boards are starting to take notice.   Whether for an audit, litigation, investigation or business support, employees should be able to locate and access the information they need, when and where they need it. They also need to be able to share that information easily when requested by external auditors.

Stakeholder Engagement

Anyone with a stake in the company’s records are to be involved at some level.  It also can be a diverse grouping. The RIM program needs to manage across that broad population of constituents.

Companies with an Inadequate RIM Program Face Several Risks:

Too Much Data and Too Many Records

Often, more data is retained than necessary because records managers may not be enforcing records maintenance principles with the business and stakeholders. Sometimes, they fear being blamed if something deleted is “needed” at a future date. Not only can this create unnecessary day-to-day storage costs, but in the case of litigation or regulatory investigations, too much data can cause delays in responding to discovery requirements, create a nightmare scenario for legal personnel tasked with discovery, and result in significant costs, not the least of which are processing, review and production of the in-scope documents.

Retrieval Challenges

Without a consistently defined RIM process, standard retrieval tools may not be used, making it difficult to find and retrieve relevant records in a cost-effective manner.  Even if a company has a robust Document Management System (DMS) in place, they still need to pay attention as circumstances change, companies evolve, and regulations change. Not to mention the information and records that end up outside the DMS.  And how many companies still have boxes and boxes of physical records in storage facilities, warehouses and offices around the world?

Non-compliant Data and Records Disposition

Data and other records are frequently disposed of without consideration of potential consequences, sometimes to avoid maintenance or real estate costs. This can create legal or regulatory exposure and the potential for significant fines and other penalties. Documents and records may be needed for litigation, to comply with environment laws, for patent protection, etc.  This doesn’t mean that records should not be disposed, only that a solid RIM program will help differentiate between what can be destroyed and when it can be destroyed.

Privacy Concerns

If you don’t know what data you have or where it is, how can you comply with the various privacy regulations such as GDPR, CCPA, NYDFS 500 and others? How can you know what you need to do as new regulations are passed and take effect?  How can you handle data-subject access requests (DSARs)?  The inability to answer these questions can create legal or regulatory exposure and the potential for significant fines and other penalties.

In the absence of a broad-based RIM program, these risks can materialize very quickly. A pressing question for leadership of multinational businesses is what level of investment might produce an effective RIM program that aligns with corporate objectives and risk appetite? Whether a centralized, decentralized, or hybrid federated model, an effective program can support compliance, transparency and visibility that is vital in a world that increasingly values data protection, privacy and cyber security.

Our Records and Information Management Services Include

  • Needs assessment and GAP analysis
  • Policy and procedures development
  • Legal hold policy development and implementation
  • Development of retention and destruction policies and procedures
  • Implementation of imaging and document management systems
  • Analysis and best practice advice regarding e-mail management
  • Creation of training and communication plans and procedures
  • Evaluation of enterprise content and hierarchical storage management systems

Talk to a Kroll expert today.


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

M&A advisory, restructuring and insolvency, debt advisory, strategic alternatives, transaction diligence and independent financial opinions.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Digital Technology Solutions

Enriching our professional services, our integrated software platform helps clients discover, quantify and manage risk in the corporate and private capital market ecosystem.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.