For The Record

Employing proven best practices can help grocers get a handle on their documents.

Today's grocery stores face more issues than ever in managing their records and information, as laws and standards such as COOL, HIPPA and PCI now make management mandatory.

It's important to understand the sometimes subtle distinctions between the terms “record” and “information.” Not all organizational information is a record, but all records constitute information, an encompassing term that refers to items such as hard-copy and electronic documents, spreadsheets, presentations, voice recordings and e-mails, some of which may be records, while others aren't considered records, but have business value. Records are a subset of information. They provide evidence of a company's business transactions and legal obligations, and must be retained based on laws, regulations, standards and operational need.

Improper management of store records and information poses significant organizational risk.

The improper management of store records and information poses significant organizational risk. Stores are on the front line of customer interaction. Each day, store personnel handle sensitive customer information such as payment cards, prescriptions, and other items of a personal and confidential nature. The absence of policies, procedures and audits can lead to inconsistencies in the way information is managed, resulting in fines, penalties and public relations nightmares.

Understanding how to properly manage store-level records and information not only helps organizations ensure compliance with laws and standards, but also provides operational benefits. It reduces costs, increases labor efficiency and allows store personnel to maximize administrative space.

What's Lacking?

In many cases, however, records and information management programs haven't extended to the store level because of the coordination and communication efforts involved in implementation at a large number of locations.

Often, stores aren't equipped to allocate the time or resources needed to manage records and information. A lack of labor and resources can lead to improper handling and storage increasing the risk of unauthorized access to information, retention issues, the inability to locate needed items, and inappropriate document disposal.

As organizations have become more automated, there have been reductions in the volume of paper records and information that stores have to manage, but the grocery industry still relies on the use of a significant amount of paperwork. The existing and continuous influx of paper records and information, compounded by trends in administrative space reductions, creates challenges such as what to keep, how long to keep it and where it should be kept.

Even if store policies and procedures have been implemented, organizations face the challenge of program noncompliance and inconsistencies relating to the manner in which records and information are being managed. The potential for noncompliance increases depending on the number of company outlets.

Best Practices and Recommendations

The first step in addressing the challenges is to ensure senior management backing of a store records and information management program. The organization should enlist the services of the records management staff to develop the tools needed to address the issues. Most records managers are knowledgeable in the principles, laws, standards and requirements for managing the company's records and information.

The objective of developing policies and procedures is compliance. This is best achieved through clear, concise and convenient instruction. Providing easy-to-follow or step-by-step guidance will increase the potential for success.

Have the records manager work in conjunction with the legal staff, IT and operational teams when developing policies and procedures. This approach provides the checks and balances to ensure the appropriate compliance issues, technical capabilities and store functions are addressed.

Do I Have to Keep This?

The retention schedule is a tool that provides direction on how long to keep records and information. Retaining only what's needed reduces company risks, expenses and administrative clutter. A retention schedule may also contain such other pertinent details as content descriptions, department ownership, media format (paper or electronic), and how the records and information are used.

Before the development of a retention schedule, an assessment of the records and information the stores generate and receive must take place. The most efficient way to conduct an assessment is through local on-site interviews with store personnel, or through conference calls, especially if the organization has a large number of stores in multiple geographical locations.

Once policies, procedures and the retention schedule have been developed, it's important to determine the most effective method for program communication and training. Implementation of the program tools doesn't necessarily require on-site training of store personnel, which can be logistically difficult and costly for organizations with a significant number of stores. Clear and concise documentation can provide the self-guidance and instruction needed to help ensure compliance.

After initial communication with division and district management staff takes place, the policies, procedures and retention schedule should be made available. Many organizations employ the company intranet for this purpose. Even the most effectively prepared program documentation won't prevent questions and issues from arising, however, so the records management staff should be on tap to resolve any such problems.

Choosing a Vendor

The use of records and information management vendors can help ensure stores are in compliance with the organization's program. Most vendors can provide the common services needed by stores, such as record storage, retrieval and secure document destruction.

When selecting a vendor, remember to ensure it meets certain basic requirements such as fire monitoring and suppression, security protocols, and the ability to service store locations as needed. Additional requirements should also be considered, including compliance with HIPAA and PCI.