In practice capturing the "As Is" implies a dissemination of forms to key organizational stakeholders (e.g. Department Heads, Regional Vice Presidents, General Counsel, CIO, etc.) in order to capture all, or nearly all, organizational records, record types, systems of record and current end of life practices, if any. Essentially this is an inventory gathering and classification process. Enabling Web 2.0 based offerings make the capture of electronic form derived information (e.g. in question and answer format) far less painful and less expensive than paper based alternatives.
The first, and arguably most critical, step in building an effective ERM policy is the classification and grouping of an organization’s records and RT's. This is best accomplished by taking a simultaneous vertical and horizontal approach.
Horizontal records are those that touch every business function within an organization. Email and instant messages fall into this category. The inventorying and classification of horizontal records is usually the responsibility of the CIO. However, it should be noted that horizontal record types may be much broader than email and instant messages. It is likely that other “unstructured” record types such as those that exist within a company's Internet and Intranet site(s) and/or knowledge bases will also fall under the CIO’s purview. Courts tend to define ESI quite broadly and information stored on all corporate repositories may be requested during discovery. For example, trademark and copyright disputes often involve “evidence” located therein.
Vertical records are those that are generally under the control of a single business function. Examples of vertical records include human resources, accounting, legal and tax. However, vertical records are also found within line (i.e. revenue generating) organizations and these generally include contracts, leases, letters of intent and various other instruments used in day-to-day business.
Records that exist within line of business functions tend to be more problematic because often there is no system of record (SOR) in which they are captured. In fact, many such records may still exist in paper form. Before a systematic approach to these records types can be developed it is imperative that an organization, at a minimum, understand what instruments it uses, and where these instruments are currently stored.
Going forward, all such records should be linked to, and identified with, a specific SOR. Current knowledge management (KM) best practices allow such a link to be readily established (e.g. using Enterprise Wiki solutions and/or Microsoft Sharepoint).
The “As Is” Bottom Line
Capturing the “As Is” with some degree of rigor is foundational to the development of an effective ERM policy. Without it, the ERM policy is simply a “shot in the dark” and unlikely to be of much use from either a legal or business perspective. For example, a strong “good faith” defense (i.e. in response to a discovery request) can be asserted if an organization can point to its records, its record types, its systems of record and the governance processes used to determine a given record type’s end of life. If something is missed or slips through the cracks under these circumstances, a strong argument can be made that the organization has done everything within its power to ensure compliance.