Principle of Compliance

    An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.

    It is the duty of every organization to comply with applicable laws, including those for maintaining records. An organization’s credibility and legal standing rest upon its ability to demonstrate that it conducts its activities in a lawful manner. The absence or poor quality of the records required to demonstrate this damages an organization’s credibility and may impair its standing in legal matters or jeopardize its right to conduct business. 

    The duty of compliance affects a recordkeeping system in two ways:

    1. The recordkeeping system must contain information showing that the organization’s activities are conducted in a lawful manner.

    2. The recordkeeping system is itself subject to legal requirements such as requirements to maintain tax or other records.

    It follows from this that every organization must:

    • Know what information must be entered into its records to demonstrate that its activities are being conducted in a lawful manner
    • Enter that information into its records in the manner prescribed by law
    • Maintain its records in the manner and for the time prescribed by law

    An organization that is subject to codes of conduct, ethics rules, or other authorities is subject to a duty to comply with them also. To the extent that recordkeeping is required to demonstrate compliance with the code or rules, or the organization’s records system is itself subject to the code or rules, the organization’s records must be maintained in accordance with them. 

    A policy is an internal rule of conduct for the organization and the organization’s own statements of what it deems to be correct conduct. By its nature, a policy imposes a duty of compliance upon the organization and its personnel. To comply with laws and other authorities, an organization must adopt and enforce suitable policies to direct and control its recordkeeping.

    The precise manner and duties of compliance will vary from organization to organization. Some organizations may be subject to multiple laws and legal doctrines, as well as codes of ethics and other authorities. This may, in turn, require the organization to adopt and enforce multiple and stringent policies for recordkeeping. An organization that is subject to fewer regulations may need fewer recordkeeping policies to maintain compliance. Every organization, however, should draft and enforce its policies and conduct its activities in a manner reasonably calculated to ensure compliance with the totality of authorities applicable to it.


    © 2017, ARMA International