Close

ACC offers this Legal Operations Maturity Model as a reference tool. Use it to benchmark maturity in any given area(s), bearing in mind that priorities and aspirational targets will vary based on department size, staffing and budgets. We have partnered with leading legal service providers to produce the Foundational Toolkit to advance in each of the 14 functions. Members can link to the tools and on-demand webcasts below.

Maturity Model Stages

EARLY

  • Information governance and records management  unaddressed or ad hoc
  • Employees keep their own records and information
  • Documents generally paper-based with limited digitization.

     

INTERMEDIATE

  • Formal information governance and records management program in place with dedicated leadership and team
  • Executive and stakeholder support for program
  • Information governance and records management addressed by the business with assistance from program leader/team
  • Enterprise information governance policy and records retention schedule in place but not enforced; compliance not audited/monitored
  • Some employees trained on policy and schedule
  • Essential or minimum requirements that meet the organization’s legal, regulatory, and business requirements
  • Initiatives to digitize paper records, integrate digital document management into information governance program underway
  • Some records and information managed with metadata and chain of custody
  • Employee training available but not tracked and recorded.

ADVANCED

  • General Counsel advocates for program
  • Enterprise policy and retention schedule regularly updated, communicated, and enforced; compliance audited by information governance team
  • Policy and retention schedule reflect regulatory requirements and supported by legal research
  • End-to-end documented and audited document/record lifecycle management with oversight from an information governance steering committee
  • Software tools
  • Enterprise audit information reviewed and continuously improved
  • Program integrated into overall corporate infrastructure and business processes
  • Program plays a critical role in cost containment, competitive advantage, and client service
  • Program provides avenue for business intelligence gathering
  • Defined formal information and records disposition process
  • Featured in all IT and product development projects
  • Managed on global basis, with retention, document management, and data housing policies (reflecting multinational requirements) published and managed.

Foundational Tools

Automating Your Records Management Program
This ACC Guide will explain how automation can be challenging and looks at managing expectations after system implementation, schedule updates, auto-tagging, creating cross-functional teams, and how to implement the appropriate records classification systems.

Building a Business Case for an Information Governance Program
Identify IG compliance risks and related in-house counsel’s ethical responsibilities; identify messaging strategies to get C-suite support for IG; list the ideal composition of an IG committee; obtain a seven-step project plan for launching an IG program; and quantify the benefits of an IG program. 

Creating a Data Classification Sample Form
Outlines key concepts and recommended practices for creation of a Data Security policy.

Developing a Data Retention Policy that Meets Privacy Requirements
American Health Information Management Association GC David Gilmartin and Kerry Childe, senior consultant for Contoural, outline how to develop a plan for retaining personal information that the entire company can follow. #ACCDocket #GDPR #CPRA #IG #PrivacyLaw

Everybody's Job, Nobody's Job: The Best Way to Create an Information Governance Program Without Going Crazy
Rising to the need, in-house counsel are partnering with information technology, compliance, privacy, and business units to reduce risks and costs, as well as to enable better employee productivity and business decision-making. Smart in-house counsel are leading, but not owning, these efforts by organizing key stakeholders to launch information governance programs.

Executing Your Records Retention Policy and Schedule
This in-depth guide presents key challenges regarding the execution of a records retention schedule, a comparison of different methods, strategies to get started, and tips on employee behavior change management and training, legacy paper and electronic disposition, addressing offsite records, and upgrading a records program to information governance.

IG Committee Sample Charter
Charter for a cross functional Information Governance Committee.

Privacy Maturity Model
This Privacy Capability Maturity Model provides a detailed maturity model for all aspects of an organization’s privacy program, including its use of Artificial Intelligence (AI) and Machine Learning (ML) using personal information.

Records Management Maturity Model
The ACC Records Management Program Maturity model provides a detailed maturity model for all aspects of an organization's records program. It seeks to gauge program effectiveness across a variety of program elements, taking a "big picture" view to increase program value.

Records Management University (RMU)
Records Management University is here to help you create a program that is compliant and that your employees can actually adhere to.  

Six Best Practices You Can Take to Protect Your Data
While data protection is an organization wide initiative, there are some best practices your organization can quickly implement to significantly bolster protection of your (and your clients’) sensitive data.

Ten Tips for Creating an Effective Document Retention Policy (United States)
Consider the following ten tips to ensure that a document retention policy protects your company in the case of litigation, is compliant with current data protection and privacy laws, and is cost-effective. 

Between a Rock and a Hard Place: Automating Data Loss Prevention
The emergence of technology has helped automate the continually changing requirements for privacy compliance. This article discusses how automation can also be applied to create a “data harbor” to automate data loss prevention (DLP) within organizations through an approach that involves next-gen data protection as a service.

Creating a Data Retention Policy That Meets Privacy Requirements
This ACC Guide addresses creating a data retention policy that also complies with new and existing privacy regulations, which require that personal information be retained only as long as necessary for legitimate business needs. 

Collecting Online Data for E-Discovery & Litigation Readiness Report
This report looks at important quantitative insights into the current maturity level of Information Governance (IG) programs and the extent to which legal departments are adequately prepared for the discovery process involved in potential litigation.

Data Map Design Strategies Sample Form
Outlines what a data map is and design strategies.

Data Map Population Strategies Sample Form
Outlines sample data map population strategies.

Introduction to Modern Records Management
This ACC Guide shares the components of an effective records management program, and the steps required to execute a schedule once developed.

How to Delete Emails and Files Defensibly
The guide reviews several deletion approaches that are ineffective and highlights those approaches that work well to enable companies to create more effective programs to better ensure compliance, reduce risk, lower costs, and increase productivity

Operationalizing CCPA
In this ACC Guide, learn about the California Consumer Privacy Act (CCPA), how it compares to privacy rules from other US states and from the European Union's General Data Protection Regulation (GDPR), understand key practical considerations to operationalize these regulatory changes, and explore how to grade a company's data privacy maturity levels.

Privacy Trends: The California Consumer Privacy Act is a Harbinger of New Regulations
This article is not intended to provide an exhaustive review of the entire Act. Nonetheless, it summarizes some of its requirements, together with a September 2018 amendment. While the Act goes into effect on January 1, 2020, it won’t be enforced until the Attorney General publishes regulations, which are not required by law until July 1, 2020; six months after the effective date.

Sample Information Governance Project Plan
Sample project plan for starting or upgrading a records retention or information governance program.

Six Programs to Take Data Protection to Another Level
This article looks at six programs to take data protection to another level, many of which include disciplines beyond cybersecurity. These are organization wide initiatives that need to be addressed.

Sponsored by:

ACC
ACC Global Headquarters
1001 G Street NW
Suite 300W
Washington, D.C. 20001 USA
Privacy & Policies © 1998-2024, Association of Corporate Counsel. All Rights Reserved.