Haystack Associates, Inc. About Haystack






Our consulting services include:

  • Retention program, policies, and schedule development.

  • Records management and retention program reviews, audits, and compliance audit reports.

  • Business continuity plans, policies, and procedures.

  • Compliance guidance, SLA requirements for the security of information in Cloud based products.

  • Selection analysis, system requirements and functional spec definition for ECM, GRC, and Cloud solutions.

  • Project management and training during implementation of new document and retention management programs.

Retention Program Policies and Schedules
corporate retention program ensures information required by regulatory agencies, auditors, and to support business decisions is retained and obsolete information is pulled from record keeping systems and destroyed when no longer needed or required.  Retention programs reduce and minimize the cost of:

  • Office filing equipment.

  • Off-site storage of boxed records.

  • Additional network servers needed to maintain electronic files.

  • Document and electronic discovery costs during litigation.

An important part of risk management and compliance reporting programs, our retention programs include:

  • Schedules that identify all of the types of records created and maintained (including paper, electronic files and databases, e-mail, backup media) and the department responsible for maintaining the official copy of business records.

  • Audit trails for financial record-keeping and official reporting systems across storage medias including paper, network databases and servers, electronic files, CD, and microfilm.

  • Legal retention requirements for each country and state where business is done.

  • Responsibilities, procedures, and policies for the retention and destruction of paper and electronic records that meet SOX, HIPAA, and GLBA compliance requirements and protect a company from allegations of improper or selective document destruction.

Schedules and legal requirements are created in a Microsoft Access database that can be used to update and manage the retention program, create a variety of reports for staff and management, or downloaded to an existing SQL compliant database to manage and track the storage and destruction of documents and electronic files.


Information and Links:

Summary of Recent Legal Requirements that impact records management and retention programs.

Identify information system gaps, risk, and compliance issues with the Information Management Self Assessment questions.

Why develop or review your existing Document Retention Policy and Schedule? (pdf file).

View the full text of Sarbanes-Oxley 2002 (pdf file).

For recent legislative and SEC requirements for retaining and managing records visit ARMA Legislation

Compliance Reviews and Audits
Many new regulations and requirements for documentation, retention, and the management of corporate information have emerged since 2001.  Some include corporate financial reporting, privacy, e-mail, corporate correspondence, and internet documentation. Over time or as companies expand nationally or into new international markets record keeping systems and retention programs need to be reviewed for gaps in regulatory compliance.  Our reviews include an analysis of existing information systems, policies, procedures, implementation practices, and identify new or changed requirements for documentation and retention of information.  Findings are presented in an audit report with a straight forward work plan that will ensure compliance with regulatory requirements in the US or in other countries.

Business Continuity Plans
nsuring access to vital corporate information requires more than a good operational backup for network servers.  Much of the information that documents a companies key responsibilities, contractual agreements, services, or products is still maintained in paper format.  If vital corporate information is lost during a fire or natural disaster it can mean serious delays in restarting the business or closure.  Our vital records protection programs identify the records that would be needed to resume business and through a combination of duplication, automation, off-site storage, and reciprocal operating agreements ensure that information is protected.  Programs include a plan of action for staff; staff responsibilities during a recovery operation; identification of companies that offer recovery of water-soaked documents services; and may include reciprocal agreements with other companies to provide network resources in order to meet payroll or other key network functions.

Information Management
Gaining control of information can:

  • Improve productivity and reduce turn-around time.

  • Reduce errors.

  • Provide employees and clients with more accurate information in less time.

  • Allow companies to respond to changing business situations and climates faster.

  • Ensure compliance requirements are met.

Automation can include imaging to capture paper records and automate workflows, or using enterprise systems to improve data capture and control over how information is managed ensuring compliance requirements are met.  We work with you throughout the process from identifying system and functional specs, appropriate tools and platforms for your information, RFP, vendor selection, installation, conversion, taxonomy development, implementation, and training.

Project Management and Training
Project management is provided during the specification, RFP, development, implementation, and rollout phases to ensure information management and compliance requirements are met. New policies and procedures are documented, training materials developed, and end user training provided for new processes, procedures, and information management systems.


For information about Information Management services
please contact Denise Simons by:
E-mail: dsimons@haystackassociates.com
Phone:  (253) 631-1509

Copyright ©2000 - 2019 Haystack Associates, Inc. All Rights Reserved