Using “GARP” to Minimize Risk

Generally Accepted Record-Keeping Principles (GARP ) constitute a broad framework that organizations of any size or industry can use to establish and monitor an effective information governance program and minimize information-related risk. The principles were developed with the assistance of records and information management, legal and IT professionals.

Complying with the eight GARP principles assures that information will be protected against loss; that critical records will be backed up, protected and accessible in case of disaster; and that orderly systems will be in place for decision making, transacting business and, when required, responding to litigation. GARP compliance assures that information will be retained as required and disposed of when no longer required, and it facilitates external investigations and all legal obligations.

The principles mandate that organizations assign a senior executive to oversee their record keeping program. The program should be designed so that information managed by the organization has a reasonable guarantee of authenticity and reliability. Procedures should be clearly documented and available to appropriate parties, while confidential and privileged records are protected. Procedures should comply with applicable laws, all binding authorities and the organization’s policies. Records should be maintained to ensure timely, efficient, and accurate information retrieval and for an appropriate amount of time, taking into account legal, regulatory, fiscal, operational and historical requirements. There also should be secure and appropriate disposition of records that are no longer required to be maintained by applicable laws or the organization’s policies.