Records Management
September 4, 2020
November 18, 2024

The Risks of Relying on 'Making a Record'

Learn how a human error led to the deletion of 145,000 KPMG Microsoft Teams chats and why managing records in-place is crucial for compliance and data security.

The Risks of Relying on 'Making a Record'

Interview multiple candidates

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio faucibus accumsan turpis nulla tellus purus ut   cursus lorem  in pellentesque risus turpis eget quam eu nunc sed diam.

Search for the right experience

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio.

  1. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  2. Porttitor nibh est vulputate vitae sem vitae.
  3. Netus vestibulum dignissim scelerisque vitae.
  4. Amet tellus nisl risus lorem vulputate velit eget.

Ask for past work examples & results

Lorem ipsum dolor sit amet, consectetur adipiscing elit consectetur in proin mattis enim posuere maecenas non magna mauris, feugiat montes, porttitor eget nulla id id.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  • Netus vestibulum dignissim scelerisque vitae.
  • Porttitor nibh est vulputate vitae sem vitae.
  • Amet tellus nisl risus lorem vulputate velit eget.
Vet candidates & ask for past references before hiring

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

“Lorem ipsum dolor sit amet, consectetur adipiscing elit nunc gravida purus urna, ipsum eu morbi in enim”
Once you hire them, give them access for all tools & resources for success

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

In August 2020, The Register reported that due to human error,145,000 KPMG Microsoft Teams user chats were deleted and can't be recovered.KMPG was using retention policies in Teams, which have some broader limitations and risks for compliance. Unfortunately, in attempting to modify the policy for one user, they modified it for all, and deleted chat threads across the whole environment.This came after KPMG CIOs had already made a point of telling users that information on crucial business decisions should not be stored in chats, because of risks like this. But how realistic is that approach? When chat is available, it becomes a key and integrated communication method. Chat threads document the story of a decision making process, not just the outcome. Even if users had been diligent in making sure important content was duplicated in another system, that content would have been stored there without its full context. It's the context that tells the story, and telling stories is the purpose of recordkeeping.In a model where we ask users to operate in one system, and put records in another, we break the continuity and lose the context. We also double the threat surface, as now we have two copies of sensitive or high-value content, and we halve the discoverability, as we now have multiple versions to interpret.A better approach, and the only compliant one in a continuum model under the international Standards, is to manage the source system content in-place. Once content is records-managed in-place, there is no need to make working or archival copies of it, and no need to use retention policies and other system configurations that can result in permanent destruction of an entire data set.If we just records-manage the source systems (instead of asking users to manually copy over their important content piecemeal in another application), we make those source systems more stable, more secure, and more robust. Once we treat every operational system as a compliance system, we back it up properly, and change-manage its configuration properly, and we are much less likely to make catastrophic mistakes. As long as we keep treating enterprise-wide systems as less important because 'all the important records should have been copied out anyway', we will keep seeing irreversible data loss that seriously harms productivity, reputation, and the bottom line.