17 3.3 Document Retention Policy


If deviation from the formal policy is made for a particular project, the firm should document why the deviation was made. If retention policies differ for different projects, that should also be included in the written policy. When a protected record’s age exceeds that of the applicable data retention policy, the record must be disposed of properly.

  • Audits function as invaluable strategic tool for a company to ensure an ROI in regard to online and digital activity security and risk management.
  • This can include invoices, purchase orders, contracts or general correspondence.
  • A data retention policy is one way to reduce volume and eventually automate the process of retaining data sets.
  • Otherwise, it is entirely possible – even likely – that some documents may get lost in the “vast tundra” of an employee’s email inbox, or worse, become irretrievable if stored on the laptop of a departed employee.
  • Recognized by his peers and several publications as a prominent influential marketing leader, Kristian takes pride in his ability to operationalize marketing teams.
  • The e-evidence also has to be presented in a way that is professional and convincing in a bid to prove or disprove a claim.

As a general rule, most Document Retention Policys retain too many records for too long a time period. Each operational form used by the security department should be assigned a specific retention period. This does not imply that a specific record would not be “pulled out” and saved beyond the stated retention period. Having a document retention policy helps to defend your business in the event of a lawsuit or other legal action. This could be about anything from cybersecurity breaches to your lack of a Slack policy.

OSINT Tools Crucial for Social Media Investigations

At the end of the day, the best tool for your organization is one that’s both easy to use and reliable for you, your administrators, your advisors, and your clients. Periodically review records generated and maintained in university information systems or equipment (including mainframe, mini, and micro computing/storage systems) to ensure that these requirements are met. Records that have reached the end of their retention period, but have historical or research value should be retained. Records identified as historical will be transferred to the Archives for extended retention. In addition, inactive records deemed to have historical value will also be transferred to the RISD Archives. C. The OGC will determine whether to initiate a Legal Hold with respect to Records relating to Litigation or an Investigation.

The review tries to determine if there is any privileged information contained in the ESI, and to ensure the ESI is relevant and meets the necessary requirements of the case. The review can be done using a native file review or using a TIFF-/PDF-based review. The internal preservation letter should also include an acknowledgment of where the custodian must indicate that he received, reviewed, understands, and fully intends to comply with the internal notification of a legal hold. 3Make sure that document retention polices are written, especially if the policy includes document destruction that otherwise might seem suspicious. In addition, tape continues to play a key role in long-term data retention. Infrequently accessed historical data finds a good home on tape, where it takes longer to restore than other formats.

IV. Document Retention Schedules – Controller’s Division

It provides a record of what has been done and said and when, which can be critical in defending your company and staff against allegations from former employees, “patent trolls”, or your competitors. In accordance with federal, state, local applicable laws, rules and regulations, Iona University requires that College records be retained for specific periods of time, and be maintained in specific repositories. The records will be properly and diligently upheld by following the rules and regulations of this document. This policy relates to original, tangible, hard-copy documentation and does not apply to an electronic record which will be addressed in a separate policy for all electronic formats. Suspension of Document Destruction; Compliance.The organization becomes subject to a duty to preserve documents once litigation, an audit or a government investigation is reasonably anticipated.

It’s time to review (or create) your document retention policy – Business Management Daily

It’s time to review (or create) your document retention policy.

Posted: Mon, 08 Aug 2022 07:00:00 GMT [source]

As handling and storage get more complex, it’s important to have clear procedures in place. Whether physical or all-digital, a document retention policy is necessary for any company that wants to protect its customers, staff, and assets by keeping its information secure. Alternatively, it may be converted from one form to another (e.g. from paper to electronic), depending on the defined retention period per format. Information with historical value beyond its “usable value” may be accessioned to the custody of an archive organization for permanent or extended long-term preservation. In the absence of an Investigation, Litigation or Legal Hold, Non-Records may be destroyed or disposed of upon completion of their use and Records may be destroyed upon the termination of the applicable mandatory retention period. The appropriate method of destruction depends on the Record’s physical form or medium and subject matter or content.

New York State Archives

If the source document, such as a receipt, is an electronic record then there is no need to create and maintain paper copies. If the source document is a paper version, the project may convert it to an electronic record if the above conditions are met. Duplicate copies of a document (i.e., documents that are not the original or official copy) do not need specific approval for their destruction. When records generated during a prior contract are relied upon by a contractor for certified cost or pricing data in negotiating a succeeding contract, the prescribed periods shall run from the date of the succeeding contract. Residential Location Shredding We bring our paper shredding services to many residential locations to handle document destruction.


A.The University will generate, use, maintain, store, retain and destroy Records in accordance with the requirements of applicable legal, regulatory, accreditation and other standards. While the Policy and Records Retention Schedule identify many of the Records at the University, they do not cover all documents or situations and may be updated to reflect best practices or changing legal requirements. Properly disposing of Inactive Records at the end of the applicable retention period. Implementing records management practices consistent with this Policy. Official records are maintained for as long as they are needed to satisfy legal, regulatory, and operational requirements.

Next steps: create a document retention policy

The Administrator shall also be responsible for documenting the actions taken to maintain and/or destroy organization documents and retaining such documentation. The Administrator may also modify the Document Retention Schedule from time to time as necessary to comply with law and/or to include additional or revised document categories as may be appropriate to reflect organizational policies and procedures. The Administrator is also authorized to periodically review this Policy and Policy compliance with legal counsel and to report to the Executive Committee as to compliance.

  • Finally, employees must understand that any information stored in company email accounts or on company hardware is not considered private.
  • •SWOT Analysis—the process of evaluating the strengths, weaknesses, opportunities, and threats of a company’s particular security and/or risk management system.
  • The system created with a document retention policy can be used to automate what happens throughout a document’s lifecycle, including copying, sending on a specific day or at a particular time, moving to a new location (e.g., folder, system, directory, site), and deleting.
  • Practical and real-world advice on how to run your business — from managing employees to keeping the books.
  • The operational reason for implementing a data retention policy involves proper data backup.

Infrastructure should make records immediately accessible upon request for both staff accessing them directly and clients accessing them through a public portal. Records retention policies should cover everything from the classification and storage of documents to their preservation and destruction. All employees who deal with such documents, such as those working in the human resources or finance departments, should be trained on these policies during onboarding. Ediscovery is a term that is sometimes used interchangeably with the terms computer forensics or digital forensics, however, to use them interchangeably is inaccurate.

And in the event that you do have a security incident where you need to track down who had access to which areas of the storage room or shared folder. By knowing who has access to what, you can more easily determine who could have been responsible for any unauthorized activity. Retain at agency for , then transfer to [Records Management or off-site storage] and retain an additional , then destroy. Transfer paper and images every to Maryland State Archives for permanent retention.

Leave a Comment

Your email address will not be published. Required fields are marked *