Record Management, Retention, and Destruction Policy

62 pages - 12 easy to use forms - Citations for Laws - Retention Periods Defined

Detail I-9 Requirements - Citations for latest federal rules including Lilly Ledbetter Fair Pay Act

All business are required by law to keep confidential client information, as well as employee or company data for a minimum amount of time. There are numerous business records that should be held on to for a minimum of seven years, which can include employee agreements, business loan documentation, litigation records, as well as general expense reports and records including overhead expenses and professional consultation fees.

Other documents may be kept for shorter, longer or an indefinite period of time and it's important to know what legal requirements are enforced for your industry to not only stay compliant, but to also dispose of documents you may no longer need. Regularly maintaining filing cabinets and securely disposing of old documents can help minimize risk of sensitive information falling into the wrong hands. The risks of keeping old documents containing sensitive data can be high – resulting in identity theft, fraud and potential financial loss or reputational damage.

There are many common myths about tape, disk, data protection and archiving including that archiving and long-term data retention are only for regulatory compliance purposes. The reality is that while regulatory compliance data, including Sarbanes-Oxley, ISO, financial or HIPAA medical, require long-term retention, other records and data, including those that do not fall under regulatory requirements, can benefit from - if not require - long–term data retention.

Template Includes Citations for Federal and Selected State Record Retention Requirements

A record is essentially any material that contains information about your company’s plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record – and you are now expected to retain and manage every one of those records, for several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.

The Record Management, Retention, and Destruction policy is a detail template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

Unitied States Employers have a number of record retention requirments that are mandated by the federal government.  Download Federal Record Retenition Requirements here.

The areas included with this policy template are:

• Record retention requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
• Policy
• Standard
  • Scope
  • Responsibilities
  • Record Management
  • Compliance and Enforcement
  • E-mail Retention and Compliance
• Job Description Manager Record Administrator
• 12 forms for Record Retention and Disposition Schedule
• Record Management Best Practices
• Employee Record Retention Federal Requirements

Managing backup and recovery in today's environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements. But these improvements do not replace the need to execute and deliver on a long term data retention strategy which includes:

• Business and Regulatory Requirements Demand a Long-term Plan
• Manage and Contain Your Total Cost of Ownership (TCO)
• Encrypt Your Data for Secure Long-term Retention
• Weigh the Environmental Impacts and Minimize Power and Cooling Costs
• Simplify Management of the Entire Solution

 

---

 

Other Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically. A totally solution that uses technology at its best.

• CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
• Backup and Backup Retention Policy
• Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
• Incident Communication Plan Policy (Updated to include social networks as a communication path)
• Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
• Mobile Device Access and Use Policy
• Patch Management Policy
• Outsourcing Policy
• Record Management, Retention, and Destruction Policy
• Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
• Service Level Agreement (SLA) Policy Template with Metrics
• Social Networking Policy
• Telecommuting Policy
• Travel and Off-Site Meeting Policy
• IT Infrastructure Forms