Records Management and Retention

Printer Friendly, PDF & Email

APPENDIX 5-O: Sample Data and Information Management Policy

Purpose: This policy is intended to provide guidance regarding the creation, receipt, retention, and destruction of data and information produced in the course of Company business.

Roles/Responsibilities: All employees must be familiar with this policy and act in compliance with it when creating, receiving, managing, storing, and destroying Company data and information.

  • Employees must identify whether the data and information that are created are official business records and, if so, the applicable retention period according to the data retention schedule.

  • Employees must know which official business records/information they are the custodian for.

  • Employees must be aware of litigation, tax and/or audit hold that may apply to the data and information which are being created, received, or maintained, and act in accordance with the guidance provided by such a hold.

  • Employees should regularly review all files, including electronic files and emails, and maintain them in an orderly manner in accordance with this policy and the applicable retention schedule.

  • Employees are responsible for protecting the confidentiality of the Company’s data and information and preventing unauthorized disclosure to a third party (i.e., persons both inside and outside the Company without a need to know).

Policy: In general, the Company desires to retain only official business records (according to the data retention schedule), unless there is a specific Company hold in place which requires other retention.

This document is only available to subscribers. Please log in or purchase access.