Record Management, Retention, and Destruction Policy
The landscape for the retention and destruction of an enterprise’s business records has never been more complex. And effective records management has never been more crucial to meeting corporate governance, risk management and operational mandates. Yet half of enterprises lack a fully implemented records management program.
Most organizations simply do not have the required competencies in-house to successfully develop, implement and enforce records policies and programs. It requires specialized expertise and applied technology to effectively manage electronic and physical records throughout their lifecycle.
The reality is that while regulatory compliance data, including Sarbanes-Oxley, ISO, financial or HIPAA medical, require long-term retention, many other common application data for almost every business, including those that do not fall under regulatory requirements, can benefit from - if not
require - long–term data retention. The notion is to think beyond regulatory compliance. In other words, organizations of all sizes need and rely on information, both current and past.
A record is essentially any material that contains information about your company’s plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record – and you are now expected to retain and manage every one of those records, for several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.
The Record Management, Retention, and Destruction policy is a detail template which can be utilized on day one to create a records management process. Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.
You areas included with this policy template are:
- Record retention requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
- Record Management
- Compliance and Enforcement
- Email Retention and Compliance
- Job Description Manager Record Administrator
- 12 forms for Record Retention and Disposition Schedule
You can download the Table of Contents and selected pages for this policy template.