Record Retention and Destruction Policy Template

Record Retention and Destruction Policy

OrderDownload Table of Contents

Current Rules and Regulations Regarding the Protection and Destruction of Confidential and Sensitive Documents require that any person or company that possesses or maintains such information to take reasonable measures to protect against unauthorized access to, or use of the information in connection with its disposal.  In addition Sarbanes-Oxley requires that records be retained for all audits and legal proceedings.

Some of the records types and retention time periods for physical and/or electronic records are:

Record Retention Periods

OrderDownload Table of Contents

The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

You areas included with this policy template are:

  • Record retention requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
  • Policy
  • Standard
    • Scope
    • Responsibilities
    • Record Management
    • Compliance and Enforcement
    • Email Retention and Compliance
  • Job Description Manager Record Administrator
  • 12 forms for Record Retention and Disposition Schedule

A record is essentially any material that contains information about your company’s plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record – and you are now expected to retain and manage every one of those records, for several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.

“The Financial Modernization Act of 1999”, also known as Gramm-Leach-Bliley (GLB Act) applies to every business with 100 or more annual transactions, and gives authority to eight (8) federal agencies and each state, to administer and enforce the Financial Privacy Rule, Disposal Rule and the Safeguards Rule contained in the FACT Act.  The Federal Trade Commission is actively enforcing this Act in the following business segments:

  • Financial institutions - lenders and traditional financial institutions, insurance companies, banks, securities firms are the primary targets of enforcement. Also receiving scrutiny are: auto dealers (leasing and financing departments, service and rental divisions), of particular interest to the enforcers are auto rental agreements, drivers license copies – used for test drives; mortgage brokers, real estate settlement companies, and those retailers who issue credit cards, gift cards or related items.
  • Service institutions -payday lenders, check-cashing services, professional tax preparers, accountants, and electronic funds transfer networks, as well as credit counselors, independent psychologists, and related service firms are also targets.

There are hundreds of document types that may factor into an investigation or legal action.  Such records are assumed to be searchable and quickly available upon request, under the rules of SOX. This even applies to less official types of records, like Emails or instant messages.

OrderDownload Table of Contents

 

 

 

 

Record Retention and Destruction News


Storge is not cheap -- it can add significantily to operational costs

Storage is cheap. But is it really? Storage is often considered an inexpensive, quick and easy fix to demands for more space needed for our enterprise applications. The problem is that this "bargain" isn't always the deal it appears to be. While the direct cost of traditional disk storage is indeed lower, associated costs of simply adding more storage are often underestimated.

There are hidden costs of the "buy more storage" methodology, and how it not only impacts the IT budget, but also application performance, IT productivity and business continuity. CIOs need to be more strategic about storage to accommodate both short-term data needs and long-term retention goals, reducing costs, improving performance and reducing risks associated with storing enterprise data.

Question that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?
Order PolicySample Policy
- more info


Supply chain distruptions can be fatal to an enterprise

Supply chains cannot tolerate even 24 hours of disruption. With so many uncertainties, defining company's sourcing strategy and becoming the customer of choice for the suppliers during difficult times is a challenging task. So how do you ensure your supply lines are safe? See the Business Continuity Template that address all of these challenges.

Disaster Recovery
Order Disaster Plan TemplateDisaster Plan Sample
- more info


Top 10 Backup Best Practices

10 Backup Best Practices – Rules of the Road for CIOs and DR/BC Managers Top 10 Backup Best Practices – Many CIOs want to improve their ability to recover from system failures and data loss, especially to protect themselves from … Continue reading

Question that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?
Order PolicySample Policy

Managing backup and recovery in today's environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy).

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan TemplateDisaster Plan Sample
- more info


Disaster Recovery Business Continuity News Digest

Disaster Recovery Business Continuity News

Disaster Recovery
  1. Business Continuity Planning for Survival Under Stress Business continuity and disaster recovery planning took a real hit in the recession that started in 2008.  First many companies reduced the number and intensity...
  2. The new business continuity and disaster recovery standard – ISO 22312 versus ISO 22301 New business continuity and disaster recovery standard CIOs, Business continuity practitioners, vendors and consultants have ISO 22313 (see http://www.e-janco.com/DRP.htm) as a handy tool that addresses...
  3. Top 10 Predictions for Disaster Recovery and Business Continuity 10 Disaster Recovery – Business Continuity Predictions for 2013 Disaster Recovery vs Business Resilience  – There will be a move from an academic discussion to practical...
  4. Disaster Recovery Business Continuity Tools Tools available for Disaster Recovery and Business Continuity planning There are several tools available for Disaster Recovery and Business continuity. Follow the links below for...
  5. Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Planning the Disaster Recovery and Business Continuity Processes

MTO Disaster Timeline

Preparation for Disaster Recovery and Business Continuity in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the Disaster Recovery and Business Continuity Plan exists and appropriately protects the data and assets of the enterprise.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Recovery Articles

Disaster Recovery Articles:

- more info


Power Distruptions - Defining Maximum Tolerable Period of Disruption

Defining Maximum Tolerable Period of Disruption

Systemic changes in the global power sector mean that there is increasing fragility surrounding supply security and end users should not expect the future continuity of supply to be guaranteed says a Marsh consultant.

The global power sector is increasingly vulnerable to a new series of threats, which is in turn creating uncharted risk management issues.

In the past, power sector policymakers have had to find a balance between the two objectives of supply security and maintaining a cost structure that enables end-users to have access to electricity to promote economic development. Over the last decade great attention has been paid to a third imperative which the global power sector cannot ignore: environmental sustainability.

 

Disaster Types

 Order Disaster Plan TemplateDisaster Plan Sample
- more info


SDDs fail without warning

DRP/BCP Security TemplatesThe creator of the Linux kernel, Linus Torvalds found out the hard way that solid-state drives (SSDs) aren't invincible -- and when they do fail, they can die without warning and at inconvenient times.

While SSDs are vastly better performers than hard disk drives and are considered more reliable for mobile devices because they have no mechanical parts to break, they do have a limited lifespan. With some early SSDs, that lifespan ended up being less than a year, depending on the quality and use of the drive.

 Order Disaster Plan TemplateDisaster Plan Sample

While there are no moving parts in an SSD, the semiconductor components can fail. For example, a NAND die, the SSD controller, capacitors, or other passive components can -- and do -- slowly wear out or fail entirely.

Although most client drives outlast their three-to-five year warranties, if Torvalds was subjecting such a drive to heavier workstation-type workloads, which happens a fair bit in enterprises, "the lifespan likely will not meet expectations," Chien said.

The NAND flash media plays a key role, as its quality differs between manufacturers. And earlier generations of NAND flash have lower endurance characteristics related to bit errors -- when electrons leak through cell walls -- and program disturbs. A program disturb is the unintentional programming of a memory cell. Do it enough, and endurance suffers.

- more info


Business Continuity High Risk Users

Business Continuity - Disasters Happen

Individual users who pose high risks to and organization to disaster recovery planning efforts and when an event occurs...

Once a plan is created and an event occurs, failures can be predicted because of a few types of high risk individuals. When the plan is activated, they are the ones who are not prepared, "too busy" focusing on the wrong things, and are the first ones to blame someone else because their part of the recovery process did not work.

  • When you are creating your plan you need to be aware of these "personalities" and address them quickly.
  • People who do not "participate" actively and often avoid documenting their procedures and backup/recovery processes
  • People who never take a vacation or are the "sole" point of contact within a group because for whatever reason they are the only ones who know the big picture
  • People who are the "heroes" who keep things running and are indispensable

Many organizations are either blind to the risk or reluctant to do something about these types of individuals, almost out of fear of upsetting the individual. This just hands them more power and the longer the situation persists the greater the risk to your organization.
Every organization has at least one of these personality types. As the individual responsible for your disaster recovery plan you should take the time to

  • Identify who they are
  • Do not be held to ransom by these people - they could resign tomorrow
  • Deal with them - take action before it is too late
  • De-personalize the situation - it is about your process not the individual.

 Order Disaster Plan TemplateDisaster Plan Sample

 

- more info


Briefs on tools for disaster recovery and business continuity briefs

Briefs on tools for disaster recovery and business continuity briefs

  1. Disaster Recovery Business Continuity Tools  Tools available for Disaster Recovery and Business Continuity planning There are several tools available for Disaster Recovery and Business continuity. Follow the links below for...
  2. Finding Disaster Recovery Tools – Adobe falls short  Adobe is not a good source for Disaster Recovery tool development Janco has just updated it Threat Vulnerability Assessment tool as it updates it Disaster...
  3. 10 reasons to move Disaster Recovery to the Cloud  Top 10 reasons why the cloud makes sense for disaster recovery planning Cloud data disaster recovery protection solutions offer a combination of the latest advancements...
  4. 10 Commandments of Disaster Recovery and Business Continuity  10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
  5. Cloud Improves Disaster Recovery planning  Cloud Improves Disaster Recovery and Business Continuity planning Today’s distributed and dynamic enterprises for disaster recovery need to plan for  24×7 access to a growing...
- more info


Disaster Incident Communication Plan

When a natural disaster strikes, the majority of the chaos and confusion that arises comes from a lack of open channels of communication. In both relief efforts and the businesses struggling to get back on track, communication is absolutely vital. Inside this guide, we’ll take a look at how the cloud offers a resilient communications solution that won’t fail when you need it the most.

Inside Incident Communication Plan Policy, you’ll learn how cloud based communications can save your business in the face of disaster. While even a relatively minor disruption can wreak havoc on premise-based communications, it only takes one employee with internet access to keep your business running with cloud-based communications. Read on to learn how to ensure your cloud provider is prepared and how to formulate a plan to get your business up and running in minutes should a disaster strike.

- more info


Disaster Recovery Business Continuity Articles

Disaster Recovery Business Continuity Articles

Business Continuity - Disasters Happen

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Data Center Recovery Articles

Readings that will help you in creating a Data Center Recovery Strategy:

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Recovery Business Continuity Articles

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Plans need to be updated

Disaster PlanningDisaster Plans need to be update for as Windows XP is reaching the ending of life - it will no longer be supported. 

Recently Microsoft made the unsurprising announcement that as of 8th April 2014 they will no longer provide updates or security patches for Windows XP.

Organisations still using the 12 year old technology will be required to replace XP with a new operating system, most likely Windows 7. This change could come at considerably effort and cost and if not appropriately managed and co-ordinated could cause significant impact to the business.  For example;

  • Windows 7 Software licences will need to be purchased and installed
  • Existing PCs, laptop and servers may not be Windows XP compatible and will require upgrade or replacement
  •  Legacy applications that are no longer supported may not continue to operate in a Windows 7 environment and would require development changes or in extreme cases complete replacement
  • Existing data may need to be converted to alternative formats to ensure it can still be safely backed up, verified and restored in the event of a business continuity or disaster recovery event.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Data Backbone of Disaster Recovery

DRP Security TemplateData is the backbone of every organization. No matter the business, industry, or size, reliable data access is essential to operations. As that data continues to grow exponentially, it is important to have a backup and recovery strategy that meets current business needs and has the flexibility to grow and change.

Order DRP BCP SecuritySample DRP Security Manual

 

Follow us at https://twitter.com/@itmanagercio

 

Protecting your data is vital to the survival and growth of your business. You must keep your systems and employees up and running - and productive - even as fast backup and restore processes are being completed. And, should a "worst-case scenario" occur, being prepared with an appropriate disaster recovery plan is essential.

 

The Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any size of enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant.

- more info


Will your disaster recovery provider be in business when you need them?

What if your were in Florida and the Hurricane season was in full swing and your provider went out of business. Would you have the time to move to a new provider and test your solution before you need to execute your plan?

For example, earlier this year Google decided to close its Message Continuity service. Google gave most clients a reasonable timescale to find an alternative supplier, allowing existing Message Continuity contracts to run until their contacts expired.  What if that was the communication solution you had selected for communicating with your staff?  Would you be able to implement, test, and communicate a new one on time.


Order Disaster Plan TemplateDisaster Plan Sample

Another example was the news that Doyenz, the US-based supplier of rCloud, a service which offers disaster recovery for physical and virtual servers, had decided to pull the plug on its UK operations. Clients were given not weeks or months but days to respond and to find a new supplier.

CIOs and IT managers all need to consider all of the possibilities when developing and testing their disaster recovery plans.

 

- more info


Disaster Recovery Misconceptions

Disaster Recovery -  What are the major misconceptions when a disaster occurs with IT systems? Can your systems can not support your company’s day-to-day operations?

 Order Disaster Plan TemplateDisaster Plan Sample

The major misconception is that a backup recovery plan is all that you need.  At Janco Associates that is not enough.  We have found that most companies are really not prepared.  Files can be restored but it does no good if they do have facilities for their staffs.

  1. Disaster Recovery and Business Continuity Top 10 “Disaster Recovery and business continuity are all about being ready for everything.  The question that every IT manager and CIO has to answer every day...
  2. Google data center security & disaster recovery  This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
  3. Meeting ISO 27031 Requirements Meeting ISO 27031 Requirements ISO 27031 The ISO Standard defines the Information and Communication Technology (ITC) Requirements for Business Continuity (IRBC) program that supports the...
  4. Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
  5. IBM Business Continuity Plan Services  Business Continuity Services Video Business continuity video is good overview of what IBM thinks about this...

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Weather Issues Impact Business Continuity Plans

Weather needs to be considered when business continuity plans are developed.

 Order Disaster Plan TemplateDisaster Plan Sample

  1. Disasters Caused by Weather Affect South the Most  Disasters as Hurricane Sandy showed, weather can have extensive and long lasting affects.  Sandy now has entered the North East in the Billion Dollar Weather...
  2. Blizzard 2013 Blizzard 2013 to test many business continuity plans In the aftermath of the Blizzard 2013, which disrupted transportation, power, internet, phone and numerous other technical...
  3. Disaster Planning for Weather Related Events  Disaster Planning steps to follow for weather related events Disaster Planning is a must given the changing weather and climate. As it has been recently...
  4. Disaster Recovery and Business Continuity Top 10 “Disaster Recovery and business continuity are all about being ready for everything.  The question that every IT manager and CIO has to answer every day...
  5. Business Continuity Plan Has to be in Place Now  Business continuity plan is something that every organization needs to have in place before a disaster happens.  Every day somewhere in the world disasters are...
- more info


Requirements of a basic disaster recovery plan

Disaster PlanningEffective operations management requires clear, concise recovery execution or automation, enabling staff members to execute the same tasks and achieve similar results. In particular, an effective disaster recovery plan must address three key goals:

  • Minimize downtime: The consequences of extended downtime can be severe, not only in terms of lost business and lost productivity, but even in terms of survival for small organizations.
  • Minimize risk: Not having a disaster recovery plan often constitutes an unacceptable level of risk - but simply having a disaster recovery plan in place does not eliminate risk if its reliability is uncertain.
  • Control costs: Traditional disaster recovery plans are often limited in scope because of the costs associated with building and maintaining a recovery site, training staff members in disaster recovery processes, testing those processes, and so on.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


ISO22301:2012 - Standards definition

ISO22301:2012 (Societal Security - Business Continuity Management System - Requirements) is the international standard for business continuity within organisations and defines the specification and best practice for implementing a robust business continuity management system. Published in May 2012, ISO22301 replaces the BS25999 standard which will be withdrawn in 2013.

Compliance Process
 Order Disaster Plan TemplateDisaster Plan Sample
- more info


Is this years flu the start of a pandemic

In disaster planning when a pandemic occurs the data center exists but people often are in separate locations. The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience is as similar as possible so that the work environment is the same in the remote site (often home) as in the office.

 Order Disaster Plan TemplateDisaster Plan Sample
- more info


How Sandy and Katrina have impacted DR Planning

Outsourcing Template

Business continuity planning can help your organization thrive again, quickly, after a major catastrophe. After watching so many enterprises struggle after the wake of Hurricanes Sandy and Katrina, it’s important that you take a proactive approach to business continuity. Once the tragedy occurs, it may be too late to restore systems and access backup information properly. Here are some of the benefits of having a proactive recovery and continuity plan in the case of a major outage:

  • Workforce Retention
  • Employee Communication
  • Customer Communication
  • Supplier/Vendor Communication
  • Quick Emergency Data Recovery
  • Long-Term Data Recovery
Order Business Continuity Plan Cloud Business Continuity Security bundle
- more info


ISO 22313 closed

ISO 22313, the International business continuity management systems guidance standard, has entered the final pre-publication stage.

 Order Disaster Plan TemplateDisaster Plan Sample

On 30th November ISO announced that ISO 22313 has reached development stage 60.00, which means that the standard has been finalised and is being produced for publication.

ISO 22313 ‘Societal security -- Business continuity management systems – Guidance’ will be a 46 page publication and has been developed by the ISO TC 223 Societal security committee.

- more info


Database is the core of the disaster recovery process

The database is the heart of any organisation. From running applications to processing transactions and storing customer and other mission-critical data, without the database, businesses simply cannot function. Despite the critical nature of the database, many companies do not have a comprehensive backup and disaster recovery strategy in place, and resort to crisis management when their database crashes, often resulting in costly downtime.

Disaster Recovery

The Disaster Recovery Business Continuity Template is a comprehensive tool and set of disaster and business continuity planning resources, including a detail disaster recovery business continuity work plan on how to proceed from evaluating risk factors to retrieving server data.

 Order Disaster Plan TemplateDisaster Plan Sample

There are a few checklist items to consider with backup and disaster recovery, ensuring minimal disruption, and most importantly, continuity for the business.

Checklist item number one: Backup and disaster recovery strategy

Whether organisations run a full disaster recovery environment or simply conduct regular backups, having a plan and processes in place to govern this in the event of an emergency can literally save a business.

A backup and disaster recovery strategy is therefore essential for every modern business of any size. This is the most important step in ensuring your database is not a disaster waiting to happen.

- more info