Record Retention and Destruction Policy Template

Record Retention and Destruction Policy

OrderDownload Table of Contents

Current Rules and Regulations Regarding the Protection and Destruction of Confidential and Sensitive Documents require that any person or company that possesses or maintains such information to take reasonable measures to protect against unauthorized access to, or use of the information in connection with its disposal.  In addition Sarbanes-Oxley requires that records be retained for all audits and legal proceedings.

Some of the records types and retention time periods for physical and/or electronic records are:

Record Retention Periods

OrderDownload Table of Contents

The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

You areas included with this policy template are:

  • Record retention requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
  • Policy
  • Standard
    • Scope
    • Responsibilities
    • Record Management
    • Compliance and Enforcement
    • Email Retention and Compliance
  • Job Description Manager Record Administrator
  • 12 forms for Record Retention and Disposition Schedule

A record is essentially any material that contains information about your company’s plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record – and you are now expected to retain and manage every one of those records, for several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.

“The Financial Modernization Act of 1999”, also known as Gramm-Leach-Bliley (GLB Act) applies to every business with 100 or more annual transactions, and gives authority to eight (8) federal agencies and each state, to administer and enforce the Financial Privacy Rule, Disposal Rule and the Safeguards Rule contained in the FACT Act.  The Federal Trade Commission is actively enforcing this Act in the following business segments:

  • Financial institutions - lenders and traditional financial institutions, insurance companies, banks, securities firms are the primary targets of enforcement. Also receiving scrutiny are: auto dealers (leasing and financing departments, service and rental divisions), of particular interest to the enforcers are auto rental agreements, drivers license copies – used for test drives; mortgage brokers, real estate settlement companies, and those retailers who issue credit cards, gift cards or related items.
  • Service institutions -payday lenders, check-cashing services, professional tax preparers, accountants, and electronic funds transfer networks, as well as credit counselors, independent psychologists, and related service firms are also targets.

There are hundreds of document types that may factor into an investigation or legal action.  Such records are assumed to be searchable and quickly available upon request, under the rules of SOX. This even applies to less official types of records, like Emails or instant messages.

OrderDownload Table of Contents

 

 

 

 

Record Retention and Destruction News


US lucks out and does not make list of most likely terrorist attacks

Disaster Recovery Planning

No US city made the top 100 possible sites for a terrorist attack.  Most of the cities that made the list are in the Middle East. 

Paris is the only western city to make the list at 97. The risk level in Paris is representative of a wider trend for Western countries, including Belgium, Canada and Australia, where key urban centres face substantially higher threat levels than elsewhere in the country, in part due to the significant PR value attached to such high profile targets by militant Islamist groups.

 Order Disaster Plan TemplateDisaster Plan Sample

64 cities have been categorised as extreme risk in the Global Alerts Dashboard (GAD). Based on the intensity and frequency of attacks in the 12 months following February 2014, combined with the number and severity of incidents in the previous five years, six cities in Iraq top the ranking. Over this period, the country's capital, Baghdad, suffered 380 terrorist attacks resulting in 1,141 deaths and 3,654 wounded, making it the world’s highest risk urban centre, followed by Mosul, Al Ramadi, Ba'qubah, Kirkuk and Al Hillah.

Outside of Iraq, cities rated as at extreme risk include Kabul, Afghanistan (13th most at risk), Mogadishu, Somalia (14th), Sana’a, Yemen (19th) and Tripoli, Libya (48th). However, with investment limited in conflict and post-conflict locations, it is the risk posed by terrorism in the primary cities of strategic economies, such as Egypt, Israel, Kenya, Nigeria and Pakistan that has the potential to threaten business and supply chain continuity.

- more info


Disaster Recovery Misconceptions

Disaster Recovery -  What are the major misconceptions when a disaster occurs with IT systems? Can your systems can not support your company's day-to-day operations?

 Order Disaster Plan TemplateDisaster Plan Sample

The major misconception is that a backup recovery plan is all that you need.  At Janco Associates that is not enough.  We have found that most companies are really not prepared.  Files can be restored but it does no good if they do have facilities for their staffs.

  1. Disaster Recovery and Business Continuity Top 10 “Disaster Recovery and business continuity are all about being ready for everything.  The question that every IT manager and CIO has to answer every day...
  2. Google data center security & disaster recovery  This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
  3. Meeting ISO 27031 Requirements Meeting ISO 27031 Requirements ISO 27031 The ISO Standard defines the Information and Communication Technology (ITC) Requirements for Business Continuity (IRBC) program that supports the...
  4. Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
  5. IBM Business Continuity Plan Services  Business Continuity Services Video Business continuity video is good overview of what IBM thinks about this...

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Incident Communication Plan

When a natural disaster strikes, the majority of the chaos and confusion that arises comes from a lack of open channels of communication. In both relief efforts and the businesses struggling to get back on track, communication is absolutely vital. Inside this guide, we’ll take a look at how the cloud offers a resilient communications solution that won’t fail when you need it the most.

Inside Incident Communication Plan Policy, you’ll learn how cloud based communications can save your business in the face of disaster. While even a relatively minor disruption can wreak havoc on premise-based communications, it only takes one employee with internet access to keep your business running with cloud-based communications. Read on to learn how to ensure your cloud provider is prepared and how to formulate a plan to get your business up and running in minutes should a disaster strike.

- more info


Disaster recovery template minimizes the risks associated with business disruptions

Disasters strike when companies least expect them. Some - like massive storms - give you more warning. But in either case, it’s a real problem if disaster stops the day-to-day operations of your business.

Forces of nature, malicious acts, or even a simple human error can have a long-lasting negative effect on your business. How can you upgrade your disaster preparedness given how business distruption an data loss will affect your organization?

Are you prepared?

  • Revenue loss from the inability to conduct business
  • Lost customer trust or confidence
  • Financial penalties for violated SLAs
  • Legal or financial penalties for compliance lapses
  • Excessive recovery and repair costs for lost systems and data

The Disaster Recovery Business Continuity template has been purchase by over 2,500 enterprise world wide in both the public and private sectors. To see the distribution of our customer base click here.

Disaster Recovery Security Cloud DRP Security Incident Communication Policy 
 Order Disaster Plan TemplateDisaster Plan SampleDR BC History
- more info


Business Continuity steps to success and thing CIO need to do

Disaster Recovery Plan Template Business Continuity

DRP BCP Tool Kit

ISO 27000, SOX, PCI-DSS & HIPAA Compliant

The Standard for Disaster Planning and Continuity Planning - Over 3,000 Companies World Wide have chosen this DRP/BCP Template
  1. Keep your primary backup  disaster recovery business continuity data in house – this is your first line of defense, a quick fix in case something goes wrong.
  2. Analyze your critical systems and their subsystems –  Identify applications that are critical to your business and the data and systems that these systems depend on.
  3. Your backup policy has to include some incremental systems and snapshots to be able to handle when single files or select data is lost.
  4. Think carefully about your backup solution – if your requirement is very granular – like restoring a damaged mailbox or maybe even a single mail, then your solution has to be selected keeping this in mind.
  5. Long term backup in a public cloud is a great option – it is not expensive, availability is good however be aware of security considerations.
  6. Run the backup from the cloud directly – if your backup data is kept in the cloud, then running a recovery directly from the cloud is easy.
  7. Test everything – test your backup solutions regularly till you are confident that they will work when required. The need to recover may occur at the middle of the night or when you are far  away from your on premise systems. A backup solution in the cloud is a great solution to ensure business continuity

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Business Interruption Life Cycle

Business Interruption Life Cycle

 Order Disaster Plan TemplateDisaster Plan Sample

A business interruption has a life cycle; that is, it starts small and could potentially become a disaster of epic proportion, depending on its duration. The longer an interruption is, the more that the company’s operations are affected. Your organization’s response should shift as an incident evolves from threat to emergency to crisis to disaster. It is one thing to say access to contract data isn’t essential for a day or two, but what about a week or two? This is why it’s important to protect more than just data. Now that you know what processes are critical to the operation of your business, you can consider threats according to their impact on those critical processes. To help you mitigate impact to your core processes, your plan should address three key phases:

  • Business Continuity Response — these are the steps you take immediately to sustain your core processes, your primary business priorities
  • Disaster Recovery Response — these are the steps you take to extend your core processes indefinitely and addresses your secondary priorities
  • Restoration Planning Response — these are the steps you take to restore your business to its pre-incident level
- more info


Data Backbone of Disaster Recovery

DRP Security TemplateData is the backbone of every organization. No matter the business, industry, or size, reliable data access is essential to operations. As that data continues to grow exponentially, it is important to have a backup and recovery strategy that meets current business needs and has the flexibility to grow and change.

Order DRP BCP SecuritySample DRP Security Manual

 

Follow us at https://twitter.com/@itmanagercio

 

Protecting your data is vital to the survival and growth of your business. You must keep your systems and employees up and running - and productive - even as fast backup and restore processes are being completed. And, should a "worst-case scenario" occur, being prepared with an appropriate disaster recovery plan is essential.

 

The Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any size of enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant.

- more info


Small to Mid-sized companies are at risk from disasters

Highlighting the risk to companies with fewer than 1,000 employees, most of 453 organizations which were recently surveyed have experienced a major IT outage in the past two years. Companies with 50 to 250 employees are especially at risk. 83 percent of those companies have gone through a major IT failure, while 74 percent with 250 to 1,000 employees have experienced a significant outage.

The Disaster Recovery Business Continuity template has been purchase by over 2,500 enterprise world wide in both the public and private sectors.

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program

 Order Disaster Plan TemplateDisaster Plan SampleDR BC History
- more info


Successful recovery after a disaster strikes takes more that a good backup

Backup Policy

The safety and security of data is key to the productivity and survival of your organization. Many executive managers believe that backing up all data is enough to save them when a disaster strikes, but this isn’t the case. The ability to recover and restore your data is what makes your backup solution valuable.

Order PolicySample Policy

- more info


Top 10 Backup failures made by CIOs

Failure is not an option when considering disaster recovery and business continuity. Only when a backup is needed and then found that it is lacking or missing do many CIOs, IT Managers, and users appreciate the complexity  of the issue.

  1. Backing up only desktops and ignoring laptops, tablets, smartphone and other mobile devices
  2. Thinking that all that matters are mainframe or data center data bases
  3. Not understanding the differences in various deduplication solutions
  4. Not understanding what impact the backup processes have on users
  5. Not having a good grasp of the security implications due to disparate backup files
  6. Focusing only on what is needed today and ignoring future ramifications
  7. Not having a robust deployment solution defined
  8. Understanding the total cost of ownership for a solution or lack of a complete backup and security solution
  9. Ignoring BYOD implications and complications
  10. Not understanding he implications of the backup solution for disaster recovery and business continuity

Order PolicySample Policy

- more info


Business Continuity versus Disaster Recovery Planning

Business continuity (BC) refers to maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood, epidemic illness or a malicious attack across the Internet. A BC plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more.

Many people think a disaster recovery plan is the same as a business continuity plan, but a DR plan focuses mainly on restoring IT infrastructure and operations after a crisis. It's actually just one part of a complete business continuity plan, as a BC plan looks at the continuity of the entire organization. Do you have a way to get HR, manufacturing, and sales and support functionally up and running so the company can continue to make money right after a disaster?

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Storge is not cheap -- it can add significantily to operational costs

Storage is cheap. But is it really? Storage is often considered an inexpensive, quick and easy fix to demands for more space needed for our enterprise applications. The problem is that this "bargain" isn't always the deal it appears to be. While the direct cost of traditional disk storage is indeed lower, associated costs of simply adding more storage are often underestimated.

There are hidden costs of the "buy more storage" methodology, and how it not only impacts the IT budget, but also application performance, IT productivity and business continuity. CIOs need to be more strategic about storage to accommodate both short-term data needs and long-term retention goals, reducing costs, improving performance and reducing risks associated with storing enterprise data.

Question that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?
Order PolicySample Policy
- more info


Supply chain distruptions can be fatal to an enterprise

Supply chains cannot tolerate even 24 hours of disruption. With so many uncertainties, defining company's sourcing strategy and becoming the customer of choice for the suppliers during difficult times is a challenging task. So how do you ensure your supply lines are safe? See the Business Continuity Template that address all of these challenges.

Disaster Recovery
Order Disaster Plan TemplateDisaster Plan Sample
- more info


Top 10 Backup Best Practices

10 Backup Best Practices – Rules of the Road for CIOs and DR/BC Managers Top 10 Backup Best Practices – Many CIOs want to improve their ability to recover from system failures and data loss, especially to protect themselves from … Continue reading

Question that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?
Order PolicySample Policy

Managing backup and recovery in today's environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy).

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan TemplateDisaster Plan Sample
- more info


Disaster Recovery Business Continuity News Digest

Disaster Recovery Business Continuity News

Disaster Recovery
  1. Business Continuity Planning for Survival Under Stress Business continuity and disaster recovery planning took a real hit in the recession that started in 2008.  First many companies reduced the number and intensity...
  2. The new business continuity and disaster recovery standard – ISO 22312 versus ISO 22301 New business continuity and disaster recovery standard CIOs, Business continuity practitioners, vendors and consultants have ISO 22313 (see http://www.e-janco.com/DRP.htm) as a handy tool that addresses...
  3. Top 10 Predictions for Disaster Recovery and Business Continuity 10 Disaster Recovery – Business Continuity Predictions for 2013 Disaster Recovery vs Business Resilience  – There will be a move from an academic discussion to practical...
  4. Disaster Recovery Business Continuity Tools Tools available for Disaster Recovery and Business Continuity planning There are several tools available for Disaster Recovery and Business continuity. Follow the links below for...
  5. Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Planning the Disaster Recovery and Business Continuity Processes

MTO Disaster Timeline

Preparation for Disaster Recovery and Business Continuity in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the Disaster Recovery and Business Continuity Plan exists and appropriately protects the data and assets of the enterprise.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Recovery Articles

Disaster Recovery Articles:

- more info


Power Distruptions - Defining Maximum Tolerable Period of Disruption

Defining Maximum Tolerable Period of Disruption

Systemic changes in the global power sector mean that there is increasing fragility surrounding supply security and end users should not expect the future continuity of supply to be guaranteed says a Marsh consultant.

The global power sector is increasingly vulnerable to a new series of threats, which is in turn creating uncharted risk management issues.

In the past, power sector policymakers have had to find a balance between the two objectives of supply security and maintaining a cost structure that enables end-users to have access to electricity to promote economic development. Over the last decade great attention has been paid to a third imperative which the global power sector cannot ignore: environmental sustainability.

 

Disaster Types

 Order Disaster Plan TemplateDisaster Plan Sample
- more info


SDDs fail without warning

DRP/BCP Security TemplatesThe creator of the Linux kernel, Linus Torvalds found out the hard way that solid-state drives (SSDs) aren't invincible -- and when they do fail, they can die without warning and at inconvenient times.

While SSDs are vastly better performers than hard disk drives and are considered more reliable for mobile devices because they have no mechanical parts to break, they do have a limited lifespan. With some early SSDs, that lifespan ended up being less than a year, depending on the quality and use of the drive.

 Order Disaster Plan TemplateDisaster Plan Sample

While there are no moving parts in an SSD, the semiconductor components can fail. For example, a NAND die, the SSD controller, capacitors, or other passive components can -- and do -- slowly wear out or fail entirely.

Although most client drives outlast their three-to-five year warranties, if Torvalds was subjecting such a drive to heavier workstation-type workloads, which happens a fair bit in enterprises, "the lifespan likely will not meet expectations," Chien said.

The NAND flash media plays a key role, as its quality differs between manufacturers. And earlier generations of NAND flash have lower endurance characteristics related to bit errors -- when electrons leak through cell walls -- and program disturbs. A program disturb is the unintentional programming of a memory cell. Do it enough, and endurance suffers.

- more info


Business Continuity High Risk Users

Business Continuity - Disasters Happen

Individual users who pose high risks to and organization to disaster recovery planning efforts and when an event occurs...

Once a plan is created and an event occurs, failures can be predicted because of a few types of high risk individuals. When the plan is activated, they are the ones who are not prepared, "too busy" focusing on the wrong things, and are the first ones to blame someone else because their part of the recovery process did not work.

  • When you are creating your plan you need to be aware of these "personalities" and address them quickly.
  • People who do not "participate" actively and often avoid documenting their procedures and backup/recovery processes
  • People who never take a vacation or are the "sole" point of contact within a group because for whatever reason they are the only ones who know the big picture
  • People who are the "heroes" who keep things running and are indispensable

Many organizations are either blind to the risk or reluctant to do something about these types of individuals, almost out of fear of upsetting the individual. This just hands them more power and the longer the situation persists the greater the risk to your organization.
Every organization has at least one of these personality types. As the individual responsible for your disaster recovery plan you should take the time to

  • Identify who they are
  • Do not be held to ransom by these people - they could resign tomorrow
  • Deal with them - take action before it is too late
  • De-personalize the situation - it is about your process not the individual.

 Order Disaster Plan TemplateDisaster Plan Sample

 

- more info


Briefs on tools for disaster recovery and business continuity briefs

Briefs on tools for disaster recovery and business continuity briefs

  1. Disaster Recovery Business Continuity Tools  Tools available for Disaster Recovery and Business Continuity planning There are several tools available for Disaster Recovery and Business continuity. Follow the links below for...
  2. Finding Disaster Recovery Tools – Adobe falls short  Adobe is not a good source for Disaster Recovery tool development Janco has just updated it Threat Vulnerability Assessment tool as it updates it Disaster...
  3. 10 reasons to move Disaster Recovery to the Cloud  Top 10 reasons why the cloud makes sense for disaster recovery planning Cloud data disaster recovery protection solutions offer a combination of the latest advancements...
  4. 10 Commandments of Disaster Recovery and Business Continuity  10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
  5. Cloud Improves Disaster Recovery planning  Cloud Improves Disaster Recovery and Business Continuity planning Today’s distributed and dynamic enterprises for disaster recovery need to plan for  24×7 access to a growing...
- more info


Disaster Recovery Business Continuity Articles

Disaster Recovery Business Continuity Articles

Business Continuity - Disasters Happen

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Data Center Recovery Articles

Readings that will help you in creating a Data Center Recovery Strategy:

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Recovery Business Continuity Articles

 Order Disaster Plan TemplateDisaster Plan Sample

- more info


Disaster Plans need to be updated

Disaster PlanningDisaster Plans need to be update for as Windows XP is reaching the ending of life - it will no longer be supported. 

Recently Microsoft made the unsurprising announcement that as of 8th April 2014 they will no longer provide updates or security patches for Windows XP.

Organisations still using the 12 year old technology will be required to replace XP with a new operating system, most likely Windows 7. This change could come at considerably effort and cost and if not appropriately managed and co-ordinated could cause significant impact to the business.  For example;

  • Windows 7 Software licences will need to be purchased and installed
  • Existing PCs, laptop and servers may not be Windows XP compatible and will require upgrade or replacement
  •  Legacy applications that are no longer supported may not continue to operate in a Windows 7 environment and would require development changes or in extreme cases complete replacement
  • Existing data may need to be converted to alternative formats to ensure it can still be safely backed up, verified and restored in the event of a business continuity or disaster recovery event.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info