IT Productivity CenterXML News Feed
 

Join Our Email List
Email:  

Record Management

Policy Template

The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process. More...

Disaster Planning

Business Continuity

Disaster Recovery Planning (DRP) template can be used by any size enterprise. The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The Disaster Recovery Planning Documentation comes as a Word document. More...

Security Policies

Security Procedures

Security Manual for the Internet and Information Technology is over 240 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. More...

Job Descriptions

Job Descriptions

The IT job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide® were completed in 2010 and contains over 650 pages; which includes sample organization charts, a job progression matrix, and over 230 job descriptions. More..

Salary Survey

Salaries for IT

Are you paying too much or too little to your information technology staff? Are you earning what you're worth? Whether employer or employee, it is important to know what other companies are paying in total compensation for a similar position in your area. Learn how your company compares in the area of compensation. More...

 Share or Bookmark
Digg  Reddit  Del.icio.us  Stumble Upon  Facebook  Twitter  Google  BlinkList  Technorati  Mixx  Windows Live  Bookmark  MySpace  Yahoo Bookmarks  newsvine  Diigo

 

Record Management, Retention, and Destruction Policy

    

CIOs and IT Managers need to be assured that their information and record management program is compliant with government regulations and reflects best practices. This policy addresses all of those concerns. It was just updated and includes best practices.

Record Management PolicyA record is essentially any material that contains information about your company’s plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record – and you are now expected to retain and manage every one of those records, for several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.

The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

Imact

Policy template includes:

  • Requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
  • Policy
  • Standard
  • Scope
  • Best Practices
  • Responsibilities
  • Procedures - Forms
  • Compliance and Enforcement
  • Email Retention and Compliance
  • Job Description Manager Record Administrator
  • 12 forms for Record Retention and Disposition Schedule

You can download the Table of Contests and selected pages for this policy template.

    

 

Other Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy.  All policies are Sarbanes-Oxley, HIPAA, and Patriot Act compliant.

Outsourcing Policy

This policy is eighteen page in length and defines everything that is needed for a function to be outsourced.  The policy comes as a Microsoft Word document (Word 2003 & Word 2007) that can be modified as needed.  The template has been updated to include a HIPAA audit program definition:
  • Outsourcing Management Standard
    • Service Level Agreement
    • Responsibility
  • Outsourcing Policy
    • Policy Statement
    • Goal
  • Approval Standard
    • Base Case
    • Responsibilities 

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

 

 

Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
  • Appropriate Use of Equipment
  • Mobile Devices
  • Internet Access
  • Electronic Mail
  • Retention of Email on Personal
  • E-mail and Business Records
  • Copyrighted Materials
  • Banned Activities
  • Ownership of Information
  • Security
  • Sarbanes-Oxley
  • Abuse
Included are these ready to

  • Internet & Electronic Communication Employee Acknowledgement
  • E-Mail - Employee Acknowledgement
  • Internet Use Approval Form
  • Internet Access Request Form
  • Security Access Application Form

Travel and Off-Site Meeting Policy

Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is four page in length and covers:

  • Data and application security
  • Minimize attention
  • Shared public resources
  • Off-site meeting special considerations

 

Backup and Backup Retention Policy

Backup Policy & Backup RetentionThe Backup and Backup Retention policy is an 11 page sample policy that is a complete policy which can be implemented immediately. 

The document is provided in both Word 2003 and Word 2007 formats and is easily modified.  This policy is included in the Disaster Recovery / Business Continuity Template

  

 

Below is a table from the policy.

Type of Data

Minimal Backup Policy

Backup Retention Policy

System software

Latest Version plus patches
 At Least Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

Application software

Latest Version plus patches
At Least Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

System data

Daily

Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations

Application Data

Daily with real time transaction files

Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations

Software licenses, encryption keys, & Protocol Data

Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

 

  

Sensitive Information Policy
 

This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data.  The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).