Records Management Policy



Similar documents
Records & Information Management Policy

United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

FDU - Records Retention policy Final.docx

Developing a Records Retention Program

DOCUMENT RETENTION POLICY Revised 01/2009

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

September Tsawwassen First Nation Policy for Records and Information Management

RECORD RETENTION AND DESTRUCTION POLICY

Chapter RECORDS MANAGEMENT Sections:

West Chester University Records Management Policy

Basic Records Management Practices for Saskatchewan Government*

RECORDS MANAGEMENT POLICY

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

4) Suspension of Record Disposal In Event of Litigation or Claims

CENTRAL KY RIDING FOR HOPE, INC.

Administration Department. {Insert Name of Organization} Operating Policy Record Retention and Destruction

RUTGERS POLICY. Approval Authority: Executive Vice President for Academic Affairs and Senior Vice President for Administration

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT PROGRAM. Revised January 15, 2014

Practical tips for managing e mail

DOCUMENT RETENTION POLICY

SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY

Government records findings--recognition of public policy.

RECORD RETENTION AND DESTRUCTION POLICY

39C-1 Records Management Program 39C-3

How To Manage Records And Information Management In Alberta

RETENTION OF UNIVERSITY RECORDS

Section 28.1 Purpose. Section 28.2 Background. DOT Order Records Management. CIOP Chapter RECORDS MANAGEMENT

WRIGHT STATE PHYSICIANS

EFFECTIVE DATE: JULY 1, 2010

Department of Veterans Affairs VA Directive 6311 VA E-DISCOVERY

Massachusetts Statewide Records Retention Schedule August 2014 Supplement

COLORADO COMMUNITY COLLEGE SYSTEM SYSTEM PRESIDENT S PROCEDURE ELECTRONIC COMMUNICATIONS MANAGEMENT AND RETENTION PROCEDURES

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07

LONG ISLAND UNIVERSITY RECORDS RETENTION POLICY

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

***This sample is provided solely for informational purposes. Nothing in this document constitutes legal advice***

Records Management Services We re not just paper. We are compliance.

SOUTH EASTERN SCHOOL DISTRICT

Office 365 Data Processing Agreement with Model Clauses

Records Management Electronic Records and Electronic Discovery

Montana Local Government Records Management Guidelines

Southern Law Center Law Center Policy #IT0004. Title: Policy

Administrative Procedures Memorandum A2005

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

The E-Discovery Process

POLICY FOR PRESERVATION / ARCHIVAL OF DOCUMENTS

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

American Skin Association

FINAL May Guideline on Security Systems for Safeguarding Customer Information

CITY OF ANDERSON ELECTRONIC RECORD RETENTION POLICY

FRONTIER REGIONAL/UNION#38 SCHOOL DISTRICTS. Records Retention Policy for Electronic Correspondence

5.3. CQUniversity records and information will be captured and managed within one of the following corporate systems:

ACCESS, PRODUCTION AND RETENTION OF CITY RECORDS

1 LAWS of MINNESOTA 2015 Ch 67, s 2. CHAPTER 67--S.F.No. 86 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

GREATER TEXAS FEDERAL CREDIT UNION RECORDS PRESERVATION PROGRAM

Records Management. Training 101

University of Louisiana System

Records Management Policy

How To Preserve Records In Mississippi

Corporate Governance - The Importance of a Compliant Record Retention Program. by Christopher N. Weiss 1

E-Discovery Toolkit for Educational Institutions

Information Security Plan effective March 1, 2010

Policy Document RECORDS MANAGEMENT POLICY

Records Management Policy

PSAB Supplement 21 Records Retention and Disposition

Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI)

RECORD RETENTION & DESTRUCTION POLICY

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Electronic Records Management Guidelines

RECORDS MANAGEMENT POLICY

CODE OF BUSINESS CONDUCT AND ETHICS

LEGAL HOLD OBLIGATIONS FOR DISTRICT EMPLOYEES

LSUHSC-NEW ORLEANS RECORDS RETENTION AND DISPOSITION POLICY

1. The records have been created, sent or received in connection with the compilation.

Information and Compliance Management Information Management Policy

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Transcription:

Records Management Policy Business Records exist in a variety of forms, including physical and electronic form. The foundation produces, receives, stores and destroys a large number of Business Records in the normal course of its ongoing activities. The foundation needs to manage and dispose of its records in order to operate efficiently, respond to internal and external inquiries, ensure compliance with legal requirements, and preserve our institutional knowledge and history. Compliance with this policy and the attached Records Management Procedures is required by all foundation staff to (i) ensure records are properly identified and retained for the time periods needed to support the foundation s operations and comply with legal requirements, and (ii) ensure records are destroyed in a responsible and timely manner. This policy applies to the Bill & Melinda Gates Foundation and its wholly-owned affiliates, including IRIS Holdings LLC. This policy also applies to the Bill & Melinda Gates Foundation Trust to the extent that the foundation has custody and control of Trust records under the Operations Services Agreement between the foundation and the Trust dated as of October 25, 2006. Inquiries Any questions regarding this policy should be directed to the Ethics and Employment Counsel. Category: Foundation-Wide Policy Subject: Records Management Date Revised: April 2011

1.0 Definitions Active Business Records: Records still performing and referred to on a regular basis as part of the foundation s activities and typically easily accessible to foundation employees. Examples include an active grant or contract, current strategy document or policy, active employee personnel file, etc. Business Records: Records that have business or legal significance to the foundation, based on their content and context, and need to be preserved to meet business or legal requirements. All Business Records appear on the Records Retention Schedule. Compliance Team: Consists of the foundation-wide team of Records Administrators and Records Reviewers. Electronic record: A record in digital form (e.g., email, Microsoft suite files, Adobe, etc.) stored on an electronic information system (e.g., SharePoint, Unison, ICS). Destroy: Permanent deletion or elimination of Business Records and Non-Business Records so that information cannot be recovered and data cannot be reproduced by the foundation. Destruction Notice: A notice sent to all Records Administrators and Records Reviewers approximately every six months to notify them to destroy all Business Records that have met their Retention Period and all Non-Business Records that are no longer useful. Inactive Business Record: A record that is related to completed activities or that is no longer performing, but must be retained to fulfill legal requirements. Examples include a closed grant or contract, paid invoice, final annual report, personnel file for an employee who has left the foundation, etc. Iron Mountain: The external vendor where the foundation stores its physical records offsite. Legal Hold: Procedure used by Legal via a notice sent to all Records Administrators, Records Reviewers and other persons as necessary and applicable; to temporarily cease modification or destruction of identified records, even though they otherwise may be eligible for destruction. Legal Release: Procedure used by Legal via a notice sent to all Records Administrators, Records Reviewers and other persons as necessary and applicable, to release the Legal Hold of identified records so that all records being held revert back to their normal operating status and Retention Period. Managed Folders: New email folders designed to store grant-specific, Direct Charitable Expenses (DCE) contract-specific, relationship-specific and topic-specific email in subfolders such that they fall outside of the standard email retention policies. Emails stored in these sub-folders (RETAIN of OTHER) must be useful Non-Business Records, and will not be purged until (i) the grant or DCE contract closes, regardless of the date on the email or (ii) the relationship of topic-based email is older than seven years based on the date of the email (or as otherwise established by the Email Management Standards). Non-Business Record: Information that does not have business or legal significance to the foundation and does not need to be retained once it is no longer useful. Examples

include, working documents, duplicates, and information that may be useful but does not provide evidence of a business activity or outcome. Physical record: A record in either paper or other tangible form (e.g., video, paper, photographs, DVDs, etc.) Record Keeping System: An information system designated as an official system for capturing, maintaining, and providing access to Business Records in compliance with law and established business practices. Record Keeping Systems can be physical (e.g., file cabinets or Iron Mountain) or electronic (e.g., SharePoint, Unison, ICS or other information systems). Records Administrator (RA): The person who will support Records Management administration within their department and individuals within IT responsible for managing electronic records stored in a Record Keeping System. The Records Administrator, among other things, works with their program or operations department to support the destruction, hold and release process, manages offsite storage for their department, works with the Ethics and Employment Counsel to maintain the Records Retention Schedule and coordinates the implemention of the Records Management Procedures. Appendix B: Compliance Team identifies the foundation s current Records Administrators. Records Management: The Records Management program enables the foundation to manage important records in a cost effective and legally-compliant manner. The foundation is required by law to retain certain business records for a specific Retention Period and once that time has passed, to destroy those records in a timely and consistent manner. Records Reviewer (RR): The Records Reviewer is the person with overall responsibility for Records Management compliance within their particular department and individuals within IT responsible for compliance of electronic records stored in a Record Keeping System. Appendix B: Compliance Team identifies the foundation s Records Reviewers. Records Retention Schedule: The Records Retention Schedule states the approved list of all Business Record types, description, their Retention Period, and Record Keeping System. Retention Period: The period of time that inactive Business Records are to be retained prior to routine destruction, as identified in a Records Retention Schedule. The Retention Period for a given record type begins from the date a Business Record becomes inactive. For example, if the Retention Period for invoices is 7 years, then invoices would be retained for 7 years from the date they were paid and thus become an Inactive Business Record. Refer to the Records Retention Schedule for detailed information. 2.0 Managing Business Records and Non-Business Records Business Records must be identified, classified, and retained for the applicable Retention Period, using designated Record Keeping Systems, and then permanently destroyed in a timely and consistent manner. Non-Business Records may be retained while still useful and then permanently destroyed when they are no longer useful. These procedures apply to: All Business Records and Non-Business Records created or received in conjunction with foundation operations.

All locations where Business Records and Non-Business Records are maintained, including offsite storage locations (e.g. Iron Mountain, employee s home office, etc.). All employees, contractors, and agents who create, receive, and manage Business Records and Non-Business Records. 2.1 General Retention Business Records must be retained until the specified Retention Period has expired. Active Business Records are not yet subject to the specified Retention Period. Once a Business Record becomes an Inactive Business Record, the specified Retention Period begins, and for the duration of the Retention Period the Business Record must be retained. Physical records may be stored locally (e.g., in file drawers) on a temporary basis but should be moved to a central or off-site location for longer-term storage. Electronic Business Records must be stored on Record Keeping Systems. Electronic Non- Business Records may be stored on network drives or SharePoint. 2.2 Legal Hold Where there is a possibility of litigation, audit, or governmental investigation involving the foundation, all regularly scheduled destruction of records associated with the inquiry or potential inquiry must be suspended immediately and will become subject to a system of holds. Records under a Legal Hold cannot be modified or destroyed even when otherwise specified by the Records Retention Schedule. The Compliance Paralegal will notify Records Administrators of a Legal Hold and identify the types of records affected. The Compliance Paralegal will work with Records Administrators to verify that the records related to the pending matter have been appropriately identified. 2.3 Legal Release The Ethics and Employment Counsel will periodically review each Legal Hold order. The Compliance Paralegal will promptly notify Records Administrators of a Legal Release, at which time the relevant records are released from Legal Hold. These records should be reviewed for destruction before or no later than when the next destruction notice is issued based on the Records Retention Schedule or their usefulness. The Legal Department has sole authority to issue a Legal Hold or Legal Release and will maintain the master list of inquiries and related Legal Hold and Legal Release orders. Destroying, discarding, withholding, or altering records pertinent to an audit, litigation or governmental investigation is a crime. Persons found guilty of such actions may be subject to disciplinary actions, up to and including dismissal. 3.0 Record Destruction When the applicable Retention Period for a Business Record has expired, it must be destroyed unless it is under Legal Hold. Destruction must be performed in a timely and consistent manner, in accordance with these Procedures. The Compliance Paralegal will be responsible for scheduling and issuing Destruction Notices approximately every six (6) months. Within the stated time frame, generally fifteen (15) days, of receipt of a Destruction Notice, each Records Administrator must

take the following steps to destroy all Business Records whose Retention Periods have expired or Non-Business Records beyond their usefulness: Physical records. Each Records Administrator will coordinate the destruction of the Business Records for which the Retention Period has expired, and Non-Business Records that are no longer useful. This includes any Business Records stored off-site. Because Business Records may contain confidential information or non-public personal employee information, they must be destroyed in a manner that renders them inaccessible and unreadable. Business Records and copies of Business Records (Non- Business Records) must be disposed of via secure shredding, rendering those materials beyond reconstruction and protecting them from unauthorized access. If Business Records are destroyed by a shredding vendor, the vendor must certify that all Business Records scheduled for destruction were destroyed. Electronic records. The Records Administrator for IT Systems will identify the Business Records retained in SharePoint, Unison and ICS for which the Retention Period has expired and execute deletion of those Business Records. Each Records Administrator must work with their Program or Operational area staff to identify Non-Business Records stored on network drives and/or SharePoint which are no longer useful and manually execute deletion of those Non-Business Records. Electronic records must be permanently deleted so that information cannot be recovered and data cannot be reproduced by the foundation; IT will confirm such permanent deletion. Email. When the destruction process is initiated, the Ethics and Employment Counsel will issue a reminder to all foundation employees that any e-mail communications (with the exception of the Managed folders discussed below) older than 3 years (or as otherwise established by the Email Management Standards) will be deleted from Outlook upon the destruction date. E-mail communications stored in Managed folders will be destroyed subject to rules associated with the particular Managed folder. When the destruction of records is complete, Records Reviewers are required to certify to the Ethics and Employment Counsel that destruction has been completed. If, for any reason, a record cannot be destroyed, the Records Reviewer must bring it to the attention of the Ethics and Employment Counsel for consideration. Transferring or duplicating records to circumvent destruction is prohibited. Destruction of Business Records prior to the expiration of their Retention Period or subject to a Legal Hold is prohibited. Persons found guilty of such actions may be subject to disciplinary actions, up to and including dismissal. 4.0 Records Retention Schedule The Records Retention Schedule states the foundation s Business Record types, description, applicable Retention Period, and Record Keeping System. Periodically, the Ethics and Employment Counsel will work with the Records Administrators and Records Reviewers to review the Records Retention Schedule and identify any necessary modifications. 5.0 Records Management Organization The Compliance Team (see Appendix B) is responsible for managing execution and compliance with the Records Management Policy and Procedures. The

President of each Program or Chief of each Operational Area is responsible for notifying the Ethics and Employment Counsel of any changes in the assignment of a Records Administrator or Records Reviewer. Questions about the Records Management program should first be directed to the Records Administrator. If the Records Administrator should need assistance in responding to an inquiry, the Records Administrator should contact the Ethics and Employment Counsel, or the Compliance Paralegal.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information