Record Retention period

What do I have to do before the records retention period?

1 Like

I’m not sure what you mean. Do you mean in managing a record, it’s safekeeping, preparing for disposal, etc.?

1 Like

I follow the process below once material is eligible for disposal:

  1. Run a report on your database (if this is the case) for the current year
  2. Export it to an Excel file
  3. Sort it by office or department
  4. Verify if there is any material flagged On disposal Hold
  5. Sent an individual list to each department’s responsible person of authorizing the destruction
  6. After receiving the authorizations, edit if necessary the master list and database
  7. Sent the destruction work order for execution

I hope this will help to answer your question. If you need additional details, do not hesitate to email me at epena@rockfound.org.

2 Likes

For disposal, I’ll challenge you to work towards a different future for some of the records. I am assuming there is a compliance review process in place in order to keep this shorter. When apps and databases are created, determine if the records need a review process (due to their risk level) or if they can be automatically deleted. Many records churned out daily which lose their importance in a very short period.

First, your retention schedule is already the approval for destruction. It goes through enough of a painful process so why ask people to re-approve what was already approved by those in a higher level? Okay, I know here comes the ‘what about litigation holds?’ card (a.k.a., fear). Anyone with a solid process for managing litigation holds, especially with today’s software, is covered. Your policy must have the obligatory ‘hold records you have been notified by Legal to hold for litigation’, statement. Our Legal dept doesn’t even want to be asked by folks if they are on a hold or not.

Second, records should managed by their risk level. Manual reviews and approvals are painful, slow with a high ‘no response’ rate. I’ve been there and ended that process fairly quickly (mostly based on the above paragraph). There should be no issue, money (like folks’ time) or even thought in automatically deleting lower level risk records.

You’ll be shocked on how much can be disposed of and how willing folks are to move away from approving every record piece and/or bit for destruction.

3 Likes

I agree with Cinman. As long as you have your retention schedules in place, have a RIM steering committee with representatives from IT, Legal, Audit, Compliance, Facilities, and L.O.B. the individuals should HAVE THE ability to authorize destruction. Additionally
You as the individual responsible for review and submission to Committee will hold the original auth. And when destruction takes place attach the orig. With the cert of destruction. You can provide a copy to the dept. In the event there is discovery request dept. Is indemnified as they can show proof of destruction. In my early years requesting the dept. Approval was always met with a what if scenario, extending the retention. Let me be clear, in the event if anticipated litigation records that Pply must be place on hold.

We have a disposition sequence sign-off page

Need a review process in place. When application are created, setup a review process.

Great point John. We have a IG compliance review process for all new apps. The RIM section contains a space to include the document name of the SOP, Ops manual, etc., that provides the step by step review and disposal process. The only way out of it is to mark the app as automated disposal, no human involved. Yes, to avoid creating a step by step process document, has pushed many non-critical databases to incorporate automated disposal.