Introduction:
Document Retention has a huge number of 'connotations' to different
people in different disciplines in different companies or
organizations. I will not pretend, here (or elsewhere) to be the
all-knowing / all-seeing guru on this subject, but ATTEMPT to outline
some basic fundamental truths about this subject-area. I
HOPE that those who read this will learn something of a
'high-level-view' and then be able to move-forth and create their own
process / procedure(s) to implement document retention in their
organization.
Something to think-about when creating a 'policy' for an organization
is that Many Departments will require their own 'tailored' version of
that policy. That does not release the 'management' of the
organization from developing an 'overall' policy. It just means
that many of the departments will have their own tailored version of
the policy primarily driven by legal demands.
Document Retention "Policy" for a given organization or department
should always include these GOALS or OBJECTIVES:
- 1.) be 'legally compliant' - that is comply with whatever
federal, state, local laws that are in effect
- 2.) be scalable - that is with an organization of 10-20 people
can this policy scale to the point of 1,000 people _ (or will it have
to be re-built?)
- 3.) be financially supportable - can the organization afford this
policy as written
- 4.) be realistic - down the road if someone 'requests data' can
the organization 'reproduce' the data within a reasonable time-frame
and at a reasonable cost
Having said that / those things - having
outlined the 'goals and objectives' lets talk about the methdologies
and the media from which documents are 'pulled' in order to create
backups and/or archives.
One (regardless of whether they are in 'management' (those who
(typically) create policy) or 'systems-administrators' (those who
(typically) implement 'policy') should recognize that:
Media, from which documents come contain, but are not limited to:
- hard disk(s) in computers (rotating, non-removable media)
- 'solid-state' disk(s) in computers (RAM disks and USB-disks
(sometimes called Thumb drives or Jump drives (removeable media))
- CD-ROMs / DVD-ROMs (rotating / removeable media)
- hard-disk(s) / solid-state-disks in iPods, Blackberrys,
cell-phones, etc. (typically non-removable)
- RAM-disks / Memory Cards in PDAs, cell-phones, IPphones,
etc.
- all of the above on an employee's home-computer (where (depending
on the legal envrionment) the corporation and/or organization(s) 'legal
arm' may OR MAY NOT extend to
File-types / generic 'classifications' of documents contain, but are
not limited to:
- corporate / organizational documents created in the line of doing
business
- corporate / organizational document DRAFTs
- corporate / organizational document e-mails / IMs /
cell-phone-call-records / IP-phone call records
- personal items of the above realm(s)
- phone lists of customers / friends / business associates
(could be in/on PDAs / phones / computers
- account lists of vendors / customers (in similar places)
- all of the above on a USB-disk (thumb-drive / jump-drive)
- all of the above on a CD-ROM / DVD-ROM / RW
Once we have identified all these different variables, now the
'hard-part' is to create document retention and backup and archiving
policies (and processes and procedures) that implement all the above
listed items in the proper way...
Something to think about; PEOPLE create documents, not computers -
PEOPLE TRAINING will help, more than technology, when it comes to
limiting both the volume and scope of the documents to be backed-up,
archived, retained.
JUST a BRIEF (VERY BRIEF) definition of items:
- Archive: data-duplicated for later retrieval "PRIMARILY OFF-LINE"
- Backup: - a 'normal' daily or weekly duplication of KEY DOCUMENTS
and FILEs
- Data Retention: - the POLICY that defines how the above items
should 'work'
Data Retention PROCESSes and PROCEDUREs - are the 'lists of actions'
that define the policy