Home > Financial Services Information Security News > Retention policy implementation best practices
Financial Services Information Security News:
EMAIL THIS
QUESTION & ANSWER

Retention policy implementation best practices

By Editorial staff
17 Jan 2008 | SearchFinancialSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Security management expert Mike Rothman discusses best practices for implementing a successful retention policy within an enterprise.

The law firm I currently work at has asked me to implement a retention policy for our records department. This project will also include email retention. Do you have any suggestions on questions to ask when I meet with consultants?

Mike Rothman: Since you work for a law firm, I assume that you already have the policy in place and you are responsible for implementing products to enforce the policy. That may be a bad assumption, so let's review what that policy should look like. Now I'm not a lawyer, so any mission-critical policy (like record retention) should be jointly developed with either your internal or external legal counsel to make sure it adheres to all industry guidelines and/or regulatory requirements.

In your policy, you should define what type of data needs to be retained and for how long. You need to specifically illustrate how the data will be retained -- what kind of media, off-site storage, with what data protection – especially for sensitive data. Discussing specific technologies isn't necessary since technology changes often, but you need to be as distinct as possible. Specifying how and when data will be destroyed is also important.

Relative to questions for consultants, you want to focus on a few critical areas relative to retention:

  • Data sources – How easy is it to pump data into an archiving system? Can it take information from all of your data sources automatically, or is it a manual process?

  • Data protection – How are records being stored and protected? An archive isn't useful if it's not available or if data is stolen.

  • Indexing and searching – E-discovery is a huge business nowadays, which means email and other electronic documents need to be easily accessible. You can mushroom the price of any discovery project by manually locating and retrieving data. Make sure all data is easily accessible to authorized parties.



    • Tags: Electronic data discovery complianceVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Electronic data discovery compliance
    E-discovery: A primer for financial organizations
    Chapter excerpt: The Art and Practice of Presenting Testimony as an Expert Technical Witness
    Updated records retention laws met with skepticism

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    electronic discovery  (SearchFinancialSecurity.com)
    Federal Rules of Civil Procedure (FRCP)  (SearchFinancialSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    Financial Security News Topics: Compliance, Management Strategy, Security Technology
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts