|
Our retention program services include:
New Programs
-
Retention schedules for information including
legal retention requirements.
-
Program policies for retention, review, and
disposal of information for all information including structured and
unstructured data and e-mail.
-
Procedures for the retention program including
litigation hold programs and secure storage and destruction of PII.
-
Privacy and security program policies and procedures.
-
Curriculum development and training during
implementation of new information and retention management programs.
Existing Programs
-
Review and update of legal requirements.
-
Review of policies and procedures for retention, security, and
privacy programs.
-
Compliance audits and recommendations.
-
Review, analysis, and recommendations for
GRC and ERMS software and systems.
Retention Program Policies and Schedules
A
corporate retention program ensures
information required by regulatory agencies, auditors, and to support
business decisions is retained and obsolete information is pulled from
record keeping systems and destroyed when no longer needed or required.
An important part of compliance and risk management programs,
our retention programs include:
-
Schedules that identify information and retention of all
types of records and information (paper and electronic) created and maintained
throughout the company.
-
Audit trails to identify record keeping systems
across storage medias.
-
Documented legal requirements for retention, security, and privacy for each country and state where business is
done.
-
Responsibilities, procedures, and policies for the
storage, retention, and
destruction of records that meet US federal, state, and international compliance requirements
for the security, maintenance, retention, and destruction of information.
Reviews and Compliance Audits
Numerous US federal, state, and
international laws create compliance obligations for documentation, retention,
secure storage and destruction of information, and
the management of corporate
information assets. Audits need to be performed annually as part of
your GRC programs to monitor system practices, assess controls and meet
legal requirements
for monitoring security, privacy, and retention/disposal programs. Legal requirements need to be
reviewed and updated every 1-3 years to ensure compliance with current legal
requirements for the retention, destruction, privacy, and security of
information.
|
