Do you have policies on what
information can be stored on a computer hard drive specifically laptop hard
drives?
Yes
No
Do your records storage practices ensure the privacy and protection of information such as social security numbers, health care information, or account numbers for employees or customers?
Yes
No
Retention
Do you have policies and procedures for the retention and destruction of all company records including:
Paper:
Yes
No Electronic files such as Word or Excel:
Yes
No E-mail:
Yes
No Draft and working copies:
Yes
No
Web site content:
Yes
No Information in network databases:
Yes
No Network backup files:
Yes
No
Have your retention schedules and policies been created or reviewed in the last two years?
Yes
No
Do you know what the federal, state,
or international legal requirements are for the maintenance, retention, and
disposition of your records?
Yes
No
Litigation Hold Orders
Do you have procedures to halt the destruction of records during litigation or an investigation?
Yes
No
Can you place a hold on the destruction of information (paper and electronic) and monitor compliance?
Yes
No
Compliance
Can you track the retention and destruction of records for electronic files, paper, and network backups?
Yes
No
Can you monitor compliance with retention schedules?
Yes
No
Can you identify which records your company has destroyed?
Yes
No
Can you quickly locate records and information needed/required during an audit, investigation,
or litigation?
Yes
No
Do you have written information
security, privacy, retention and destruction policies?
Yes
No
Do you provide formal training to
staff on privacy, security, and retention programs?
Yes
No
Doyou perform an annual
audit to monitor and track compliance with programs and policies?
Yes
No
If you answered No to the
questions above your information management systems need to be updated.
