compliances , policies , security

Sample – Records Management Policy

January 17, 2013

Introduction

The appropriate creation, use and disposition of records are important to the success of the Company and this policy outlines procedures that ensure that the Company remains in compliance with all laws and regulations.

All records go through a life cycle. The vast majority of them reach a point when they no longer serve a business or legal purpose and may be discarded, thereby avoiding unnecessary expenses and reducing the risk of using outdated information.

It is expected that ordinary and necessary records will be created, maintained, protected and disposed of in the normal course of Corporate’s business.

Record Definition

A record is defined as an account of an act, condition, opinion, program, policy, decision, plan, oral exchange, event or transaction preserved on some medium so that it can be read or heard, or unencrypted  at a later time. Records include books of account, invoices, vouchers, cancelled checks, records of sales, correspondence, notes, email, data compilations, reports, forms, reproductions, electronic data bases, calendars and planners, personnel records, and other business papers. Records can be in a variety of formats, including, but not limited to, paper, magnetic tapes, disks, computer internal storage, compact disk, drawings, photographs, slides, films, charts, sound recordings, video recordings, microforms, and other types of electronic storage.

Records Creation

Only records necessary for the operation of the business and to demonstrate Corporate compliance with all relevant laws will be created and retained for an appropriate period. The document of record will be deemed to be the originating document, unless otherwise defined, and will be responsible for meeting all retention requirements, so that duplicate copies of records will not be retained unnecessarily.

Ownership of Records

Records related to the business of Corporate are the property of Corporate. Included are records and copies of records retained at off-site locations. Records must not be stored permanently at employee residences.

Access and Confidentiality

Information that is very important to the operations of the company should be identified and properly managed to ensure the proper levels of confidentiality and access. It is important to recognize that information may be protected by the attorney-client privilege, or other privileges as provided by law.

Storage

Guidelines for appropriate storage conditions for Company records will be provided by the Corporate policy for Business Conduct regardless of format, records will be organized in such a way that they remain accessible to others in the enterprise as required.

Privacy

Records will be created, used, retained, and disposed of in ways that will protect the privacy of employees and customers as required by applicable law and consistent with the Corporate’s Business Conduct Guidelines and privacy policies.

Retention periods

Records will be retained according to applicable laws and regulations, and for business reasons. When they no longer are useful, and no requirement exists for their retention, they will be disposed of to reduce the high costs involved in indexing, storing, and retrieving them. Plus, the risk of using out-dated information can be reduced.  Retention periods apply to all mediums used to store records: electronic, paper, microform, etc., regardless of where the records are stored.

Copies

Originals and copies are governed by the same retention periods, but copies do not need to be kept when the originals are retained. This includes documents stored off-site permanently (owned or rented facilities) and temporarily (employee homes, employee personal computers, supplier locations, etc).

Disposition of Records

Records, including those in electronic format, shall be disposed of in the most appropriate manner, in the normal course of business, in compliance with the law and the Company’s Records Disposition Policy.

All copies of records, including those in electronic format, shall be disposed of when the office of record destroys the original records. Until such time, and subject to the following section, recipients of copies may dispose of such records in the normal course of business.

Non-destruction Notifications

Destruction of documents shall cease when employees receive a non-destruction notice from the Law Department or if an employee otherwise becomes aware of pending or threatened investigation or litigation. Then the employee shall contact the Law Department, and disposal shall not resume until approved by the Law Department. This applies to all documents described in the notice or in any way related to the investigation or litigation, regardless of whether the documents are originals or copies, and regardless of the format.

Vital Records

All departments will identify those records that will be required to resume operations after a disaster in conjunction with the Company’s business continuation and disaster recovery programs.  These records will be stored in a special location that provides appropriate physical security and immunity from loss, with back-up copies located in an off-site location.

Corporate Archives

Some records are of permanent value to the Company for administrative, legal, fiscal, tax, or historical reasons, and the Corporate Archives exists to preserve them and make them available.

Compliance

This policy applies to all John Corporate units worldwide and to all forms of expression and recording related to the business of the Company.  Operation of the Company’s record management process is the responsibility of department and unit management, with best practice and audit support provided by the Corporate Policy for Business Conduct.

Non-Compliance

Unit and department management is responsible for working with the Corporate policy for Business Conduct to ensure appropriate audits of the records management process. Company operations should contact the Corporate Policy for Business Conduct  to obtain clarification of the records management policy and to request any potential exemptions.

Exception

Information pertaining to acceptable physical and technical safeguards is available from your unit security or information technology organizations.  The Global Security and Corporate Information Systems Computer Security organizations have additional information.

www.bestitdocuments.com