The need to retain data varies widely with the type of data. Some data can be immediately deleted and some must be retained until reasonable potential for future need no longer exists. Since this can be somewhat subjective, a retention policy is important to ensure that the company's guidelines on retention are consistently applied throughout the organization.
The Retention Policy covers the storage, retention, and destruction of the different types of data (as classified by the Data Classification Policy).
A Retention Policy developed with the InstantSecurityPolicy.com application will include the following detailed sections:
4.1. Reasons for Data Retention
4.2. Data Duplication
4.3. Retention Requirements
4.4. Retention of Encrypted Data
4.5. Data Destruction
4.6. Applicability of Other Policies
7. Revision History
Available in the Gold Package only, this is a policy that is intended to be used by technical staff and management as well as distributed to end users.
Your custom Retention Policy will be delivered immediately upon completion of the wizard via email, as both a PDF and an RTF file. RTF files are editable in all major word processing programs, including Microsoft Word.
Our security policies were written based on a cohesive and integrated approach using security best practices stemming from the C-I-A triad of confidentiality, integrity, and availability. This approach aligns with both real-world and industry standard-based objectives, resulting in an invaluable resource for your security policy management. A Retention Policy developed with the InstantSecurityPolicy.com wizard will provide the foundation for a realistic, practical implementation of your IT security policy program.
Please contact us if you have any questions about this policy.
InstantSecurityPolicy.com has delivered thousands of IT Security Policies to companies from 5 to 50,000 employees. The management of InstantSecurityPolicy.com has over 20 years of successful experience in the field of information security.