Policy Summary: This guidance outlines ACAOM s policy and procedures for managing documents. Table of Contents

Similar documents
POLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6

Records Management and Retention

Records Retention Policy

Management: A Guide For Harvard Administrators

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Freedom of Information and Protection of Privacy (FOIPOP)

Ashford Board of Education Ashford, Connecticut POLICY REGARDING RETENTION OF ELECTRONIC RECORDS AND INFORMATION

SPRING-FORD AREA SCHOOL DISTRICT

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

8/28/2017. What Is a Federal Record? What is Records Management?

SUBJECT: Effective Date: Policy Number: Florida Public Records Act: Scope and

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Employee Security Awareness Training Program

5/6/2013. Creating and preserving records that contain adequate and proper documentation of the organization.

CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION. I. Purpose

Managing Your Record Retention Policy Safely

County of Sacramento

Community Unit School District No. 1. School Board

Southington Public Schools

Regulatory Circular RG Members and Member Firm Organizations. Division of Member and Regulatory Services. Date: October 28, 2009

Federal Rules of Civil Procedure IT Obligations For

Identity Theft Prevention Policy

RECORDS MANAGEMENT AND YOU

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Privacy Breach Policy

ELECTRONIC MAIL POLICY

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

Record Keeping Best Practice. Distinguish between University and Non-University Records

Records Information Management

Policies & Regulations

Version Date Author Revision(s)/Edit(s) V3.0 12/8/2010 Marland Webb V4.0 03/18/15 Marland Webb Update procedures and links

Building Information Modeling and Digital Data Exhibit

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

NEWTON COUNTY OPEN RECORDS ACT POLICY

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

University Policies and Procedures ELECTRONIC MAIL POLICY

Records Retention Training

Florida Supervisor of Elections Conference May 22, 2018 Patricia R. Gleason Special Counsel for Open Government Attorney General Pam Bondi

4.2 Electronic Mail Policy

Information Security Incident Response Plan

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace

Schedule Identity Services

Responding to Oversight Committee Document Requests 1. In complying with this request, produce all responsive documents that are in your possession, c

DEPARTMENT OF HOMELAND SECURITY RECORDS MANAGEMENT HANDBOOK

TRICARE Operations Manual M, April 1, 2015 Records Management (RM) Chapter 9 Section 1

Farmingdale State College Records Management Training PRESENTED BY DOROTHY HUGHES INTERNAL CONTROL OFFICER AND RECORDS MANAGEMENT OFFICER

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

DIRECTIVE ON RECORDS AND INFORMATION MANAGEMENT (RIM) January 12, 2018

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

HPE DATA PRIVACY AND SECURITY

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

SAMPLE LITIGATION HOLD NOTICES

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

INFORMATION SECURITY AND RISK POLICY

Information Security Policy

Preservation of Electronic Records for Litigation University Operations - Administrative

Data Protection Policy

Information Security Incident Response Plan

General Disposal Authority 7

Office of Inspector General Office of Professional Practice Services

SECURITY & PRIVACY DOCUMENTATION

NYSE and NYSE MKT MEMBERS AND MEMBER ORGANIZATIONS. NYSE Rule 36 - Use of Non-NYSE Provided Cellular Phones on the Floor of the Exchange

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

PSAB Supplement 21 Records Retention and Disposition

Seven Requirements for Successfully Implementing Information Security Policies and Standards

DISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

Virginia Commonwealth University School of Medicine Information Security Standard

RECORD RETENTION POLICY

The date when this policy is posted to the online Company Policy Manual and communicated to all business lines: December 14, 2012

Red Flags/Identity Theft Prevention Policy: Purpose

Data Protection Policy

NASD NOTICE TO MEMBERS 97-58

PUBLIC RECORDS. May 2016

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

POLICIES AND PROCEDURES

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Security and Privacy Breach Notification

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

INFORMATION ASSET MANAGEMENT POLICY

Acceptable Use Policy

Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009

Adopter s Site Support Guide

Donor Credit Card Security Policy

B. To ensure compliance with federal and state laws, rules, and regulations, including, but not limited to:

Data Breach Incident Management Policy

Electronic Signature Policy

Checklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery

Employee Privacy, Digital Evidence, and the CFE. Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC

Records Management at MSU. Hillary Gatlin University Archives and Historical Collections January 27, 2017

Red Flag Policy and Identity Theft Prevention Program

ISO TC46/SC11 Archives/records management

Managing Official Electronic Records Guidelines

PENN MANOR SCHOOL DISTRICT

Freedom of Access in Maine

Transcription:

Policy Title: Approved By: ACAOM Commissioners History: Policy Implementation Date: 28 October 2016 Last Updated: Related Policies: ACAOM -Records Retention Schedule References: Responsible Official: ACAOM Executive Director Policy Summary: This guidance outlines ACAOM s policy and procedures for managing documents. Table of Contents A. Purpose... 1 B. Persons Affected... 1 C. Policy Statement... 1 D. Roles and Responsibilities... 2 E. Definitions/Acronyms... 2 E. Recordkeeping Requirements... 3 F. Retention and Preservation Directive ( Legal Hold )... 3 A. Purpose This policy and its supporting processes establish the controls required for managing ACAOM s Authoritative s to ensure they are accurate, current, appropriately available, and approved by authorized individuals. B. Persons Affected Persons who develop, review, approve, and maintain authoritative documents must follow this policy. Users of authoritative documents should at least be familiar with this policy. C. Policy Statement ACAOM s Authoritative s whether electronic or paper specify policies, prescribe uniform processes, or establish or document design specifications. The following controls are to be used in the management of these documents to ensure that they are accurate, current, appropriately available, and approved by authorized individuals in a manner reflecting the risks associated with improper management of the information. Page 1 of 5

1. s must be uniquely identified by at least a title, implementation date, revision date, responsible official, and revision history (where applicable). 2. s are subject to change control, which includes appropriate review and approval to certify new documents, ensure accuracy, and update the documents as necessary. 3. s are subject to version control, which encompasses distribution and availability of the most up-to-date approved version of a document to users, and appropriate disposition of obsolete and superseded documents to avoid their inadvertent use. 4. s are subject to periodic review to enable updating for currency, accuracy, and alignment with requirements and best practices. 5. Persons responsible for making changes to authoritative documents have responsibility for ensuring that persons affected by such changes are notified and provided with the updated information in a timely fashion. D. Roles and Responsibilities Role Responsible Official Approving Official(s) Responsibility Ensures compliance with this policy within his or her scope of responsibility by: A. identifying those documents that fall under his or her authority, B. providing subject matter expertise, C. adopting and enforcing document-management processes that support the controls cited within this policy. Exercises final and ultimate authority for approving Authoritative s and revisions thereto. E. Definitions/Acronyms Term Definition Authoritative Management Procedure Record A document that is controlled to ensure that it is accurate, current, appropriately distributed, and approved by authorized individuals because it contains information that, if improperly managed, could reasonably be expected to substantially diminish the ability of the institution to meet mission requirements or to protect safety, health, environment, or property. Written, visual, audio, or video information stored in the form of hard copy, film, magnetic tape, electronic data, or online, Web-based format. A business-management process that ensures organizational access to current, reliable, and concise information. The document management process includes document control, change control, configuration control, periodic review, and communication/distribution. A series of specific steps to be followed to accomplish work or to carry out a policy or requirement. Procedures are controls meant to mitigate risk, improve efficiency, or assure compliance. All books, manuals, papers, work products, email and letter correspondence, maps, photographs, machine-readable materials, or other documentary materials made or received regardless of physical form or characteristics that are preserved or appropriate for preservation that serve as Page 2 of 5

evidence of the organization s functions, policies, decisions, procedures, operations, or other activities. References Revision Version Statements or directives from the federal, state, local government, or best business practices that set a course of action, define acceptable conduct, or implement governing principles. The act of altering or modifying a document. An altered or modified document, which is the result of revising. E. Recordkeeping Requirements Subject to a Retention and Preservation Directive as more fully discussed below, ACAOM s Executive Director is ultimately responsible for managing ACAOM s documents and records according to its and Records Retention Schedule referred to and incorporated herein. F. Retention and Preservation Directive ( Legal Hold ) In instances where ACAOM has commenced, or is subject to, a lawsuit or legal/regulatory investigation, it is absolutely imperative that ACAOM, its staff and its representatives take immediate steps to preserve and retain all documents and records that relate in any way to the subject matter of the lawsuit or investigation. Failure to preserve and provide potentially relevant documents and records could result in extremely serious adverse legal, regulatory, and or financial consequences for both ACAOM and responsible individuals. In such instances, ACAOM s Executive Director, upon consultation with legal counsel, will issue a Retention and Preservation Directive ( Directive ) that typically contains the following elements: 1. IDENTIFICATION OF DOCUMENTS A. Subject Matter of the Investigation/Description of Relevant Categories of s [Insert a brief description of the scope of the investigation, including relevant date ranges, and a broad listing of all categories of documents that could be relevant to the investigation.] B. s Defined The term s includes, but is not limited to, agreements, correspondence, memoranda, notes (handwritten, typed, or otherwise), ledgers, work papers, informal files, desk files, handwritten notes, Post-its, faxes, calendar entries (electronic or desk diary), address book entries (electronic or hard copy), and any copies, non-identical copies, drafts, alterations, modifications or changes to any of the foregoing. s also encompass audio and video tapes; data stored on computer hard drives (including your office computer, personal home computer, or laptop), diskettes, CD-ROMs, DVDs, flash drives, as well as any and all other computer storage mechanisms; information in electronic format, including but not limited to, voicemails, e-mails and any attachments to e- mails, instant messages ( IMs ), and other electronically stored materials. s also include files on cell phones, personal digital assistants ( PDAs ), and smartphones (such as, but not limited to, Android phones and iphones). If you are not sure whether a document is potentially relevant to the investigation, and thus is subject to this preservation directive, err on the side of caution and preserve it. Also, if you are one of many recipients of an e-mail or other document that appears potentially relevant, please do not assume that one of the other recipients will preserve it you should preserve Page 3 of 5

it also. If you have any questions as to whether a category of documents is potentially relevant and should be preserved, please contact ACAOM s Executive Director. 2. LOCATING DOCUMENTS Upon receipt of this Notice, you are required to locate and retain any and all hard copy and electronic documents, and information in your possession, custody, and control that could be deemed relevant to this investigation. You should look for such documents in any location where you reasonably believe they may be located (such as your office, your home computer(s), off-site archives, etc.)., If you are aware of other employees or ACAOM representatives (i.e., site visitors, Commissioners, etc.) who also may have documents relevant to this matter, please contact ACAOM s Executive Director immediately so that he or she may ensure that this individual or these individuals receive a copy of this Directive. In addition, if you are aware of the existence of relevant documents to which you do not have authorized access, please inform ACAOM s Executive Director. 3. PRESERVATION OF DOCUMENTS Once you have identified and/or located the relevant documents within your possession, custody, and control, it is your responsibility to secure them at once, i.e., do not destroy, discard, delete, modify, or remove any documents that are relevant to the subject matter of investigation, even if you would do so in the ordinary course of business. It is not necessary that you physically segregate relevant files from your other working files, but you must clearly identify files that contain relevant documents and ensure that anyone other than yourself who works with those files also is aware that the files cannot be altered or destroyed in any way. Upon receipt of this Directive, it is incumbent upon you to avoid destroying or deleting any electronic documents, voicemails, e-mails, or IMs. ACAOM s Director of Operations and Information Technology will contact you in the very near future to explain how best to do this In the meantime, please do not delete any emails stored in your Outlook mailbox or in a.pst folder, and deactivate any inbox filters or rules that delete emails automatically. ACAOM s Executive Director is available to answer any questions about the technical aspects of preserving potentially relevant electronic documents or preventing their destruction. 4. FUTURE OBLIGATIONS The rules set forth in this Retention and Preservation Directive are effective unless and until you are informed otherwise in writing by ACAOM s Executive Director. Until further notice, you should consider all document policies suspended with regard to these documents. Going forward, you must preserve all newly created hard copy or electronic documents that are relevant to the subject matter of the investigation and preserve them as described above. If you inherit documents from a departing ACAOM employee, please review those documents for potential relevance and preserve them as instructed above. 5. CONFIDENTIALITY All aspects of ACAOM s conduct regarding this investigation, including this Directive and the identification and preservation of any relevant material related to the investigation pursuant to this Directive, are communications and activities protected from disclosure by the attorney-client privilege and the attorney work product doctrine. Please do not discuss any aspect of this investigation, including the documents and material that you locate and preserve, with anyone, including others within ACAOM, without having first spoken to ACAOM s Executive Director. Page 4 of 5

Revision History Date Summary of Revisions Revised Approved By Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback