Subject: | |
From: | |
Reply To: | |
Date: | Fri, 13 Jun 2014 07:48:26 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Fri, Jun 13, 2014 at 6:35 AM, Callen, Jeanne M <[log in to unmask]>
wrote:
>
> Has anyone gone through information classification (clean desk policy) for
> the ISO27001 standard certification?
>
> I have questions about keeping an "information inventory". Our Data
> Security guy wanted me to include all information (which would be
> non-record and record) on the current record retention schedules and label
> the non-records as "NR" - but I disagree - I'm not going to list
> "non-records" on a record retention schedule.
>
> If you have gone through this - how are you recording your "non-record
> information"?
>
I have not had to go through 270001...yet. I'm sure it's on the not too
distant horizon.
As for your question about non-records on the records retention
schedule... ABSOLUTELY NOT.
If they need some understanding of what non-records are, you could include
your organization's definitions of "record" and "non-record" in an
introduction to the Records Retention schedule, but even that seems rather
pointless.
If your organizational RM policy states the purpose of the program and how
record and non-record materials are differentiated and the requirement to
manage records, then that should be sufficient.
Larry
[log in to unmask]
--
*Lawrence J. Medina Danville, CARIM Professional since 1972*
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
|
|