LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Content-Type:	text/plain; charset=UTF-8
Sender:	Records Management Program <[log in to unmask]>
Subject:	Re: Backups are not Records
From:	Patrick Cunningham <[log in to unmask]>
Date:	Thu, 27 Oct 2016 11:32:00 -0500
In-Reply-To:	<[log in to unmask]>
MIME-Version:	1.0
Reply-To:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (55 lines)

Couple of things to consider...

A records program worth its salt needs to define what a "backup" is and
what an "archive" is. (It should also define "historical archives" as well
for the purpose of retaining information beyond the normal retention
period.)

IT departments have a very difficult time doing this. Records management /
information governance should have awareness of standard practice with
regard to retention of backups and archives AND should govern the rules
around that media.

As noted elsewhere, "backups" are ESI and can be evidence in a legal
proceeding. Therefore, they need to be controlled and governed
appropriately, including procedures relative to legal holds. That said, a
retention period, as such, is generally not appropriate, but policy
governance should be applied with regard to ensuring that backup media is
rotated and scratched / purged on a standard, consistent basis. To meet the
requirements of "not reasonably accessible", it may also be appropriate to
provide strict rules about use of backup media. In a previous organization,
we would not restore accidentally deleted email unless there was risk of
spoliation -- and then only with sign off from the head of Litigation. This
reduced the ability of an opponent to suggest that we were utilizing backup
media on a regular basis.

The approach that I've had for a while is that a backup is maintained
specifically for continuity of business and restoration of services
following a disaster. Generally, backups are maintained not more than 90
days. An "archive" is generally maintained longer than 90 days, is specific
to a particular system / application, and is a snapshot of that system /
application at a designated point in time, maintained for a specific audit
purpose. An "archive" is assigned a retention period because it is
generally associated with a single application, rather than a mix of data.

Likewise, records management / information governance programs should have
policies regarding the retention of "test" data. I once worked for an
organization where it was nearly universal practice for "test" data to be
retained for "99" (years) in the Tape Management System. In this case,
there was a rationale to retain "test" data as it represented trial runs of
benefit calculations when a client was changing its annual benefits plans.
Live data was fed into the system against the new benefits parameters and
it needed to be shown that the system was operating and calculating
properly. However, 99 years was fairly excessive and we reduced the
retention period significantly and saved a ton of tape. Once again, while
"test" data is not a record, per se, it has certain records-worthy
characteristics and can be discoverable. It is also risky if it contains
PII or PHI because it may not be as protected as production data.

Patrick Cunningham, CISM, FAI

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US