VisageSolutions, LLC

Data Retention Requirements Drive Storage Costs

Visage Solutions has assisted dozens of companies to achieve SAS70 certification. We have also assisted organizations of all sizes to implement internal Financial, Operational and Information Technology controls. Since we are not a CPA firm, we are in a unique position to make recommendations and assist in implementing controls. As such we have been asked by our customers to solve unique business challenges that the CPA firms are restricted from doing.

One such challenge is in the area of Data Retention. Depending on the type of data and the regulations an organization must comply with, this can be for a period of a few weeks or up to 30 years. Some regulations call for a PERMANENT retention of information. Below is a table of common regulations. Note that data retention requirements vary by type of data and regulation and your exact requirements may not be reflected in this table. Please review this information with your legal staff before setting your retention periods for your archiving platform.

Regulation	Years
21 CFR 58.195: FDA Good Laboratory Practice	5
Age Discrimination in Employment Act	1
Americans with Disabilities Act	1
Commodity Futures Trading Commission (CFTC) Rule 1.31	5
Department of Energy (DOE) 10 CFR 600.153:	3
Employee Retirement Income Security Act	Permanent
FDA Good Manufacturing Standards	3
Health Insurance Portability and Accountability Act (HIPAA)	?
- AUDIT LOGS	6
- HEALTH CARE	2 after death
- SUMMARY INFO	Permanent
- Mammography Quality Standards Act	10
Internal Revenue Code Title 26	7
North American Electric Reliability Council	3
NASD 3010, 3110	3-6
Occupational Safety and Health Act	30
Sarbanes-Oxley	7
Securities Exchange Act Rules 203(b)(3)-2	5
Securities Exchange Act Rules 17a-3 and 17a-4	6
Social Security Administration	3
Toxic Substances Control Act	30
U.S. Code Title 44	Permanent

As mentioned earlier, the retention periods depend on type of information, the following table identifies type of data and suggested retention period.

ACCOUNTING RECORDS	Years
Accounts Payable ledgers and schedules	7
Accounts Receivable ledgers and schedules	7
Cash Books	Permanent
Charts of accounts	Permanent
Depreciation schedules	Permanent
Expense Analyses/Expense distribution schedules	7
Financial statements (year-end, other optional)	Permanent
General/Private ledgers, year-end trial balance	Permanent
Internal audit reports (longer retention periods may be desirable)	3
Inventories of products, materials, and supplies	7
Invoices (to customers, from vendors)	7
Journals	Permanent
Notes receivable ledgers and schedules	7
Payroll records and summaries	7
Petty cash vouchers	3
Physical inventory tags	7
Plant cost ledgers	7
Purchase orders (except purchasing department copy)	1 Year
Purchase orders (purchasing department copy)	7
Receiving sheets	1 Year
Retirement and pension records	Permanent
Scrap and salvage records (inventories, sales, etc.)	7
Stenographers' notebooks	1 Year
Subsidiary ledgers	7
Tax returns and worksheets, revenue agents' reports and other documents relating to determination of income tax liability	Permanent
Vouchers for payments to vendors, employees, etc. (includes allowances and reimbursement of employees, officers, etc., for travel and entertainment expenses)	7
Withholding tax statements	7
BANK RECORDS
Bank reconciliation	2
Bank statements	3
Checks (canceled--see exception below)	7
Check (canceled for important payments, i.e. taxes, purchases of property special contracts, etc. Check should be filed with the papers pertaining to the underlying transaction)	Permanent
Duplicate deposit slips	2
CORPORATE RECORDS
Accident reports/claims (settled cases)	7
Capital stock and bond records: ledgers, transfer registers, stubs showing issues, records of interest coupons, option, etc.	Permanent
Contracts, mortgages, notes, and leases (expired)	7
Contracts, mortgages, notes, and leases (still if effect)	Permanent
Correspondence (general)	2
Correspondence (legal and important matters only)	Permanent
Correspondence (routine) with customers and/or vendors	2
Insurance policies	3
Insurance records, current accident reports, claims, policies, etc.	Permanent
Internal reports (miscellaneous)	3
Magnetic tape and tab cards	1
Minute books of directors, stockholders, bylaws, and charter	Permanent
Patents and related papers	Permanent
Requisitions	1
Sales records	7
Stock and bond certificates (canceled)	7
Stockroom withdrawal forms	1
Trademark registrations and copyrights	Permanent
Training manuals	Permanent
EMPLOYEE RECORDS
Employment applications	3
Garnishments	7
Option records	7
Personnel files (terminated)	7
Sales commission reports	3
Time books/cards	7
Union agreements	Permanent
REAL PROPERTY RECORDS
Deeds, mortgages, and bills of sale	Permanent
Property appraisals by outside appraisers	Permanent
Property records, including costs, depreciation reserves, year-end trial balances, depreciation schedules, blueprints, and plans	Permanent
HEALTH CARE RECORDS
Audit Logs	6
Health Care (Treatment)	2 after death
Summary Info	Permanent
Mammography Records	10
SURVEILLANCE RECORDS
Surveillance records not involved in legal proceedings	3-6 months
EDUCATION RECORDS
Faculty Appointment Records	6 after separation
Faculty Workload Records – assignments of individual faculty	3
Teacher Certification Records	6 after expiration
Tenure and Promotion Records	6
Admissions/Registration Records – Application, Transcripts, Acceptance Letter, Transfer Records, Course Credit Sheets, Veterans Information And Related Correspondence	5 after separation
Student Academic Advisement Records	3 after separation
Financial Aid Records	5 after separation
Official Course And Grade Records	Permanent
Student Counseling Records	6 after separation
Student Expulsion Records	Permanent

Besides knowing the retention period, some regulations are mandating "Chain of Custody" to track who had access to certain types of information and when. Administrative and storage costs associated with these regulations are spiraling out of control. Pure Archiving solutions are poised to address the problem and while the cost of storage is coming down, organizations are still facing major additional costs complying with these mandates.

An Archiving solution that is unusually cost effective and addresses all chain of custody and data destruction requirements is a product from ColdStorData. Below is a list of their features, Click here for a 15 minute overview ColdStoreData and an example of Video Surveillance.

Contact Visage Solutions today to see how we can assist you with this an other compliance matters.

_________________________________________________________________________

About Visage Solutions – www.VisageSolutions.com

Visage Solutions is a consulting company operating in the areas of regulatory compliance, risk assessment, information security, risk management and compliance processes. Utilizing our proprietary SingleVue™ and OpsAudit™ methodologies, the company focuses on assisting business entities in mitigating operational risk. Visage has provided solutions to a client base ranging from private, entrepreneurial companies to large multinationals. Our team is comprised of experienced executives, managers and consultants who can assist clients with the development, implementation and execution of their risk management and compliance strategy.