Information Technology Record Retention time best practices

M

mnayle

#1
Dears,

i am looking for the best practice to identify the policy related to "Information Technology Record Retention time", taking into consedration the diffeent type of documents which avalible for such filed, e.g. proposals, project documents, technical documents, deployment diagrams, manuals, meeting minutes, project status, incident reports, etc...

Thanks for your help.
 
Elsmar Forum Sponsor

harry

Trusted Information Resource
#2
Re: Information Technology Record Retention time

Dears,

i am looking for the best practice to identify the policy related to "Information Technology Record Retention time", taking into consedration the diffeent type of documents which avalible for such filed, e.g. proposals, project documents, technical documents, deployment diagrams, manuals, meeting minutes, project status, incident reports, etc...

Thanks for your help.
Welcome.

I hate to disappoint you but the answer is - 'it depends' and that is the truth!

Information technology or not, you can classify them as project documents which generally, is kept for 1-2 years after 'completion' of project.

Completion has a wide meaning. A project which is physically completed but not handed over due to various reasons is not completed until handed over, or until full payments are made. If guarantees are given, you need to consider the guarantee period. If it involves structures, you need a different consideration. In my place, you have a 7 years liability period for structures. If it involves taxation matters, it is a minimum of 7 years and for fear of the tax people hounding you, many people kept it for much longer - check with your management.

So, it really depends. The best people to consult for these kind of information in my country are the company secretaries - people who incorporate companies and deal with company laws.
 
J

JaneB

#3
Re: Information Technology Record Retention time

Yes, I'd say the same as Harry. It really depends.

I often consider them in these groups:

  1. Information where there is some kind of statutory/legal/contractual obligation that sets a minimum time period; for example, in Australia, one must keep financial records for a minimum of 5 years after the end of the relevant financial year; payroll records for 7 years (I think) after the last entry was made or modified
  2. Information where you, as a business or organisation can decide how long; this might be kept for anything from 1 year to 2 years or more, depending on what the business decides is reasonable; for example, most clients rarely want to keep their project meeting minutes more than 2 years (but also, they don't work on projects that involve guarantees or that are likely to come back again)
Also, as Harry suggests, project 'completion' can mean anything from 'we delivered it' through 'we've stopped working on it ' through to 'put it on the shelf'.

The lawyers/company secretaries should be able to answer for type 1. For type 2, I'd make some recommendations and look for management to approve/modify. There really are no definite answers, but questions to consider include:
  • Would we need to look back at this?
  • Is there anything about this project that might come back to haunt us later (eg, a possible legal case, a client complaint, etc)
  • Might we find this useful in future (seriously)?
  • What would be the possible risk if we destroyed this after X years?
  • How much storage space (physical/electronic) do we want to use?
  • Why would we keep this for any longer than eg, 1 year?
  • Is any of this re-usable, or not?
.

Often people keep things for no good reason at all. 'Just in case'. As someone who has had to clean up later, and consign far too many ancient and useless boxed records to dump bins some years down the track, I wish they wouldn't.
 
Thread starter Similar threads Forum Replies Date
D Preservation of Electronic Data / Information Technology ISO 13485:2016 - Medical Device Quality Management Systems 5
F Information Technology in IATF 16949 audit scope IATF 16949 - Automotive Quality Systems Standard 14
E ISO 9001:2015 for Information Technology Department Human Factors and Ergonomics in Engineering 2
V Information Technology Dashboard - IT Department Performance Metrics IEC 27001 - Information Security Management Systems (ISMS) 2
P Seeking Information on ISO 15504 - Information Technology Process Assessment Other ISO and International Standards and European Regulations 3
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
S Information Technology Department (IT) Checklist for ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B ITIL (Information Technology Infrastructure Library) Foundation Certificate Career and Occupation Discussions 1
A Information Technology Process Mapping per ISO 13485 - example wanted Process Maps, Process Mapping and Turtle Diagrams 1
S External Documents in the I.T. (Information Technology) Field ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A Non Conforming Product in an IT (Information Technology) Company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Q What ISO 9001:2008 procedures apply for IT (Information Technology)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
A ISO 20001 (ITIL) Information Technology Infrastructure Library IT (Information Technology) Service Management 2
L Auditing Information Technology (IT) in the ISO 9001 workplace Internal Auditing 15
D Internal Audit of Information Technology Internal Auditing 8
D Information Technology Process Audit - Suggestions for Auditing IT IATF 16949 - Automotive Quality Systems Standard 12
C Understanding Concepts of Information Technology & Infrastructure Library (ITIL) Misc. Quality Assurance and Business Systems Related Topics 1
netwizard Looking for an ISO 9001:2000 Internal Audit Checklist - UOP (Information Technology) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A QMS For IT (information Technology) Sector ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
A Loss of certification because of outdated information in the Clinical Evaluation Report CE Marking (Conformité Européene) / CB Scheme 8
I Request for information regarding remote medical monitoring software (its technical documentation and the IUD system) IEC 62304 - Medical Device Software Life Cycle Processes 2
R Finding Equivalent Material Information Manufacturing and Related Processes 1
A Information on Process-based Internal Auditing Needed Internal Auditing 6
G Confidentiality of information during MD registration worldwide Other Medical Device Regulations World-Wide 0
S Risk control through Information for safety ISO 14971 - Medical Device Risk Management 8
B Documented information - Should be controlled? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
J PQ Systems User Community information? Using GAGEpack Software 12
B PSW - Organization Manufacturing Information APQP and PPAP 0
H Do you repeat information throughout your documentation submission? EU Medical Device Regulations 4
A Can a organization use a disclaimer "pending AS9100 Certification" in Marketing Information? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D FDA Information - Revising the Instructions for Use US Food and Drug Administration (FDA) 0
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
S Mechanical Test Under FDA Freedom of Information Act Medical Device and FDA Regulations and Standards News 5
Watchcat Summary of De Novo Biocompatibility Information, 2015-2018 Other US Medical Device Regulations 0
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Sidney Vianna Release of ISO 10013:2021, Quality management systems – Guidance for documented information Other ISO and International Standards and European Regulations 0
W How long do you keep information about equipment no longer used? Document Control Systems, Procedures, Forms and Templates 2
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
R What information do i need to get from the device manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
T Types of confidential information ISO 17025 related Discussions 8
SANTHSH API Spec.Q1 Standards Version in Purchasing Information Oil and Gas Industry Standards and Regulations 1
eule del ayre Documented Information - Periodic Review of Documents? IATF 16949:2016 / ISO 9001:2015 IATF 16949 - Automotive Quality Systems Standard 34
R Information on obtaining a market authorization for China China Medical Device Regulations 2
B SN95 Respirator Approval Information Other Medical Device Related Standards 0
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
O EN 301 489-1 and EN 301 489-17 - Where do we get the information of the Published versions? CE Marking (Conformité Européene) / CB Scheme 1
K Article 18: Implant Card and information to be communicated. EU Medical Device Regulations 5
K EU MDR Annex 1 Chapter III: Information in the Instructions for Use-23.4 (e) the performance characteristics of the device; EU Medical Device Regulations 2
Q GMDN Registration Basic preliminary Information EU Medical Device Regulations 0
J Controlled information versus defined documents / records ISO 13485:2016 - Medical Device Quality Management Systems 3

Similar threads

Top Bottom