In many organizations, data and records retention is not the IT department's responsibility. Some large companies have been known to dedicate an entire department to keep up with data and records retention compliance issues. Does this mean that the IT folks don't need to worry about retention issues? Just the opposite is true.
From an IT management point of view, business-critical data must be maintained in a logical, easily retrievable manner. The challenge for Windows managers is determining what data to keep, how long to keep it, who should have access to it and where to securely store it.
Groups within an enterprise must work together to ensure data retention compliance is met. These groups include the legal department and the IT shop, along with finance, information security, auditing and the operations departments.
Many types of data need retention schedules. Some of the most important data types that address regulatory, auditing and e-discovery retention requirements include the following:
After setting retention schedules, Windows managers need to follow up to make sure the Windows servers are configured accordingly.
Establishing data retention requirements
Windows managers should learn what the requirements are at their organizations to ensure data retention compliance. To do this, they have to know the data retention policies.
IT managers should find and carefully review the policies, then create procedures that ensure compliance. Once procedures are created, they should meet with the information security and data retenti
To continue reading for free, register below or login
To read more you must become a member of SearchWinIT.com
on teams to make sure the procedures address all potential retention issues.
Here are three fundamental components of regulatory compliance within Windows environments that address data retention challenges:
Meeting data retention compliance
To meet regulatory compliance, Windows managers must know which regulatory and standards requirements apply to their organizations and determine and document procedures to answer and support the following questions:
The retention periods for specific data records on Windows servers will hinge upon an organization's policies. If data retention policies and procedures are not established, Windows managers may be expected to restore and retrieve data from backup media if the organization becomes embroiled in a legal process that requires e-discovery or if an auditor asks the organization to produce specific data.
Data retention is an important business concern that IT departments must understand and support through appropriate data retention practices and procedures. Make sure Windows server retention policies exist in your organization and that solid procedures are in place to support them.
Rebecca Herold, CISSP, CISA, CISM, CIPP, FLMI, has more than 17 years of experience in IT, information security, privacy and compliance and is the owner and principal of Rebecca Herold LLC. She is an adjunct professor for the Norwich University Master of Science in Information Assurance program and is writing her 11th book. Her articles can be found at www.privacyguidance.com and www.realtime-itcompliance.com.
