Data retention: Selected requirements by data type resource Research / Studies OCEG Reviewed
The following is intended only to illustrate the range of data retention requirements set by various levels of government as well as private entities (concentrating on federal requirements). There are literally thousands.
University of Miami
Read more
ARMA International resource Organizations & Associations OCEG Reviewed
ARMA International is a not-for-profit professional association and the authority on managing records and information – paper and electronic.
Read more
Information Lifecycle Management for Business Data (2007, Oracle) resource White Papers OCEG Reviewed
Although most organizations have long regarded their stores of data as one of their most valuable corporate assets, how this data was managed and maintained varies enormously. Originally, data was used to help achieve operational goals, run the business and help identify the future direction and success of the company. However, new government regulations and guidelines are a key driving force in how and why data is being retained, as they are now requiring organizations to retain and control information for very long periods of time.
Read more
EPIC's Data Retention Page resource Organizations & Associations OCEG Reviewed
For several years, law enforcement agencies in various countries have urged the adoption of "data retention" requirements, which would compel communications service providers to routinely capture and archive information detailing the telephone calls, e-mail messages and other communications of their users. While many providers currently retain certain traffic data for billing and other business-related purposes for short periods of time, there are no government-imposed retention requirements in the major industrialized countries.
Read more
Email Retention and Archiving: Manage Electronic Records, Minimize Workplace Risks and Maximize Compliance (2008) resource White Papers OCEG Reviewed
Overview: From email content and usage to electronic business record retention and archiving, failure to strategically manage email can be costly for your small to medium sized business. In this white paper you will learn about the risks of poor email management, such as those stemming from employee misuse, improper archiving, poor retention policies and more.
Read more
KM World Magazine resource Books / Publications OCEG Reviewed
Subtitle: Covering the latest in Content, Document and Knowledge Management
Read more
Records management: BEWARE, PREPARE (2008) resource Articles OCEG Reviewed
Increases in data breaches and the development of electronic discovery (e-discovery) are prompting firms to closely re-examine their records retention and management policies. New breaches seem to be reported monthly, if not weekly.
Read more
A Guide to Messaging Archiving (2008) resource White Papers OCEG Reviewed
October 6, 2008
Abstract: (Source: Google) Explore compelling reasons for the implementation of a messaging archiving system and learn the top vendors whose offerings are focused squarely on the archiving space. Should you archive your organization's email content? According to the American Management Association, 24% of companies have experienced their employees' email being subpoenaed and 15% have gone to court because of lawsuits brought on by their employees' email. The statistics don't stop here.
Read more
The Seven Deadly Sins of Records Retention (2006) resource Articles OCEG Reviewed
Records retention periods are increasingly governed by regulations. Here are worst (and best) practices for securing data and documents.
CSO.com
Read more
DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public ... (EU, 2006) resource International Materials OCEG Reviewed
DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC
Read more
Four Tips for Crafting a Document Retention Policy (2008) resource Articles OCEG Reviewed
The 2002 Sarbanes-Oxley regulations served as a wake-up call for CIOs to formalize document retention policies to meet compliance requirements. But regulatory demandsand the number of documents produced dailycontinue to grow. So a solid document management process is a necessity. CIOs struggle with creating the policies, getting buy-in from the end users and managing the technology.
Read more
FTC, Peer-to-Peer File Sharing: A Guide for Business (January 2010) resource Agency Guidances
Introduction: Most businesses collect and store sensitive information about their employees and customers, like Social Security numbers, credit card and account information, and medical and other personal data. Many of them have a legal obligation to protect this information. If it gets into the wrong hands, it could lead to fraud and identity theft.
HHS, Health IT - HITECH Act Site, Regulations and Guidance resource Agency Web Sites
The Health Information Technology for Economic and Clinical Health (HITECH) Act provides HHS with the authority to promulgate regulations and guidance to support the development of an interoperable, private and secure nationwide health information technology infrastructure.
Canada: Do You Have a Records Management and Retention Policy For Your Pension Plan? (2010) resource Articles OCEG Reviewed
Introduction: The Financial Services Commission of Ontario (FSCO) issued a policy on the management and retention of pension plan records on July 9, 2010. The FSCO policy strongly recommends that all administrators make it a priority to establish a formal and comprehensive written pension plan records management and retention policy.
A New Era of Compliance: Raising the Bar for Organizations Worldwide (RSA, October 2010) resource Research / Studies OCEG Reviewed
October 11, 2010 - RSA released a new report produced in concert with its Security for Business Council (SBIC).
High Performers and Foundational Controls: Building a Strategy for Security and Risk Management (January 2011) resource White Papers OCEG Reviewed
Overview: In this paper, EMA examines the broad domains of controls enterprises must consider in order to build a solid foundation for IT security management: Countering threats, Resolving vulnerabilities (in more than just software), Managing application risks, Protecting sensitive information, Managing and enforcing identity, access and entitlements, Managing events and
Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (Version 2.0) (GAO, 2010) resource Standards and Guidelines OCEG Reviewed
Summary: Effective use of an enterprise architecture (EA) is a hallmark of successful organizations and an essential means to achieving a desired end: having operations and technology environments that maximize institutional mission performance and outcomes.
Making compliance real for those in the trenches (2010) resource Articles OCEG Reviewed
Introduction: Until fairly recently, information security people were buried away in server rooms configuring firewalls and patching servers. With the sudden surge of compliance and regulatory requirements being placed onto a business, IT security people are now required to understand and help implement compliance solutions.
GRC Technology Solutions Guide v. 2.1 resource Guides OCEG Reviewed
The GRC Technology Solutions Guide identifies and defines categories of technology that have a role in supporting the GRC system and specifically the Elements of the GRC Capability Model™. The Guide categorizes these Technology Categories by:
United Kingdom, Guide to data protection – definitions, principles and practical examples resource Agency Guidances OCEG Reviewed
The principles of the Data Protection Act in detail: this Guide explains the purpose and effect of each principle, and gives practical examples to illustrate how the principles apply in practice.
From the Information Commissioner's Office (ICO).
