ISO PS019 Email Archive Policy
[Previous] [Next] [Policy Home] Policy Name: Email Archives POLICY:
Policies and Standards
ISO PS019 Email Archiving
Policy Number: ISO PS019
Effective Date: February 14, 2011
Review Date: February 14, 2011
Last Revision Date: February 14, 2011
Last Revision By: Brenda B. Gombosky
Contact Name: Brenda B. Gombosky
Contact Email: ISOPol@louisville.edu
Approved By: Brenda B. Gombosky
Version: 1.0
The purpose of the email archiving policy is to ensure the University retains information necessary to fulfill academic, administrative and legal requirements.
The Acceptable Use Policy at: http://privacy.louisville.edu/PolStds/ISO/PS007.htm serves as the foundation for this policy and addresses issues related to confidentiality, intellectual property, privacy, and disclosure.
STANDARDS:
The University will archive enterprise email records (messages transmitted through the University email system) as follows:
-
Archiving of email, calendar entries, tasks and notes will occur after 120 days for both sent and received items. Items deleted within 120 days will not be archived.
- Archived email, calendar entries, tasks and notes will be retained for a period of 2 years. As a normal course of operation, email records will be deleted when the retention period expires. Exceptions may include records subject to audit, litigation or open records requirements.
- Designated folders of 5, 7, 10 and 15 years will be created for email needing longer retention periods, such as grants, contracts, legal records, human resources, etc.
- It is the responsibility of the individual employee who generates university business-related email in any non-University email system[1] to forward the email to his/her University email account for archiving according to this policy.
If employees use University email accounts for personal messages, these messages will be subject to this archiving policy.
SCOPE / APPLICABILITY: All persons, including student employees and
sponsored account holders, while conducting/performing work, teaching, research
or study activity or otherwise using University resources. Scope/Applicability
also includes all facilities, property, data and equipment owned, leased and/or
maintained by the University or affiliates. POLICY AUTHORITY / ENFORCEMENT: The University's Information Security Officer
(ISO) is responsible for the development and oversight of these policies and
standards. The ISO works in conjunction with University Leadership, Information
Technology, Audit Services and others for development, monitoring and enforcement
of these policies and standards. POLICY REVIEW: This policy will be reviewed annually to
determine if the policy is in compliance with the applicable security
regulations and University direction. In the event that significant regulatory changes
occur, this policy will be reviewed and updated as needed. COMPLIANCE: Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws. Version / Revision Date / Description 1.0 / February 14, 2011 / Original Publication Approved February 14, 2011 by the Strategic Technology Executive Committee [Next]
REVISION HISTORY:
This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.
20 Minutes with Bruce Edwards on securing sensitive data
