ISO PS019 Email Archive Policy
Policy Name: Email Archives
Policy Number: ISO PS019
Effective Date: February 14, 2011
Review Date: January 29, 2013
Last Revision Date: January 29, 2013
Last Revision By: Kim Adams
Contact Name: Brenda B. Gombosky
Contact Email: ISOPol@louisville.edu
Approved By: Matt Witten
The purpose of the email archiving policy is to ensure the University retains information necessary to fulfill academic, administrative and legal requirements.
The Acceptable Use Policy at: http://security.louisville.edu/PolStds/ISO/PS007.htm serves as the foundation for this policy and addresses issues related to confidentiality, intellectual property, privacy, and disclosure.
The University will archive enterprise email records (messages transmitted through the University email system) as follows:
Archiving of email, calendar entries, tasks and notes will occur after 120 days for both sent and received items. Items deleted within 120 days will not be archived.
- Archived email, calendar entries, tasks and notes will be retained for a period of 2 years. As a normal course of operation, email records will be deleted when the retention period expires. Exceptions may include records subject to audit, litigation or open records requirements.
- Designated folders of 5, 7, 10 and 15 years will be created for email needing longer retention periods, such as grants, contracts, legal records, human resources, etc.
- It is the responsibility of the individual employee who generates university business-related email in any non-University email system to forward the email to his/her University email account for archiving according to this policy.
If employees use University email accounts for personal messages, these messages will be subject to this archiving policy.
 University email system is defined as MS Exchange or its successor.
SCOPE / APPLICABILITY:
All persons, including student employees and sponsored account holders, while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.
POLICY AUTHORITY / ENFORCEMENT:
The University's Information Security Officer (ISO) is responsible for the development, publication, modification and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.
This policy will be reviewed annually to determine if the policy address University risk exposure and is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed per the Policy Management process.
Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.
Version / Revision Date / Description
1.0 / February 14, 2011 / Original Publication
1.1 / January 29, 2013 / Content Update
This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.
Approved February 14, 2011 by the Strategic Technology Executive Committee