Policies / Policy
Data Retention Policy
Define how long records, files, logs, and backups should be kept.
Template
- Classify data by business, research, legal, operational, or temporary value.
- Define default retention periods for each class.
- Identify data that must not be deleted without owner approval.
- Define how archived data is stored, indexed, and restored.
- Define how expired data is reviewed and removed.
- Include special handling for backups, logs, exports, and shared folders.
- Assign an owner for retention review and exception approval.
Expected output
Retention table with data type, owner, location, retention period, and deletion method.
Use notes
| Owner | Assign one person responsible for keeping the template current. |
|---|---|
| Review | Review after significant changes, incidents, staffing changes, or tool changes. |
| Risk | Adapt the template to local policies, contractual duties, privacy requirements, and operational risk. |