Cal Poly follows the CSU Executive Order No. 1031 – System-wide Records/Information Retention and Disposition Schedules Implementation to ensure compliance with legal and regulatory requirements while implementing appropriate operational best practices.
Security of information applies to every means of recording upon any tangible thing in any form of communication or representation, including letters, words, pictures, sounds, or symbols, any combinations of these or other means to engage in business, regardless of media.
This includes, but is not limited to:
- Physical paper in files, such as memos, contracts, reports, photographs and architectural drawings
- Electronic communication such as e-mail content and attachments, voicemail, instant messages, and data on a contactless integrated circuit;
- Content on Web sites, PDAs, mobile devices, desktops, and servers;
- Information/data captured in various databases;
- Licenses, certificates, registration, identification cards, or other means;
- Handwriting, typewriting, printing, Photostatting, photographing, photocopying, transmitting by electronic mail or facsimile;
- Any record thereby created, regardless of the manner or media in which the record has been stored and/or created; and
- Backups of electronic information.
A. Campus Retention Schedules
Information authorities are responsible for creating and implementing campus retention schedules and procedures for the following CSU defined schedules:
- Academic Personnel
- Curriculum and Accreditation
- Catalogs, class schedules, course programs, grade rosters and books,
- Master plan
- Environmental Health and Safety
- Capital Planning, Construction, and Facilities Management
- Fiscal Services
- Human Resources
- Institutional Records
- Campus policies, Presidential records, administrative program review, executive business calendars,
- Public records act requests, trademarks and logos
- Committee agendas and minutes, academic senate agendas and minutes
- Litigation files
- Media/public relations records
- Art inventory records
- Child development office files
- Personnel / Payroll
- Research & Sponsored Programs
- Administrative & financial grant & award records, conflict of interest records, IRB records, IACUC records, misconduct records, research data
- Student Records
- University Advancement
- Alumni information, donor information
- University Police
B. Custodian of Record Responsibilities
The Custodian of Record is responsible for the following:
- Implement a retention schedule for their subject area (listed above).
- Retention Schedules are now available online.
- Update the schedule with current information: Record Title, Custodian of Records, Record Value Type, Retention Source Authority, and Retention Period.
- Assure that the campus is operating in compliance with the California State University records/information retention and disposition schedules, and;
- Identify records/information that may have historic or vital value for the campus.
- Ensure that the designation of a vital record/information is consistent with the campus’ business continuity plans (per Executive Order 1014).
- Establish departmental procedures to review and update the retention and disposition schedules, as needed, and to incorporate records unique to each campus.
- Ensure appropriate and timely disposal of records/information in accordance with retention and disposition schedule time-frames.
- The department is responsible for instituting a process for reviewing its records/information as listed on the schedules to determine if they should be destroyed or maintained.
- At minimum, this review should be conducted once a year.
- Provide a copy of the updated schedule to the Information Security Officer at least once a year, due in May. These schedules must be published by the campus and copies are to be provided to the Office of the Chancellor, upon request.
C. Information Authority Responsibilities
The Information Authority is responsible for the following:
- Authorize requests for access to or use of information.
- Serve as a reference for assigned record retention and disposition schedules.
|Responsible Officer:||Dru Zachmeyer, Assistant Vice President
Strategic Business Services, Administrative Compliance Services
|2/11/2010||Change Information Authority to Custodian of Record to align with roles specified in CSU record retention schedules||All|
|8/16/2010||Released version for posting on the web and notified campus constituents||All|
|5/20/2010||Reviewed and consulted with Information Resource Management Policy and Planning Committee (IRMPPC)||All|
|4/21/2010||Reviewed and consulted with Administrative Advisory Committee on Computing (AACC)||All|
|4/16/2010||Reviewed and consulted with Instructional Advisory Committee on Computing (IACC)||All|
|3/3/2010||Reviewed and consulted with LAN Coordinators||All|
|2/23/2010||Reviewed and consulted with Information Security Committee||All|
|2/17/2010||Reviewed and consulted with Information Security Management Team||All|
|1/26/2010-8/12/2010||Made additions and revisions for Cal Poly||All|
|1/26/2010||Acquired source document from Cal Poly Pomona||All|