Sorry if I wasn't more clear. I am aware of the government regulations, SEC,
NASD etc. and we retain documents that fall under these requirements for the
specified time frame.
My boss wants to know if there is some industry standard for document
retention for correspondence that does not fall under government regulation.
I've never been able to find anything, but had to ask anyway. I keep telling
her it's what management decides to be there company policy. She's hoping
there's a repository where companies submit this information.
Robert
_____
From: Chuck Hutchings [mailto:chuck@netserco.com]
Sent: Friday, November 12, 2004 1:02 PM
To: Robert Mezzone
Cc: security-management@securityfocus.com
Subject: Re: Email Retention Policy
I also work in the financial sector, and am addressing this same problem
right now. There is no industry wide standard as far as I know, and I also
would like to see one. At the moment, I'm facing the possibility of
retaining emails for as long as seven years. The best I can say is that "it
depends" (in the words of Mark Rasch www.solutionary.com
<http://www.solutionary.com> ), and what it mainly depends on is your
security policy. If that says that you keep emails for three years, then you
keep them for three years, and then eliminate them.
Chuck
Robert Mezzone wrote:
Is there a site that dicuss' what companies are doing regarding email and
document retention in a corporate environment, I couldn't find anything on
Google. I don't think think there is such a thing but thought I'd ask. My
impression is it's a policy put into place by corporate management, and
there is no industry wide standard, baring some government regulations of
course. I work in the financial industry, if that matters.
Thanks.
Robert
