The Records Management Policy outlines the principles and minimum standards for Record creation, classification, retention and destruction within the Company and its subsidiaries, affiliates, branches and representative offices.
Records need to be managed throughout their entire life cycle: from creation or receipt through processing, distribution, maintenance, retrieval and ultimate disposal or destruction.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. GENERAL PRINCIPLES AND MINIMUM REQUIREMENTS
3.1 CREATION OF RECORDS
3.2 RETENTION OF RECORDS
3.3 RETENTION OF EMAIL AND OTHER ELECTRONIC COMMUNICATIONS
3.4 USE AND RETENTION OF SMS
3.5 RETENTION OF AUDIO OR VIDEO RECORDINGS
3.6 DESTRUCTION OF RECORDS
3.7 CLASSIFICATION OF RECORDS / CONFIDENTIALITY & DATA PROTECTION
3.8 SECURITY / ACCESS
3.10 BREACH OF RECORDS MANAGEMENT POLICIES
5. FINAL CONSIDERATIONS
5.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
5.2 DOCUMENT REVISION
The Mobile Computing Policy addresses the actions that must be taken by the Company’s personnel who have mobile computing equipment, or who are temporarily using mobile computing equipment.
The objective of the Cryptographic Controls Standard is to outline the minimum information security controls which must be applied when cryptographic services and solutions are utilized by the Company. Specifically, this Standard focuses on key management requirements, acceptable algorithms, appropriate key lengths, and raises pertinent regulatory considerations relating to the use of cryptography.