Please Agree or Disagree to the following.
Brief & purpose
Our Record Retention policy describes our guidelines to create, preserve and access our company’s records. To ensure that our records are accurate and secure, we ask our employees to adhere to this policy.
Scope In this policy, a “record” is any type of electronic or paper file (document, spreadsheet, database entries) that we store in our systems. This includes files both employees and external sources create. All legal and business documents, as well as formal internal and external communications, fall under this policy’s purview.
This policy applies to employees who may create, access and manage Learner records. The administration departments, which manage sensitive and critical information, are primarily responsible for keeping accurate and secure records. e.g. Every other employee who creates and stores important records should follow this policy too.
Policy elements and Creating records
We place high value on our company’s records. By storing information, we are able to:
• Make better decisions for Learners.
• Support our day-to-day operations for Learner assessments.
• Evaluate our operations and employee productivity over time.
• Develop plans to improve and grow the company.
What records do employees need to create?
Creating and storing certain types of records are mandatory. Employees should keep records that:
• Are mandated by law and Quality assurance groups.
• Indicate internal or external changes that affect our operations, employees, partners or Learners.
• Include decisions, reports, data and activities that are important to Learners and our business.
• Detail and communication with regulatory bodies or the public
Employees, teams and departments may keep other records if they decide they’re useful to their jobs.
We have a few general guidelines for creating records. Employees should:
• Ensure that information is accurate and complete.
• Store records only on our secure server.
• Name, categorize and share records properly.
Employees should also check records electronic systems automatically generate to ensure their accuracy and proper storage.
Authorization
Records may have different levels of authorization that limit their accessibility. The authorization level is usually determined by those who create the records.
• [Employment records]
• [Learner records, medical evidence, funding letters, pre assessment information]
• [Customer/ vendor/ partner/ job applicant information and contracts]
Access to those records is restricted to employees who directly manage that information. Other types of records, like company performance metrics and internal policies, may be accessible by all permanent employees. Employees must not disclose records to people outside of our company, unless authorized.
Our data protection policies always apply to all relevant records.
Retaining records
Our employees must protect our records, whether marked as confidential or not.
Physical records
Printed records must be stored safely in filing cabinets or closed offices. Important, confidential files mustn’t be left in open office areas.
When employees need to carry physical records out of our offices, they must prevent them from being damaged, lost or stolen. We advise our employees to avoid relocating records as much as possible.
Electronic records
Electronic records will be protected by passwords, firewalls and SSL Data transferring security (both locally and in the cloud.)
Employees are responsible for keeping these records intact. For example, if an employee shares a Google spreadsheet, they must decide whether to give colleagues permission to edit, view or comment. Employees should not grant editing privileges unless necessary.
Also, when employees access electronic, confidential records outside of our offices, they should ensure that both their devices and networks are secure. They should not leave their screens and devices unattended while logged in to our company’s accounts.
Data retention period
As a general rule, we will keep all records for a minimum of six years. Also, the following records must be preserved indefinitely:
• [Learner records]
• [Internal policies]
• [Financial statements and annual reports]
• [Results of audits and legal investigations]
Discarding records
After the data retention period has passed, authorized employees may choose to discard records for a specific reason. They will usually do this either by shredding physical documents or deleting data from a database via Z delete lvl 10 deletion software. Printed copies of electronic files should be shredded, too.
Records may also be discarded upon request from a stakeholder. For example, a customer or partner may ask us to delete their information from our databases. In this case, centre managers should authorize employees to discard relevant records.
We expect our employees to always respect our confidentiality policy. When files need to be discarded, employees must NOT create copies or store information on their devices. This may constitute a security breach and warrant disciplinary action.