It’s likely that you can get rid of some of the boxes and stacks of company records that are collecting dust in your workplace. Yet, discarding documents too soon can lead to a failure to meet audit and litigation requirements, just as keeping data for longer than necessary can lead to liability risks related to identity theft. Understanding which records to maintain and for how long is crucial for supporting important business tasks, ensuring legal and regulatory compliance, and reducing risk.
The “seven year” retention limit is frequently applied by small business owners to their whole inventory of data. For the following documents, a seven-year retention period might be sufficient:
- bank statements
- purchase orders
- expenditure reports
- accounts payable
- accounts receivable
- vendor invoices
But you should not default to using seven years as a retention requirement for all your company’s documents. Consult an accountant and/or a lawyer for retention requirements. Its critical to create a records retention program that addresses the lifecycle of every type of data your business uses.
A records retention program’s breadth varies from company to company. a more sophisticated program may apply to highly regulated, multi-departmental, larger corporations than to smaller businesses.
It’s crucial to confirm appropriate retention periods with your legal counsel because rules and regulations that govern your organization vary and might be highly complex. You can also get information on financial and personnel data retention policies from your accounting and human resources advisors.
ARMA is a useful resource for records management (The Association of Records Managers and Administrators,). Their publication, “Generally Accepted Recordkeeping Principles: A Guide, is great.
- The principle of accountability states that a senior executive (or a person with comparable power) is responsible for overseeing the information governance program and assigning appropriate people the duty of managing records and information.
- Principle of Integrity: An information governance program must be designed with a fair and appropriate guarantee of the authenticity and dependability of the information generated by or managed for the company.
- Principle of Protection: An information governance program must be designed to provide a reasonable level of security for documents and data that are private, confidential, privileged, secret, classified, or necessary for business continuity, among other things.
- The principle of compliance states that an information governance program must be created in accordance with all existing laws, other binding regulations, and organizational rules.
- An organization must keep records and data in a way that makes it possible to retrieve needed information quickly, effectively, and accurately.
- The principle of retention states that an organization must keep records and information for a period of time that is reasonable in light of its legal, regulatory, financial, operational, and historical obligations.
- Principle of Disposition: An organization must dispose of documents and information securely and appropriately when obliged to do so by relevant laws and the organization’s rules.
- The principle of transparency requires that all personnel and appropriate interested parties have access to the open and verifiable documentation of an organization’s business processes and operations, including its information governance program.
A professional records storage and management vendor can offer you useful tools and resources for organizing, accessing, retrieving, and securely shredding documents and files if you are storing records off-site.
Request an estimate on our website or by calling 860-627-5800 to learn more. Our experts will ask you a few questions to better understand your requirements, after which they will tell you exactly what to expect from start to finish, including the cost.