ECU Logo
 
Joyner Library


BlackBoard
Help Desk
PirateID
Index
Email
OneStop
Calendar
BlackBoard IT Help Desk PirateID Index Email and Phone OneStop Calendar
 
 
 
 
Departmental Records Schedules
 
 
 
 
UNC General Records Retention and Disposition Schedule

This Schedule applies to records in all media, unless otherwise specified.

Items – a sample listing of items found within a series. Other related records not listed may also be part of a series.

Disposition all dispositions are minimum requirements and include, where applicable, transfer to the custody of the University Archives for appraisal and final disposition.

Destruction
takes place in the office. Any record with confidential or sensitive information shall be properly destroyed by shredding or by means to ensure that the records cannot be physically recreated.

Original and Reference Copy original copy (also known as a record copy) is the official authorized copy kept by the office charged with creating or maintaining the record copy. Reference copies (also known as convenience copies) are preserved for the convenience of reference or ease of access.

There must be no destruction of records if litigation or audits or other official action involving the records is pending or reasonably anticipated or foreseeable.

Refer to prefatory material for additional instructions or contact your university's records officer for clarification.


 
<h3>Information Technology Records</h3>
Computer and Information Security

Item 118. ACCESS, SECURITY POLICIES AND SECURITY DOCUMENTATION. Comply with applicable provisions of GS 132-6.1(c), Health Insurance Portability and Accountability Act (HIPAA), 42 USC 1320 et seq., regarding confidentiality of computer-related and privacy-related records.
Items: security policies, standards, guidelines, procedures, security plans
DISPOSITION INSTRUCTIONS: Destroy in office 3 years after superseded or obsolete.

Item 119. COMPUTER SECURITY INCIDENT. Incidents involving unauthorized attempted entry, probes, and/or attacks on data processing systems, information technology systems, telecommunications networks, and electronic security systems, including associated software and hardware. Comply with applicable provisions of GS 132-6.1(c) and HIPAA regarding confidentiality of computer-related and privacy-related records.
Items: reports, logs, extracts and compilations of data
DISPOSITION INSTRUCTIONS: Destroy in office 5 years after incident is resolved.

Item 120. COMPUTER SYSTEM REVIEW. Logs, computer reports and review reports regarding the maintenance and security of the computer system. Comply with applicable provisions of GS 132-6.1(c) and HIPAA regarding confidentiality of computer-related and privacy-related records.
Items: firewall logs, system auditing logs, reports, reviews
DISPOSITION INSTRUCTIONS: Destroy in office computer reports and logs when review report is completed. Destroy in office review report and supporting data after 3 years.

Item 121. COMPUTER USAGE. Monitor computer system usage. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: log-in files, system usage, charge backs, data entry logs, security logs
DISPOSITION INSTRUCTIONS: Destroy in office after completion of applicable review and verification procedures, if no litigation, claim, audit or other official action involving the records has been initiated. If official action has been initiated, destroy after completion of action and resolution of issues involved.

Item 122. DISASTER PREPAREDNESS AND RECOVERY PLANNING. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office when superseded or obsolete.

Item 123. INTERNET SERVICE LOGS (External). Monitor access and use of services provided via the Internet. Comply with applicable provisions of GS 132- 6.1(c) regarding confidentiality of computer-related records.
Items: website logs, mail server logs, FTP logs, Telnet logs, antivirus/anti-spam mail service logs
DISPOSITION INSTRUCTIONS: Destroy in office after completion of applicable review and verification procedures, if no litigation, claim, audit or other official action involving the records has been initiated. If official action has been initiated, destroy after completion of action and resolution of issues involved.

Item 124. NETWORK USAGE (Internal). Monitor network usage.
Items: log-in files, system usage files, reports, firewall logs
DISPOSITION INSTRUCTIONS: Destroy in office after completion of applicable review and verification procedures, if no litigation, claim, audit or other official action involving the records has been initiated. If official action has been initiated, destroy after completion of action and resolution of issues involved.

Item 125. SYSTEM BACKUP. Copies of master files or databases, application software, logs, directories needed to restore a system in case of a disaster or inadvertent destruction.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office in accordance with your office’s established backup plan and procedures – See Security Backup Files as Public Records in North Carolina: Guidelines for the Recycling, Destruction, Erasure and Re-Use of Security Backup Files, at http://www.ah.dcr.state.nc.us/records/. Backups used to document transactions or retained for purposes other than system security should be scheduled separately by the responsible program unit. For fiscal systems, monthly system backups are often retained for the entire fiscal year to provide an audit trail and annual requirements in lieu of copies of the individual master files or databases. If these records are covered by specific Federal audit requirements requiring longer records retention, they should be scheduled separately by the appropriate program unit. It is

Item 126. SYSTEM USERS ACCESS RECORDS. Monitor individual access to a system and its data.
Items: user account records
DISPOSITION INSTRUCTIONS: Destroy in office 1 year after user is withdrawn from system.

Computer Operations and Technical Support

Item 127. AUDIT TRAIL. Data generated during the creation of a master file or database used to validate the integrity of a master file or database during a processing cycle. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office when administrative value ends.

Item 128. AUTOMATED OFF-LINE STORAGE SYSTEM. List of backup tapes. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office after related records or media are destroyed or withdrawn from the media library.

Item 129. DESTRUCTION OF FILES REPORTS. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office when superseded or obsolete.

Item 130. OFF-LINE STORAGE CONTROL RECORDS. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office when superseded or obsolete.

Item 131. OPERATING SYSTEM AND HARDWARE CONVERSION PLANNING. Replacement of equipment or computer operating systems that support the creation of non-permanent records. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related
Items:
DISPOSITION INSTRUCTIONS: Destroy in office 1 year after completion of conversion.

Item 132. SUMMARY USAGE REPORTS. Summary reports documenting computer usage for reporting or cost recovery purposes. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office after 3 years.

Data Administration

Item 133. DATA / DATABASE DICTIONARY. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: data element definitions, data structures, file layout, reports
DISPOSITION INSTRUCTIONS: Destroy in office 3 years after discontinuance or modification of the related application and after application data has been destroyed or transferred to new structure or format.

Item 134. INDEXES / TRACKING SYSTEMS. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: electronic indexes, lists, registers
DISPOSITION INSTRUCTIONS: Destroy in office when related paper or electronic records have been destroyed or transfer in accordance with the disposition of the related paper or electronic records as appropriate. Indexes and tracking systems of program units other than data processing units should be scheduled by the

Item 135. SYSTEM VALIDATION. Used to update and/or document a transaction in a database or master file. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: log, update file
DISPOSITION INSTRUCTIONS: Destroy in office when administrative value ends.

IT General Systems and Applications Development

Item 136. APPLICATION DEVELOPMENT PROJECT. Development, redesign or modification of an automated system or application. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: project management, status reports, drafts, specifications, correspondence
DISPOSITION INSTRUCTIONS: Transfer to University Archives 5 years after project is completed.

Item 137. APPLICATION SYSTEM OPERATIONS. User and operational documentation describing how an application system operates. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: flowcharts, program descriptions, documentation, user’s guides, specifications
DISPOSITION INSTRUCTIONS: Destroy in office 3 years after discontinuance of all systems, and after all data created by every system instance has been destroyed or migrated to new operating system.

Item 138. METADATA DOCUMENTATION. Metadata concerning the development and/or modification of and the access, retrieval, manipulation and interpretation of data in an automated system. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: data dictionary, file layout, code book
DISPOSITION INSTRUCTIONS: Destroy in office 3 years after discontinuance of system or application, and after system’s or application’s instance data have been destroyed or migrated to a new structure or format.

Item 139. QUALITY ASSURANCE. Adherence of applications and systems development procedures and products to established policies, processes, architectures, deliverables, performance metrics, budgetary allocations and deadlines. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: reviews, assessments
DISPOSITION INSTRUCTIONS: Destroy in office 3 years after source code is upgraded or becomes obsolete.

Item 140. SOURCE CODE. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office 3 years after upgraded or obsolete.

Item 141. TECHNICAL PROGRAM DOCUMENTATION. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: program code, program flowcharts, program maintenance log, system change notices
DISPOSITION INSTRUCTIONS: Destroy in office 1 year after program is upgraded or obsolete.

Network / Data Communication Services

Item 142. NETWORK IMPLEMENTATION PROJECT. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: reports, justifications, working diagrams, wiring schematics
DISPOSITION INSTRUCTIONS: Destroy in office when superseded or obsolete.

Item 143. NETWORK / CIRCUIT INSTALLATION AND SERVICE. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: work orders, correspondence, work schedules, building / circuit diagrams
DISPOSITION INSTRUCTIONS: Destroy in office 2 years after completion of work.

Item 144. NETWORK CIRCUIT INVENTORIES. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: circuit number, vendor, cost per month, type of connection, terminal series, software,
DISPOSITION INSTRUCTIONS: Destroy in office when superseded or obsolete.

Item 145. NETWORK / SITE EQUIPMENT SUPPORT. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: site visit reports, trouble reports, service history, correspondence
DISPOSITION INSTRUCTIONS: Destroy in office service histories and other summary records when superseded or obsolete. Destroy in office remaining records when administrative value ends.

User / Office Automation Support

Item 146. HELP DESK LOGS AND REPORTS. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items:
DISPOSITION INSTRUCTIONS: Destroy in office after 2 years.

Item 147. SITE / EQUIPMENT AND SOFTWARE SUPPORT. Support service records. Comply with applicable provisions of GS 132-6.1(c) regarding confidentiality of computer-related records.
Items: site visit reports, program reports, equipment service reports, service history correspondence
DISPOSITION INSTRUCTIONS: Destroy in office service histories and other summary records when superseded or obsolete. Destroy in office remaining records after 3 years.