Managing Records: General Retention and Disposition Schedule

General Schedule: Part 3

New and revised items are indicated by an asterisk (*) preceding the item number

Health, Safety, and Security

Information Technology

 

HEALTH, SAFETY, AND SECURITY

Health, safety, and security functions protect the well-being of state employees and members of the general public who are engaged in official business or residing in or visiting state-owned or operated facilities.  Health, safety, and security programs include monitoring compliance with health and safety standards, regulating and monitoring the environment in state facilities, managing the storage and use of toxic and harmful substances, ensuring facility security, fire prevention and response, and planning disaster preparedness and response.

Records Not Covered:  Records of the Department of Labor, the Department of Environmental Conservation (DEC), the Office of General Services (OGS), the Department of State (DOS), the Department of Civil Service, and any other agency that document governmentwide control or oversight of health, safety, and security functions, or the provision of centralized services.  See descriptions and recommendations below for more specific information about records that are not covered by this schedule.

*90291  Annual Environmental Audit Report Records
Agency copies of annual environmental audit reports submitted to DEC and related records providing an assessment of agency compliance with environmental laws.  The records include descriptions of environmental problems, records of remedial investigations, plans, and actions; estimates of capital, contractual, personnel, and other resources needed to remedy violations; projected remedial time schedules; internal assessments of remedial plans; lists of violations and rankings; and related correspondence, memoranda, and printed materials used to compile reports.

Minimum Retention and Disposition:  Retain copy for 3 years after report is submitted to DEC, then destroy.

Justification:  These records are needed for 3 years in the event of personal injury litigation (Section 214 of the Civil Practice Law and Rules) and for use in compiling new reports.

Records Not Covered:  Records maintained by DEC related to its role as a control agency for this function.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90292  Toxic Substances in the Workplace Notifications and Information Files
Records documenting notification by agencies to employees of the existence of toxic substances in the workplace and the potential effects of exposure to these substances, including correspondence and memoranda, material safety datasheets, and related records documenting the transmission of information to employee.

Minimum Retention and Disposition: Destroy 40 years after superseded or obsolete.

Justification:  Records created pursuant to Section 876 of the New York State Labor Law and 12 NYCRR 820.3.  The retention period ensures the availability of information from these files for the same period of time during which lists of employees handling the toxic substances will be maintained (see item #90293).

Records Not Covered:  Records required to document compliance with federal and state regulations related to specific substances.  Agencies seeking information on specific substances and possible retention requirements should refer to 29 CFR 1910, et seq.

Note:  Item #90013 covers records relating to actual exposure of individual employees to toxic substances.

*90293  Lists of Employees Who Handle Toxic Substances
Records of names, addresses, and social security numbers of employees who handle or use substances included in section 1910 of the federal occupational safety and health regulations (29 CFR 1910, subpart z) and which substances were handled or used by which employees.

Minimum Retention and Disposition:  Destroy 40 years after superseded or obsolete.

Justification:  Section 879 of the New York State Labor Law requires that these records be retained for this period of time.

Note:  Item #90013 covers records relating to actual exposure of individual employees to toxic substances.

*90013  Employee Hazardous Substance Exposure Records
Records of exposure or possible exposure to toxic or harmful substances, including information on the substance to which an employee is exposed, employee exposure records, summary and detailed environmental and biological monitoring records, and related records.

Minimum Retention and Disposition:  Destroy 30 years after exposure, except environmental monitoring background data may be destroyed after 1 year provided that sampling results, methodology, a description of analytical method used, and a summary of other relevant background data is retained for 30 years.

Justification:  The federal Occupational Safety and Health Administration (29 CFR 1910.1020) requires that employee hazardous substance exposure records be maintained for 30 years.

Note:  New York State Labor Law Section 879 requires that employers maintain lists of hazardous or toxic substances which are handled or used by employees and which substances were handled or used by which employees.  Such lists must be maintained for 40 years (see item #90293).  Hazardous substance exposure records should not be filed in the employee's personal history file.

90294  Toxic Substances Training and Education Files
Course material, attendance records, correspondence, and memoranda documenting the training and education of employees in the proper use and handling of toxic substances, and compliance with federal Occupational Safety and Health Administration requirements.

Minimum Retention and Disposition:  Destroy 3 years after employee separation from agency.  Destroy summary records, including course material, 3 years after separation of all concerned employees from agency.

Justification:  12 NYCRR 820.4 requires employers to maintain records of toxic substance training until employee separation.  The additional 3 years will cover the need for these records in personal injury litigation under Section 214 of the Civil Practice Law and Rules.

Records Not Covered:  Records of the Occupational Safety and Health - Hazard Abatement Board, located in the NYS Department of Labor, that document its oversight of agency toxic substances training and education programs.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.  Agencies may also wish to retain a record of training provided to specific employees as a part of Employee Training History records (see item #90022 in the Training section of this schedule).

*90295  Employee Occupational Injury and Illness Incident Logs, Reports and Summaries
Records documenting recordable occupational injuries and illnesses of agency employees, including incident logs, incident reports, annual summaries, and related correspondence, memoranda and other records.

Minimum Retention and Disposition:  Destroy 5 years after the end of the calendar year that the records cover.

Justification:  12 NYCRR 801.33 and 29 CFR 1904.33 require that employers maintain these records for 5 years.

Records Not Covered:  Records related to employee hazardous substances exposure are covered by item #90013.  Records of employee occupational injuries and illnesses prepared pursuant to Section 110 of Workers’ Compensation Law are covered by item #90015 in the Personnel section of this schedule.  Also not covered are any records of the Department of Labor maintained in relation to its role as a control agency for this function.

*90296  Annual Occupational Injury and Illness Surveys
Agency copies of annual occupational injury and illness surveys submitted to the NYS Department of Labor under 12 NYCRR 801.41.

Minimum Retention and Disposition:  Destroy 1 year after submission to the Department of Labor.

Justification:  The NYS Department of Labor maintains the record copies of these annual surveys.

Records Not Covered:  Records maintained by the Department of Labor in connection with its role as a control agency for this function.

90298  Facility Health and Safety Inspection Records
Notices of inspection, inspection reports, descriptions of violations, remedial action plans, correspondence, and memoranda documenting agency cooperation with the NYS Department of Labor in facility inspections mandated by 12 NYCRR 802 and agency efforts to comply with Department of Labor findings and determinations.

Minimum Retention and Disposition:  Destroy 3 years after completion of inspection or after any violations are remedied, whichever is longer.

Justification:  This retention period meets the statute of limitations involving personal injury suits (Section 214 of the Civil Practice Law and Rules).

Records Not Covered:  Records maintained by the Department of Labor in connection with its role as a control agency for this activity.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

90299  Health and Safety Code and Regulations Variance Files
Agency requests for relief from health and safety standards and regulations and records of approved variances.  This includes petitions, applications for temporary or permanent variances, interim orders, requests for hearings, notices of hearings, transcripts of variance hearings and conferences, depositions, affidavits, variances, amendments issued by the NYS Department of Labor, consistent findings and orders, decisions, and appeals.

Minimum Retention and Disposition:  Destroy 3 years after request is denied or after the variance is no longer in effect.

Justification:  This retention period meets the statute of limitations for personal injury suits (Section 214 of the Civil Practice Law and Rules).

Records Not Covered:  Records maintained by the Department of Labor in connection with its role as a control agency for this activity.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90300  Fire Code Compliance Records
Agency copies of fire safety inspections, fire extinguisher inspections, complaints, violation corrective plans, code compliance certificates, fire drill records, and annual reports that document compliance with the NYS Uniform Fire Prevention and Building Code.

Minimum Retention and Disposition:  Retain records of inspections, drills and annual reports for 3 years or until all violations are corrected, whichever occurs later, then destroy.  Destroy code compliance certificates 3 years after they expire.

Justification:  This retention period meets the statute of limitations requirements for personal injury litigation (Section 214 of the Civil Practice Law and Rules) and complies with NYS Department of State inspections requirements (19 NYCRR 1204).

Records Not Covered:  Records maintained by the Department of State to control and provide oversight for this function.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

90301  Fire Safety Program Records
Records concerning the establishment and administration of a network of fire wardens, marshals, and searchers, including lists of individuals serving in these capacities, building diagrams, assignments, evacuation procedures, meeting records, and lists of equipment disbursed to wardens, marshals, and searchers.

Minimum Retention and Disposition:  Destroy 3 years after superseded or obsolete.

Justification:  This retention period meets the statute of limitations for personal injury litigation (Section 214 of the Civil Practice Law and Rules).

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

90302  Fire Safety Education and Training Records
Records relating to agency fire safety education and training programs, including course information records and course registration records for wardens, marshals, and searchers and for building tenants.

Minimum Retention and Disposition:  Destroy 3 years after creation.

Justification:  This retention period meets the statute of limitations involving personal injury litigation (Section 214 of the Civil Practice Law and Rules). 

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.  Agencies may also wish to retain a record of training provided to specific employees as a part of Employee Training History records (see item #90022 in the Training section of this schedule).

*90303  Building Visitor Logs and Security Videotapes
Logs of entry to and exit from agency facilities containing visitor name, organization or business, address, reason for visit or person/unit visited, and dates and times of entry and exit.  Also includes videotapes or other recordings prepared for security purposes that document specific incidents and merit retention for administrative or potential legal uses.

Minimum Retention and Disposition:  Destroy 3 years after the end of the year to which they relate.

Justification:  This retention period meets the statute of limitations involving personal injury litigation (Section 214 of the Civil Practice Law and Rules).  It also meets or exceeds the statute of limitations for initiating criminal prosecutions for misdemeanors (Section 30.10 of the Criminal Procedure Law).

Records Not Covered:  Records maintained by facilities that require extraordinary security (e.g., State Police barracks, correctional facilities, and secured mental health facilities) and records maintained by the Office of General Services in its capacity as a service agency for building security.  Records of investigations into security-related incidents are covered by item #90305.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90304  Building Pass Records
Agency records documenting the issuance and cancellation of building passes include applications for temporary and permanent passes, copies of passes, lists of individuals with valid passes, records of revocations or cancellations, correspondence, and memoranda.

Minimum Retention and Disposition:  Destroy records documenting issuance and cancellation of passes 3 years after passes are cancelled or become invalid, except actual passes that have been cancelled or have expired may be destroyed immediately.

Justification:  This retention period meets the statute of limitations involving personal injury litigation (Section 214 of the Civil Practice Law and Rules).  It also meets or exceeds the statute of limitations for initiating criminal prosecutions for misdemeanors (Section 30.10 of the Criminal Procedure Law).

Records Not Covered:  Records of investigations into security-related incidents are covered by item #90305.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90305  Incident and Investigation Records
Agency copy of records documenting security-related incidents and investigations by agency staff and external investigators.  These records include but are not limited to complaints, incident reports, accident reports, reports of stolen property, emergency response-related records, and correspondence and memoranda.

Minimum Retention and Disposition:  Destroy 5 years after any investigation is closed or dropped, except 3 years after 18th birthday for any accidents or personal injury incidents involving minors.

Justification:  This retention period meets or exceeds the statutes of limitations for initiating criminal prosecutions for misdemeanors and most felonies (Section 30.10 of the Criminal Procedure Law).  This retention period will also ensure the availability of these records in instances concerning personal injury suits.

Records Not Covered:  Records maintained by any agency having a law enforcement function, and records of incidents and investigations in correctional, mental hygiene, and other residential facilities.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90306  Health, Safety, and Security Subject Files
Reports, memoranda, correspondence, copies of policies and procedures, background materials, and related records used by agencies to support the administration of health, safety, and security programs, arranged by subject and covering topics such as health issues, building safety, facility access, and incident reporting, exclusive of records subject to specific legal requirements or which are covered by other schedule items.

Minimum Retention and Disposition:  Destroy when obsolete or superseded.

Justification:  These records have no legal or fiscal value.

Records Not Covered:  Records maintained by facilities that require extraordinary building security (e.g., State Police barracks, correctional facilities and secured mental health facilities) and records maintained by OGS in its capacity as a central provider of security services.

*90307  Facility Disaster Preparedness Files
Agency copies of disaster preparedness and evacuation plans for agency-owned and occupied buildings.  These records typically include, but are not limited to, correspondence, memoranda, risk assessments and vulnerability studies, disaster/contingency and evacuation plans, supporting materials used to develop plans, and training and educational materials.

Minimum Retention and Disposition:  Destroy 3 years after a plan is superseded or made obsolete because the agency vacates a facility.

Justification:  This retention period meets the statute of limitations involving personal injury suits (Section 214 of the Civil Practice Law and Rules).

Records Not Covered:  Records of activities of the State Disaster Preparedness Commission and the State Emergency Management Office.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90368  Disaster Response and Recovery Records
Agency records documenting responses to a major disaster, including photographs, press clippings, property damage reports, records of emergency response, summary reports of personal injuries, records relating to demolition and new construction, and correspondence.

Minimum Retention and Disposition:  Transfer to State Archives when no longer needed for agency use.

Justification:  Records have long-term value to document responses of state agencies to major disasters and to document the disasters.

Records Not Covered:  Records of activities of the State Disaster Preparedness Commission and the State Emergency Management Office.


INFORMATION TECHNOLOGY

Information technology (IT) encompasses all activities undertaken by agencies to design, develop, and operate electronic information systems.  This section covers records for which IT units are responsible, including administrative records and those used to process data and monitor and control operations.  This section does not cover records created to support specific operations in program units outside of the IT organization.  Records retained to meet program-specific requirements outside of the IT unit must be scheduled separately by the unit with the responsibility and authority to determine their retention requirements and final disposition. 

Records Disposition Authorizations (RDAs) for this section are subdivided into six functional areas as follows:

  • General Administration
  • Systems and Application Development
  • Computer Operations and Technical Support
  • Data Administration
  • IT Support
  • Network/Data Communication Services

 GENERAL ADMINISTRATION
General Administration includes IT policy development, fiscal and personnel administration, planning, and the coordination of activities within IT units and between an IT unit and other parts of an agency.

*90218  Data Processing Unit Subject Files
Correspondence, memoranda, reports, publications, and related records used to support the administration of agency data processing services.

Minimum Retention and Disposition:  Destroy when obsolete or superseded.

Justification:  These records have no legal or fiscal value.

Records Not Covered:  Agency information technology plans are covered by item #90219.  Agency IT policies are covered by item #90209 in the General Administration section of this schedule.  Records that document fiscal transactions are covered by various items in the Fiscal Operations section of this schedule.  This item also does not cover records covered by other items in this schedule.

Note:  Agencies should not use this item for records which are covered by separate authorizations in this schedule.

*90219  IT and Data Processing Services Plans
Agency annual technology plans submitted to DOB and Office of the Chief Information Officer, data processing services plans, strategic plans, and related records used to plan for information systems development, technology acquisitions, data processing services provision, or related areas.

Minimum Retention and Disposition:  Destroy plan and essential background documentation 3 years after plan is completed, superseded, or revised.  Destroy drafts and routine material when no longer needed by agency.

Justification:  Planning records often have value for budgetary and planning purposes for several years after they become inactive.

*90224  Records of Chargebacks to IT Services Users
Electronic and manual records used to document and calculate costs and to bill program units for computer usage and IT services.  These records are also used for cost recovery, budgeting, or administrative purposes.

Minimum Retention and Disposition:  Destroy 3 fiscal years after creation.

Justification:  Chargeback records are needed for 3 fiscal years for budgetary purposes and, if they are used for cost recovery or billing purposes, to meet audit requirements.

Records Not Covered:  Chargeback records subject to lengthier federal records retention requirements should be scheduled separately.

SYSTEMS AND APPLICATION DEVELOPMENT
Systems and application development covers the IT unit functions related to the development, redesign, modification, procurement, and testing of systems and applications, as well as to maintaining the documentation generated by these processes.

*90225  Application Development Project Files
Records created and used in the development, redesign, or modification of an automated system or application, including draft system or subsystem specifications, draft user requirements and specifications, and memoranda and correspondence.

Minimum Retention and Disposition:  Destroy 3 years after completion of project and after administrative needs for records have ended.

Justification:  Many application development records may be needed up to 3 years after the conclusion of a project for reference or for management audit purposes.

Records Not Covered:  System or application documentation (see items #90226 and #90227) and project management records.

Note:  In some circumstances, agencies may wish to maintain these files longer for reference.  All relevant information and final documentation should be contained in system and application documentation files (see items #90226 and #90227).

*90226  Information Systems Specifications
Records that document system operations, including data entry, manipulation, output and retrieval (often called "system documentation records"), as well as records necessary for using the system, such as user guides, system or sub-system definitions, system flowcharts, program descriptions and documentation (or other metadata), job control or work flow records, and input and output specifications.

Minimum Retention and Disposition:  Destroy 3 years after discontinuance of system, but not before system data is destroyed or transferred to new operating environment.

Justification:  Current and accurate information on how an application system operates is needed throughout its life cycle.  System documentation may be needed 3 years after the system is discontinued or modified for the admissibility of electronic records in legal proceedings, retrospective analysis, and remedying errors.

Records Not Covered:  Data documentation and other records used to explain the meaning, purpose, or origin of data (see item #90227).

*90227  Data Documentation (Metadata)
Records (sometimes known as metadata) generally created during system or application development or modification and necessary to access, retrieve, manipulate and interpret data in an automated system (including systems where information is text, graphic, or multi-media based), including a data element dictionary, file layout, codebook or table, and other records that explain the meaning, purpose, structure, logical relationships, and origin of the data elements.

Minimum Retention and Disposition:  Destroy 3 years after discontinuance of system or application, but not before system or application data is destroyed or transferred to a new structure or format.

Justification:  These records are needed to use and interpret electronic records and have value as long as the data/electronic records are retained.

Note:  In some cases, agencies will retain data for extended periods, sometimes off-line.  It is essential that they retain related metadata in an accessible format.  This is particularly crucial if the metadata is stored in electronic form or the related records are judged to have long term and secondary research value.  When archival electronic records are transferred to the State Archives, it is essential that they be accompanied by relevant and accurate data documentation.  Application design documentation and user's guides covered by item #90226 may also serve to explain how data was interpreted and used.

*90228  Program Listing/Source Code
Program source code from which machine-language instructions are generated and used to operate an automated information system.

Minimum Retention and Disposition:  Destroy after code is superseded or replaced or after automated system is no longer in use and has been deleted, but not before any audit or legal needs have been met.

Justification:  These records are the instructions used to operate a system application.  After the code is modified or replaced it has no administrative or legal value.

*90229  Technical Program Documentation
Program flowcharts, program maintenance log, system change notices, and other records that document modifications to computer programs.

Minimum Retention and Disposition:  Destroy 1 year after replacement or modification, or after related programs cease to be used, but not before any audit or legal needs have been met.

Justification:  Records are used for reference, backup, IT audits, insuring adequacy of change documentation, or rectifying errors in program implementation up to a year after related programs are replaced, modified, or cease to be used.

Note:  Agencies may consider retaining documentation for critical systems for a longer period.

*90231  Test Database/Files
Routine or benchmark datasets, related documentation, and test results constructed or used to test or develop a system.

Minimum Retention and Disposition:  Destroy when no longer needed.

Justification:  Agency practices vary in the management of test files, and some may wish to retain test results until the user has accepted the system based on the results.  These materials can be considered and are often managed as nonrecords.  However, other agencies retain test data for an extended time period for continued testing and training.  This retention period gives agencies the flexibility to retain test files based on their own needs.

COMPUTER OPERATIONS AND TECHNICAL SUPPORT
Covers the IT unit functions related to operating systems, hardware and software maintenance, system security, data input services, system backup, off-line tape library operations, job and production control, monitoring system usage, and liaison with hardware and software vendors.

90233  Hardware Documentation
Records documenting the use, operation, and maintenance of an agency's computer equipment, including operating manuals, hardware/operating system requirements, hardware configurations, and equipment control systems.

Minimum Retention and Disposition:  Destroy after the agency no longer uses related hardware and all data is transferred to and made useable in new hardware environment.

Justification:  These records have no value after the agency ceases to use related hardware and transfers the data to a new hardware environment.

Note:  Routine records that do not contain substantial information on the maintenance history or equipment should be destroyed on an annual basis.

*90235  Data Migration and System Upgrade Records
Records relating to the operational aspects of the replacement of equipment or the upgrading of computer operating systems, as well as the migration of data between operating systems.  Records include schedules and logs, tracking and data migration tests, notes, correspondence, conversion and implementation plans, and related records generated by the operating system software, application server software, and web server software.

Minimum Retention and Disposition:  Destroy 1 year after successful migration, update or conversion.

Justification:  Records may be needed after migration for reference and to deal with unforeseen issues and problems.

Note:  Agencies may want to keep the implementation plans for more than one year for subsequent migrations or upgrades.  Data migration and system upgrade records subject to lengthier federal funding or audit requirements should be scheduled separately.

*90236  Disaster Preparedness and Recovery Plans
Records related to the protection and reestablishment of data processing services and equipment in case of a disaster.  Includes disaster recovery manuals, business continuity plans, inventories, procedure plans, contact lists, and other records.

Minimum Retention and Disposition:  Destroy after superseded by revised plan.

Justification:  The Office of Cyber Security and Critical Infrastructure Coordination requires that agencies develop and maintain disaster recovery plans as part of their information security functions.

Note:  Agencies should store disaster preparedness and recovery plans in a secure area off-site from the computer installation to which they refer.

*90237  System Backup Files
Copies of master files or databases, application software, logs, directories, and other records needed to restore a system in case of a disaster or inadvertent destruction.

Minimum Retention and Disposition:  Destroy after 3 system backup cycles or when no longer needed for system restoration, whichever is later.

Justification:  This item authorizes the disposal of backups in accordance with accepted practice that 3 generations of backups be retained.

Records Not Covered:  Backups used to document transactions or retained for purposes other than system security.  For fiscal systems, monthly system backups are often retained for the entire fiscal year to provide an audit trail, and annual system backups are retained to meet all legal and fiscal requirements in lieu of copies of the individual master files or databases.  These records should be disposed using items from the Fiscal Operations section of this schedule (for example, item #90120) or, if they are covered by specific federal audit requirements requiring longer records retention, scheduled separately by the appropriate program unit.

Note:  It is advisable that for many application systems 2 or 3 copies of backups be produced during each cycle.

*90238  User Authorization Records
Records created to control individual access to a system, system data, the Internet, and the agency e-mail system.  Records include user account records, user acknowledgements of policies, authorization documentation, and related records.

Minimum Retention and Disposition:  Destroy after the individual no longer has access to the system, but not before any audit or legal needs for the records created or modified by that individual have been met.

Justification:  Some records, particularly user account records, are needed for security or fiscal audits for as long as the records are retained for audit purposes.  Records may also be needed to document conditions of user access to Internet and e-mail services.

*90377  Computer Security Records
Records used to control and monitor the security of a system and its data, including vulnerability scans, intrusion tests, malicious code detection tests, threat and risk assessments, technical security reviews, patch management logs, intrusion detection logs, firewall logs, and related records.

Minimum Retention and Disposition:  Destroy after administrative use, but not before any audit and legal needs have been met.

Justification:  Control records may be used to track the effectiveness of security measures or detect security flaws.

*90378 Computer Security Incident Records
Records documenting incidents and investigations involving unauthorized attempted entry, probes and/or attacks on agency IT systems and networks.

Minimum Retention and Disposition:  Destroy after operational, audit and legal needs have been met.

Justification:  Incident records may have value in initiating criminal prosecutions.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.  Computer/Network Usage Files (item #90239) may also serve some security purposes.

*90379  Security Breach Notifications
Records created pursuant to Section 208, State Technology Law, which requires state agencies to disclose to New York state residents when their computerized private information was or may have been acquired by a person without valid authorization, including notifications to affected persons and to designated state agencies, logs of notifications, and related records.

Minimum Retention and Disposition:  Destroy 6 years after notification.

Justification:  Copies of notifications and logs may be needed to document that appropriate actions were taken as required by law and in the event of any civil actions based on Section 213, Civil Practice Law and Rules.

Records Not Covered:  Notification policies required by this law are covered by item #90209 in the General Administration section of this schedule.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

*90239  Computer/Network Usage Files
Electronic files, automated logs, or other records created to monitor and control use of the network, e-mail, the Internet and other computer resources by agency employees, including proxy server logs, login files, chargeback files, data entry logs, system usage files, and related records.

Minimum Retention and Disposition: Destroy when no longer needed for administrative use, but not before any audit or legal needs have been met.

Justification: Records may be needed for IT audits, system security, summary reports, planning, or other purposes.

Records Not Covered:  User account records (see item #90238).

*90240  Summary Computer/Network Usage Reports
Summary reports and other records created to document computer and network usage for reporting or cost recovery purposes.

Minimum Retention and Disposition:  Destroy 1 fiscal year after creation.

Justification:  Records may be needed for reporting, reference, charge-back billing, IT audits, system security, or other purposes for 1 fiscal year after they were created.

*90241  Computer Run Scheduling Records
Records used to schedule computer runs, including daily schedules, run reports, run requests, and other records documenting the successful completion of a run.

Minimum Retention and Disposition:  Destroy after current fiscal year, but not before any audit or legal needs have been met.

Justification:  Scheduling records for the current fiscal year may be needed for audits.  Information on runs is also retained in internal system logs, which should be retained with system backup covered by item #90237 and computer usage records covered by item #90239.

*90242  Input/Source Documents
Records or forms designed and used solely for data input and control and not needed for audit, legal or other purposes.

Minimum Retention and Disposition:  Destroy after all data has been entered into the system and, if required, verified.

Justification:  Records used solely for data input to an automated system have no value after data has been entered and verified.

Records Not Covered:  Input records retained for fiscal audit or legal purposes or containing information needed by a program unit should be scheduled by the responsible program unit.  Input records which serve a fiscal audit purpose may be covered by items in the Fiscal Operations section of this schedule.

*90243  Work/Intermediate Files
Records used to facilitate the processing of a specific job/run or to create, update, modify, transfer, export, import, manipulate, or sort data within an automated system, including “macro” or “startup” file or other electronic record created to preserve a combination of data elements and/or method of displaying these data elements, when all transactions are captured in a master file, central file, transaction file, or database, and the file is not retained to provide an audit trail.

Minimum Retention and Disposition:  Destroy after the transaction is completed, except retain as long as reports, studies and other principal records for which the file is created are retained when the electronic file is needed to recreate or document a transaction.

Justification:  Agencies generally manage these types of files as nonrecords and do not retain them to document agency business or because of the information they contain.

Records Not Covered:  Intermediate files retained to document transactions are covered by item #90244.  Intermediate files retained to serve as an audit trail are covered by item #90246.  Intermediate files needed for system recovery backup are covered by item #90237.

*90244  Processed Transaction Files
Records used to update and/or document a transaction in database or master file and not retained to document a program unit action, including transaction files, DBMS log, update files, and similar records.

Minimum Retention and Disposition:  Destroy when no longer needed for administrative use, but not before any audit or legal needs for records have been met.

Justification:  Transaction records are retained to create an audit trail for a master file/database and can be used to recreate a database/master file or document changes in a master file/database for legal admissibility purposes.

Records Not Covered: Records used to document a program unit's actions (e.g., receipt of a voucher, issuance of a check) as opposed to a strictly data processing transaction.

90245  Print Files (Not Used to Document a Transaction)
Source output data extracted from the system to produce hardcopy publications, printouts of tabulations, ledgers, registers, reports, or other documents when the files are not needed for audit purposes or to document program unit transactions.

Minimum Retention and Disposition:  Destroy after all print runs are completed, output verified (if required), and agency has no need to reproduce the report.

Justification:  These records have limited value after all related print runs are completed and the output verified.  In many cases, agencies will not manage print files as records.

Records Not Covered:  Print files needed for fiscal audits or retained to document transactions.

*90246  Audit Trail Files
Data generated during the creation of a master file or database and used to validate a master file or database during a processing cycle, such as date stamp, time stamp, user’s ID and other data fields.

Minimum Retention and Disposition:  Destroy after records are no longer needed for audit or legal purposes.

Justification:  Audit files are retained to create a management audit trail for and to ensure the quality of data.  They can aid in recreating or documenting changes in a master file or database for legal admissibility or other purposes.

Note:  Agencies may wish to retain audit files for 3 backup cycles to conform to standard data processing practices.

90247  IT Unit's Copies of Output Reports
Data processing unit's copy of output reports produced for client program units.

Minimum Retention and Disposition:  Destroy after output is distributed.

Justification:  After output is distributed to client, data processing unit's copy has limited value.

*90248  Summary or Extracted Data Files
Summary or aggregate data from a master file or database, including “snapshots” of data, created solely to distribute data to individuals or program units for reference and use, but not altered or augmented to support program-specific needs.

Minimum Retention and Disposition:  Destroy after data is distributed and, if necessary, receipt is acknowledged.

Justification:  These records are produced to distribute data to an IT unit's clients and have no value once this is accomplished.

Records Not Covered:  Summary or extract files altered or augmented to support program-specific needs.

*90249  Electronic Indexes, Lists, Registers, and Other Tracking Systems
Electronic indexes, lists, registers, and other systems used only to provide access to the hardcopy and electronic records in the custody of the IT unit.

Minimum Retention and Disposition:  Destroy after the related hardcopy or electronic records have been destroyed or reorganized, or the electronic indexes, lists, registers, and other tracking systems no longer provide utility for records access.

Justification:  Electronic indexes and tracking systems have no value after the related records are destroyed or reorganized.  Additionally, such records can be expensive to maintain and should not be retained when no longer of value.

Records Not Covered:  Electronic indexes and tracking systems of program units other than IT units.

*90251  Reports on the Destruction of Files ("Scratch Reports")
Records containing information on the destruction of files stored on electronic media in a tape library.

Minimum Retention and Disposition:  Destroy when no longer needed for administrative purposes, but not before any audit or legal needs for records documenting the destruction of files have been met.

Justification:  Records may be needed for a brief period to document that files were properly destroyed.

*90252  Tape Library Control Records
Records used to control the location, maintenance, and disposition of electronic media in an off-line tape storage library, including lists of holdings and control logs.

Minimum Retention and Disposition:  Destroy after superseded or after concerned records or media are destroyed or withdrawn from the tape library.

Justification:  Retention insures that current information on media stored in tape library is available.

 
DATA ADMINISTRATION
Data administration covers IT unit functions related to data administration support, including the maintenance of data standards, corporate data models, and data definitions and dictionaries.

*90253  Data/Database Dictionary Records
Records, usually in an automated system, used to manage data, including information on data element definitions, data structures or file layout, code tables, and other data attribute information or records that explain the meaning, purpose, logical relationships, ownership, use, or origin of data.

Minimum Retention and Disposition:  Destroy after discontinuance or modification of the related application, but not before the application's data is destroyed or transferred to a new structure or format and any audit or legal needs have been met.

Justification:  These records are essential for managing electronic records in agency automated information systems and have value as long as the data/electronic records are retained.  In some cases, agencies will retain data for extended periods of time, sometimes off-line.  In such cases, it is essential that related documentation be retained in an accessible format.

*90254  Data/Database Dictionary Reports
Periodic printouts from a data/database dictionary system, including data element attribute reports, database schema, and related records used for reference purposes.

Minimum Retention and Disposition:  Destroy when superseded or no longer used by agency, but not before any audit or legal needs have been met.

Justification:  Records have no administrative value after need for reference ceases.

Records Not Covered:  The official copy of essential data documentation is covered by either item #90227 or #90253.

IT SUPPORT
Refers to IT unit functions that provide support to users of mainframe or office computers, including assisting users to solve software and hardware problems, installing hardware or software, providing training, and the review and recommendation of software for agency use.

90255  Site/Equipment Support Files
Records documenting support services provided to specific computer equipment or installations, including site visit reports, program and equipment service reports, service histories, and correspondence and memoranda.

Minimum Retention and Disposition:  Destroy site visit reports, problem and equipment service reports, and routine correspondence and memoranda 3 years after creation.  Destroy service histories and other summary records after the related equipment is no longer in use.

Justification:  After the related equipment is no longer in operation the records have limited value.

*90256  Help Desk Telephone Logs and Reports
Records, including records generated from automated help desk ticketing systems, used to document requests for technical assistance and responses to these requests as well as to collect information on the use of computer equipment for program delivery, security, or other purposes.

Minimum Retention and Disposition:  Destroy 1 year after creation.

Justification:  Records are needed for at least 1 year to monitor user problems and equipment use, to compile monthly and annual statistics, and for reference for planning, management analysis, and other administrative purposes.

*90258  Hardware and Software Review Files
Records related to the review and recommendations for hardware and software for agency use, including vendor information, manuals, software reviews, and related material.

Minimum Retention and Disposition:  Destroy when no longer needed for administrative use.

Justification:  Records have limited administrative value after completion of review, although agencies may wish to retain records until hardware or software is no longer in use.

NETWORK/DATA COMMUNICATION SERVICES
Network and Data Communication Services covers IT unit functions related to installing and maintaining networks, diagnosing and coordinating problems on the network, monitoring circuit usage, and liaison with OFT and other network providers.  It also includes records related to providing and monitoring services delivered and received via the Internet.  For related records, see the Telecommunications Management section of this schedule.

90259  Network Site/Equipment Support Files
Records documenting support services provided to specific sites and computer-to-computer interfaces on a network, including site visit reports, trouble reports, service histories, and correspondence and memoranda.

Minimum Retention and Disposition:  Destroy site visit reports, trouble reports, and routine correspondence 3 years after creation.  Destroy service histories and other summary records after the related equipment or site is no longer in use.

Justification:  The records have limited value after the related site or equipment is no longer in operation.

Note:  Routine records that do not contain substantial information on the maintenance history or site can be weeded and destroyed on an annual basis.

*90260  Inventories of Network Circuits/Connections
Electronic or paper records containing information on network circuits or connections used by the agency, including circuit number, vendor, cost per month, type of connection, terminal series, software, contact person, and other relevant information about the circuit.

Minimum Retention and Disposition:  Destroy after superseded by new inventory or after the network circuit or connection is no longer used by agency, whichever is sooner.

Justification:  The records have no value after the related circuit is no longer in operation.

*90261  Network or Circuit Installation and Service Files
Copies of requests by agencies to the OFT Division of Telecommunications or service provider for data communication service, installation, or repair and response to the request, including work orders, correspondence, memoranda, work schedules, copies of building or circuitry diagrams, and non-official copies of fiscal documents.

Minimum Retention and Disposition:  Destroy 3 years after request is filled or repairs are made.

Justification:  Records should be retained 3 years for management analysis and planning.

Note:  Before disposing of these records, agencies must ensure that no legal actions have been initiated which might require access to them.  If a case-by-case review of files is impractical, the Office of the Attorney General advises retaining the records an additional 3 months beyond the minimum retention period.

 *90264  Network Implementation Project Files
Agency records used to plan and implement a network, including reports, justifications, working diagrams of proposed network, wiring schematics, and diagrams.

Minimum Retention and Disposition:   Destroy after superseded or obsolete.

Justification: Records are essential for operating a network.

*90363  Agency Internet Services Logs
Electronic files, logs or other records created to monitor access and use of agency services provided via the Internet, including, but not limited to, services provided via FTP (file transfer protocol), website or agency Telnet services.

Minimum Retention and Disposition:  Destroy when no longer needed for administrative use, but not before any audit or legal needs have been met.

Justification:  Records may be needed to document services provided by the agency and access/use of these services by its customers.  Records may be used for summary reports, IT audits, system security, or other purposes.

 

Top of page

Main page