Masthead web

Document Retention Policy Self-Assessment*

Section A Answer
1 Is the organization a publicly traded company?
2 Is the company planning to sell, merge or go public in the next 2-3 years?
3 Does the organization file Federal tax returns as a non-profit? (e.g., Form 990)
4 Is the organization in a heavily regulated industry? (e.g., pharma, banking, medical, defense contractor, higher ed, etc.)  
5 Is the organization regularly involved in litigation where any email or other electronic document would be relevant?  
6 Is the organization generally or potentially subject to audit or investigation by government or other regulatory authorities?  
7 Does the organization collect or maintain Personal Information (PI) or Personally Identifiable Information (PII) on its customers, employees, patients, clients or other constituents?  
Section B Answer
8 Does the organization have more than 25 employees?
9 Does the organization have facilities located in more than one jurisdiction?  
10 Does the organization use email to transmit or store contracts, employee information, financial information, or other records?  
11 Does the organization permit employees to copy or transfer documents from work to home computers?
12 Does the organization permit employees to store electronic documents on their computer hard drives rather than on a server-share or in an electronic document management system?  
13 Does the organization electronic files and email archives that have not been accessed or needed for years?
14 Does your IT department place a "mailbox limit" on employee email, forcing people to find other ways to store or preserve important documents? (e.g., PST files)  
15 Do your employees use flash drives, cloud storage (e.g., Google Docs), DVDs or other external storage to backup or store important electronic documents?
Section C Answer
16 Do you have an email archiving system?
17 Do you have an updated computer use and email retention policy in place?  
18 Do you preserve departing employees' electronic files for a period after separation?  
19 Do you prohibit use of company computers for personal business?  
20 Do you have a written procedure in place for implementing "legal or litigation" hold to be triggered by anticipated audit, investigation or litigation?  
Section A - If your response to any of the questions in Section A was YES, your organization is in a higher risk environment.  Even if a legacy document retention policy is in place, management should take steps to make sure it reflects current practices and is updated to reflect the actual use of email and other electronically stored information (ESI). 
  Section B - In this Section, YES answers are strong indicators of the need to create or update a document retention policy.  These indicators must be considered in conjunction with the particular risk environment for the organization as well as more specific information concerning organizational practices and IT data systems architecture.  We provide this service.    
Section C - In this Section, NO answers are indicators of shortcomings in best practices and industry standards.  The more unstructured your data and the more widespread its copying and storage, the greater the legal risk and cost in the event the information must be preserved and produced in the event of an audit, investigation or litigation.  Better management of information assets can generate ROI in many organizations.  Contact us for a confidential initial consultation.
To schedule a confidential initial consultation please contact Steve O'Neill at or toll-free 888-766-3455.

If you need to know where to start, Start Here.

* Privacy Notice: This page does not collect or record any of your selections. Print a copy for your own use.