Sample Email Retention Policy Template

You will find a finished Sample Email Retention Policy Template of what a working Email Retention Policy would look like with a fictitious company.

Email Retention Policy

Introduction

Information Resources are strategic assets of DefArm Incorporated and must be treated as valuable resources. DefArm provides various computer resources and devices to its employees for assisting them in the performance of their job-related duties. This policy clearly documents  the Email Retention Policy is intended to help employees determine what information sent or received by email should be retained and for how long.

This Email Retention Policy in conjunction with the corresponding standards is established to achieve the following:

Establishing the retention policy regarding the use of all DefArm includes, but is not limited to, information that is either stored or shared via electronic mail or instant messaging technologies.

Roles & Responsibilities

Our Commitment to You

  • DefArm’s management will establish a periodic reporting requirement to measure the compliance and effectiveness of this policy.
  • DefArm’s management is responsible for implementing the requirements of this policy, or documenting non-compliance via the method described under exception handling.
  • DefArm’s Managers, in cooperation with Information Security Department, are required to train employees on policy and document issues with Policy compliance.

Email Retention Policy Rate

This email retention policy is secondary to DefArm policy on Freedom of Information and Business Record Keeping.   Any email that contains information in the scope of the Business Record Keeping policy should be treated in that manner.

All DefArm email and instant messaging information is categorized into four main classifications with retention guidelines:

  1. Administrative Information Messages (6 years)
  2. Fiscal Information Messages (6 years)
  3. General Information Messages (2 year)
  4. Ephemeral Information Messages (Retain until read, destroy)

Email Retention Policy

Administrative Information Messages

DefArm’s Administrative Information Messages includes, though is not limited to clarification of established company policy, including holidays, time card information, dress code, work place behavior, and any legal issues such as intellectual property violations.

All email with the information sensitivity label Management Only shall be treated as Administrative Correspondence.  To ensure Administrative Correspondence is retained, a mailbox postmaster@defarm.net has been created, if you copy (cc) or blind copy (bcc) this address when you send email, retention will be administered by the IT Department.

Fiscal Information Messages

DefArm’s Fiscal Information Messages is all information related to revenue and expense for the company.  To ensure Fiscal Correspondence is retained, a mailbox finance@defarm.net has been created, if you copy (cc) or blind copy (bcc) this address when you send email, retention will be administered by the IT Department.

General Information Messages

DefArm’s General Information Messages covers information that relates to customer interaction and the operational decisions of the business.  The individual employee is responsible for email retention of General Correspondence.

Temporary Information Messages

DefArm’s Temporary Information Messages is by far the largest category and includes personal email, requests for recommendations or review, email related to product development, updates and status reports.

Instant Messenger Correspondence

DefArm’s Instant Messenger General Correspondence may be saved with logging function of Instant Messenger, or copied into a file and saved.  Instant Messenger conversations that are Administrative or Fiscal in nature should be copied into an email message and sent to the appropriate email retention address.

Enforcement

DefArm’s management reserves the right to monitor and/or log all employee use of DefArm’s Information Resources with or without prior notice to ensure all complies with this policy.

Consequences of Violations

Violations of this Email Retention Policy will be documented and can lead to revocation of your system privileges and/or disciplinary action up to and including termination.
Additionally, the DefArm may, at its discretion, seek legal remedies for damages incurred because of any violation. The company may also be required by law to report certain illegal activities to the proper enforcement agencies.

 Sources for Email Retention Policy:

http://www.sans.org/security-resources/policies/email_retention.pdf