All-University Records Retention Schedules

Information Services

Record Series Title—Function/PurposeLocation
(*Official Copy)
Retention and Disposition ActionDisposition Authority No.Remarks
Applications/Systems -- Implementation Projects
Records relating to the implementation of the University's computer software applications, databases and websites (internet and intranet).

Excludes records covered by Applications/Systems – Technical Design (DAN GS 14001).
Department*Retain for 6 years after
end of project,
then destroy.
GS 14037
Rev. 1
Applications/Systems -- Technical Design
Records relating to the technical design of the University's computer software applications, databases and websites (internet and intranet). Includes, but is not limited to:

  • Design documentation/detail;
  • Database schema and dictionaries;
  • Source code;
  • System and program change descriptions/authorizations;
  • Development plans (for testing, training, conversion, and acceptance);
  • Release notes;
  • Operational and user instructions;
  • Acceptance testing.
Excludes records covered by Applications/Systems -- Implementation Projects (DAN GS 14037).
Department*Retain until application or version is no longer needed for University business

and

all records within the application have been migrated/ deleted/ transferred in accordance with a current approved records retention schedule, then destroy.
GS 14001
Rev. 1
Essential
Audit Trails and System Usage Monitoring
Records documenting the use of the University's information technology and communication systems to ensure security and appropriate use. Includes, but is not limited to:

  • Audit trails;
  • Authorizations for and modifications to the configurations and settings of the University's IT infrastructure (such as firewalls, routers, ports, network servers, etc.);
  • Log-in records, security logs and system usage files;
  • Internet activity logs (sites visited, downloads/uploads, video/audio streaming, etc.);
  • Fax and telephone logs.
Excludes records covered by Internet Browsing (DAN GS 50010; see Admin-Gen Office Recs table).

For WSU purposes, includes PCI DSS audit logs.
Department*Retain for 1 year after
date of activity,
then destroy.
GS 14020
Rev. 1
Authorization -- Systems/Telecommunications Access
Records documenting the authorization of employees (including contractors and volunteers) to use University systems/applications and telecommunication services. Includes, but is not limited to:

  • User account creation/change requests;
  • Network access authorization requests;
  • Related correspondence/communications.
For WSU purposes, this series includes, but is not limited to, telephone authorization code files for administrators, and access authorizations for Administrative Information Systems applications, myWSU, financial and student data warehouses, and Workday security access requests.
Department*Retain for 6 years after
end of fiscal year in which user account/access was terminated,
then destroy.
GS 14012
Rev. 1
Essential
Automated/Scheduled Tasks and Work/ Intermediate/Test Files
Records relating to scheduled, computer-driven tasks and other work/intermediate files.
Includes, but is not limited to:

  • Event logs;
  • Run reports and requests;
  • Task schedules;
  • Test data sets;
  • Successful completion reports;
  • Valid transaction files;
  • Work/intermediate files.
Department*Retain for 30 days after
date of document,
then destroy.
GS 14015
Rev. 1
Backups for Disaster Preparedness / Recovery
Routine/cyclical backups of IT systems and data for the purposes of disaster preparedness and recovery.
Department*Retain until
no longer needed for
University business,
then destroy.
GS 14011
Rev. 1
Essential
Helpdesk Requests
Records relating to requests for advice and assistance in using the University's information technology and telecommunications equipment, systems and applications.
Department*Retain until
finalization of request,
then destroy.
GS 14029
Rev. 1
Network -- Design and Build
Records relating to the design and construction of the University's information technology networks.

Includes, but is not limited to:

  • Network diagrams and build guides;
  • Master control list of Internet Protocol (IP) address assignments;
  • Uniform Resource Locator (URL) addresses and passwords.
Department*Retain until
no longer needed for
University business,
then destroy.
GS 14031
Rev. 1
Policy Exceptions
Provides documentation of approvals for:

  • Information security policy exceptions (WSU Executive Policy #37), and
  • University data policy exceptions. (WSU Executive Policy #8).
Office of Chief
Information Officer
Retain for the life of the exception,
then destroy.
19-06-69367
Server Logs
Provides a record of server functions. May include, but is not limited to: system processes, access logs, process tracking, error messages, logs related to any special server functions or roles.
Department*Retain for 1 month after
date of daily record,
then destroy.
11-12-63649