University Records Retention Schedules

Information Services Records

Note: Unless otherwise stated in the schedule, retention and disposition for other copies of records is “retain until administrative purpose served, then destroy.”
Applications/Systems–Implementation Projects Records relating to the implementation of the University's computer software applications, databases and websites (internet and intranet). Excludes records covered by Applications/Systems – Technical Design (DAN GS 14001). Official Copy: Any Department Retention and Disposition: Retain for 6 years after end of project, then destroy. DAN GS 14037 Rev. 1 (Information Services Records)
Applications/Systems–Technical Design Records relating to the technical design of the University's computer software applications, databases and websites (internet and intranet). Includes, but is not limited to: Design documentation/detail; Database schema and dictionaries; Source code; System and program change descriptions/authorizations; Development plans (for testing, training, conversion, and acceptance); Release notes; Operational and user instructions; Acceptance testing. Excludes records covered by Applications/Systems–Implementation Projects (DAN GS 14037). Official Copy: Any Department Retention and Disposition: Retain until application or version is no longer needed for University business and all records within the application have been migrated/ deleted/ transferred in accordance with a current approved records retention schedule, then destroy. (Essential) DAN GS 14001 Rev. 1 (Information Services Records)
Audit Trails and System Usage Monitoring Records documenting the use of the University's information technology and communication systems to ensure security and appropriate use. Includes, but is not limited to: Audit trails; Authorizations for and modifications to the configurations and settings of the University's IT infrastructure (such as firewalls, routers, ports, network servers, etc.); Log-in records, security logs and system usage files; Internet activity logs (sites visited, downloads/uploads, video/audio streaming, etc.); Fax and telephone logs. Excludes records covered by: Internet Browsing (DAN GS 50010); Security Incidents and Data/Privacy Breaches (DAN GS 25008). For WSU purposes, includes PCI DSS audit logs. Official Copy: Any Department Retention and Disposition: Retain until no longer needed for University business, then destroy. DAN GS 14020 Rev. 2 (Information Services Records)
Authorization–Systems/Telecommunications Access Records documenting the authorization of employees (including contractors and volunteers) to use University systems/applications and telecommunication services. Includes, but is not limited to: User account creation/change requests; Network access authorization requests; Related correspondence/communications. For WSU purposes, this series includes, but is not limited to, telephone authorization code files for administrators, and access authorizations for Administrative Information Systems applications, myWSU, financial and student data warehouses, and Workday security access requests. Excludes records covered by Authorization–Building/Facility Access (DAN GS 25001). Official Copy: Any Department Retention and Disposition: Retain for 6 years after end of fiscal year in which user account/access was terminated, then destroy. (Essential) DAN GS 14012 Rev. 2 (Information Services Records)
Automated/Scheduled Tasks and Work/ Intermediate/Test Files Records relating to scheduled, computer-driven tasks and other work/intermediate files. Includes, but is not limited to: Run reports and requests; Task schedules; Test data sets; Successful completion reports; Valid transaction files; Work/intermediate files. Excludes records covered by Audit Trails and System Usage Monitoring (DAN GS 14020). Official Copy: Any Department Retention and Disposition: Retain until no longer needed for University business, then destroy. DAN GS 14015 Rev. 2 (Information Services Records)
Backups for Disaster Preparedness / Recovery Routine backups of IT systems and data for disaster preparedness and recovery. Official Copy: Any Department Retention and Disposition: Retain until no longer needed for University business, then destroy. (Essential) DAN GS 14011 Rev. 2 (Information Services Records)
Helpdesk Requests Records relating to requests for advice and assistance in using the University's information technology and telecommunications equipment, systems and applications. Official Copy: Any Department Retention and Disposition: Retain until finalization of request, then destroy. DAN GS 14029 Rev. 1 (Information Services Records)
Network–Design and Build Records relating to the design and construction of the University's information technology networks. Includes, but is not limited to: Network diagrams and build guides; Master control list of Internet Protocol (IP) address assignments; Uniform Resource Locator (URL) addresses and passwords. Official Copy: Any Department Retention and Disposition: Retain until no longer needed for University business, then destroy. DAN GS 14031 Rev. 1 (Information Services Records)
Policy Exceptions Provides documentation of approvals for: Information security policy exceptions (WSU Executive Policy #37), and University data policy exceptions. (WSU Executive Policy #8). Official Copy: Office of Chief Information Officer Retention and Disposition: Retain for the life of the exception, then destroy. DAN 19-06-69367 (Information Services Records)
Server Logs Provides a record of server functions. May include, but is not limited to: system processes, access logs, process tracking, error messages, logs related to any special server functions or roles. Official Copy: Any Department Retention and Disposition: Retain for 1 month after date of daily record, then destroy. DAN 11-12-63649 (Information Services Records)

Note: Unless otherwise stated in the schedule, retention and disposition for other copies of records is “retain until administrative purpose served, then destroy.”

Applications/Systems–Implementation Projects

Records relating to the implementation of the University's computer software applications, databases and websites (internet and intranet).

Excludes records covered by Applications/Systems – Technical Design (DAN GS 14001).

Official Copy: Any Department

Retention and Disposition: Retain for 6 years after end of project, then destroy.

DAN GS 14037 Rev. 1 (Information Services Records)

Applications/Systems–Technical Design

Records relating to the technical design of the University's computer software applications, databases and websites (internet and intranet). Includes, but is not limited to:

Design documentation/detail;
Database schema and dictionaries;
Source code;
System and program change descriptions/authorizations;
Development plans (for testing, training, conversion, and acceptance);
Release notes;
Operational and user instructions;
Acceptance testing.

Excludes records covered by Applications/Systems–Implementation Projects (DAN GS 14037).

Official Copy: Any Department

Retention and Disposition: Retain until application or version is no longer needed for University business and all records within the application have been migrated/ deleted/ transferred in accordance with a current approved records retention schedule, then destroy. (Essential)

DAN GS 14001 Rev. 1 (Information Services Records)

Audit Trails and System Usage Monitoring

Records documenting the use of the University's information technology and communication systems to ensure security and appropriate use. Includes, but is not limited to:

Audit trails;
Authorizations for and modifications to the configurations and settings of the University's IT infrastructure (such as firewalls, routers, ports, network servers, etc.);
Log-in records, security logs and system usage files;
Internet activity logs (sites visited, downloads/uploads, video/audio streaming, etc.);
Fax and telephone logs.

Excludes records covered by:

Internet Browsing (DAN GS 50010);
Security Incidents and Data/Privacy Breaches (DAN GS 25008).

For WSU purposes, includes PCI DSS audit logs.

Official Copy: Any Department

Retention and Disposition: Retain until no longer needed for University business, then destroy.

DAN GS 14020 Rev. 2 (Information Services Records)

Authorization–Systems/Telecommunications Access

Records documenting the authorization of employees (including contractors and volunteers) to use University systems/applications and telecommunication services. Includes, but is not limited to:

User account creation/change requests;
Network access authorization requests;
Related correspondence/communications.

For WSU purposes, this series includes, but is not limited to, telephone authorization code files for administrators, and access authorizations for Administrative Information Systems applications, myWSU, financial and student data warehouses, and Workday security access requests.

Excludes records covered by Authorization–Building/Facility Access (DAN GS 25001).

Official Copy: Any Department

Retention and Disposition: Retain for 6 years after end of fiscal year in which user account/access was terminated, then destroy. (Essential)

DAN GS 14012 Rev. 2 (Information Services Records)

Automated/Scheduled Tasks and Work/ Intermediate/Test Files

Records relating to scheduled, computer-driven tasks and other work/intermediate files.
Includes, but is not limited to:

Run reports and requests;
Task schedules;
Test data sets;
Successful completion reports;
Valid transaction files;
Work/intermediate files.

Excludes records covered by Audit Trails and System Usage Monitoring (DAN GS 14020).

Official Copy: Any Department

Retention and Disposition: Retain until no longer needed for University business, then destroy.

DAN GS 14015 Rev. 2 (Information Services Records)

Backups for Disaster Preparedness / Recovery

Routine backups of IT systems and data for disaster preparedness and recovery.

Official Copy: Any Department

Retention and Disposition: Retain until no longer needed for University business, then destroy. (Essential)

DAN GS 14011 Rev. 2 (Information Services Records)

Helpdesk Requests

Records relating to requests for advice and assistance in using the University's information technology and telecommunications equipment, systems and applications.

Official Copy: Any Department

Retention and Disposition: Retain until finalization of request, then destroy.

DAN GS 14029 Rev. 1 (Information Services Records)

Network–Design and Build

Records relating to the design and construction of the University's information technology networks. Includes, but is not limited to:

Network diagrams and build guides;
Master control list of Internet Protocol (IP) address assignments;
Uniform Resource Locator (URL) addresses and passwords.

Official Copy: Any Department

Retention and Disposition: Retain until no longer needed for University business, then destroy.

DAN GS 14031 Rev. 1 (Information Services Records)

Policy Exceptions

Provides documentation of approvals for:

Information security policy exceptions (WSU Executive Policy #37), and
University data policy exceptions. (WSU Executive Policy #8).

Official Copy: Office of Chief Information Officer

Retention and Disposition: Retain for the life of the exception, then destroy.

DAN 19-06-69367 (Information Services Records)

Server Logs

Provides a record of server functions. May include, but is not limited to: system processes, access logs, process tracking, error messages, logs related to any special server functions or roles.

Official Copy: Any Department

Retention and Disposition: Retain for 1 month after date of daily record, then destroy.

DAN 11-12-63649 (Information Services Records)