state agencies’ records retention schedule s6: information systems records s6 retention schedules
TRANSCRIPT
State Agencies’ Records Retention Schedule
S6: Information Systems Records
S6 Retention Schedules
State of CT Schedules
S1 - Administrative Records (rev. 1/2010)
S2 - Personnel Records (rev. 1/2010)
S3 - Fiscal Records (rev. 1/2010)
S4 - Health Records (rev. 11/2010) NEW
– Records Retention Policy for Hospital Closures, Mergers, and Consolidations
S5 - Higher Education Records (rev. 1/2010)
S6 - Electronic Data Processing Records
– Now ‘Information Systems Records”
S7 - Full-Time Post Secondary Programs in Vocational-Technical School Systems
S8 - Correctional Facilities Records
S9 - Libraries, Archives and Museums (under development)
S10 - Public Safety and Emergency Services Records NEW
S6: Information Systems Records
The S6 Records Retention Schedule defines the record types and the retention requirements for records that are commonly generated during evaluation, implementation, management and use of an Information System.
Examples:
Systems Logs, Source Code, Support Records
S6 Review Committee
Representatives from several State Agencies convened to review the original S6: Data Processing Records retention schedule that was last revised in 1999.
The original schedule was quickly discarded and a new one was created based on current technology and terminology.
S6: General Intent
Defines the minimum length of time the agency/department must maintain the record.
– These are NOT requirements to “generate” a specific record type – If you don’t generate the record, there is no requirement to maintain it.
– Generation of the record is based on operating procedures, policies and department functions
S6: Disposition
Documentation of disposal of log data occurs in two ways:
Certificate of Compliance
RC-108
Certificate of Compliance
Certifies that the department will meet the retention and disposition requirements established by the Office of the Public Records Administrator in State Agencies’ Records Retention/Disposition Schedule S6: Information Systems Records.
Allows the agency/department to destroy certain types of records automatically (without an RC-108) so long as the destruction is in accordance with the minimum retention
– Information Systems Backup Recovery Media
– Information Systems Data or Database Dictionary Documentation
– Information Systems Usage Records
– And many others!
Certificate of Compliance
Compliance with the S6: Information System Records Retention Schedule would be unmanageable without the Certificate Completed Annually
Signed certificate must be maintained for 1 year after expiration
Must be submitted by June 30th .
Download your Certificate of Compliance from
http://www.cslib.org/publicrecords/opraforms.htm
RC-108
Without a Certificate of Compliance, the department must complete an RC-108 to dispose of records. Examples include:
– For deleting system logs
– When making modifications to operating procedures
– Before overwriting backups
– Download the RC-108 form from here: http://www.cslib.org/publicrecords/opraforms.htm
S6,Series 10: Administratively Valuable
“Until no longer administratively valuable.”
– It is recommended that each agency documents how long individual usage records are maintained pursuant to defined administrative value.
The same log types on multiple systems may have different values to an organization based on the use or users of a system, application, device, etc.
ISO Retention Schedule
Regulations, laws, and business requirements supersede minimum retention requirements.
Example – A regulation requires system logs to be maintained for 6 months, but the retention schedule only requires 3 weeks. – Maintain the information for 6 months.
Information Security Office examples
Category Schedule
Access Logs 6 Months
System Logs 12 Months
Traffic Logs 3 Months
Incident Logs 4 Months
Splunk
The Information Security Office is managing most series 10 related log retention schedules through Splunk.
Each index has a custom retention schedule, currently:– 1 Week– 1 Month– 3 Months– 4 Months– 6 Months– 12 Months– 18 Months– 6 Years (default, if not otherwise configured)
Data is automatically purged when it reaches the defined expiration
Splunk
Additional custom indexes can be created.
Agent install is fast and virtually effortless for basic log types.
Supports specialized application and database log files.
Log harvesting, parsing and alerting tools.
Robust searching and analysis features.
Role Based Access Control.
In Closing
S6 has been updated, is clearer, more useable
Only logs that are collected apply
Certificate of Compliance or RC-108 required for disposal
‘administratively useful’ needs to be documented
Splunk is available to any department collecting records
Contact the security office for more information.
S6 documentation/tools on security.uconn.edu