• University Records/Information Retention and Disposition

    PRESIDENT'S DIRECTIVE NO. 20 

  • I. Directive

    In light of the importance of securely and properly retaining or disposing of records/information generated through campus operations, CSU Executive Order 1031 requires campuses to develop and implement procedures for (a) designating custodians of records/information, (b) identifying records/information that have historic or vital value and/or are necessary for business continuity/disaster recovery, (c) adding unique campus records/information to the CSU retention and disposition schedules (“CSU Schedules”) and (d) ensuring the timely disposal of records/information in any media. This Directive fulfills these requirements.
  • II. Authority

    CSU Executive Order 1031.
  • III. Scope

    This Directive applies to the retention and disposition of University records/information in any media. University auxiliary and affiliate organizations are responsible for applying similar practices to the retention and disposition of their respective records/information.
  • IV. Definitions

    This Directive incorporates the definitions found in CSU Executive Order 1031 for the following terms:
    • Business Continuity/Disaster Recovery
    • Custodian
    • Disposition
    • Media
    • Records/Information
    • Retention
    • Authority
    • Retention
    • Period
    • Schedule
    • Value
  • V. Implementation

  • A. Division Heads

    Each Division Head is responsible for the implementation and coordination of this Directive within their respective Division.
  • B. Information Security Officer

    The University’s Information Security Officer is responsible for developing, implementing and managing (a) a process/communication plan to ensure records/information are maintained/secured in accordance with CSU and University policies, and (b) guidelines to ensure appropriate and timely disposal of records/information. The process and guidelines noted above will be posted and updated as needed on the “Document Retention” tab on website for the Division of Information Technology.
  • C. Executive Director, Risk Management

    The University’s Executive Director, Risk Management is responsible for developing, implementing and managing procedures to (a) designate custodians and review designations annually, (b) identify records/information that may have a historic or vital value or is necessary for business continuity, and (c) modify as necessary the CSU Schedules to incorporate records unique to the University. The procedures noted above will be posted and updated as needed on the “Document Retention” tab on website for the Division of Information Technology.
  • D. Records/Information Retention and Disposition Committee

    Co-chaired by the Information Security Officer and the Executive Director, Risk Management, the committee’s primary responsibility is to review and provide feedback concerning the procedures/communication plans noted in paragraphs V.B. and V.C. above. Its members will include representatives from:
  • E. Custodians

    Custodians of records/information are responsible for:
    • Ensuring administrative areas are operating in compliance with the CSU Schedules.
    • Identifying records/information that have historic or vital value or support business continuity.
    • Identifying records/information within their control not addressed in the CSU Schedule.
    • Ensuring timely and documented disposal of records/information within their control.
  • F. Faculty, Staff and Administrators

    Faculty, administrators and staff are individually responsible for retaining and disposing of records/information within their control in a manner consistent with the CSU Schedules.
  • VI. Accountability

    • A. The University will dispose of or archive annually records/information that, after reviewing all applicable retention authority and retention periods as well as assessing the value, it determines may be destroyed or archived.
    • B. Individuals who violate this Directive are subject to appropriate disciplinary action pursuant to the applicable collective bargaining agreement and/or administrative policies or procedures.
    • C. The contacts for questions concerning this Directive are the University’s Information Security Officer and Executive Director, Risk Management.

 

 

SCHEDULE SERIES – CUSTODIAN

 

#

Subject Area

Custodian(S)

 

1

Personnel / Payroll

 

2

Fiscal

 

3

Environmental Health and Safety

 

4

Student Records

 

5

Facilities

 

6

University Police

 

7

University Advancement

 

8

Academic Personnel

 

9

Curriculum & Accreditation

 

10

Research & Sponsored Programs

 

11

Institutional Records