Policy Effective Date July 21, 2004 Date of Last Revision October 16, 2014 Chapter Name Information Management Chapter Number Title 4.7 Electronic Report Retention 1.0 Purpose The purpose of the electronic report retention policy is to document the amount of time that a report will be viewable to those Eastern Michigan University (EMU) employees who require the information to perform their daily responsibilities. Individual departments are required to maintain necessary reports to meet federal/state regulations and auditor’s requirements. Division of Information Technology (DoIT) will maintain the source data to meet mandated requirements but will not archive the actual report format for the required period. 2.0 Scope This policy applies only to reports which are generated from official university data sources and created as part of production scheduling and execution, or delivered via electronic distributed printing system. The scope of this policy does not include desktop applications or ad hoc reports by the user community. 3.0 Policy DoIT will maintain output in the original report format for 30 days, unless a different timeframe has been agreed to by DoIT and is documented on the DoIT Policy web site. DoIT will dispose of the output, once that timeframe has lapsed, without notice to the end user community. Exceptions to the standards will be requested by the Data Owner and approved by the Director, Enterprise Operations with consultation of the Enterprise Resource and Planning (ERP) Business Operations Committee (BOC). Any retention requirements legal or otherwise beyond DoIT standards shall be the sole responsibility of the department that owns or requested the report. DoIT does not guarantee the retention of output from test environments. 4.0 Responsibility for Implementation The Director of Enterprise Operations is responsible for the overall implementation of this policy. 5.0 Enforcement Any employee found to violate federal or State of Michigan laws, EMU policies, procedures or standards of conduct, will be subject to disciplinary action under University policy. Any student found to violate federal or State of Michigan laws, EMU policies, procedures or standards of conduct, will be subject to disciplinary action under EMU’s Student Code of Conduct. Any suspected violation of state or federal laws will be reported to the appropriate legal authority for investigation. The University reserves the right to protect its electronic resources from threats of immediate harm. This may include activities such as disconnecting an offending computer system from the campus network, terminating a running job on a computer system, or taking other action. IT Policy Form Version 3.0 Page 1 of 2 6.0 Definitions Term Data Owner Ad hoc reports Definition Entity that can authorize or deny access to certain data, and is responsible for its accuracy, integrity, and timeliness. For ERP modules, the Functional Security Representative assumes the role of data owner. Reports created without intervention from DoIT staff or services. 7.0 Revision History Description Gniewek/Rose Original request/proposed draft Dorendorf Revised for new format; PRC revisions Laundra Copyedited/proofed for upload Policy Committee with modifications by L. Rose Modifications by L. Rose Policy Committee CIO approval IT Policy Approval Date July 21, 2004 April 25, 2006 May 2, 2006 May 1, 2014 September 19, 2014 October 16, 2014 October 18, 2014 Page 2 of 2