Backup Retention Policy

Franklin & Marshall strives to set an appropriate balance between retention of electronic back up files and tapes to allow for responsible management of our systems and services and the need to eliminate data that should no longer be retained.  What follows outlines our retention policy.

When attempting to make a specific determination as to how long any particular piece of data from an individual user’s account may be retained or recoverable, it is important to keep in mind both the retention policies and procedures outlined below.  And as well, the College’s provisioning/deprovisioning matrix. This matrix defines how long a user’s account may remain active after they depart and there is some variation based upon user type. (student, faculty, alumni, emeritus, etc.)

Note: At the request of College legal counsel, restrictions on deletion of certain data and/or files, typically referred to as a "litigation hold,"  may be implemented, which would supersede the retention periods outlined in this policy. Such data and/or files shall be retained by the College until notice from the College's legal counsel.  

Retention of backup files and tapes for data and servers that reside on campus

The College’s data storage environment retains single day snapshots for the previous 30 days.  These snapshots are held on campus and at the College’s Disaster Recovery off-site facility.

Beyond 30 days, the College retains a single monthly backup of data from the College’s data storage environment for the previous 24 months.  Backups do not leave campus, but instead reside in the College’s vault located away from the primary data center.

This practice impacts the following systems: All virtual servers.

Should a documented need arise to retain a Banner backup or snapshot for regulatory or audit purposes that extends beyond this window, data stewards should make the need known to AdminIT as part of College IT governance and IT staff will accommodate.

Retention of Log Files

Log file data is data generated about system events.  This data is valuable when an incident occurs or a problem with a campus system needs to be diagnosed.  However, this data can grow large and can be costly to store. For this reason, we believe it is important to be specific about the amount of log file data we will retain.  We will retain no more than 24 months of log file data and will monitor and review this as necessary. There is little impact for campus in setting a log file retention policy.  However, this is helpful data for Information Technology staff. If a vulnerability was discovered, our capacity to trace backwards would not be greater than 24 months.

Retention of faculty and staff desktop computer back up data

The College provides faculty and staff with a tool for backing up the data on their desktop computer or laptop.  This is not required, but can be optionally installed. This backup tool is meant to protect an end user’s data in the event their computer suffers a hard disk failure, is stolen, etc.  This tool is also a convenient way for a user to retrieve a file that they have accidentally deleted.

This backup solution is meant to provide added protection to data that resides on individual users’ computers, it is not further backed up as other campus systems are. Back up data for a user is maintained for 90 days.  Should a user delete a file and wish to restore it, they could do so for up to 90 days from the time of deletion. If a user departs the College, their data backup would remain on the system for 12 months. At that time, their deactivated account would be removed.  To reiterate, individual’s files or email contents are not backed up by any other system.

Retention and backup for data and systems that reside off campus (Cloud Services)

Google Apps for Education-Retention

With the exception of students who graduate from the College and retiring faculty and staff who retain their account and data for life, all other user accounts are deactivated following the College’s provisioning/deprovisioning matrix.  For non-retiring, non-alumni faculty and staff their account is deactivated on the day of their departure.

When an account is deactivated:

  • All of the user’s mail and Google Docs are retained for 12 months.  At the time of account deactivation, a supervisor or appropriate administrator receives an audit report from ITS.  The report provides information about the Google Docs that had been owned by the departing individual so that supervisor has the opportunity to request their ownership be changed to another individual.  If an individual is retaining their account (emeritus or alumnus/a for example) a second audit report details what documents owned by others were shared with this individual, so that permission can be revised.  This is particularly helpful for situations where a departing colleague is permitted to retain their account but should not have access to shared departmental files. Google Docs and mail are unrecoverable 12 months after an account is deactivated.

Files and messages deleted by an active account-holder:

When a user deletes a message from their Gmail account or a document from their Google Apps account, that message remains in their ‘trash’ for 30 days.  The item is retrievable by the user during that time. If the user elects to empty the trash before 30 days, the message or file is no longer retrievable by the user.  When a message or file is no longer in the Trash, it can be recovered by an IT administrator for an additional 25 days.

--------

Policy Maintained by: Information Technology Services, Vice President and Chief Information Officer

Last Reviewed: 13 August 2018