[{"data":1,"prerenderedAt":476},["ShallowReactive",2],{"document-record-retention-policy-D13760":3},{"document":4,"label":23,"preview":11,"thumb":24,"thumb600":25,"description":5,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":26,"breadcrumb":30,"related":36,"customDescModule":172,"customdescription":6,"mdFm":173,"mdProseHtml":475},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":15},"RECORD RETENTION POLICY PURPOSE The purpose of this Record Retention Policy is to establish guidelines and procedures for the creation, storage, and disposal of records and documents by [COMPANY NAME]. This Policy aims to ensure compliance with legal and regulatory requirements while efficiently managing the lifecycle of company records. SCOPE This Policy applies to all employees, contractors, vendors, and authorized individuals who create, manage, or handle records and documents on behalf of [COMPANY NAME]. It encompasses both physical and electronic records. RECORD CATEGORIES Records and documents will be categorized into the following categories based on their retention requirements: Financial Records: Includes financial statements, invoices, receipts, tax records, and related financial documentation. Personnel Records: Includes employee files, employment contracts, payroll records, and benefit records. Legal and Compliance Records: Includes contracts, agreements, legal correspondence, licenses, permits, and compliance-related documents. Operational Records: Includes operational manuals, procedures, customer records, and vendor information. Corporate Governance Records: Includes board meeting minutes, resolutions, and corporate governance documents. Health and Safety Records: Includes accident reports, safety inspection records, and health-related documents. Intellectual Property Records: Includes patents, trademarks, copyrights, and related documentation. RECORD RETENTION PERIODS The retention periods for each record category will be established in accordance with applicable legal and regulatory requirements. Retention periods may vary by jurisdiction and type of record",null,"Record Retention Policy","3",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/record-retention-policy-D13760.png","https://templates.business-in-a-box.com/imgs/250px/13760.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13760.xml",{"title":15,"description":6},"record retention policy",[17,20],{"label":18,"url":19},"Human Resources","/templates/human-resources/",{"label":21,"url":22},"Company Policies","/templates/company-policies/","Record Retention Policy Template","https://templates.business-in-a-box.com/imgs/400px/13760.png","https://templates.business-in-a-box.com/imgs/600px/13760.png",[27,17,20],{"label":28,"url":29},"Templates","/templates/",[31,32,35],{"label":28,"url":29},{"label":33,"url":34},"Administration","/templates/business-administration/",{"label":21,"url":22},[37,41,45,49,53,57,61,66,70,74,78,82,86,102,118,130,143,160],{"label":38,"url":39,"thumb":40,"extension":10},"Record Retention Policy For Nonprofits","/template/record-retention-policy-for-nonprofits-D14045","https://templates.business-in-a-box.com/imgs/250px/14045.png",{"label":42,"url":43,"thumb":44,"extension":10},"Retention Policy","/template/retention-policy-D13183","https://templates.business-in-a-box.com/imgs/250px/13183.png",{"label":46,"url":47,"thumb":48,"extension":10},"Data Retention Policy","/template/data-retention-policy-D13955","https://templates.business-in-a-box.com/imgs/250px/13955.png",{"label":50,"url":51,"thumb":52,"extension":10},"Document Retention Policy","/template/document-retention-policy-D13263","https://templates.business-in-a-box.com/imgs/250px/13263.png",{"label":54,"url":55,"thumb":56,"extension":10},"Data Retention And Destruction Policy","/template/data-retention-and-destruction-policy-D12634","https://templates.business-in-a-box.com/imgs/250px/12634.png",{"label":58,"url":59,"thumb":60,"extension":10},"Records Management and Retention Policy","/template/records-management-and-retention-policy-D13761","https://templates.business-in-a-box.com/imgs/250px/13761.png",{"label":62,"url":63,"thumb":64,"extension":65},"Employee Record","/template/employee-record-D13469","https://templates.business-in-a-box.com/imgs/250px/13469.png","xls",{"label":67,"url":68,"thumb":69,"extension":10},"Employee Retention Guide","/template/employee-retention-guide-D12943","https://templates.business-in-a-box.com/imgs/250px/12943.png",{"label":71,"url":72,"thumb":73,"extension":10},"Strategies For Employee Retention","/template/strategies-for-employee-retention-D13401","https://templates.business-in-a-box.com/imgs/250px/13401.png",{"label":75,"url":76,"thumb":77,"extension":65},"Employee Time Record","/template/employee-time-record-D629","https://templates.business-in-a-box.com/imgs/250px/629.png",{"label":79,"url":80,"thumb":81,"extension":10},"Record Label Agreement","/template/record-label-agreement-D12837","https://templates.business-in-a-box.com/imgs/250px/12837.png",{"label":83,"url":84,"thumb":85,"extension":10},"Employee Retention Ideas Checklist","/template/employee-retention-ideas-checklist-D13332","https://templates.business-in-a-box.com/imgs/250px/13332.png",{"description":87,"descriptionCustom":6,"label":88,"pages":89,"size":90,"extension":10,"preview":91,"thumb":92,"svgFrame":93,"seoMetadata":94,"parents":95,"keywords":100,"url":101},"Employee Handbook Understanding employment at [YOUR COMPANY NAME] Revised on [DATE] Prepared By: [YOUR NAME] [YOUR JOB TITLE] Phone 555.555.5555 Email info@yourbusiness.com www.yourbusiness.com Table of Content Table of Content 2 Welcome to [YOUR COMPANY NAME]! 5 1. Organization Description 6 1.1 Introductory Statement 6 1.2 Customer Relations 6 1.3 Products and Services Provided 7 1.4 Facilities and Location(s) 7 1.5 The History of [YOUR COMPANY NAME] 7 1.6 Management Philosophy 7 1.7 Goals 8 2. The Employment 9 2.1 Nature of Employment 9 2.2 Employee Relations 9 2.3 Equal Employment Opportunity 10 2.4 Diversity 10 2.5 Business Ethics and Conduct 12 2.6 Personal Relationships in the Workplace 13 2.7 Conflicts of Interest 13 2.8 Outside Employment 14 2.9 Non-Disclosure 15 2.10 Disability Accommodation 16 2.11 Job Posting and Employee Referrals 17 2.12 Whistleblower Policy 18 2.13 Accident and First Aid 20 3. Employment Status and Records 21 3.1 Employment Categories 21 3.2 Access to Personnel Files 22 3.3 Personnel Data Changes 23 3.4 Probation Period 23 3.5 Employment Applications 24 3.6 Performance Evaluation 24 3.7 Job Descriptions 25 3.8 Salary Administration 25 3.9 Professional Development 26 4. Employee Benefit Programs 27 4.1 Employee Benefits 27 4.2 Vacation Benefits 27 4.3 Military Service Leave 29 4.4 Religious Observance 29 4.5 Holidays 29 4.6 Workers Insurance 30 4.7 Sick Leave Benefits 31 4.8 Bereavement Leave 32 4.9 Relocation Benefits 33 4.10 Educational Assistance 33 4.11 Health Insurance 34 4.12 Life Insurance 35 4.13 Long Term Disability 35 4.14 Marriage, Maternity and Parental Leave 36 5. Timekeeping / Payroll 40 5.1 Timekeeping 40 5.2 Paydays 40 5.3 Employment Termination 41 5.4 Administrative Pay Corrections 42 6. Work Conditions and Hours 43 6.1 Work Schedules 43 6.2 Absences 43 6.3 Jury Duty 45 6.4 Use of Phone and Mail Systems 45 6.5 Smoking 46 6.6 Meal Periods 46 6.7 Overtime 46 6.8 Use of Equipment 47 6.9 Telecommuting 47 6.10 Emergency Closing 48 6.11 Business Travel Expenses 49 6.12 Visitors in the Workplace 51 6.13 Computer and Email Usage 51 6.14 Internet Usage 52 6.15 Workplace Monitoring 54 6.16 Workplace Violence Prevention 55 7. Employee Conduct & Disciplinary Action 57 7.1 Employee Conduct and Work Rules 57 7.2 Sexual and Other Unlawful Harassment 58 7.3 Attendance and Punctuality 60 7.4 Personal Appearance 60 7.5 Return of Property 61 7.6 Resignation and Retirement 61 7.7 Security Inspections 62 7.8 Progressive Discipline 62 7.9 Problem Resolution 64 7.10 Workplace Etiquette 65 7.11 Suggestion Program 67 Acknowledgement of Receipt 68 Welcome to [YOUR COMPANY NAME]! On behalf of your colleagues, we welcome you to [YOUR COMPANY NAME] and wish you every success here. At [YOUR COMPANY NAME], we believe that each employee contributes directly to the growth and success of the company, and we hope you will take pride in being a member of our team. This handbook was developed to describe some of the expectations of our employees and to outline the policies, programs, and benefits available to eligible employees. Employees should become familiar with the contents of the employee handbook as soon as possible, for it will answer many questions about employment with [YOUR COMPANY NAME]. We believe that professional relationships are easier when all employees are aware of the culture and values of the organization. This guide will help you to better understand our vision for the future of our business and the challenges that are ahead. We hope that your experience here will be challenging, enjoyable, and rewarding. Again, welcome! [PRESIDENT NAME] President & CEO 1. Organization Description 1.1 Introductory Statement This handbook is designed to acquaint you with [YOUR COMPANY NAME] and provide you with information about working conditions, employee benefits, and some of the policies affecting your employment. You should read, understand, and comply with all provisions of the handbook. It describes many of your responsibilities as an employee and outlines the programs developed by [YOUR COMPANY NAME] to benefit employees. One of our objectives is to provide a work environment that is conducive to both personal and professional growth. No employee handbook can anticipate every circumstance or question about policy. As [YOUR COMPANY NAME] continues to grow, the need may arise and [YOUR COMPANY NAME] reserves the right to revise, supplement, or rescind any policies or portion of the handbook from time to time as it deems appropriate, in its sole and absolute discretion. Employees will be notified of such changes to the handbook as they occur. 1.2 Customer Relations Customers are among our organization's most valuable assets. Every employee represents [YOUR COMPANY NAME] to our customers and the public. The way we do our jobs presents an image of our entire organization. Customers judge all of us by how they are treated with each employee contact. Therefore, one of our first business priorities is to assist any customer or potential customer. Nothing is more important than being courteous, friendly, helpful, and prompt in the attention you give to customers. [YOUR COMPANY NAME] will provide customer relations and services training to all employees with extensive customer contact. Customers who wish to lodge specific comments or complaints should be directed to the [TITLE AND NAME OF THE PERSON RESPONSIBLE] for appropriate action. Our personal contact with the public, our manners on the telephone, and the communications we send to customers are a reflection not only of ourselves, but also of the professionalism of [YOUR COMPANY NAME]. Positive customer relations not only enhance the public's perception or image of [YOUR COMPANY NAME], but also pay off in greater customer loyalty and increased sales and profit. 1.3 Products and Services Provided You will find more information about our products and services by reading the [YOUR COMPANY NAME] Corporate Brochures. 1.4 Facilities and Location(s) Head Office: [ADDRESS] [CITY], [STATE] [ZIP/POSTAL CODE] [COUNTRY] 1.5 The History of [YOUR COMPANY NAME] [DESCRIBE THE HISTORY OF YOUR COMPANY HERE] 1.6 Management Philosophy [YOUR COMPANY NAME] management philosophy is based on responsibility and mutual respect. Our wishes are to maintain a work environment that fosters on personal and professional growth for all employees. Maintaining such an environment is the responsibility of every staff person. Because of their role, managers and supervisors have the additional responsibility to lead in a manner which fosters an environment of respect for each person. People who come to [YOUR COMPANY NAME] want to work here because we have created an environment that encourages creativity and achievement. [YOUR COMPANY NAME] aims to become a leader in [DESCRIBE YOUR COMPANY'S FIELD OF EXPERTISE]. The mainstay of our strategy will be to offer a level of client focus that is superior to that offered by our competitors. To help achieve this objective, [YOUR COMPANY NAME] seeks to attract highly motivated individuals that want to work as a team and share in the commitment, responsibility, risk taking, and discipline required to achieve our vision. Part of attracting these special individuals will be to build a culture that promotes both uniqueness and a bias for action. While we will be realistic in setting goals and expectations, [YOUR COMPANY NAME] will also be aggressive in reaching its objectives. This success will in turn enable [YOUR COMPANY NAME] to give its employees above average compensation and innovative benefits or rewards, key elements in helping us maintain our leadership position in the worldwide marketplace. 1.7 Goals [DESCRIBE YOUR COMPANY'S GOALS HERE] 2. The Employment 2","Employee Handbook","34",280,"https://templates.business-in-a-box.com/imgs/1000px/employee-handbook-D712.png","https://templates.business-in-a-box.com/imgs/250px/712.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#712.xml",{"title":6,"description":6},[96,98],{"label":18,"url":97},"human-resources",{"label":21,"url":99},"company-policies","employee handbook","/template/employee-handbook-D712",{"description":103,"descriptionCustom":6,"label":104,"pages":8,"size":9,"extension":10,"preview":105,"thumb":106,"svgFrame":107,"seoMetadata":108,"parents":110,"keywords":109,"url":117},"NON-DISCLOSURE AGREEMENT (NDA) This Non-Disclosure Agreement (the \"Agreement\") is made and effective [DATE], BETWEEN: [YOUR COMPANY NAME] (the \"Disclosing Party\"), a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [YOUR COMPLETE ADDRESS] AND: [RECEIVING PARTY NAME] (the \"Receiving Party\"), an individual with his main address located at OR a corporation organized and existing under the laws of the [State/Province] of [STATE/PROVINCE], with its head office located at: [COMPLETE ADDRESS] WHEREAS, Receiving Party has been or will be engaged in the performance of work on [DESCRIBE]; and in connection therewith will be given access to certain confidential and proprietary information; and WHEREAS, Receiving Party and Disclosing Party wish to evidence by this Agreement the manner in which said confidential and proprietary material will be treated. NOW, THEREFORE, it is agreed as follows: NON-DISCLOSURE OF CONFIDENTIAL INFORMATION Both Parties understand and agree that each Party may have access to the confidential information of the other party. For the purposes of this Agreement, \"Confidential Information\" means proprietary and confidential information about the Disclosing Party's (or it's suppliers') business or activities. Such information includes all business, financial, technical, and other information marked or designated by such Party as \"confidential\" or \"proprietary.\" Confidential Information also includes information which, by the nature of the circumstances surrounding the disclosure, ought in good faith to be treated as confidential. For the purposes of this Agreement, Confidential Information does not include: Information that is currently in the public domain or that enters the public domain after the signing of this Agreement. Information a Party lawfully receives from a third Party without restriction on disclosure and without breach of a non-disclosure obligation. Information that the Receiving Party knew prior to receiving any Confidential Information from the Disclosing Party. Information that the Receiving Party independently develops without reliance on any Confidential Information from the Disclosing Party. Each Party agrees that it will not disclose to any third Party or use any Confidential Information disclosed to it by the other Party except when expressly permitted in writing by the other Party. Each Party also agrees that it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other Party in its possession or control. TERM The term of this Agreement is [number] of [years/months] from the date of execution by both Parties. TITLE The Receiving Party agrees that all Confidential Information furnished by the Disclosing Party shall remain the sole property of the Disclosing Party. DISCLAIMER","Non Disclosure Agreement Nda","https://templates.business-in-a-box.com/imgs/1000px/non-disclosure-agreement-nda-D12692.png","https://templates.business-in-a-box.com/imgs/250px/12692.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12692.xml",{"title":109,"description":6},"non disclosure agreement nda",[111,114],{"label":112,"url":113},"Legal Agreements","business-legal-agreements",{"label":115,"url":116},"Confidentiality Agreements","confidentiality-agreement","/template/non-disclosure-agreement-nda-D12692",{"description":119,"descriptionCustom":6,"label":120,"pages":8,"size":9,"extension":10,"preview":121,"thumb":122,"svgFrame":123,"seoMetadata":124,"parents":126,"keywords":125,"url":129},"IT SECURITY POLICY PURPOSE The purpose of this IT Security Policy is to provide comprehensive guidance on safeguarding [COMPANY NAME]'s information technology resources and data against unauthorized access, disclosure, alteration, or destruction. By adhering to this Policy, [COMPANY NAME] aims to minimize security risks, protect sensitive information, maintain operational continuity, and comply with regulatory requirements in the field of IT security. SCOPE This Policy applies to all employees, contractors, vendors, and authorized users who access, utilize, or oversee IT systems, data, and assets within [COMPANY NAME]. It encompasses all aspects of IT security within the organization, including but not limited to: Employee workstations and laptops Servers and data centers Network infrastructure Mobile devices Cloud-based systems Application software Data storage devices and media Electronic communication systems (email, messaging) Security controls and mechanisms POLICY STATEMENTS Information Classification and Handling Information Classification: To ensure appropriate protection, [COMPANY NAME] shall classify all information assets based on their sensitivity and criticality. Classification levels (e.g., public, internal use, confidential) will be defined in the Information Classification and Handling Policy. Handling Procedures: Employees and authorized users must strictly adhere to information handling procedures, including encryption, access controls, and secure disposal, as specified in the Information Classification and Handling Policy. Access Control Authentication Mechanisms: Access to IT systems and data will be controlled through strong authentication mechanisms, including but not limited to passwords, biometrics, and multi-factor authentication (MFA). Least Privilege: Access privileges will be assigned based on the principle of least privilege (PoLP). Users will only have access to the resources necessary to perform their job responsibilities. Access Reviews: [COMPANY NAME] will conduct regular access reviews and audits to ensure adherence to access control policies and to promptly revoke access for employees and users who no longer require it. Data Protection Data Encryption: Sensitive data, both in transit and at rest, must be protected through encryption. Encryption will be applied during data transmission over networks and when storing data on electronic media. Backup and Recovery: Robust backup and disaster recovery procedures will be established and regularly tested to ensure data availability in case of system failures, data corruption, or data breaches. Malware Protection","IT Security Policy","https://templates.business-in-a-box.com/imgs/1000px/it-security-policy-D13722.png","https://templates.business-in-a-box.com/imgs/250px/13722.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13722.xml",{"title":125,"description":6},"it security policy",[127,128],{"label":18,"url":97},{"label":21,"url":99},"/template/it-security-policy-D13722",{"description":131,"descriptionCustom":6,"label":132,"pages":8,"size":9,"extension":10,"preview":133,"thumb":134,"svgFrame":135,"seoMetadata":136,"parents":138,"keywords":141,"url":142},"DATA BREACH RESPONSE & NOTIFICATION POLICY INTRODUCTION The Data Breach Response and Notification Policy of [COMPANY NAME] outlines the procedures and responsibilities for responding to data breaches and ensuring that affected individuals and regulatory authorities are promptly and accurately informed. This Policy is designed to minimize the impact of data breaches, protect sensitive information, and comply with applicable data protection laws and regulations. PURPOSE The purpose of this Policy is to: Establish a framework for detecting, assessing, and responding to data breaches. Define the process for notifying affected individuals, regulatory authorities, and other relevant parties. Ensure that data breaches are managed in a transparent, responsible, and compliant manner. DEFINITIONS Data Breach: The unauthorized access, acquisition, use, disclosure, or destruction of personal or sensitive information that compromises its security, confidentiality, or integrity. DATA BREACH RESPONSE TEAM [COMPANY NAME] will establish a Data Breach Response Team (DBRT) consisting of designated individuals responsible for managing data breaches. The DBRT may include representatives from IT, Legal, HR, and other relevant departments. DETECTION AND ASSESSMENT The DBRT will promptly investigate and assess suspected or confirmed data breaches to determine their scope, impact, and severity. The assessment will include identifying the type of data involved, the number of affected individuals, potential risks, and applicable data protection regulations. CONTAINMENT AND MITIGATION ","Data Breach Response and Notification Policy","https://templates.business-in-a-box.com/imgs/1000px/data-breach-response-and-notification-policy-D13650.png","https://templates.business-in-a-box.com/imgs/250px/13650.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13650.xml",{"title":137,"description":6},"data breach response and notification policy",[139,140],{"label":18,"url":97},{"label":21,"url":99},"data breach response notification policy","/template/data-breach-response-and-notification-policy-D13650",{"description":144,"descriptionCustom":6,"label":145,"pages":146,"size":9,"extension":10,"preview":147,"thumb":148,"svgFrame":149,"seoMetadata":150,"parents":152,"keywords":151,"url":159},"CHECKLIST INTERNAL AUDIT An internal audit checklist is a valuable tool for evaluating various aspects of a business's operations, compliance, financial integrity, and risk management practices. It helps ensure that the company adheres to internal standards and external regulations, identifies areas for improvement, and mitigates risks. Below is a comprehensive internal audit checklist designed to cover key areas of a business. General and Administrative Organizational Structure Review: Verify that the organizational structure is clear, up-to-date, and communicated to all employees. Policies and Procedures Documentation: Check that all business policies and procedures are documented, easily accessible, and regularly reviewed. Compliance with Laws and Regulations: Ensure compliance with local, state, and federal laws and regulations relevant to the business operations. Financial Auditing Financial Statement Accuracy: Review the accuracy and completeness of financial statements. Internal Controls over Financial Reporting: Evaluate the effectiveness of internal controls over financial reporting. Budget and Forecast Accuracy: Analyze the accuracy of budgets and financial forecasts compared to actual performance. Cash Management: Assess cash handling procedures, bank reconciliations, and cash flow management. Asset Management: Verify the existence and condition of physical assets and the accuracy of asset records. Information Technology (IT) and Security Operational Processes: Review efficiency and effectiveness of operational processes. Supply Chain and Inventory Management: Audit inventory management practices, supplier contracts, and procurement processes. Quality Control Systems: Evaluate the effectiveness of quality control systems and compliance with industry standards","Checklist Internal Audit","2","https://templates.business-in-a-box.com/imgs/1000px/checklist-internal-audit-D13920.png","https://templates.business-in-a-box.com/imgs/250px/13920.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13920.xml",{"title":151,"description":6},"checklist internal audit",[153,156],{"label":154,"url":155},"Business Plan Kit","business-plan-kit",{"label":157,"url":158},"Business Procedures","business-procedures","/template/checklist-internal-audit-D13920",{"description":161,"descriptionCustom":6,"label":162,"pages":8,"size":9,"extension":10,"preview":163,"thumb":164,"svgFrame":165,"seoMetadata":166,"parents":168,"keywords":167,"url":171},"CHECKLIST BUSINESS COMPLIANCE Legal Compliance Contractual Obligations: Review all contracts for compliance with current laws and regulations. Intellectual Property Rights: Ensure proper licensing, registration, and protection of all IP assets. Compliance with Anti-corruption Laws: Implement policies and training to prevent bribery and corruption. Financial Compliance Audit Trails: Maintain clear and comprehensive audit trails for all financial transactions. Investor Relations: Ensure transparency and compliance in communications and reporting to investors. Anti-money Laundering (AML): Implement and monitor AML policies and procedures. Data Protection and Privacy Employee Training: Conduct regular data protection and privacy training for employees. Data Processing Agreements: Review agreements with third parties who process personal data on your behalf. Privacy by Design: Integrate data protection principles in the development phase of products or services. Health and Safety Health and Safety Training: Provide training to employees on workplace health and safety practices. Incident Reporting: Establish a system for reporting and investigating workplace incidents. Health and Safety Audits: Conduct regular audits to ensure compliance with health and safety policies. Environmental Compliance Sustainability Initiatives: Implement and monitor sustainability initiatives within the company. Environmental Impact Assessment: Regularly assess the environmental impact of your operations. Compliance with Environmental Permits: Ensure all operations are covered by and comply with relevant environmental permits. Product/Service Compliance Product Safety: Verify that all products meet safety standards and regulations","Checklist Compliance","https://templates.business-in-a-box.com/imgs/1000px/checklist-compliance-D13915.png","https://templates.business-in-a-box.com/imgs/250px/13915.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13915.xml",{"title":167,"description":6},"checklist compliance",[169,170],{"label":154,"url":155},{"label":157,"url":158},"/template/checklist-compliance-D13915",false,{"seo":174,"reviewer":184,"quick_facts":188,"at_a_glance":190,"personas":194,"variants":219,"glossary":245,"sections":276,"how_to_fill":317,"common_mistakes":358,"faqs":375,"industries":403,"comparisons":420,"diy_vs_pro":434,"educational_modules":447,"related_template_ids_curated":450,"schema":462,"classification":464},{"meta_title":175,"meta_description":176,"primary_keyword":177,"secondary_keywords":178},"Record Retention Policy Template (Free Word)","Free record retention policy template covering document categories, retention schedules, disposal procedures, and legal hold. Used in 190+ countries. Free Word and PDF download.","record retention policy template",[179,180,181,182,183],"record retention policy word","records management policy template","document retention schedule template","record retention policy free download","records retention and disposal policy",{"name":185,"credential":186,"reviewed_date":187},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":189,"legal_review_recommended":172,"signature_required":172},"medium",{"what_it_is":191,"when_you_need_it":192,"whats_inside":193},"A Record Retention Policy is an internal governance document that specifies which business records a company must keep, how long each category must be retained, where records are stored, and how they are securely disposed of at the end of their retention period. This free Word download gives you a structured, ready-to-edit template you can tailor to your industry and jurisdiction, then export as PDF for distribution to staff.\n","Use it when setting up a new business, preparing for an audit, responding to a litigation hold, or replacing an outdated informal filing practice with a documented, defensible policy. Regulated industries — healthcare, finance, and legal — typically need one in place before their first compliance review.\n","A purpose and scope statement, a record category and retention schedule table, storage and access rules, legal hold procedures, disposal and destruction instructions, employee responsibilities, and a policy review schedule. The template covers both physical and electronic records in a single unified framework.\n",[195,199,203,207,211,215],{"title":196,"use_case":197,"icon_asset_id":198},"Operations managers","Standardizing how departments store and dispose of business records","persona-operations-manager",{"title":200,"use_case":201,"icon_asset_id":202},"Compliance officers","Documenting retention practices to satisfy regulatory audit requirements","persona-compliance-officer",{"title":204,"use_case":205,"icon_asset_id":206},"Small business owners","Creating a formal records policy before a first IRS or state tax audit","persona-small-business-owner",{"title":208,"use_case":209,"icon_asset_id":210},"HR managers","Defining retention periods for employee files, payroll records, and I-9 forms","persona-hr-manager",{"title":212,"use_case":213,"icon_asset_id":214},"IT directors","Aligning data backup and deletion schedules with documented policy","persona-it-director",{"title":216,"use_case":217,"icon_asset_id":218},"Legal and in-house counsel","Establishing a defensible legal hold process when litigation is anticipated","persona-legal-counsel",[220,223,227,230,233,237,241],{"situation":221,"recommended_template":7,"slug":222},"General business covering finance, HR, and contracts","record-retention-policy-D13760",{"situation":224,"recommended_template":225,"slug":226},"Healthcare organization subject to HIPAA record rules","HIPAA Records Retention Policy","records-management-and-retention-policy-D13761",{"situation":228,"recommended_template":229,"slug":226},"Financial services firm with SEC or FINRA obligations","Financial Records Retention Policy",{"situation":231,"recommended_template":46,"slug":232},"Managing personal data subject to GDPR or CCPA","data-retention-policy-D13955",{"situation":234,"recommended_template":235,"slug":236},"Outlining how electronic documents are filed and named","Document Management Policy","document-retention-policy-D13263",{"situation":238,"recommended_template":239,"slug":240},"Formal destruction certificate for disposed records","Certificate of Records Destruction","employee-records-D627",{"situation":242,"recommended_template":243,"slug":244},"Suspending normal disposal during active litigation","Legal Hold Notice","legal-notice-D835",[246,249,252,255,258,261,264,267,270,273],{"term":247,"definition":248},"Retention Schedule","A table listing each record category, the minimum period it must be kept, and the authority (statute, regulation, or business need) for that period.",{"term":250,"definition":251},"Legal Hold","A directive that suspends the normal disposal of records relevant to anticipated or active litigation, regulatory investigation, or audit.",{"term":253,"definition":254},"Disposition","The final action taken on a record at the end of its retention period — either secure destruction or transfer to permanent archive.",{"term":256,"definition":257},"Record","Any document, file, email, database entry, or other information fixed in a medium that a business creates or receives in the course of operations.",{"term":259,"definition":260},"Vital Records","Records essential to resume operations after a disaster — typically incorporation documents, contracts, insurance policies, and financial accounts.",{"term":262,"definition":263},"Active vs. Inactive Record","An active record is regularly accessed in day-to-day operations; an inactive record has reached the end of its useful life but still falls within its required retention period.",{"term":265,"definition":266},"Chain of Custody","A documented trail showing who created, accessed, transferred, and ultimately disposed of a record — critical for litigation and audit defensibility.",{"term":268,"definition":269},"Destruction Certificate","A dated record confirming that specific documents were destroyed on a given date, by whom, and by what method — protects against later claims that records were improperly deleted.",{"term":271,"definition":272},"Statute of Limitations","The maximum period after an event during which a legal claim may be filed — a primary driver for setting minimum retention periods on contracts and financial records.",{"term":274,"definition":275},"Metadata","System-generated data about a record — creation date, author, edit history, file location — that courts and auditors increasingly treat as part of the record itself.",[277,282,287,292,297,302,307,312],{"name":278,"plain_english":279,"sample_language":280,"common_mistake":281},"Purpose and scope","States why the policy exists, which records and locations it covers, and which employees or contractors are bound by it.","This Policy establishes [COMPANY NAME]'s requirements for retaining, storing, and disposing of business records in all formats. It applies to all employees, officers, contractors, and third-party service providers who create or manage records on behalf of [COMPANY NAME].","Limiting scope to paper records only. Electronic records — emails, cloud files, instant messages, and database exports — are equally subject to regulatory requirements and litigation discovery.",{"name":283,"plain_english":284,"sample_language":285,"common_mistake":286},"Record categories and retention schedule","The core of the policy — a table mapping each record type to a minimum retention period and the regulatory or business authority behind it.","Accounting and tax records: 7 years (IRS Publication 583). Employee payroll records: 4 years after tax due date (IRS/FUTA). Corporate formation documents: Permanent. Contracts: [X] years after expiration (statute of limitations + 1 year).","Using a single retention period for all records. The IRS, EEOC, OSHA, and HIPAA each mandate different minimum periods — conflating them either destroys records too early or wastes storage on records that no longer need to be kept.",{"name":288,"plain_english":289,"sample_language":290,"common_mistake":291},"Storage and access requirements","Defines where physical and electronic records are stored, who can access them, and what security controls apply.","Physical records containing personally identifiable information (PII) shall be stored in locked cabinets in [LOCATION]. Electronic records shall be stored in [SYSTEM/PLATFORM] with access restricted to [ROLE LIST]. Backup copies shall be maintained offsite or in a separate cloud region.","Specifying named software platforms rather than functional requirements. When systems change, the policy becomes outdated and requires formal amendment — use functional descriptions instead.",{"name":293,"plain_english":294,"sample_language":295,"common_mistake":296},"Legal hold procedures","Explains how the company suspends normal disposal when litigation, investigation, or audit is anticipated, who issues the hold, and how employees are notified.","Upon notice of potential litigation or regulatory inquiry, [LEGAL COUNSEL / DESIGNATED OFFICER] shall issue a Legal Hold Notice to all custodians of potentially relevant records. Normal disposition of affected records is suspended until the hold is formally released in writing.","No formal written release process. Records placed on hold accumulate indefinitely without a release step, creating storage bloat and increasing the scope of future discovery requests.",{"name":298,"plain_english":299,"sample_language":300,"common_mistake":301},"Disposal and destruction procedures","Specifies the approved methods for destroying records at the end of retention — shredding, degaussing, certified deletion — and the documentation required.","Paper records containing PII or confidential business information shall be cross-cut shredded or destroyed by a certified vendor. Electronic records shall be deleted using [METHOD] meeting NIST SP 800-88 guidelines. A Certificate of Destruction shall be completed and retained for [X] years.","Deleting electronic files without confirming that backup copies, email archives, and cloud sync folders are also purged. Regulators and courts treat an accessible backup copy as an existing record.",{"name":303,"plain_english":304,"sample_language":305,"common_mistake":306},"Vital records identification and protection","Identifies the specific record categories that must survive a disaster or business interruption and the measures taken to protect them.","Vital records include: certificate of incorporation, minute books, current contracts, insurance policies, and bank account agreements. These records shall be maintained in [FIREPROOF LOCATION / OFFSITE VAULT / ENCRYPTED CLOUD BACKUP] and reviewed annually.","Treating vital records as a one-time designation. Business changes — new contracts, new insurance carriers, new bank relationships — require the vital records list to be updated at least annually.",{"name":308,"plain_english":309,"sample_language":310,"common_mistake":311},"Employee responsibilities and training","Assigns ownership of records management tasks by role, states the training requirement, and identifies consequences for non-compliance.","Each department head is responsible for ensuring records generated within their department are retained in accordance with this Policy. All employees shall complete records management training within [30] days of hire and annually thereafter. Intentional destruction of records subject to a Legal Hold may result in disciplinary action up to and including termination.","Assigning all responsibility to IT or a records manager without department-level accountability. The people creating records — not just those storing them — need explicit responsibility for classification and retention.",{"name":313,"plain_english":314,"sample_language":315,"common_mistake":316},"Policy review and amendment","States how often the policy is reviewed, who approves changes, and how updates are communicated to staff.","This Policy shall be reviewed annually by [ROLE / COMMITTEE] and updated to reflect changes in applicable law, regulatory guidance, or business operations. Amendments require approval by [TITLE]. Updated versions shall be distributed to all employees within [30] days of approval and posted to [INTRANET / POLICY PORTAL].","No version control or effective date. Without a version number and effective date on each iteration, employees cannot confirm they are following the current policy — and auditors cannot verify compliance history.",[318,323,328,333,338,343,348,353],{"step":319,"title":320,"description":321,"tip":322},1,"Define the scope and identify all record types","List every category of record your business generates or receives — financial, HR, contracts, correspondence, regulatory filings, and electronic data. Include records held by third-party vendors on your behalf.","Walk through each department and ask what records they create, where those records live, and what they do with them after the relevant project closes.",{"step":324,"title":325,"description":326,"tip":327},2,"Research applicable retention requirements","Look up the statutory minimums for your industry and jurisdiction. Key sources: IRS Publication 583 for tax records, EEOC and DOL regulations for HR records, and any industry-specific rules (HIPAA, FINRA, SOX) that apply to your business.","When two authorities set different minimums for the same record type, always use the longer period — the higher standard satisfies both.",{"step":329,"title":330,"description":331,"tip":332},3,"Build the retention schedule table","Create one row per record category. Columns: record type, format (physical / electronic / both), retention period, authority (statute or business need), and storage location. Add a 'disposal method' column for sensitive categories.","Group records into six to eight categories — financial, HR, legal, operational, corporate, and IT — to keep the schedule readable without losing precision.",{"step":334,"title":335,"description":336,"tip":337},4,"Document storage locations and access controls","For each record category, specify where records are stored, who has read and write access, and what backup or redundancy exists. Align electronic storage locations with your IT security policy.","Avoid naming specific software versions or drive letters — use functional descriptions like 'encrypted cloud document management system' so the policy survives a platform migration.",{"step":339,"title":340,"description":341,"tip":342},5,"Write the legal hold procedure","Draft a step-by-step process: who identifies the trigger, who issues the hold notice, who receives it, how acknowledgment is confirmed, and who has authority to release the hold.","The legal hold procedure is the highest-stakes section for litigation. If you have in-house counsel or outside counsel on retainer, have them review this section specifically.",{"step":344,"title":345,"description":346,"tip":347},6,"Specify disposal and destruction methods","For each sensitive record category, assign an approved destruction method. Cross-cut shredding for paper; NIST SP 800-88-compliant deletion or physical destruction of media for electronic records. Require a Certificate of Destruction for any third-party vendor that handles disposal.","Schedule destruction as a recurring calendar event — quarterly or annually — rather than leaving it to individual judgment. Ad hoc disposal is how records get missed or improperly destroyed.",{"step":349,"title":350,"description":351,"tip":352},7,"Assign responsibilities and set training requirements","Name the policy owner (typically a COO, compliance officer, or records manager), assign department-level accountability to each department head, and set a training cadence for new and existing employees.","A policy without a named owner is rarely followed. One person must be responsible for fielding questions, tracking compliance, and initiating the annual review.",{"step":354,"title":355,"description":356,"tip":357},8,"Add version control, effective date, and approval signature","Include a version number (e.g., v1.0), effective date, next review date, and the name and title of the approving officer in the policy header or footer.","Store the signed approval copy separately from the working document so you can produce it during an audit without hunting through edit histories.",[359,363,367,371],{"mistake":360,"why_it_matters":361,"fix":362},"One retention period for all records","Tax records, employment files, contracts, and safety reports all have different statutory minimums. A blanket 7-year rule destroys some records too early and retains others far longer than necessary.","Build a retention schedule table with one row per record category and a cited authority for each period. Update it whenever a relevant statute or regulation changes.",{"mistake":364,"why_it_matters":365,"fix":366},"No legal hold procedure","Destroying records after litigation is anticipated — even if the destruction follows the normal schedule — can be treated as spoliation. Courts have issued adverse inference instructions and sanctions for this.","Write an explicit legal hold process, name a trigger owner, and require written acknowledgment from every record custodian. Test it with a tabletop exercise before you need it in a real dispute.",{"mistake":368,"why_it_matters":369,"fix":370},"Excluding electronic records and backups","Email archives, cloud drives, and backup tapes are discoverable and auditable. A policy that covers only paper leaves the majority of modern business records ungoverned.","Explicitly include all electronic formats — email, instant messages, cloud storage, database exports, and backups — in both the retention schedule and the disposal procedures.",{"mistake":372,"why_it_matters":373,"fix":374},"Never reviewing or updating the policy","Statutes change, new record types emerge (chat logs, e-signatures, AI-generated content), and businesses add new systems. A policy written in 2018 and never touched is both non-compliant and indefensible.","Schedule a mandatory annual review with a named owner. Set a calendar reminder 60 days before the review date and log every amendment with a version number and effective date.",[376,379,382,385,388,391,394,397,400],{"question":377,"answer":378},"What is a record retention policy?","A record retention policy is an internal governance document that tells employees which business records to keep, how long to keep them, where to store them, and how to destroy them securely at the end of the retention period. It applies to both physical and electronic records and is used to satisfy regulatory requirements, reduce litigation risk, and control storage costs.\n",{"question":380,"answer":381},"How long should business records be kept?","Retention periods vary by record type and jurisdiction. US tax records should generally be kept for 7 years under IRS guidelines. Employment records typically require 3–4 years after the employment relationship ends under EEOC and DOL rules. Contracts are commonly kept for the life of the contract plus the applicable statute of limitations — often 6–10 years. Industry-specific rules (HIPAA: 6 years; SOX: 7 years; FINRA: 6 years) add further minimums on top of general requirements.\n",{"question":383,"answer":384},"Is a record retention policy legally required?","No single law universally mandates a written retention policy for all businesses, but several regulations require specific record-keeping practices that effectively necessitate one. HIPAA, SOX, FINRA, and OSHA all impose documented retention requirements. Without a written policy, a business cannot demonstrate compliance and may be treated as having no defensible records management practice during an audit or litigation.\n",{"question":386,"answer":387},"What happens if records are destroyed too early?","Premature destruction of records can trigger regulatory penalties, tax audit exposure, and litigation sanctions. In active or anticipated litigation, destroying records that should have been preserved under a legal hold can be treated as spoliation — a court may instruct the jury to assume the destroyed records were unfavorable to the party that destroyed them. Fines and adverse judgments have resulted from well-documented cases of premature destruction.\n",{"question":389,"answer":390},"What is the difference between a record retention policy and a data retention policy?","The terms are often used interchangeably, but a data retention policy typically focuses specifically on digital and personal data — particularly in the context of GDPR, CCPA, or other privacy regulations. A record retention policy has a broader scope, covering all business records in any format. Organizations subject to privacy law typically need both: a broad records policy and a focused data retention policy that addresses personal data minimization requirements.\n",{"question":392,"answer":393},"What records are considered vital records?","Vital records are those essential to resuming operations after a disaster or business interruption. They typically include: articles of incorporation and corporate minute books, current executed contracts, insurance policies, bank account information, intellectual property registrations, and key employee records. Vital records should be stored with redundancy — offsite, in a fireproof vault, or in an encrypted cloud backup — and reviewed annually as the business changes.\n",{"question":395,"answer":396},"How should electronic records be destroyed?","Electronic records should be deleted using a method that prevents recovery — overwriting, degaussing, or physical destruction of the storage media for sensitive data. NIST Special Publication 800-88 provides widely accepted guidelines for media sanitization. Simply moving a file to the recycle bin and emptying it is not sufficient for records containing PII or confidential information, as forensic recovery is possible. A Certificate of Destruction should be completed and retained after any third-party vendor handles disposal.\n",{"question":398,"answer":399},"Who should own the record retention policy?","Ownership typically sits with the COO, compliance officer, or a designated records manager, depending on company size. The owner is responsible for maintaining the policy, coordinating the annual review, fielding employee questions, and issuing legal holds when needed. IT manages the technical infrastructure, and department heads are accountable for day-to-day compliance within their teams — but the policy owner is the single point of accountability for the program as a whole.\n",{"question":401,"answer":402},"How often should a record retention policy be reviewed?","At minimum, annually. A review should also be triggered by significant regulatory changes, a merger or acquisition, a new business line that generates record types not covered by the current schedule, or a litigation hold that reveals gaps in the existing policy. Each review should result in a new version number and effective date, with distribution to all affected employees.\n",[404,408,412,416],{"industry":405,"icon_asset_id":406,"specifics":407},"Healthcare","industry-healthtech","HIPAA requires covered entities to retain medical records and related documentation for 6 years from creation or last use, with state law sometimes requiring longer periods for minor patients.",{"industry":409,"icon_asset_id":410,"specifics":411},"Financial Services","industry-fintech","FINRA Rule 4511 and SEC Rule 17a-4 mandate specific retention periods and storage formats for broker-dealer records, including WORM (write once, read many) storage for certain electronic files.",{"industry":413,"icon_asset_id":414,"specifics":415},"Manufacturing","industry-manufacturing","OSHA injury and illness logs, safety data sheets, and environmental compliance records each carry distinct retention requirements, often 5–30 years depending on exposure type.",{"industry":417,"icon_asset_id":418,"specifics":419},"Professional Services","industry-professional-services","Law firms, accounting firms, and consultancies must align retention schedules with professional licensing boards and malpractice insurance requirements, often retaining client files 7–10 years post-engagement.",[421,424,427,430],{"vs":46,"vs_template_id":422,"summary":423},"D{DATA_RETENTION_POLICY_ID}","A data retention policy focuses narrowly on personal and digital data, primarily to comply with privacy regulations like GDPR and CCPA — specifying how long personal data is held and when it must be deleted. A record retention policy covers all business records in any format, including physical files, financial documents, and HR records. Organizations handling personal data typically need both documents operating in concert.",{"vs":235,"vs_template_id":425,"summary":426},"D{DOCUMENT_MANAGEMENT_POLICY_ID}","A document management policy governs how records are created, named, filed, and accessed during their active life — version control, folder structures, and access permissions. A record retention policy takes over once a document reaches the end of its active life, specifying how long it is kept and how it is destroyed. Both policies are needed for a complete records governance framework.",{"vs":243,"vs_template_id":428,"summary":429},"D{LEGAL_HOLD_NOTICE_ID}","A legal hold notice is a specific, event-driven directive that suspends normal disposal for records relevant to anticipated or active litigation. A record retention policy is the standing governance framework that defines normal disposal procedures for all records. The policy should contain a legal hold procedure, and the notice is the operational document issued when that procedure is triggered.",{"vs":431,"vs_template_id":432,"summary":433},"Information Security Policy","D{INFORMATION_SECURITY_POLICY_ID}","An information security policy governs how data is protected against unauthorized access, breach, and misuse throughout its life. A record retention policy governs how long data is kept and how it is disposed of at end of life. The two documents complement each other: security policy protects records in storage; the retention policy determines when protection obligations end and destruction begins.",{"use_template":435,"template_plus_review":439,"custom_drafted":443},{"best_for":436,"cost":437,"time":438},"Small to mid-sized businesses without complex regulatory obligations needing a documented retention framework","Free","3–6 hours to customize and finalize",{"best_for":440,"cost":441,"time":442},"Businesses in regulated industries (healthcare, finance, legal) or those preparing for a compliance audit","$500–$1,500 for a compliance consultant or attorney review","1–2 weeks",{"best_for":444,"cost":445,"time":446},"Enterprises with multi-jurisdiction operations, active litigation history, or SOX/HIPAA/FINRA compliance programs","$2,000–$8,000 for a records management consultant or outside counsel","3–6 weeks",[448,449],"records-management-basics","legal-hold-explained",[451,452,453,454,236,455,456,457,458,459,460,461],"employee-handbook-D712","non-disclosure-agreement-nda-D12692","it-security-policy-D13722","data-breach-response-and-notification-policy-D13650","checklist-internal-audit-D13920","checklist-compliance-D13915","business-continuity-plan-D12788","data-privacy-policy-D13465","confidentiality-agreement-D950","hotel-standard-operating-procedure-D13703","corporate-governance-policy-D13943",{"emit_how_to":463,"emit_defined_term":463},true,{"primary_folder":465,"secondary_folder":99,"document_type":466,"industry":467,"business_stage":468,"tags":469,"confidence":474},"business-administration","policy","general","all-stages",[466,470,471,472,473],"compliance","governance","data-protection","record-retention",0.95,"\u003Ch2>What is a Record Retention Policy?\u003C/h2>\n\u003Cp>A \u003Cstrong>Record Retention Policy\u003C/strong> is an internal governance document that establishes how a business manages its records from creation through final disposition. It specifies which record categories must be kept, the minimum retention period for each, where records are stored, who is responsible for managing them, and how they are securely destroyed once the retention period expires. The policy applies to all record formats — paper files, emails, cloud documents, databases, and electronic media — and provides employees with clear, consistent rules so that records are neither discarded too early (exposing the business to regulatory and legal risk) nor kept indefinitely (creating unnecessary storage costs and litigation liability).\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Businesses without a written record retention policy face a specific and predictable set of problems. Tax authorities can disallow deductions when supporting records have been destroyed. Employment regulators impose fines when payroll and I-9 records cannot be produced on demand. Courts have sanctioned companies for destroying documents after litigation was reasonably anticipated, even when the destruction followed informal practice. Conversely, keeping everything forever increases storage costs, expands the scope of discovery in litigation, and creates data privacy liability when personal information is retained longer than necessary. A well-structured record retention policy eliminates all four risks by giving every employee the same rulebook — and giving auditors, regulators, and opposing counsel clear evidence that your organization manages its records deliberately and defensibly. This template gives you a complete, customizable starting point that you can adapt to your industry's specific requirements in a single working session.\u003C/p>\n",1781185989922]