1. Policy
The Records Retention and Management Policy of the IETF Trust (the “Policy”) is set forth below and includes the attached IETF Trust Document Retention Matrix.
2. Objective
The IETF Trust adopts this Policy for the purposes of:
a. Ensuring compliance with legal and regulatory obligations;
b. Reducing storage costs and increasing efficiency;
c. Retrieving current information or important archives more easily and reliably;
d. Minimizing litigation costs; and
e. Providing a more accurate and reliable record of the IETF Trust’s actions and decisions.
3. Scope
This Policy refers to three categories of documents:
a. Indefinite: These documents have no scheduled expiration/destruction date.
b. 7 Years: Such records have a seven-year retention period that commences at their creation.
c. 3 Years: Such records have a three-year retention period that commences at their creation.
4. Storage of physical records
Physical records in current use should be accessible in labeled file cabinets on site. Historical physical records should be securely boxed and clearly labeled in secure offsite storage. A current inventory sheet should contain a description of the item, why it is being retained, where it can be found, and how long it should be retained. File cabinets containing confidential records should be locked at the end of each business day.
5. Storage of electronic records
Electronic records in current use and historical electronic records are stored and made accessible on systems maintained by the IETF Secretariat and by the Internet Society.
6. IETF Trust Records Committee
The IETF Trust Records Committee consists of the IETF Trust Chair, the IAD, and the ISOC President/CEO, or designee.
The Records Committee of the IETF Trust shall oversee the implementation and administration of this Policy.
7. Access to historic electronic records
Historical non-confidential electronic records shall be maintained so that they are accessible on the IAOC, IETF, and/or ISOC web sites. Historic confidential electronic records shall be protected from public access
8. Records Destruction
At the expiration of the retention period for a particular document, as indicated in the Document Retention Matrix attached hereto, hard copy files should be shredded and electronic records should be erased or destroyed in such a way that they can no longer be reconstructed.
9. Document Retention during Litigation and Other Proceedings
In the event of a lawsuit, service of a subpoena, or initiation of government proceeding, inquiry or investigation, the IETF Trust may be required to retain documents relating to the matter, even if the IETF Trust is not yet a party to the lawsuit, target of the investigation, or recipient of a subpoena.
If it becomes apparent to the IETF Trust that legal proceedings have commenced, or are reasonably probable or foreseeable, the IETF Trust shall consult with counsel and evaluate whether it has any additional document retention obligations and, if so, the material that is likely to be covered by such obligations.
The IETF Trust counsel shall be notified immediately as soon as any Trustee, employee or agent of the IETF Trust learns that the IETF Trust has received a legal request, is subject to or is reasonably likely to become subject to litigation, a government investigation, or a subpoena.
In such cases the IAD shall notify the Trustees, Internet Society employees, the Secretariat, and other agents, as appropriate, concerning requirements for the retention of documents in IETF Trust custody.
10. Review
The IETF Trust shall review this Policy periodically and make such changes as it deems necessary.
11. Adopted
This Policy is adopted on 16 June 2016 by the Trustees.
Document Retention Matrix
[1] IAD reviews these documents before destruction for possible retention or document reclassification
[2] Special Correspondence is correspondence regarding matters whose documents are otherwise being retained indefinitely