Document Storage Policy
Policy (Operational): Document Storage
This policy is proposed to be effective as of December 3, 2009
Purpose
This policy specifies the conditions under which documents must be stored (in both paper and electronic forms) and creates a document that will record the current storage locations and means of access.
Philosophy
This policy has two goals. First, it will ensure that all documents are kept in an appropriately safe and secure location. Second, it ensures that Bike Edmonton's documents are accessible at all times (especially for future board members). In striving for the second goal, this policy will create a "Document Storage and Access Procedure Document" that will explain where information is kept and how to access it. If properly maintained, in the case of a new storage location or procedure, then only the "Document Storage and Access Procedure Document" will need to be updated (all policies will remain accurate and up-to-date). This policy will ensure that no information will be lost or forgotten and will be accessible by current and future Bike Edmonton organizers.
Policy
- All electronic documents must be stored in a way that complies with the following:
- a. There must be a reasonable assumption that the service provider will not be lose the documents or discontinue service in the foreseeable future.
- b. Sufficient security measures should be available to ensure the security of confidential information.
- c.Documents should be accessible by each of the board members.
- d. The current electronic storage space and method of access must be recorded in the "Document Storage and Access Procedure Document"
- e. All electronic copies of Policy, Procedure, and other important documents should be backed-up locally and in paper form.
- All paper documents must be stored in a way that complies with the following:
- a. Sufficient security measures should be available to ensure the security of confidential information.
- b. For vital documents, the documents must be stored in a location that reasonably protects from fire, flood, and theft.
- c. Documents must be kept in a physical location that is accessible by all Board Members.
- d. The physical storage space and method of access must be recorded in the "Document Storage and Access Procedure Document"
- Each storage location (either electronic or physical), the "Document Storage and Access Procedure Document" shall include the following:
- a. The name of the storage location
- b. A description of the location
- c. A description of the types of documents stored at that location
- d. A description of how to access information in that location
- e. A mention of any restrictions to access
- The "Document Storage and Access Procedure Document" shall be posted in a prominent location and updated every six months.
Definitions
- Sufficient security measures for electronic storage locations include, but are not restricted to, password protection and firewall usage. Sufficient security measures for physical storage locations include, but are not restricted to, keyed access (locked in a room) and safes (locked in a safe). The level of security used, and the scope of access granted, should vary with the content of the documents. Personal information should be protected with the highest level of security.
- Vital Documents are documents that are irreplaceable or highly confidential (i.e., financial statements, signed legal documents, employee records).
Scope
This policy is recommended for all documents, but it is required for all documents included in the scope of a policy that specifically states adherence to this policy.
Exceptions
None.
Implementation and Monitoring
The Executive Director or Executive Director's delegate is responsible for creating, updating, and posting the "Document Storage and Access Procedure Document".