Information Technology Services Retention Schedule

BGSU Schedule of Records Retention

Office: Information Technology Services

In accordance with ORC Section 149.33 and Bowling Green State University Board of Trustees, a schedule for Records Retention and Disposition for the following records is hereby established. This schedule supersedes any and all previous schedules for these records.  The records covered by this schedule, upon expiration of the listed retention periods, shall be destroyed unless otherwise specified. 1  No record shall be destroyed, however, that pertains to any pending claim, action, litigation, or request. 

Approvals:

Department Official: Signed
Date: 03/27/2017

Records Manager: Signed
Date: 03/31/2017

Notes: 

  1. A Certificate of Records Disposal (CRD) should be prepared prior to the disposal of any records listed on this schedule and retained by the office/department for 10 years after the date of disposal. A copy of the CRD should also be sent to the University Records Manager. Confidential paper records must be disposed of through shredding with the University’s approved shredding vendor. 
  2. University records include all information, regardless of format (paper, electronic, microform, etc.), created or received by a university office that documents the functions, policies, procedures, decisions, operations or other activities of the office. Retention periods apply to all records regardless of format.
  3. The University Archives will only collect those record series listed on the attached schedule as transferrable to the Archives that at its discretion have continuing historical value. Other historic items listed on the attached schedule or on the university's General Retention Schedule may also be collected, at the discretion of the Archives.
  4. Storage of inactive/non-permanent records is available at the University Records Center.
  5. Other common records that may not be listed on this schedule may be on the university’s General Retention Schedule; offices may use retentions listed on the General Retention Schedule for records not listed on their departmental schedule. 
Schedule NumberRecord Series TitleMain Format(s)Minimum Retention PeriodEnd of Retention Period ActionSchedule Source
32-1Accounting/Financial Records: includes invoices, expense transfers, payment requests, travel expense reportsElectronic/Paper4 years DestroyIUC Accounting and Finance Sections
32-2Backup Files - Copies of files or databases, application software, logs, directories, and other documentation needed to restore a system in case of disaster or disruption Electronic 

Versions Data Exists: 14
Versions Data Deleted: 3
Retain Extra Versions: 30
Retain Only Version: 90

Versions Data Exists - This defines the number of versions of a file that are kept in the backup system for a file that is active (the file still exists on the client file system... hasn't been deleted). 
Versions Data Deleted - This defines the number of versions of a file that are kept for a file that is inactive. 
Retain Extra Versions - This specifies how many days all but the most recent backup version is retained.
Retain Only Version - This defines how long the last version of an inactive file is kept in the system. 

DestroyIUC-IT-15-02
32-3Change Control Documentation: project plans and charters, functional and technical specifications, data flow diagrams, migration logs, test plans/scripts, acceptance tests, project sign-offElectronicActive + 3 years DestroyIUC-IT-10-07
32-4Daily Process Reports: process exception reportsElectronic - wiki1 year Destroy IUC-IT-30-05
32-5Disaster Preparedness and Recovery PlansElectronic - wikiThese documents are in a dynamic state. No minimum retention period is applicable.   
32-6ITS Agreements: includes software, hardware, and any other ITS related agreements Electronic/PaperActive + 8 Years Destroy LEG2000
32-7IT Policies: Existing policies are backed up for 11 years total. Policies are updated once every other year. Previous policies are maintained within the ITS SharePoint site. ElectronicActive + 11 Years DestroyIUC-IT-10-06
32-8 Test Databases/Files: includes operational test databases and/or all files and software needed to build a test database needed in support of an existing production database. ElectronicRetain this ability for as long as an equivalent production database may be needed. Destory IUC-IT-10-08
32-9User access logs - Consisting of log files generated when a user accesses a file, system, database, or other form of electronic information. (Exclusions: Application access logs, especially for Cloud applications that are not controlled by BGSU infrastructure team) ElectronicUser access logs will be retained in Splunk for no more than 60 days. Systems where these logs are generated will be configured to store the logs on the system for no more than 60 days, if configurable. Exceptions to this policy will be made if there are other retention requirements that need to be met, such as PCI requiring that logs be retained for 1 year. DestroyIUC-IT-30-04

Updated: 03/16/2026 10:18AM