Prince Sultan University PSU
Compliance and Policies Office
Compliance Policies
| Policy Code: | COP0009 |
| Policy Name: | Compliance Record Maintenance Policy |
| Handler: | Compliance and Policies Office, Office of the President |
| Date Created: | 22 January 2022 |
| Date of Current Review: | N/A |
| Approved by: | University Council |
| Date of Approval: | 25 May 2022 |
Purpose
The Compliance and Legal Office manages confidential data related to faculty, students, staff and PSU management. The Compliance and Legal Office maintains records, retention of records and deletion of records based on requirements set by PSU management and KSA regulations.
Scope
The Storage of Electronic Records: All electronic records must be secured under the compliance and Legal manager account and on permanent storage locally. No electronic records are allowed to be kept in the compliance and Legal manager’s personal account.
Policy
Litigation Hold
In case of issues that require the intervention of external parties and law enforcement agencies the record must not be destroyed and must be preserved securely and safely under the supervision of the Senior Compliance and Legal Manager.
| Sr. No | Issue | Time Frame |
|---|---|---|
| 1 | Non-Valid Issue | After each academic year |
| 2 | Minutes of Meetings | Cannot be destroyed Identities of cases cannot be written and rather "caseID" must be mentioned |
| 3 | Valid Issue resolved with negotiations | After 2 years but notes on resolution must be kept without identities |
| 4 | Disciplinary Actions | After 3 years of termination of the case but notes on resolution must be kept without identities |
| 5 | Litigation Cases | Cannot be destroyed |
Deletion of Records
All relevant documents that are submitted to support the case must be discarded and destroyed if the case may not require litigation issues. Electronic records must be destroyed with the stated principles set by ITC.
Access to Information
Students of relevant disciplines and PSU higher management can request to view a case. The access decision will be solely decided by the Compliance Committee and will require the signing of a non-disclosure agreement with the Compliance and Legal Office. Personal information must be made confidential and should be removed before any access takes place.
Cataloging of Information
All information must be kept chronologically in separate folders separated year-wise while cases should be numbered in serial and must be stored in serial. All the printed records must be kept securely under a compliance officer.
Record Maintenance and Evaluation Committee
The records maintenance and evaluation committee will consist of three members including a digital records expert, a law expert and an HR member. The committee will report to the Compliance and Legal Manager with their actions and events.
Procedure
The recording process of any records is as follows:
- Whenever a case is received, the case number is allocated to the case such as "YYYY-MM-CASENUNBER (Four Digit) 2022-020-0001".
- The case numbers are allocated serially and cannot be skipped even if the case is closed.
- The case summary is created, which is added to the Case Folder and sorted chronologically.
- The case-relevant materials are added to a separate folder with "Titled Case ID-RM".
- The case-relevant materials can only be accessed by a Compliance and Legal Manager or case committee working on the case.
- The case material cannot be copied and must be returned to the compliance officer once the case is closed.
- For digital access, access will be removed for all members.