Small Business Document Retention Rules
Document Retention Requirements in Small Business
Know which business documents to save and which to chuck
One of the biggest mistakes small business make in document retention is lack of organization. With today's technology, the savvy business owner should be moving to the paperless office and electronically storing most of the daily transaction paperwork but specifically concentrate on the "seven year" retention group as shown below.
The life cycle of records management begins when information is created and ends when the information is destroyed. The picture below provides a simple reflection of the entire records retention process. The goal for organizations is to manage each step in the record life cycle to ensure record availability.
It is vitally important though to have a solid disaster recovery program in place - one that is viable and solid enough to get you beyond the statutes of limitations for your state. Read more about Disaster Recovery Objectives at this link.
What Documents to Keep & for How Long
One Year Document Retention
- Personnel employment applications
- Purchase orders (except purchasing department copy)
- Stenographers' notebooks
- Stockroom withdrawal forms
Three Years Document Retention
- Bank reconciliations
- Duplicate bank deposit slips
- Expired insurance policies
- General correspondence
- Internal audit reports and working papers
- Petty cash vouchers
- Physical inventory logs
Seven Years Document Retention
- Accident reports and claims (settled cases)
- Accounts payable ledgers (computer runs)
- Accounts receivable ledgers (computer runs)
- Automobile logs
- Bank statements
- Bills of lading
- Cash books
- Commission records
- Contracts and leases (expired)
- Employee personnel records after termination
- Employment tax reports
- Expense reports
- General journals
- Inventory records
- Invoices to customers and from vendors
- Payroll records and summaries, including payment to pensioners
- Personal property tax returns
- Purchase orders
- Sales tax returns
Permanent Retention
- Articles of incorporation
- Audit reports of public accountants
- Canceled checks for important payments — taxes, property acquisitions, etc.
- Capital stock and bond registers
- Copyrights
- Correspondence (legal and important matters only)
- Deeds and mortgages
- Depreciation schedules
- Financial statements (year-end — other months optional)
- General ledgers and year-end trial balances
- Licenses and permits
- Property appraisals by outside appraisers
- Property records — costs, blueprints, and plans
- Tax returns and worksheets, revenue agents' reports, and other documents relating to determination of tax liability
Please see your accountant and or attorney for verification of facts and additional information.
Business Continuity / Disaster Recovery Objectives
Assessing DR Priorities
To fully understand the level to which we should be protecting our IT against disasters, we need to cover two concepts and how they relate to your specific diverse business processes. For example your website may represent your sales or marketing presence, the email system enables communication between our teams and customers, the file server is the repository of business critical documens, the SQL server contains your business intelligence – the list goes on. Each of these different IT systems ties in to the business process and hence we can attach a value to each. This value determines the acceptability of loss of the service and from this, it is possible to calculate a cost per unit of time that this service or business process is unavailable. Equally, value must be used to calculate the amount of acceptable irrecoverable data loss. The difficult thing is to assign values to these and it is often the case that these issues are addressed in reverse; companies wanting a Disaster Recovery solution without truly knowing the impact (cost) of the loss of their services / systems / business processes. When this occurs, it is important to bear in mind that the best Disaster Recovery solution will have minimum data loss and also have you back up and running in very little time (if you are offline at all). Please see the chart for an idication of the relationship between data security and cost.
To help us understand this better, the two key concepts that underpin the cost model for Disaster Recovery are..
Achieving Recovery Time Objectives (RTO)
The ability to achieve a given recovery time object is depends on how rapidly the system can be recovered from backup. The main factor at work here is the speed at which data on backup media can be restored onto a system.
Achieving Recovery Point Objectives (RPO)
The ability to achieve a given recovery point objective, or RPO depends on how frequently backups are performed. RPO is the maximum acceptable period of time that data loss will occur if the data is lost for any reason.
There are many varied methods for implementing Disaster Recovery solutions for businesses.. Basics such as dual power supplies or resilient disks in servers will help reduce the risk of hardware failure. More advanced solutions will involve combinations of local backup appliances and cloud configurations, virtualization and clustering to provide better and better RPO/RTO combinations. The key is not to forget about the potential for disaster and the potential effect on your business – but also to assess risk, prioritize resources and to build as recoverable a solution as a given budget will allow.
Youur IT budget and the value of your data will be the primary influences on the choice of RPO and RTO points for your business.
The Computer Systems Support & Design team assists Fairfield County CT businesses with determining the best Disaster Recovery solutions.
