Back to Policies
SCP-013IT GovernanceDraft

Data Retention and Archival Policy

Establish consistent retention requirements for compensation-related documents and data to ensure compliance with legal and regulatory requirements, audit readiness and supportability, appropriate data destruction, and balance between retention needs and cost/risk management.

Version 1.0.01,850 wordsLegal Review Required

1Purpose & Objectives

Establish consistent retention requirements for compensation-related documents and data to ensure compliance with legal and regulatory requirements, audit readiness and supportability, appropriate data destruction, and balance between retention needs and cost/risk management.

  • Ensure compliance with legal and regulatory requirements
  • Maintain audit readiness and supportability
  • Establish appropriate data destruction procedures
  • Balance retention needs with cost and risk management

2Scope

Applies To

  • Electronic documents (Word, Excel, PDF, etc.)
  • System data (ICMT, CRM, ERP, HRIS)
  • Email communications
  • Paper records
  • Audio/video recordings (if any)

3Definitions

Active Storage

Storage for current plus 3 years of data in primary systems (ICMT, HRIS, Finance/ERP, Email) readily accessible by authorized users.

Archive Storage

Storage for years 4-7 in secure archive server, cloud archive, or offline backup media, retrievable within 5 business days upon request.

Legal Hold

Exception to normal destruction schedule when litigation, investigation, or audit is pending or reasonably anticipated, requiring immediate suspension of all destruction of potentially relevant records.

Destruction Log

A permanent log maintaining date of destruction, description of records destroyed, retention period applied, authorization, method of destruction, and certificate of destruction.

4Key Provisions

All compensation-related records must be retained according to the defined schedule, with 7 years as the standard retention period.

Plan Design Documentation

Retention requirements for plan design documents:

  • Plan documents (approved versions): 7 years after plan ends - Governance repository
  • Plan design models and analysis: 7 years after plan ends - Shared drive
  • Market benchmark data: 3 years - Comp team files
  • Approval records (CRB minutes, etc.): 7 years - Secure archive

Participant Data

Retention requirements for participant data:

  • Eligibility records: 7 years after termination - HRIS + ICMT
  • Quota assignments: 7 years - ICMT
  • Performance data: 7 years - ICMT + Data warehouse
  • Payout calculations: 7 years after payment - ICMT
  • Payment records: 7 years after payment - Finance systems
  • Participant statements: 7 years after issuance - ICMT / Archive

Financial Records

Retention requirements for financial records:

  • Accrual calculations: 7 years - Finance systems
  • GL reconciliations: 7 years - Finance systems
  • Budget vs. actual reports: 7 years - Finance systems
  • Tax withholding records: 7 years minimum - Payroll/Finance
  • W-2 copies: Permanent - HR/Payroll

System and Audit Documentation

Retention requirements for system and audit documentation:

  • System configuration history: 7 years - ICMT / IT
  • Audit reports (internal/external): 7 years - Governance archive
  • Control testing documentation: 7 years - Finance / Audit files
  • Data validation logs: 3 years - ICMT logs

Communications

Retention requirements for communications:

  • Plan rollout communications: 7 years - Governance repository
  • Participant acknowledgments: 7 years after termination - ICMT / HR
  • Email re: plan interpretation: 3 years - Email archive
  • Training materials: Current version + 3 years - Training repository

Disputes and Exceptions

Retention requirements for dispute and exception records:

  • Dispute records: 7 years after resolution - ICMT / Legal files
  • Exception requests and approvals: 7 years - ICMT / Governance files
  • Investigation files: 7 years after close - HR / Legal files

5Compliance References

Federal Laws

  • IRS retention requirements (minimum 3 years, 7 years recommended)
  • SOX (Sarbanes-Oxley Act) audit documentation requirements
  • FLSA (Fair Labor Standards Act) - 3 years certain records
  • EEOC - 1 year employment records

State Laws

  • State wage laws (3-7 years depending on state)
  • California: 3 years minimum (4 years recommended)
  • New York: 6 years (wage theft prevention)
  • Texas: Federal standards (FLSA 3 years)
  • CCPA data privacy requirements

Need help implementing this policy?

Book a Toddfather consultation for customized governance guidance.