Appendix B: IT Data Retention Schedule #
This appendix defines the minimum retention periods for IT-managed data associated with departed employees. Retention periods begin on the employee’s last day of employment.
Retention Schedule #
| Data / System | Retention Period | Notes |
|---|---|---|
| Google Workspace Account (Suspended) | 90 days minimum | Account retained in suspended state with _former_ prefix. Deletion requires ED approval after retention period. |
| Google Takeout Archive (Drive) | 3 years | Stored on designated offline archive media. Reviewed annually. |
| Google Takeout Archive (Gmail) | 3 years | Stored on designated offline archive media. Reviewed annually. |
| JumpCloud User Record | 30 days | User record retained in deactivated state, then deleted. |
| JumpCloud MDM Device Record | Until device is reimaged or decommissioned | Record removed after device wipe is confirmed. |
| Obsidian Security Audit Logs | Per Obsidian platform retention | Logs retained per platform defaults. No manual action required. |
| 1Password Account | Immediate upon deprovisioning | Vaults reviewed and transferred prior to deprovisioning. No residual data retained. |
| Slack Messages | Per Slack workspace retention policy | Messages retained per workspace settings. Account deactivation does not delete message history. |
| IT Offboarding Checklist | Indefinite | Filed in IT documentation repository as permanent record. |
**Important:** Retention periods are subject to revision based on legal, regulatory, or organizational requirements. Any request to delete data before the minimum retention period expires must be approved by the Executive Director.
Annual Review #
The IT Director will review this retention schedule annually and update it as needed based on changes to the OASIS technology stack, organizational policy, or legal requirements.