1. Purpose

This policy establishes the standards for maintaining, retaining, and securing institutional records and personal data, ensuring compliance with regulatory requirements and protecting the confidentiality, integrity, and availability of information.

2. Scope

This policy applies to all staff, faculty, and contractors handling student, staff, and institutional records, whether in physical or electronic form.

3. Records Retention

• Minimum retention periods:
  • Student academic records: 5 years after course completion or graduation.
  • Financial and payroll records: 5 years.
  • Staff employment records: 5 years post-employment.
  • Accreditation and regulatory submissions: minimum 5 years
• Records beyond their retention period shall be securely disposed of or anonymized to protect confidentiality.

4. Data Security

• All institutional data must be protected against unauthorized access, alteration, disclosure, or destruction.
• Electronic records must be stored on secured servers with regular backups and access controls.
• Physical records must be stored in locked cabinets within restricted areas.
• Staff are required to follow password, encryption, and device security.
• Confidential and sensitive data must never be shared without proper authorization.

5. Access and Monitoring

• Access to records is restricted to personnel with legitimate business or academic needs.
• Development of syllabus, asAnnual audits and monitoring are conducted to ensure compliance with this policy and detect potential data breaches.

6. Policy Review

This policy is reviewed annually or as needed to remain aligned with regulatory requirements, best practices, and technological developments.