Submit Feedback (CWL required) 
Download as PDF
Schedule Number
ER2500
Primary Title
Risk Management Services – General
Office of Primary Responsibility
UBCV: Enterprise Risk Management (ERM); Safety and Risk Services
UBCO: Campus Operations and Risk Management
| Reference and duplicate copies of records are considered transitory and should only be kept as long as necessary and never longer than the retention of the official record. |
Description
Records supporting the functions of risk management at the university including the holistic functions of risk identification, mitigation, and monitoring (ERM) and more tactical activities including the privacy and information security program (PrISM), privacy impact assessments (PIA), the Compliance Support Program (CSP), Security Threat and Risk Assessments (STRAs) and risk awareness training.
- For Campus Security see ER2550: Enterprise Risk and Security – Campus Security
- For Health and Safety see ER2750: Enterprise Risk and Security – Health and Safety
- For disaster planning see ER2650: Enterprise Risk and Security – Emergency Preparedness
- For Insurance policies and claims see ER2760: Enterprise Risk and Security – Insurance Management
Vital: No
PIB: Yes
Authority:
Freedom of Information and Protection of Privacy Act [RSBC 1996] Chapter 165
BoG Policy GA4: Records Management
BoG Policy SC14: Acceptable Use and Security of UBC Electronic Information and Systems
Date Approved: 20220906; 20240116; 20240822 (updated)
Retention Schedule Secondaries
| Secondary No. | Secondary Title, Scope & Content | Retention, Destruction & Disposition |
|
01 |
Policies and Procedures |
EV+5Y, FR EV=Date superseded or obsolete FR=UA will fully retain records from this series |
|
05 |
General |
CY+5Y, D |
|
10 |
Risk Identification, Mitigation and Monitoring (Enterprise Risk Management) Reporting to the Board of Governor’s Audit Committee, records within this function support a proactive and comprehensive approach to risk oversight for the university. The records include a framework and processes documenting the identification, assessment, mitigation, and monitoring of risks to the achievement of the University’s mission and goals. |
CY+10Y, SR SR = this activity is adequately covered in BoG Audit Committee records so UA will selectively retain unique records in this series. |
|
20 |
Committees (File by committee name, manage by year) |
CY+10Y, FR FR=UA will fully retain committee records |
|
25 |
PriSM Privacy and Information Security Privacy and Information Security program. Includes committee records, compliance control outputs such as Compliance Attestation Reports, Privacy Impact Assessments (PIAs) and evidence supporting both processes. |
CY+8Y, SR SR=UA will fully retain PriSM committee records and summary program information that may be filed under this schedule. Evidence supporting compliance reviews and associated reports, and documentation can be destroyed after the duration of the retention. Evidence supporting PIAs can be destroyed after the duration of the retention. Rationale: Maintaining evidence for 8 years supports accountability and provides documentation for audits and reviews. |
|
30 |
Security Threat and Risk Assessments (STRAs) Assessments identifying and evaluating security threats to UBC’s information systems, also includes supporting evidence
|
CY+8Y, SR SR= Retain significant records that document comprehensive risk management and proactive security measures Evidence supporting STRAs can be destroyed after duration of retention Rationale: Maintaining evidence for 8 years supports accountability and provides documentation for audits and reviews. |
|
35 |
Training Development and Delivery |
EV+5Y, D EV=Date training is no longer current |
|
45 |
Issues |
CY+5Y, D |
|
60 |
Reports |
CY+5Y, SR SR=UA will selectively retain significant records in this series |
Acronym Key: AY = Academic Year; CY = Calendar Year; D = Destroy; EV = Event; FY = Fiscal Year; FR = Full Retention by University Archives unless otherwise noted; OPR = Office or Department responsible for source of truth records; SO = when superseded or obsolete; SR = Selective Retention by University Archives; UA = University Archives; Y = Year