Records of agency IT program development and capital investment planning that document goals and milestones to achieve them; planning principles and activities; performance and evaluation measures such as TechStat reviews; and compliance with requirements such as OMB Circular A-130, the Federal Information Technology Acquisition Reform Act, and other laws. Includes:
• strategic and tactical plans
• records of internal agency governance boards supporting formally issued plans, including comments, concurrences, clearances, and justifications
• records maintained by committees, boards, task forces, conferences, or other IT advisory, governing, or policy bodies for which the Chief Information Officer (CIO) has sponsorship, leadership, or recordkeeping responsibilities
• reports and statistics documenting quantitative and qualitative performance measures, such as Government Performance and Results Act (GPRA) reporting
• portfolio management records, including clearance and review
• Reports on IT capital investments, such as OMB Exhibit 300 Major IT Business Cases (MITBCs) and IT Portfolio Summaries (ITPS), including IT Dashboard Exhibit 300 MITBC submissions
• business case development, review, and clearance records regarding major investments, systems, acquisitions, or operational assets

Exclusion 1: Policy records generated by the CIO (agencies must schedule these separately).

Exclusion 2: Records of Government-wide committees sponsored by CIOs, such as the Federal Chief Information Officers Council (the agency with responsibility for convening the committee must schedule its records separately).

Exclusion 3: System data or content (agencies must schedule these separately).

Exclusion 4: Systems development records (GRS 3.1, General Technology Management Records, item 011, System development records, covers these).

Exclusion 5: Records documenting system and operational level compliance with IT policies, directives, and plans (GRS 3.1 General Technology Management Records, item 040, Information technology oversight and compliance records, covers these).

Temporary. Destroy when 7 years old, but longer retention is authorized if required for business use. (Supersedes GRS 27, item 1)

Records documenting agency compliance with Federal IRM laws and regulations, including systems and reports created to support compliance with the mandates of OMB, GAO, and other Federal IRM and IT oversight agencies.

Temporary. Destroy 5 years after submission of report, but longer retention is authorized if required for business use. (Supersedes GRS 27, item 4)

Correspondence, memorandums, memorandums of understanding, reports, telegrams, and other documentation on information services, information systems operations, and planning and development of information activities covering: applied technology, automation, compact disks, classification reviews, corporate systems, cryptography, data processing, development, digital systems, diplomatic mail and pouch, directives, E-mail, engineering, equipment, facilities, fax, Freedom of Information and Privacy Acts requests, graphics, information acquisition and indexing, information resources administration and research, installations, interagency affairs, libraries, networks management, logistics, maintenance, micrographics, procedures, procurement, programs, publishing, records management, Secretary correspondence, security, standards, strategic planning, systems, technical support, technology, telecommunications, training, user services, and other related subjects.

Permanent. Cut off file at the end of each calendar year. Retire to RSC for transfer to WNRC when 3 years old. Transfer to NARA when 30 years old in 5-year blocks.

Administrative and Management Services records (arranged by TAGS and terms) that relate to routine day-to-day administration and management of the office rather than the mission-specific activities for which the office exists. Records include:
• staff locators, unofficial organizational charts, and office seating charts (see Exclusion 1)
• office-level administrative policies and procedures and files related to their development (see Note 1)
• calendars or schedules of daily activities of non-high-level officials (high-level officials are defined in GRS 6.1; this item covers those positions not defined as high-level)
• informal requests and tracking of personnel training, travel, supplies, and equipment, excluding procurement and payment records and forms requesting training (e.g. SF-182)
• internal office activity and workload reports
• studies and analyses of office administrative functions and activities
• non-mission related management reviews and surveys
• minutes of meetings related to administrative activities

Exclusion 1: This item does not apply to recordkeeping copies of organizational charts, functional statements, and related records that document the mission-related organization, staffing, and procedures of the office. Agencies must schedule those records on an agency-specific schedule.

Note 1: This item covers administrative policies and procedures at the office/unit level. GRS 5.7 covers agency-level administrative issuances or directives.

Temporary. Destroy when business use ceases. (Supersedes GRS 23, item 1)

Many records included in this item are maintained by accountable officers to account for the availability and status of public funds, and are retained to enable GAO, Office of Inspector General, or other authority audit.

Financial transaction records include those created in the course of procuring goods and services, paying bills, collecting debts, and accounting for all finance activity, per the following definitions.

Procuring goods and services is the acquisition of physical goods, products, personal property, capital assets, infrastructure services such as utilities, and contracted personnel services to be used by the Federal Government. Paying bills means disbursements of federal funds for goods and services, and fulfilling financial obligations to grant and cooperative agreement recipients. Procurement and payment records include those such as:
• contracts
• requisitions
• purchase orders
• interagency agreements
• Military Interdepartmental Purchase Requests (MIPRs)
• printing requisitions to the Government Printing Office
• memoranda of agreement specifying a financial obligation
• solicitations/requests for bids, quotations or proposals for contracts and competitive grants
• proposals, quotations, bids (accepted, rejected, unopened) for contracts and competitive grants
• contingent fee justifications
• legal and financial instruments such as bond and surety records
• FAIR Act (A-76) records linked directly to specific procurement actions
• credit card/purchase card/charge card statements and supporting documentation
• vendor tax exemption records
• invoices
• leases
• recurring financial transactions such as utility and communications invoices
• documentation of contractual administrative requirements submitted by contractors such as status reports
• correspondence and papers pertaining to award, administration, receipt, inspection of and payment for goods and services in this list
• records of financing employee relocations (i.e. storage costs for household effects)

Collecting debts includes the collection of income from all sources (excluding taxation). Collections records document collection of monies from all sources excluding administrative claims, taxation (not covered under the GRS), and Congressional appropriation, such as:
• records documenting administration, receipt, and deposit of user fees for entry into and/or use of public facilities; for recovering costs of providing government services; and receipt of donations, bequests, and other collections from the public, including:
    o cash register transaction records
    o credit card and charge cards receipts
    o records documenting deposits
    o records documenting allocation of fees to funds/accounts
    o deposit lists and logs
    o customer orders
    o revolving fund records
• fee and fine collection records
• garnishments
• sale of excess and surplus personal property
• fee or rate schedules and supporting documentation
• out-leases of Federal property
• debt collection files and cash receipts
• writeoffs
• copies of checks
• payment billing coupons
• letters from lenders
• payment records
• money orders
• journal vouchers
• collection schedules

Accounting is the recording, classifying and summarizing of financial transactions and events related to assets, liabilities, revenue from all sources, and expenses to all payees to support financial reporting, enable audit, and accumulate and generate management information to assist in establishing an agency’s resource allocation priorities. Accounting records include those such as:
• accountable officers’ records concerned with the accounting for, availability, and status of public funds and maintained for Government Accountability Office (GAO) or other authority site audit, but excluding payroll records, and accounts pertaining to American Indians. Includes:
    o statements of transactions
    o statements of accountability
    o collection schedules and vouchers
    o disbursement schedules and vouchers
• vouchers
• certificates of closed accounts
• certificates of periodic settlements
• general funds files
• general accounting ledgers
• appropriation, apportionment, and allotment files
• posting and control files
• bills of lading
• transportation and travel requests, authorizations, and vouchers
• commercial freight vouchers
• unused ticket redemption forms

Legal citation: 28 U.S. Code 2401(a)

Note 1: Procurement and other financial files that stand out because of high dollar value, media attention, historical value, research value, or other extenuating circumstances may have permanent value. Agencies that believe they hold such files should submit a records schedule to NARA.

Note 2: Accounts and supporting documents pertaining to American Indians are not authorized for disposal by this schedule. Such records should be reviewed and scheduled appropriately by the agency since they may be needed in litigation involving the Government’s role as trustee of property held by the Government and managed for the benefit of Indians.

Note 3: The Comptroller General has the right to require an agency to retain any portion of these records for a period of up to 10 years.

Temporary. Destroy when business use ceases.

Acceptable performance appraisals of non-senior executive service employees. Performance records for employees as defined in 5 U.S.C. 4301(2)).

Employee performance records are ratings of record, the performance plans on which ratings are based, supporting documentation for those ratings, and any other performance-related material required by an agency’s performance appraisal system.

Exclusion 1: Performance records superseded through an administrative, judicial, or quasi-judicial procedure are covered by item 073 of this schedule.

Exclusion 2: Performance records of Presidential appointees are not covered by the GRS. Such records must be scheduled by submitting an agency-specific schedule to NARA.

Legal citation: 5 CFR Part 293.404

Temporary. Destroy no sooner than 4 years after date of appraisal, but longer retention is authorized if required for business use. (Supersedes GRS 1, item 23; GRS 1, item 23a(1); GRS 1, item 23a(2); GRS 1, item 23a(3)(a); GRS 1, item 23a(3)(b); GRS 1, item 23a(4); and GRS 1, item 23a(5))

Records on positions, authorizations, pending actions, position descriptions, training records, individual development plans, telework agreements, award recommendations, and records on individual employees not duplicated in or not appropriate for the OPF. These records are sometimes called supervisors’ working files, unofficial personnel files (UPFs), and employee work folders or “drop” files.

Exclusion 1: Records that become part of a grievance file, an appeal or discrimination complaint file, a performance-based reduction-in-grade or removal action, or an adverse action. These records are covered under GRS 2.3, Employee Relations Records.

Exclusion 2: Employee medical documents, unless part of employee’s initial request for reasonable accommodation. Following approval, the agency’s reasonable accommodation decision replaces medical documentation and becomes the record. Reasonable accommodation employee case files are covered under GRS 2.3, Employee Relations Records.

Temporary. Review annually and destroy superseded documents. Destroy remaining documents 1 year after employee separation or transfer. (Supersedes GRS 1, item 18a and GRS 1, item 18b)

Agreements, correspondence, instructions, memorandums, memorandums of understanding, procedures, technical manuals, and other documentation on defense covering: accountability, allied military traffic, allied routing indicators, American Forces Radio and Television Service, commanders in chief, communications, conferences, counterterrorism, coordination, couriers, crisis management, emergency action procedures, equipment, exercises, Joint Chiefs of Staff, Operations Center, projects, Regional Information Management Centers, satellites, security, support, training, and other related subjects.

Temporary. Destroy when 3 years old.

These records relate to the development of information technology (IT) systems and software applications through their initial stages up until hand-off to production which includes planning, requirements analysis, design, verification and testing, procurement, and installation. Records include case files containing documentation of planning, decision making, designing, programming, testing, evaluation, and problem solving. Includes records such as:
• project plans
• feasibility studies
• cost analyses
• requirements documents
• compliance documents including:
    o Privacy Threshold Analyses (PTAs)
    o Privacy Impact Assessments (PIAs)
    o Security Plan
    o Information Protection Plan
• change control records
• Project Schedule
• Plan of Action and Milestones (POA&M)
• Configuration Management Plan
• Resource Management Plan
• Risk Assessment/Mitigation Plan
• Security Plan
• Disaster Recovery Plan
• Test/Acceptance Plan
• Quality Control Plan
• Deployment Guide
• User Guide
• Training Guide

Exclusion: This item does not apply to system data or content.

Note 1: For certain technical documentation (e.g., data dictionaries, file specifications, code books, record layouts, etc.) related to the detailed, as-built design or maintenance of an electronic system containing permanent records, use the GRS item Documentation Necessary for Preservation of Permanent Electronic Records.

Note 2: This is consistent with the fact that the most complete version of system documentation is retained within the maintenance phase.

Temporary. Destroy 5 years after system is superseded by a new iteration, or is terminated, defunded, or no longer needed for agency/IT administrative purposes, but longer retention is authorized if required for business use.

Many records included in this item are maintained by accountable officers to account for the availability and status of public funds, and are retained to enable GAO, Office of Inspector General, or other authority audit.

Financial transaction records include those created in the course of procuring goods and services, paying bills, collecting debts, and accounting for all finance activity, per the following definitions.

Procuring goods and services is the acquisition of physical goods, products, personal property, capital assets, infrastructure services such as utilities, and contracted personnel services to be used by the Federal Government. Paying bills means disbursements of federal funds for goods and services, and fulfilling financial obligations to grant and cooperative agreement recipients. Procurement and payment records include those such as:
• contracts
• requisitions
• purchase orders
• interagency agreements
• Military Interdepartmental Purchase Requests (MIPRs)
• printing requisitions to the Government Printing Office
• memoranda of agreement specifying a financial obligation
• solicitations/requests for bids, quotations or proposals for contracts and competitive grants
• proposals, quotations, bids (accepted, rejected, unopened) for contracts and competitive grants
• contingent fee justifications
• legal and financial instruments such as bond and surety records
• FAIR Act (A-76) records linked directly to specific procurement actions
• credit card/purchase card/charge card statements and supporting documentation
• vendor tax exemption records
• invoices
• leases
• recurring financial transactions such as utility and communications invoices
• documentation of contractual administrative requirements submitted by contractors such as status reports
• correspondence and papers pertaining to award, administration, receipt, inspection of and payment for goods and services in this list
• records of financing employee relocations (i.e. storage costs for household effects)

Collecting debts includes the collection of income from all sources (excluding taxation). Collections records document collection of monies from all sources excluding administrative claims, taxation (not covered under the GRS), and Congressional appropriation, such as:
• records documenting administration, receipt, and deposit of user fees for entry into and/or use of public facilities; for recovering costs of providing government services; and receipt of donations, bequests, and other collections from the public, including:
    o cash register transaction records
    o credit card and charge cards receipts
    o records documenting deposits
    o records documenting allocation of fees to funds/accounts
    o deposit lists and logs
    o customer orders
    o revolving fund records
• fee and fine collection records
• garnishments
• sale of excess and surplus personal property
• fee or rate schedules and supporting documentation
• out-leases of Federal property
• debt collection files and cash receipts
• writeoffs
• copies of checks
• payment billing coupons
• letters from lenders
• payment records
• money orders
• journal vouchers
• collection schedules

Accounting is the recording, classifying and summarizing of financial transactions and events related to assets, liabilities, revenue from all sources, and expenses to all payees to support financial reporting, enable audit, and accumulate and generate management information to assist in establishing an agency’s resource allocation priorities. Accounting records include those such as:
• accountable officers’ records concerned with the accounting for, availability, and status of public funds and maintained for Government Accountability Office (GAO) or other authority site audit, but excluding payroll records, and accounts pertaining to American Indians. Includes:
    o statements of transactions
    o statements of accountability
    o collection schedules and vouchers
    o disbursement schedules and vouchers
• vouchers
• certificates of closed accounts
• certificates of periodic settlements
• general funds files
• general accounting ledgers
• appropriation, apportionment, and allotment files
• posting and control files
• bills of lading
• transportation and travel requests, authorizations, and vouchers
• commercial freight vouchers
• unused ticket redemption forms

Legal citation: 28 U.S. Code 2401(a)

Note 1: Procurement and other financial files that stand out because of high dollar value, media attention, historical value, research value, or other extenuating circumstances may have permanent value. Agencies that believe they hold such files should submit a records schedule to NARA.

Note 2: Accounts and supporting documents pertaining to American Indians are not authorized for disposal by this schedule. Such records should be reviewed and scheduled appropriately by the agency since they may be needed in litigation involving the Government’s role as trustee of property held by the Government and managed for the benefit of Indians.

Note 3: The Comptroller General has the right to require an agency to retain any portion of these records for a period of up to 10 years.

Tempora;ry. Destroy 6 years after final payment of cancellation. (Supersedes GRS 3, items 3a(2) amd 5a).

Many records included in this item are maintained by accountable officers to account for the availability and status of public funds, and are retained to enable GAO, Office of Inspector General, or other authority audit.

Financial transaction records include those created in the course of procuring goods and services, paying bills, collecting debts, and accounting for all finance activity, per the following definitions.

Procuring goods and services is the acquisition of physical goods, products, personal property, capital assets, infrastructure services such as utilities, and contracted personnel services to be used by the Federal Government. Paying bills means disbursements of federal funds for goods and services, and fulfilling financial obligations to grant and cooperative agreement recipients. Procurement and payment records include those such as:
• contracts
• requisitions
• purchase orders
• interagency agreements
• Military Interdepartmental Purchase Requests (MIPRs)
• printing requisitions to the Government Printing Office
• memoranda of agreement specifying a financial obligation
• solicitations/requests for bids, quotations or proposals for contracts and competitive grants
• proposals, quotations, bids (accepted, rejected, unopened) for contracts and competitive grants
• contingent fee justifications
• legal and financial instruments such as bond and surety records
• FAIR Act (A-76) records linked directly to specific procurement actions
• credit card/purchase card/charge card statements and supporting documentation
• vendor tax exemption records
• invoices
• leases
• recurring financial transactions such as utility and communications invoices
• documentation of contractual administrative requirements submitted by contractors such as status reports
• correspondence and papers pertaining to award, administration, receipt, inspection of and payment for goods and services in this list
• records of financing employee relocations (i.e. storage costs for household effects)

Collecting debts includes the collection of income from all sources (excluding taxation). Collections records document collection of monies from all sources excluding administrative claims, taxation (not covered under the GRS), and Congressional appropriation, such as:
• records documenting administration, receipt, and deposit of user fees for entry into and/or use of public facilities; for recovering costs of providing government services; and receipt of donations, bequests, and other collections from the public, including:
    o cash register transaction records
    o credit card and charge cards receipts
    o records documenting deposits
    o records documenting allocation of fees to funds/accounts
    o deposit lists and logs
    o customer orders
    o revolving fund records
• fee and fine collection records
• garnishments
• sale of excess and surplus personal property
• fee or rate schedules and supporting documentation
• out-leases of Federal property
• debt collection files and cash receipts
• writeoffs
• copies of checks
• payment billing coupons
• letters from lenders
• payment records
• money orders
• journal vouchers
• collection schedules

Accounting is the recording, classifying and summarizing of financial transactions and events related to assets, liabilities, revenue from all sources, and expenses to all payees to support financial reporting, enable audit, and accumulate and generate management information to assist in establishing an agency’s resource allocation priorities. Accounting records include those such as:
• accountable officers’ records concerned with the accounting for, availability, and status of public funds and maintained for Government Accountability Office (GAO) or other authority site audit, but excluding payroll records, and accounts pertaining to American Indians. Includes:
    o statements of transactions
    o statements of accountability
    o collection schedules and vouchers
    o disbursement schedules and vouchers
• vouchers
• certificates of closed accounts
• certificates of periodic settlements
• general funds files
• general accounting ledgers
• appropriation, apportionment, and allotment files
• posting and control files
• bills of lading
• transportation and travel requests, authorizations, and vouchers
• commercial freight vouchers
• unused ticket redemption forms

Legal citation: 28 U.S. Code 2401(a)

Note 1: Procurement and other financial files that stand out because of high dollar value, media attention, historical value, research value, or other extenuating circumstances may have permanent value. Agencies that believe they hold such files should submit a records schedule to NARA.

Note 2: Accounts and supporting documents pertaining to American Indians are not authorized for disposal by this schedule. Such records should be reviewed and scheduled appropriately by the agency since they may be needed in litigation involving the Government’s role as trustee of property held by the Government and managed for the benefit of Indians.

Note 3: The Comptroller General has the right to require an agency to retain any portion of these records for a period of up to 10 years.

Temporary. Destroy when business use ceases. (Supersedes GRS 16, item 9).

Information Technology (IT) Oversight and Compliance records relate to compliance with IT policies, directives, and plans. Records are typically found in offices with agency-wide or bureau-wide responsibility for managing IT operations. Includes records such as:
• recurring and special reports
• responses to findings and recommendations
• reports of follow-up activities
• statistical performance data
• metrics
• inventory of web activity
• web use statistics
• comments/feedback from web site or application users
• internal and external reporting for compliance requirements relating to the Privacy Act, and electronic and Information technology accessibility under Section 508 of the Rehabilitation Act
• system availability reports
• target IT architecture reports
• systems development lifecycle handbooks
• computer network assessments and follow-up documentation
• vulnerability assessment reports
• assessment and authorization of equipment
• Independent Verification and Validation (IV&V) reports
• contractor evaluation reports
• quality assurance reviews and reports
• market analyses and performance surveys
• benefit-cost analyses
• make vs. buy analysis
• reports on implementation of plans
• compliance reviews
• data measuring or estimating impact and compliance

Note: Copies of security plans are scheduled under the GRS for Information Security Records. There may be copies interfiled within this series.

Temporary. Destroy 5 years after the project/activity/transaction is completed or superseded.

Records that describe the agency’s baseline or target enterprise or its information architecture, including technical reference models, diagrams, graphics, models, sequencing plans, and narratives.

Exclusion: Records of basic systems and services used to supply the agency and its staff with access to computers and data telecommunications (GRS 3.1 General Technology Management Records, item 010, Infrastructure project records, covers these).

Temporary. Destroy 7 years after creating a new iteration of the enterprise or information architecture, but longer retention is authorized if required for business use. (Supersedes GRS 27, item 2)

Records of agency IT program development and capital investment planning that document goals and milestones to achieve them; planning principles and activities; performance and evaluation measures such as TechStat reviews; and compliance with requirements such as OMB Circular A-130, the Federal Information Technology Acquisition Reform Act, and other laws. Includes:
• strategic and tactical plans
• records of internal agency governance boards supporting formally issued plans, including comments, concurrences, clearances, and justifications
• records maintained by committees, boards, task forces, conferences, or other IT advisory, governing, or policy bodies for which the Chief Information Officer (CIO) has sponsorship, leadership, or recordkeeping responsibilities
• reports and statistics documenting quantitative and qualitative performance measures, such as Government Performance and Results Act (GPRA) reporting
• portfolio management records, including clearance and review
• Reports on IT capital investments, such as OMB Exhibit 300 Major IT Business Cases (MITBCs) and IT Portfolio Summaries (ITPS), including IT Dashboard Exhibit 300 MITBC submissions
• business case development, review, and clearance records regarding major investments, systems, acquisitions, or operational assets

Exclusion 1: Policy records generated by the CIO (agencies must schedule these separately).

Exclusion 2: Records of Government-wide committees sponsored by CIOs, such as the Federal Chief Information Officers Council (the agency with responsibility for convening the committee must schedule its records separately).

Exclusion 3: System data or content (agencies must schedule these separately).

Exclusion 4: Systems development records (GRS 3.1, General Technology Management Records, item 011, System development records, covers these).

Exclusion 5: Records documenting system and operational level compliance with IT policies, directives, and plans (GRS 3.1 General Technology Management Records, item 040, Information technology oversight and compliance records, covers these).

Temporary. Destroy when 7 years old, but longer retention is authorized if required for business use. (Supersedes GRS 27, item 1 and GRS 27, item 3)

Information Technology (IT) Oversight and Compliance records relate to compliance with IT policies, directives, and plans. Records are typically found in offices with agency-wide or bureau-wide responsibility for managing IT operations. Includes records such as:
• recurring and special reports
• responses to findings and recommendations
• reports of follow-up activities
• statistical performance data
• metrics
• inventory of web activity
• web use statistics
• comments/feedback from web site or application users
• internal and external reporting for compliance requirements relating to the Privacy Act, and electronic and Information technology accessibility under Section 508 of the Rehabilitation Act
• system availability reports
• target IT architecture reports
• systems development lifecycle handbooks
• computer network assessments and follow-up documentation
• vulnerability assessment reports
• assessment and authorization of equipment
• Independent Verification and Validation (IV&V) reports
• contractor evaluation reports
• quality assurance reviews and reports
• market analyses and performance surveys
• benefit-cost analyses
• make vs. buy analysis
• reports on implementation of plans
• compliance reviews
• data measuring or estimating impact and compliance

Note: Copies of security plans are scheduled under the GRS for Information Security Records. There may be copies interfiled within this series.

Temporary. Destroy 5 years after the project/activity/transaction is completed or superseded. (Supersedes GRS 24, item 1a).

Information Technology Operations and Maintenance records relate to the activities associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems, and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity, or transaction is obsolete, completed, terminated or superseded. (Supersedes GRS 24, item 2).

Records created and retained for asset management, performance and capacity management, system management, configuration and change management, and planning, follow-up, and impact assessment of operational networks and systems. Includes records such as:
• data and detailed reports on implementation of systems, applications and modifications
• application sizing, resource and demand management records
• documents identifying, requesting, and analyzing possible changes, authorizing changes, and documenting implementation of changes
• documentation of software distribution (including COTS software license management files) and release or version management

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Per NARA practice, documentation for permanent electronic records should be transferred with the related records using the disposition authority for the related electronic records rather than the GRS disposition authority.

Note 3: Agencies may retain a copy of documentation related to permanent electronic records. This copy may be destroyed at any time after the transfer request has been signed by the National Archives.

Temporary. Destroy 5 years after system is superseded by a new iteration, or is terminated, defunded, or no longer needed for agency/IT administrative purposes. (Supersedes GRS 24, item 3b[1]).

Incremental back files. Backup files maintained for potential system restoration in the event of a system failure or other unintentional loss of data.

Temporary. Destroy when superseded by a full backup, or when no longer needed for system restoration, whichever is later. (Supersedes GRS 24, items 4a[1] and 4b).

These are records related to maintaining the security of information technology (IT) systems and data. Records outline official procedures for securing and maintaining IT infrastructure and relate to the specific systems for which they were written. This series also includes analysis of security policies, processes, and guidelines, as well as system risk management and vulnerability analyses. Includes records such as:
• System Security Plans
• Disaster Recovery Plans
• Continuity of Operations Plans
• published computer technical manuals and guides
• examples and references sed to produce guidelines covering security issues related to specific systems and equipment
• records on disaster exercises and resulting evaluations
• network vulnerability assessments
• risk surveys
• service test plans
• test files and data

Temporary. Destroy 1 year after system is superseded by a new iteration or when no longer needed for agency/IT administrative purposes to ensure a continuity of security controls throughout the life of the system. (Supersedes GRS 24, item 5a).

These records are created as part of the user identification and authorization process to gain access to systems. Records are used to monitor inappropriate systems access by users. Includes records such as:
• user profiles
• log-in files
• password files
• audit trail files and extracts
• system usage files
• cost-back files used to assess charges for system use

Exclusion 1. Excludes records relating to electronic signatures.

Exclusion 2. Does not include monitoring for agency mission activities such as law enforcement.

Temporary. Destroy when business use ceases. (Supersedes GRS 20, item 1c).

A computer incident within the Federal Government as defined by NIST Special Publication 800-61, Computer Security Incident Handling Guide, Revision 2, (August 2012) is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. This item covers records relating to attempted or actual system security breaches, including break-ins ("hacks," including virus attacks), improper staff usage, failure of security provisions or procedures, and potentially compromised information assets. It also includes agency reporting of such incidents both internally and externally. Includes records such as:
• reporting forms
• reporting tools
• narrative reports
• background documentation

Note: Any significant incidents (e.g., a major system failure or compromise of critical government data) must be documented in program records, such as those in the office of the Inspector General, which must be scheduled separately by submitting an SF 115 to NARA.

Temporary. Destroy 3 years after all necessary follow-up actions have been completed. (Supersedes GRS 24, item 7).

• records of incoming requests (and responses) made by phone, email, web portal, etc.
• trouble tickets and tracking logs
• quick guides and “Frequently Asked Questions” (FAQs)
• evaluations and feedback about help desk services
• analysis and reports generated from customer management data
• customer/client feedback and satisfaction surveys, including survey instruments, data, background materials, and reports

Exclusion: Public customer service records scheduled under GRS 6.5.

Temporary. Destroy 1 year after resolved, or when no longer needed for business use, whichever is appropriate. (Supersedes GRS 24, item 10b)

Information Technology (IT) infrastructure, systems, and services project records document the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes requirements for and implementation of functions such as:
• maintaining network servers, desktop computers, and other hardware,
• installing and upgrading network operating systems and shared applications, and
• providing data telecommunications; and infrastructure development and maintenance such as acceptance/authorization of infrastructure components, analysis of component options, feasibility, costs and benefits, and work associated with implementation, modification, and troubleshooting.

Includes records such as:
• installation and testing records
• installation reviews and briefings
• quality assurance and security review
• requirements specifications
• technology refresh plans
• operational support plans
• test plans
• models, diagrams, schematics, and technical documentation

Exclusion: Records relating to specific systems that support or document mission goals are not covered by this item and must be scheduled individually by the agency by submission of a records schedule to NARA.

Note: Records concerning the development of each information technology (IT) system and software application are covered under the item for System Development Records.

Temporary. Destroy 5 years after project is terminated. (Supersedes GRS 24, item 11a).

Records are PKI-unique administrative records that establish or support authentication by tying the user to a valid electronic credential and other administrative non-PKI records that are retained to attest to the reliability of the PKI transaction process. Included are policies and procedures planning records; stand-up configuration and validation records; operation records; audit and monitor records; and termination, consolidation, or reorganizing records.

Policies and procedures planning records relate to defining and establishing PKI systems. Records relate to such activities as determining that a PKI should be established; creating project implementation plans; creating the certificate policy (CP), certification practice statement (CPS), and other key operating documents; developing procedures in accordance with the CP and CPS; conducting risk analyses; developing records management policies (including migration strategies); and selecting the entity that will serve as registration authority (RA). Stand-up configuration and validation records relate to installing and validating both the Certification Authority (CA) and Registration Authority (RA), obtaining final approval or rejection from the agency's oversight or authorizing body, creating and generating a CA signature key, testing security procedures for the CA and RA, validating certification revocation procedures, and establishing back-up and storage for the PKI system.

Operation records relate to the certification application; certificate issuance and key generation (including key pair generation and private key loading and storage of private keys and components of private keys); certificate acceptance, validation, revocation, suspension, replacement, and renewal; creating and maintaining an event log; and installing and validating software updates. Audit and monitor records relate to conducting periodic internal and external reviews of auditable events specified in the Federal Bridge Certification Authority (FBCA) X.509 Certificate Policy and other Entity CA policies, monitoring compliance with security requirements specified in the CPS and other operating procedures, investigating internal fraud or misconduct, and conducting internal and external audits of software and systems security. Termination, consolidation, or reorganization records relate to terminating, consolidating, or reorganizing a PKI; notifying subscribers of decisions, transferring inactive keys and revocation certificate lists to storage repositories, transferring consenting subscribers' and certificates and related materials to a new Certificate Authority, destroying sensitive records involving privacy (in accordance with an authorized records schedule), and shutting down and disposing of RA hardware and CA software.

Note: Select PKI administrative records serve as transaction records that must be retained as part of the trust documentation set with transaction-specific records. Agencies must determine which PKI administrative records are embedded with transaction-specific records as transaction records. These administrative records may vary from transaction-to-transaction.

Temporary. Destroy/delete when 7 years 6 months, 10 years 6 months, or 20 years 6 months old, based on the maximum level of operation of the CA, or when no longer needed for business, whichever is later. (Supersedes GRS 24, item 13a[1]).

Records are PKI-unique administrative records that establish or support authentication by tying the user to a valid electronic credential and other administrative non-PKI records that are retained to attest to the reliability of the PKI transaction process. Included are policies and procedures planning records; stand-up configuration and validation records; operation records; audit and monitor records; and termination, consolidation, or reorganizing records.

Policies and procedures planning records relate to defining and establishing PKI systems. Records relate to such activities as determining that a PKI should be established; creating project implementation plans; creating the certificate policy (CP), certification practice statement (CPS), and other key operating documents; developing procedures in accordance with the CP and CPS; conducting risk analyses; developing records management policies (including migration strategies); and selecting the entity that will serve as registration authority (RA). Stand-up configuration and validation records relate to installing and validating both the Certification Authority (CA) and Registration Authority (RA), obtaining final approval or rejection from the agency's oversight or authorizing body, creating and generating a CA signature key, testing security procedures for the CA and RA, validating certification revocation procedures, and establishing back-up and storage for the PKI system.

Operation records relate to the certification application; certificate issuance and key generation (including key pair generation and private key loading and storage of private keys and components of private keys); certificate acceptance, validation, revocation, suspension, replacement, and renewal; creating and maintaining an event log; and installing and validating software updates. Audit and monitor records relate to conducting periodic internal and external reviews of auditable events specified in the Federal Bridge Certification Authority (FBCA) X.509 Certificate Policy and other Entity CA policies, monitoring compliance with security requirements specified in the CPS and other operating procedures, investigating internal fraud or misconduct, and conducting internal and external audits of software and systems security. Termination, consolidation, or reorganization records relate to terminating, consolidating, or reorganizing a PKI; notifying subscribers of decisions, transferring inactive keys and revocation certificate lists to storage repositories, transferring consenting subscribers' and certificates and related materials to a new Certificate Authority, destroying sensitive records involving privacy (in accordance with an authorized records schedule), and shutting down and disposing of RA hardware and CA software.

Note: Select PKI administrative records serve as transaction records that must be retained as part of the trust documentation set with transaction-specific records. Agencies must determine which PKI administrative records are embedded with transaction-specific records as transaction records. These administrative records may vary from transaction-to-transaction.

Temporary. Destroy/delete when 7 years 6 months, 10 years 6 months, or 20 years 6 months old, based on the maximum level of operation of the CA, or when no longer needed for business, whichever is later. (Supersedes GRS 24, item 13a[2]).

Correspondence pertaining to cryptographic clearances, including requests for clearance and grants of clearance.

a. Crypto Files.

Destroy when 15 years old.

a. Crypto Files.

Permanent. Attach to closing inventory report of outgoing custodian.

Correspondence, memorandums, telegrams, COMSEC Material Report (SF-153), and other documentation on cryptographic security systems covering classified information, communications security, computer security, computer systems, contracts, countermeasures, cryptographic security, destruction reports, information security, inspections, plans, procurement, requisitions, security material, procedures, secure voice, standards, systems, telecommunications security, workload statistics, and other related subjects.

a. Crypto Files.

Temporary. Cut off at end of calendar year. Retire to RSC when 3 years old. Destroy when 20 years old.

Information Technology Operations and Maintenance records relate to the activities associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems, and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity, or transaction is obsolete, completed, terminated or superseded. (Supersedes N1-059-95-4, item 38).

These are records related to maintaining the security of information technology (IT) systems and data. Records outline official procedures for securing and maintaining IT infrastructure and relate to the specific systems for which they were written. This series also includes analysis of security policies, processes, and guidelines, as well as system risk management and vulnerability analyses.

Includes records such as Systems Security Plans, Disaster Recovery Plans, Continuity of Operations Plans, published computer technical manuals and guides, examples and references used to produce guidelines covering security issues related to specific systems and equipment, records on disaster exercises and resulting evaluations, network vulnerability assessments, risk surveys, service test plans, and test files and data.

Temporary. Destroy 1 year after system is superseded by a new iteration or when no longer needed for agency/IT administrative purposes to ensure a continuity of security controls throughout the life of the system. (Supersedes N1-059-95-4, item 39).

A computer incident within the Federal Government as defined by NIST Special Publication 800-61, Computer Security Incident Handling Guide, Revision 2, (August 2012) is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. This item covers records relating to attempted or actual system security breaches, including break-ins (“hacks,” including virus attacks), improper staff usage, failure of security provisions or procedures, and potentially compromised information assets. It also includes agency reporting of such incidents both internally and externally. Includes records such as: reporting forms, reporting tools, narrative reports, and background documentation.

Note: Any significant incidents (e.g., a major system failure or compromise of critical government data) must be documented in program records, such as those in the office of the Inspector General, which must be scheduled separately by submitting an SF 115 to NARA.

Temporary. Destroy 3 years after all necessary follow-up actions have been completed.(Supersedes N1-059-95-4, item 40).

Records tracking and controlling access to protected information.

Includes:
• records documenting receipt, internal routing, dispatch, or destruction of classified and controlled unclassified records
• tracking databases and other records used to manage overall access program
• requests and authorizations for individuals to have access to classified and controlled unclassified records and information

Note: Records documenting individuals' security clearances are covered under GRS 5.6, items 180 and 181.

Temporary. Destroy 2 years after last form entry, reply, or submission; or when associated documents are declassified or destroyed, decontrolled, or destroyed; or when an individual's authorization expires; whichever is appropriate. Longer retention is authorized if required for business use.

Correspondence, memorandums, memorandums of understanding, telegrams, and other documentation on interagency affairs covering agreements, civil aviation, communications, coordination, diplomatic missions, directives, emergency preparedness, executive orders, foreign governments, frequencies, guidance, information management, interagency committees, international organizations, monitoring, national security, National Security and Emergency Preparedness, National Telecommunications and Information Administration, NATO, negotiations, plans, policies, radios, reciprocal arrangements, security, services, standards, support, telephones, and other related subjects.

a. Memorandums of Understanding.

Temporary. Cut off at end of each calendar year. Destroy 2 years after terminated or closed.

Correspondence, memorandums, memorandums of understanding, telegrams, and other documentation on interagency affairs covering agreements, civil aviation, communications, coordination, diplomatic missions, directives, emergency preparedness, executive orders, foreign governments, frequencies, guidance, information management, interagency committees, international organizations, monitoring, national security, National Security and Emergency Preparedness, National Telecommunications and Information Administration, NATO, negotiations, plans, policies, radios, reciprocal arrangements, security, services, standards, support, telephones, and other related subjects.

b. All other material.

Temporary. Cut off at end of each calendar year. Destroy when 3 years old.

Correspondence, memorandums, memorandums of understandings, telegrams, and other documentation on interagency agreements covering agencies, agreements, connections, equipment, instructions, maintenance, scanners, secure voice, work agreements, 071802 agreements (Diplomatic Telecommunications Service (DTS), Direct Communications Link, Nuclear Risk Reduction Center Communications Link, and National Risk Reduction Center Communications Link) and other related subjects.

Temporary. Destroy signed original agreement and related documents 5 years after termination date of agreement, extension, or final act.

Memorandums, telegrams, and other documentation on post interagency affairs covering background information, communications, equipment, guidance, International Telecommunications Union (ITU), satellites, and other related subjects.

Temporary. Cut off at end of each calendar year. Destroy when 3 years old.

Correspondence, memorandums, telegrams, and other documentation on radio reciprocity covering background information, costs, frequency allocations, history, permission to operate, power usage, radios, rights to own radios, satellites, and other related subjects.

Permanent. Review annually. Retire inactive files, that have had no action in 5 years, to RSC for transfer to WNRC. Transfer to NARA when 30 years old.

Information Technology Operations and Maintenance records relate to the activities associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems (digital systems and voice systems files), and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity, or transaction is obsolete, completed, terminated or superseded. (Supersedes N1-059-95-4, item 65a).

These records relate to the development of information technology (IT) systems (radio frequency files) and software applications through their initial stages up until hand-off to production which includes planning, requirements analysis, design, verification and testing, procurement, and installation. Records include case files containing documentation of planning, decision making, designing, programming, testing, evaluation, and problem solving. Includes records such as:
• project plans
• feasibility studies
• cost analyses
• requirements documents
• compliance documents including:
    o Privacy Threshold Analyses (PTAs)
    o Privacy Impact Assessments (PIAs)
    o Security Plan
    o Information Protection Plan
• change control records
• Project Schedule
• Plan of Action and Milestones (POA&M)
• Configuration Management Plan
• Resource Management Plan
• Risk Assessment/Mitigation Plan
• Security Plan
• Disaster Recovery Plan
• Test/Acceptance Plan
• Quality Control Plan
• Deployment Guide
• User Guide
• Training Guide

Exclusion: This item does not apply to system data or content.

Note 1: For certain technical documentation (e.g., data dictionaries, file specifications, code books, record layouts, etc.) related to the detailed, as-built design or maintenance of an electronic system containing permanent records, use the GRS item Documentation Necessary for Preservation of Permanent Electronic Records.

Note 2: This is consistent with the fact that the most complete version of system documentation is retained within the maintenance phase.

Temporary. Destroy 5 years after system is superseded by a new iteration, or is terminated, defunded, or no longer needed for agency/IT administrative purposes. (Supersedes N1-059-95-4, item 67a).

Information Technology Operations and Maintenance records relate to the activities (Special Communications Support Files and Temporary Duty Trip Files) associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems, and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity or transaction is obsolete, completed, terminated or superseded.

a. Master File

The EDW information system developed in 2007 is one of several tools used by the Data Management (DM) program to accomplish DM’s goal to maximize the accessibility, reusability, reliability, and overall quality of the Department of State’s enterprise. EDW collects data from various electronic information systems (the International Cooperative Administrative Support Services system (ICASS), Global Financial Management System (GFMS), Human Resources Knowledge Center (KC), Post Administrative Software Suite (PASS), and Integrated Logistics Management System (ILMS)) worldwide. EDW provides Executive dashboards, for senior management, Collaborative Management Initiative (CMI) dashboards for overseas and COMPARE dashboards used to measure the performance of Posts based on uniform standards, and ICASS services. EDW dashboards and reporting are utilized by the Office of Management Policy, Rightsizing and Innovation (M/PRI) and personnel overseas to answer questions about Department of State operations. Reports produced by EDW are also used to track the efficiency of ICASS services.

Temporary. Cut off at end of calendar year. Delete 10 years after cut off or when no longer needed whichever is later.

Telephone Billing Invoice Files.

Many records included in this item are maintained by accountable officers to account for the availability and status of public funds, and are retained to enable GAO, Office of Inspector General, or other authority audit.

Financial transaction records include those created in the course of procuring goods and services, paying bills, collecting debts, and accounting for all finance activity, per the following definitions.

Procuring goods and services is the acquisition of physical goods, products, personal property, capital assets, infrastructure services such as utilities, and contracted personnel services to be used by the Federal Government. Paying bills means disbursements of federal funds for goods and services, and fulfilling financial obligations to grant and cooperative agreement recipients. Procurement and payment records include those such as:
• contracts
• requisitions
• purchase orders
• interagency agreements
• Military Interdepartmental Purchase Requests (MIPRs)
• printing requisitions to the Government Printing Office
• memoranda of agreement specifying a financial obligation
• solicitations/requests for bids, quotations or proposals for contracts and competitive grants
• proposals, quotations, bids (accepted, rejected, unopened) for contracts and competitive grants
• contingent fee justifications
• legal and financial instruments such as bond and surety records
• FAIR Act (A-76) records linked directly to specific procurement actions
• credit card/purchase card/charge card statements and supporting documentation
• vendor tax exemption records
• invoices
• leases
• recurring financial transactions such as utility and communications invoices
• documentation of contractual administrative requirements submitted by contractors such as status reports
• correspondence and papers pertaining to award, administration, receipt, inspection of and payment for goods and services in this list
• records of financing employee relocations

Temporary. Destroy 6 years after final payment or cancellation.

Telephone - Contract Management Files including OF-206 (Purchase Order, Receiving Report, and Voucher) and OF-263 (Requisition for equipment, Supplies, Furniture, Etc.).

Many records included in this item are maintained by accountable officers to account for the availability and status of public funds, and are retained to enable GAO, Office of Inspector General, or other authority audit.

Financial transaction records include those created in the course of procuring goods and services, paying bills, collecting debts, and accounting for all finance activity, per the following definitions.

Procuring goods and services is the acquisition of physical goods, products, personal property, capital assets, infrastructure services such as utilities, and contracted personnel services to be used by the Federal Government. Paying bills means disbursements of federal funds for goods and services, and fulfilling financial obligations to grant and cooperative agreement recipients. Procurement and payment records include those such as:
• contracts
• requisitions
• purchase orders
• interagency agreements
• Military Interdepartmental Purchase Requests (MIPRs)
• printing requisitions to the Government Printing Office
• memoranda of agreement specifying a financial obligation
• solicitations/requests for bids, quotations or proposals for contracts and competitive grants
• proposals, quotations, bids (accepted, rejected, unopened) for contracts and competitive grants
• contingent fee justifications
• legal and financial instruments such as bond and surety records
• FAIR Act (A-76) records linked directly to specific procurement actions
• credit card/purchase card/charge card statements and supporting documentation
• vendor tax exemption records
• invoices
• leases
• recurring financial transactions such as utility and communications invoices
• documentation of contractual administrative requirements submitted by contractors such as status reports
• correspondence and papers pertaining to award, administration, receipt, inspection of and payment for goods and services in this list
• records of financing employee relocations

Temporary. Destroy when business use ceases.

Information Technology Operations and Maintenance records relate to the activities (Domestic Operations, Data Processing, ADP, Communications Management, and Telephone Work Order Files) associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems, and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity or transaction is obsolete, completed, terminated or superseded.

Enterprise Metadata Repository, Master Reference Data, and Enterprise Data Warehouse documentation.

Data administration records and documentation relating to electronic records that are scheduled as temporary in the GRS or in a NARA-approved agency schedule or any types of data administration records not listed as permanent in item DAA-GRS-2013-0005-0002, including
• data/database dictionary records
• data systems specifications
• file specifications
• code books
• record layouts
• metadata
• user guides
• output specifications

and also the following records for all electronic records whether scheduled as temporary or permanent

• software operating manuals
• data standards
• table and dependency descriptions
• taxonomies
• schemas
• registries
• source code
• physical data model
• logical data model

Temporary. Destroy 5 years after the project/activity/transaction is completed or superseded, or the associated system is terminated, or the associated data is migrated to a successor system. (Supersedes GRS 20, item 11a[1]).

Incremental backup files pertaining to the Enterprise Data Warehouse (EDW) maintained for potential system restoration in the event of a system failure or other unintentional loss of data.

Temporary. Destroy when superseded by a full backup, or when no longer needed for system restoration, whichever is later. (Supersedes GRS 24, item 4a[1]).

File identical to temporary records authorized for destruction by a NARA-approved records schedule.

Backups files related to the master Reference Data System and Enterprise Metadata Repository

Electronic copy, considered by the agency to be a Federal record, of the master copy of an electronic record or file and retained in case the master file or database is damaged or inadvertently erased.

Temporary. Destroy immediately after the identical records have been deleted or replaced by a subsequent backup file. (Supersedes GRS 20, item 8b).

Enterprise Metadata Repository (EMR) and Enterprise Data Warehouse (EDW) records consisting of metadata extracted for the specific purpose of information interchange and written with varying technical specifications.

Also includes Master Reference Data (MRD) System records consisting of reference codes copied, extracted, merged, and/or calculated from other data, when the original data is retained. Also includes adhoc printouts created for reference purposes or to meet day-to-day business needs.

Temporary. Destroy upon creation or update of the final record, or when no longer needed for business use, whichever is later.

Information Technology Operations and Maintenance records relate to the activities (Foreign Operations Management Files and Posts Information Management Liaison/Systems Files) associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems, and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity, or transaction is obsolete, completed, terminated or superseded.

Information Technology (IT) infrastructure, systems, and services project records document the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes requirements for and implementation of functions such as:
• maintaining network servers, desktop computers, and other hardware,
• installing and upgrading network operating systems and shared applications, and
• providing data telecommunications; and infrastructure development and maintenance such as acceptance and authorization of infrastructure components, analysis of component options, feasibility, costs and benefits, and work associated with implementation, modification, and troubleshooting.
Includes records such as:
• Facilities, Installation, Drawing, and Program Files
• installation and testing records
• installation reviews and briefings
• quality assurance and security review
• requirements specifications
• technology refresh plans
• operational support plans
• test plans
• models, diagrams, schematics, and technical documentation

Exclusion: Records relating to specific systems that support or document mission goals are not covered by this item and must be scheduled individually by the agency by submission of a records schedule to NARA. Note: Records concerning the development of each information technology (IT) system and software application are covered under the item for System Development Records.

Temporary. Destroy 5 years after project is terminated.

These records relate to the development of information technology (IT) systems and software applications through their initial stages up until hand-off to production which includes planning, requirements analysis, design, verification and testing, procurement, and installation. Records include case files containing documentation of planning, decision making, designing, programming, testing, evaluation, and problem solving. Includes records such as:
• Secure Voice Files
• project plans
• feasibility studies
• cost analyses
• requirements documents
• compliance documents including:
    o Privacy Threshold Analyses (PTAs)
    o Privacy Impact Assessments (PIAs)
    o Security Plan
    o Information Protection Plan
• change control records
• Project Schedule
• Plan of Action and Milestones (POA&M)
• Configuration Management Plan
• Resource Management Plan
• Risk Assessment/Mitigation Plan
• Security Plan
• Disaster Recovery Plan
• Test /Acceptance Plan
• Quality Control Plan
• Deployment Guide
• User Guide
• Training Guide

Exclusion: This item does not apply to system data or content.

Note 1: For certain technical documentation (e.g., data dictionaries, file specifications, code books, record layouts, etc.) related to the detailed, as-built design or maintenance of an electronic system containing permanent records, use the GRS item Documentation Necessary for Preservation of Permanent Electronic Records.

Note 2: This is consistent with the fact that the most complete version of system documentation is retained within the maintenance phase.

Temporary. Destroy 5 years after system is superseded by a new iteration, or is terminated, defunded, or no longer needed for agency/IT administrative purposes, but longer retention is authorized if required for business use.

Information Technology Operations and Maintenance records relate to the activities (Technicall Operations Files and Automated Data Processing Files) associated with the operations and maintenance of the basic systems and services used to supply the agency and its staff with access to computers and data telecommunications. Includes the activities associated with IT equipment, IT systems, and storage media, IT system performance testing, asset and configuration management, change management, and maintenance of network infrastructure.

Includes records such as files identifying IT facilities and sites; files concerning implementation of IT facility and site management; equipment support services provided to specific sites, including reviews, site visit reports, trouble reports, equipment service histories, reports of follow-up actions, and related correspondence; inventories of IT assets, network circuits, and building or circuitry diagrams; equipment control systems such as databases of barcodes affixed to IT physical assets, and tracking of [approved] personally-owned devices; requests for service; work orders; service histories; workload schedules; run reports; schedules of maintenance and support activities; problem reports and related decision documents relating to the software infrastructure of the network or system; reports on operations including measures of benchmarks, performance indicators, critical success factors, error and exception reporting, self-assessments, performance monitoring, and management reports; website administration including frames, templates, style sheets, site maps, codes that determine site architecture, change requests, site posting logs, clearance records, requests for correction of incorrect links or content posted, requests for removal of duplicate information, user logs, search engine logs, and audit logs; and records to allocate charges and track payment for software and services.

Note 1: If any maintenance activities have a major impact on a system or lead to a significant change, those records should be maintained as part of the Configuration and Change Management Records.

Note 2: Records needed to support contracts should be in procurement files, which are scheduled under the GRS for General Financial Management Records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity, or transaction is obsolete, completed, terminated or superseded.

Master File:

eServices 2.0 is the "one-stop shop" web application for overseas users to request, provision and track ICASS goods and services that replaces the legacy WebPASS and eServices applications in use by Post today. Users under Chief of Mission Authority are able to request services to include, but not limited to, computer helpdesk requests to install software, fix printers, or reset passwords; motor pool trip requests to have a car and driver for transportation to and from an airport; facility work orders to repair items in their home or office; property pickup or delivery Requests to deliver and/or remove items from their home or office. eServices 2.0 also allows end-users to monitor status on the completion of their requests as well as measure time metrics on how long it took to complete a request. (Supersedes GRS 24 item, 2; GRS 24, item 6a; GRS 24, items 8b and 8c; GRS 24, items 10a and 10b; GRS 15 item, 2a and 2b; GRS 4 item 1; and GRS, 10 item 2a).

Temporary. Destroy three years after requests have been completed or when no longer needed, whichever is later.

System Documentation:

Includes systems requirements, system design, and user guides.

Temporary. Destroy 5 years after the project/activity/transaction is completed or superseded, or the associated system is terminated, or the associated data is migrated to a successor system. (Supersedes GRS 20, item 11a[1]).

System Backups and Tape Library Records:

Backup tapes maintained for potential system restoration in the event of system failure or other unintentional loss of data.

Temporary. Destroy when superseded by a full backup, or when no longer needed for system restoration, whichever is later. (Supersedes GRS 24, item 4a[1]).

eServices 2.0. Inputs include personal data such as name, post assignment, ICASS agency, employee type received from HR’s Overseas Personnel System (OPS); standard reference data such as post name, post 4-FAH org cod, ICASS Agency Name, ICASS Agency Code, ICASS cost center, country name, bureau name, post calendars, post hours of operation retrieved from the Master Reference Database System and property data to include, but not limited to, property name, property address, property type, city and country received from the Office of Buildings Operations (OBO) Real Property Application (RPA).

Outputs include reference information such as Customer Service Requests Ticket numbers that can have status and history tracked by the Customer Service Provider and reports on aggregated information such as the number of request completed within a month, average time to complete a request, and average customer satisfaction rating on completed requests.

Temporary. Destroy upon creation or update of the final record, or when no longer needed for business use, whichever is later.

Extra copies of documents arranged in numerical or date order for convenience of reference.

NOTE: Offices that maintain both a Program File AND a Chron File may use this item to dispose of their Chron file. However, offices that maintain ONLY a Chron File can not use this item to dispose of their "Chron File" - until they set up a Program File (subject or case file) for their evidentiary mission/program activities.

Temporary. Cut off at end of each calendar year. Destroy 1 year after cut off date or when no longer needed, whichever is sooner.

Records (arranged by TAGS and TERMS) accumulated by individual offices that relate to routine day-to-day administration and management of the office rather than the mission-specific activities for which the office exists. Records include:
• staff locators, unofficial organizational charts, and office seating charts (see Exclusion 1)
• office-level administrative policies and procedures and files related to their development (see Note 1)
• calendars or schedules of daily activities of non-high-level officials (high-level officials are defined in GRS 6.1; this item covers those positions not defined as high-level)
• informal requests and tracking of personnel training, travel, supplies, and equipment, excluding procurement and payment records and forms requesting training (e.g. SF-182)
• internal office activity and workload reports
• studies and analyses of office administrative functions and activities
• non-mission related management reviews and surveys
• minutes of meetings related to administrative activities

Exclusion 1: This item does not apply to recordkeeping copies of organizational charts, functional statements, and related records that document the mission-related organization, staffing, and procedures of the office. Agencies must schedule those records on an agency-specific schedule.

Note 1: This item covers administrative policies and procedures at the office/unit level. GRS 5.7 covers agency-level administrative issuances or directives.

Temporary. Destroy when business use ceases. (Supersedes GRS 23, item 1)