This policy applies to all records, including all Altair Information and Altair Resources, regardless of format, whether in paper, electronic, microform (e.g., microfilm, microfiche, magnetic tapes, and CD-ROM), or other medium.
The purpose of the Record Management Policy is to (1) establish an efficient Altair-wide record management system for maintaining, identifying, retrieving, preserving and destroying records, (2) ensure that records are adequately protected, (3) preserve Altair history, (4) ensure that records that are no longer needed or of no value are destroyed at the appropriate time, and (5) comply with all applicable local, state, and federal laws and regulations.
The Chief Financial Officer (CFO) is responsible for retention of financial (accounting, tax), statutory and regulatory, and other related records.
The Senior Vice President, Human Resources and Administration is responsible for retention of all HR records.
The Vice President, Infrastructure Services is responsible for storage of electronic data in line with this procedure.
The Chief Technology Officer is responsible for ensuring that retained records are included in business continuity and disaster recovery plans.
|Active Record||See “Altair Record” below.|
|Historical Record||See “Altair Record” below.
|Custodian of Record||The designated Department, as identified in the Record Retention Schedule, responsible for retaining and timely destruction of Altair Records in compliance with this Policy.|
|Department||Any and all business, financial, human resources offices of Altair.|
|Electronically Stored Information
|Any and all information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software. Electronically Stored Information resides in many places, including:
· Office Equipment – including personal computers, laptops, smart phones, PDAs, Blackberries®, and voicemail systems;
· Networked Photocopiers,
· Portable Media – including jump drives, portable hard drives, CDs, DVDs, magnetic tapes, diskettes, memory cards;
· Servers – including email servers, SPAM filter servers, Blackberry® servers, document management systems servers, instant messaging (IM) servers, file servers, print servers, firewall servers, HR database, servers, payroll database servers, and internal and external web servers;
· Proprietary applications (software or other programs licensed expressly to Altair); and
· Back-up tapes or other backup systems.
|Inactive Record||See “Altair Record” below.|
|IS Office||The office of Information Services, and/or, as applicable, any other organizational technology group within Altair (including its subsidiaries and affiliates) that maintains Altair Information or Altair Resources.|
|Litigation Hold Notice||A formal directive issued by the Vice President, Legal Services that Altair is under a legal obligation to preserve potentially relevant evidence in connection with a pending or threatened legal action.|
|Record Management Administrator||The Department representative responsible for maintaining day-to-day records management practices and procedures.|
|Record Retention Period||The length of time for which the Custodian of Record is responsible for retaining a specified Altair Record in accordance with the Record Retention Schedule.|
|Record Retention Schedule||The table listing the required Record Retention Period and the designated Custodian of Record for each identified Altair Record.|
|Altair||Altair Global Services, LLC, d/b/a Altair Global including its divisions, subsidiaries and affiliates (e.g., Altair Global Relocation Ltd., Shanghai, Singapore, EU, etc.|
|All activities and business must be conducted on Altair Resources. All Altair Information must be stored on Altair Resources. Any and all use of Altair Information and Altair Resources must comply with all local, state, and federal laws and regulations as well as company policies and procedures and client contracts.
At Altair’s sole discretion and in accordance with this Policy and procedure, any and all Altair Information and Altair Resources are subject to access by designated Altair representatives, with the approval of the Chief Executive Officer, President or Senior Vice President for Human Resources for preservation, review, monitoring, and seizure, at any time without notice, in order to:
1. Ensure compliance with local, state, and federal laws and regulations as well as any Altair policy, and procedure;
2. Comply with any order by a court, agency, or other governmental entity;
3. Retain information and data;
4. Preserve and produce Evidence in Litigation Discovery;
5. Maintain the integrity and security of Altair Information and Altair Resources;
6. Investigate a suspected violation of law or regulation, or of a suspected infraction of Altair policy; and/or
7. Respond to an emergency of any kind.
Because the primary use of Altair Information and Altair Resources is to further Altair’s mission, goals and objectives, Applicable Members should not have an expectation of privacy in their use of such resources and information. In the event Altair activities and business are conducted on non-Altair Resources, or Altair Information is stored on Non-Altair Resources, such non-Altair Resources are subject to this policy.
Any violation of this policy and procedure or failure to timely cooperate in complying with its provisions by any Applicable Member may result in disciplinary action up to and including termination.
|Altair Record||Any recorded information that is created or received by an Applicable Member or Department in the ordinary course of Altair business. All Altair Records regardless of their format (e.g. hardcopy or electronic) are subject to this Policy.
· Active Record: An Altair Record that is currently being used in the ordinary course of Altair business.
· Inactive Record: An Altair Record that is no longer being used in the ordinary course of Altair business that must be retained until the end of its Record Retention Period and is not required to be preserved in accordance with a Litigation Hold Notice.
· Expired Record: An Altair Record:
o that is no longer being used in the ordinary course of Altair business;
o is not listed under the Record Retention Schedule or whose Record Retention Period has ended;
o that is not subject to a Litigation Hold Notice; and
o that is not a Historical Record.
4.2 Altair Records and Record Retention Schedule
4.2.1 Active, Inactive, and Historical Records must be maintained in accordance with the Record Retention Schedule and this Policy. Expired Records must be destroyed in accordance with this Policy. Specific record retention periods are listed in Exhibit B. The CFO has the authority to extend the records retention period beyond those listed in Exhibit B.
4.2.2 The Record Retention Schedule designates the Custodian of Record for each identified Altair Record.
4.2.3 If a record is not found under the Record Retention Schedule, it must be destroyed once it is no longer needed in the ordinary course of Altair business. However, if an Applicable Member believes a record not listed on the Record Retention schedule should be retained or an Applicable Member believes that an Altair Record should be retained beyond the time period specified on the Record Retention Schedule, the Applicable Member should not destroy such record without prior approval of the Altair’s Vice President of Legal Services.
4.2.4 Historical records are of long-term value to document past events (e.g., purchase and sale agreement). This may arise from exceptional age and/or connection with some significant historical event or person associated with Altair. Historical Records are not listed in the Record Retention Schedule given the nature of its content and the events associated with the Historical Record (e.g. a letter or e-mail written memorializing an important event). Retaining these types of Historical Records is a responsibility shared by all Altair Members. If a Member believes an Expired Record should be retained for its historical value and should be permanently retained as a Historical Record, it should consult Altair Archives. Records transferred to the Altair Archives may be restricted by the office of origin for up to 25 years. Longer restrictions may apply if required by federal, state, or local statute.
4.2.5 If a record fits within two categories, each having a different retention period, the longer period governs. In order to facilitate compliance with this Policy, all Record Retention Periods expiring during a calendar year may be extended to the last day of such calendar year. Thus, all Altair Records expiring during a calendar year should be destroyed on the last day of that calendar year, or as soon as reasonably practicable.
4.3 Non-Altair Records
All Non-Altair Records (i.e. any communications not listed in the Record Retention Schedule, informal communications such as instant messaging or social media posts unless it contains an approval, direction to take or refrain from taking action or similar communications) should be immediately destroyed after use.
4.4 Copies of Altair Records
4.4.1 Departments and Applicable Members that are not the designated Custodian of Record for an identified Altair Record are expected to only retain copies and drafts of such Altair Record to the extent necessary to conduct Altair business. Such Altair Departments and/or Applicable Members must destroy such copies/drafts once they are no longer needed to conduct Altair business unless subject to a Litigation Hold Notice.
4.4.2 The designated Custodian of Record for an identified Altair Record should only retain originals of Inactive Records and destroy all copies and drafts.
4.5 Litigation Holds Notices
All Altair Records are subject to the litigation discovery policy. If there is any reason to believe that a claim may be asserted against Altair for which any Altair Records may be relevant, such records must not be destroyed without the prior approval of the Vice President, Legal Services.
4.6 Security – Confidential Information
Many Altair Records contain confidential information which is protected by Altair policies and procedures, as well as, state and federal laws and regulations including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”), the Gramm-Leach-Bliley Act, and the Fair and Accurate Credit Transactions Act of 2003. This Policy shall be implemented in a manner consistent with all such policies, procedures, laws and regulations, as those may be amended from time to time.
4.7 Records Management Responsibilities
Records management is the responsibility of all Applicable Members of Altair.
4.8 Altair Department Head.
The head of each Altair Department is responsible for:
- Developing and maintaining practices and procedures that meet the specific requirements under this Section V and Section VI below;
- Ensuring Applicable Members of the Department comply with this Policy;
- Reporting any potential or actual non-compliance with this Policy to the Chief Executive Officer, President & Chief Operating Officer, Senior Vice President Human Resources, Vice president, Global Reporting and Compliance or Vice President, Legal Services;
- Designating one or more Record Management Administrators (depending on organizational structure). Where a Department is small or has minimum records management obligations, the head of the Department may consider serving as the Records Management Administrator; where a Department is large or has complex records management obligations, the Department Head should consider designating more than one Record Management Administrator; and
- Designating an Alternate Record Management Administrator in the event the current Records Management Administrator departs from the Altair or is unavailable.
Where a Department serves as Custodian of Record with regard to an Altair Record, the Department is responsible for maintaining their designated Altair Record in compliance with the Record Retention Schedule.
- Responsibilities of Records Management Administrator.
The Record Management Administrator must implement the Department’s established record management practices and procedures on a day-to-day basis. Specifically, the Records Management Administrator is responsible for coordinating retention, preservation, and destruction of Altair Records in accordance with this Policy and the Department’s records management practices and procedures; and Coordinating the Department’s efforts to comply and respond to any issued Litigation Hold Notice, internal or external investigations, court orders, or other requests for records in a timely fashion;
4.10 Responsibilities of Applicable Members.
4.10.1 All Applicable Members are responsible for the Altair Records in their possession. Applicable Members are responsible for reviewing the content of the records they use in conducting Altair business and complying with this policy.
4.10.2 The CTO Office is not responsible for determining whether or not an electronic record must be retained or destroyed in accordance with this policy.
4.10.3 Every Applicable Member is responsible for complying with this policy as well as the record management practices and procedures established by their Department. Failure to comply with this policy may result in disciplinary action (up to and including termination) and/or legal action. If a Member believes another Altair Member is violating this policy (e.g. destroying Altair Records required to be retained), such Altair Member should immediately contact the Senior Vice President Human Resources or report such incidents through the Altair Member’s supervisor.
4.11 Requirements for Department Record Management Practices and Procedures
A Department’s practices and procedures must cover all aspects of records management including maintaining, identifying, retrieving, preserving and destroying Altair Records. Such practices must take into account business needs as well as legal and security requirements. In addition, such practices should allow for efficient access and retrieval of Altair Records.
- Indexing System: Management of Active, Inactive and Archival Records
Departments shall implement and maintain a Department-wide centralized and/or uniform indexing system with which all Applicable Members of the Department must comply. The indexing system should be based on the nature of the Department’s business need. This will ensure efficient and streamlined accessibility, retrieval, and destruction. Thus, the same indexing system used for maintaining Active Records in the ordinary course of business should be followed for the centralized storage of Inactive Records.
4.11.2 Protection and Security of Confidential Information
Departments must implement practices that protect confidential information contained in Altair Records in accordance with relevant laws and Altair policies. Such protections must be applied in maintaining Active Records, the storage of Inactive and Archival Records, and the destruction of Expired Records. Thus, the level of security that applies to an Active Record must be maintained when such a record becomes an Inactive or Archival Record. See Section F below for further requirements for destroying such records.
4.11.3 Responding to Records Requests
Departments must implement practices that allow for efficient compliance and response to any Litigation Hold Notice, internal or external investigation, court order, or other requests for Altair Records in a timely fashion.
4.11.4 Physical Storage Facilities Practices
A Department’s storage facility practices must ensure the preservation of all Altair Records in their original condition while also ensuring efficient retrieval of such records. Departments should secure any physical storage facility to avoid unauthorized access (e.g., lock file cabinets in which customer files are kept. In addition, such facility and set up should protect such records from possible physical damage such as:
- Pest infestation
- Fire, smoke, or sprinkler damage
- Water damage (e.g., humidity, leaky pipes)
- Damage from magnets (e.g., digital data on magnetic storage media)
A comprehensive list of off-site storage facility requirements may be found in Exhibit A. For off-site storage, Departments may only use an Altair-designated storage facility.
4.12 Retention Practices
Altair Records must be retained by the Custodian of Record in the following manner:
- Hardcopies must be retained in hardcopy form unless it is converted to electronic format in an Altair centrally managed system (e.g. AREV, GROW, etc.).
- Electronic records, such as e-mails, pdfs, and other electronic documents that are not retained in an Altair centrally managed system (e.g. AREV, GROW, etc.) may, to the extent necessary and practicable, be printed in hard copy form in a manner that preserves their original content and form.
- Electronic records stored within an Altair centrally managed system (e.g. AREV, GROW, etc.) must comply with the requirements under Section VI.B and C above and other applicable Altair policies. The Custodian of Record is responsible for contacting and consulting with the Vice President of Legal Services to ensure such compliance.
4.13 Destruction of Expired Records
If the Custodian of Record believes that an Expired Record has historical value and should be permanently retained as a Historical Record, the Vice President of Legal Services should be consulted. Otherwise, all other Expired Records must be destroyed by the Custodian of Record in the following manner:
4.13.1 Hardcopy Destruction.
Expired Records in hardcopy form that do not contain confidential information should be recycled. Expired Records in hardcopy form that do contain confidential information should be shredded in a manner that renders them unreadable and that would prevent them from being reconstructed. Security of the Expired Records should be maintained until proper destruction is actually performed.
4.13.2 Electronic Records.
E-mails and other electronic documents (e.g., Word Documents, Excel, and PDFs) should be deleted.
184.108.40.206 The VP, Legal Services is responsible for contacting and consulting with the CTO Office to ensure that Expired Records contained in an Altair centrally managed system (e.g. AREV, GROW, etc.) are properly destroyed.
220.127.116.11 Devices or other media that store electronic records (e.g., jump drives, CDs, etc.) should be destroyed in a manner consistent with the Data Retention and Disposal Policy. The CTO Office and Altair’s designated off-site storage facility currently provide such services. Consult the CTO Office to arrange for such destruction.
- Each data item that is stored is marked per data classification policy with the name of the record, the record type, the original owner of the data, the information classification, the data of storage, the required retention period, the planned date of destruction, and any special information (e.g. in relation to cryptographic keys).
- Cryptographic keys, which are required for certain types of electronic messaging are retained as set out in our Information Security Policy
- For all electronic storage media, Altair Global retains the means to access that data.
- For all electronic storage media, Altair Global does not exceed 90% of the manufacturer’s recommended life.
- The Vice President, Infrastructure Services is responsible for destroying data once it has reached the end of the retention period specified in Exhibit B. Destruction must be completed within the calendar year but no more than 90 days of the planned retention period. Destruction is handled as follows:
- Physical records are to be incinerated
- Electronic records are to be irretrievably erased based on current technology.
- When records are scheduled to be destroyed, complete the Destruction Log attached as Exhibit C. Once records are current, destruction may be done on an annual basis (e.g., year-end, fiscal year end, etc.)
Document Owner and Approval
The Vice President, Legal Services is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the information management systems.
A current version of this document is available to all members of staff on the http://teamaltair.altairglobal.net/policy/default.aspx.
This procedure was approved by the Executive Leadership Team on May 1, 2018 and is issued on a version controlled basis under her signature.
Change History Record
|Issue||Description of Change||Approval||Date of Issue|
|1||Replacement of previous policy||VP, Legal Services||01/23/2017|
|2||Revised||VP, Legal Services||05/01/2018|
PHYSICAL STORAGE REQUIREMENTS
- Storage of Physical Records
- Physical Records may be stored on-site or must be stored at an off-site storage facility managed by a vendor that has been approved, executed a contract with Altair to provide off-site storage (Approved Vendor). An off-site storage facility managed by an Approved Vendor is referred to in this Standard as an “Off-site Storage Facility.”
- Physical Records must be stored to ensure their protection, usability, and integrity for the required retention period.
- Filing cabinets or other types of stationary storage must not damage the Physical Records during storage.
- Boxes, containers or other packaging must be packed so as to withstand the handling and pressure exerted by the contents during storage or transfer between locations.
- Physical Records must be stored in a location that:
- Provides adequate fire protection and suppression
- Protects against risk of theft
- Is protected against possible damage as a result of being located:
- In a flood zone Under a fire sprinkler
- In a damp or moist location or subject to mold
- In an area exposed to rodent or insect infestation
- Exposed to temperatures above 70° F (21.11° C)
- In a humidity level below 30% and greater than 50%
- Physical Records stored in an on-site location that does not meet the requirements in 4. and 5. above must be relocated at the earliest opportunity to an on-site location that meets the requirements.
- Physical Records must be reviewed annually to determine whether an applicable “Trigger Event” has occurred. Common Trigger Events associated with records retention include, but are not limited to, termination of employment, expiration of contract, settlement of legal matter and completion of tax audit. If the Trigger Event has occurred, the retention period begins and the physical records enter the Inactive Phase of the records lifecycle. If the Trigger Event has not occurred, the physical records are in the Active Phase.
- Records in the ACTIVE PHASE may be transferred to an Off-site Storage Facility if there is a lack of adequate space to store the records in On-site locations that meet the requirements listed above.
- Records in the INACTIVE PHASE:
- Must be moved to an Approved Vendor Off-site Storage Facility.
- Must be destroyed at the end of the retention period specified, provided the records are not subject to a legal hold or CFO has not extended records retention period.
- Approved Vendor Requirements
Altair should consider whether a proposed vendor and their off-site storage facilities meet the following additional requirements in addition to the requirements listed above:
- The proposed vendor should:
- Be ISO 14001 compliant
- Be ISO 9001 certified
- Have Warehouseman’s legal liability (WLL) coverage in place
- Provide recycling and confidential destruction services
- Provide certificates of destruction
- Provide reports online
- Use software systems that provide automated retention scheduling that can incorporate trigger events and retention periods specified in the ERRS.
- The proposed storage facility should provide:
- Telecommunication, computer access, electricity, water, and sewer lines
- Adequate access and egress for trucks
- Accessible loading docks
- The exterior of the proposed storage facility should:
- Meet local building codes and seismic standards
- Be constructed with non-combustible or fire-resistant material
- Have a leak-free roof, foundation with no cracks or damage, and a drainage system that takes wastewater away from the building
- Not be located in a flood-zone or on known earthquake fault lines
- The interior of the proposed storage facility should:
- Provide separate areas for records storage and administrative functions
- Provide separate climate controls for records storage and administrative staff
- Provide separate storage areas for different types of media with different heat, ventilation, and air conditioning (HVAC) controls
- Meet all applicable building, electrical, fire and safety codes
- Meet or exceed local government standards for ventilation and air exchange systems
- Provide computer network systems for internal and external communications
- Contain no dust, dirt, vermin, birds, mold, mildew, rodents or other environmental hazards to records
- Have a zoned dry-piped sprinkler system (preferably with a 250°F to 300°F rating with independently activated heads) that is monitored 24 hours a day with a manual shut-off override
- Contain circuit breakers in an accessible area and that is clearly identifiable in case of an emergency
- The proposed vendor’s security processes should:
- Require visitors to sign in and provide valid (not expired) identification
- Provide designated employee escort for all visitors
- Provide bonded employees
- Require a security and background checks for all employees
- The Legal Services and Supplier Partnership Departments will review and negotiate contracts with proposed vendors for off-site storage facilities. Such contracts should contain minimum service requirements for the timely retrieval and delivery of stored records.
- Transferring Physical Records to and from an Off-Site Storage Facility
All Personnel must comply with the following:
- Physical Records containing internal, confidential, restricted or privileged information must be labelled and clearly identified on the Records Transmittal form.
- Only Physical Records may be sent to an Off-site Storage Facility.
- Requests to transfer Physical Records to and from an Off-site Storage Facility must be made in compliance with Altair’s approved policy.
- Retrieval records must be approved by the supervisor of the requestor.
- Physical Records may only be released and transferred to the Off-site Storage Facility by Approved Vendor personnel showing proper identification.
- Personnel who have received retrieved records must:
- Acknowledge receipt of the records by sending an email to [Records Custodian/}.
- Notify the [Records Custodian] when the records they requested are transferred to another person, location or Department within Altair-owned or -leased premises.
9 Physical Records that have been retrieved from an Off-site Storage Facility must be returned to the Approved Vendor.
- Physical Records Disposition
Personnel must follow the procedures for destruction of records if the retention period expired.
- Physical Records not subject to a legal hold must be destroyed at the end of the applicable retention period.
- Physical Records that have been retrieved from an Off-site Storage Facility must be returned to the Approved Vendor for destruction.
- Before Physical Records can be destroyed, personnel must notify the respective client contact via email where required.
- Physical Records stored On-site that can be destroyed must be placed in secure shred-bins, not in trash or recycle bins.
- Prepare a certificate of destruction sufficient to identify the particulars of the destroyed Physical Records.
Record Retention Timeframes
|Record Type||Minimum Years Retained|
|Accounting and Finance|
|Accounts Payable Documentation – Check Copies and Invoices||7|
|Accounts Payable Ledgers and Aging Schedules||7|
|Accounts Receivable Invoices to Customers||7|
|Accounts Receivable Ledgers and Write-off Schedules||7|
|Budgets and Projections||3|
|Cash Disbursements and Receipt Records||7|
|Chart of Accounts||Permanent|
|Checks – Cancelled||7|
|Deposit Slips/Deposit Records||3|
|General Ledgers, Year-End Trial Balance||Permanent|
|Gross Up Reports||7|
|Internal Audit Reports||7|
|Invoices from Vendors – Fixed Assets, Altair Administrative, Service Providers||7|
|Investment – Sales/Purchases||Permanent|
|IRS Audit Reports and Related Documents||Permanent|
|Loan Documents and Notes||Permanent|
|Notes Receivable Ledgers and Schedules||10|
|Tax Returns and Worksheets and Other Documents Determining Tax Liability||Permanent|
|Articles of Incorporation, Charter, By-Laws, Election Records, Capital Stock Transactions, Partnership Agreements, Dividend Records||Permanent|
|Business Technology – Backup Tapes||Daily Tapes-One Month
Monthly Tapes-One Year
Yearly Tapes-7 Years
|Contents of Safe||Permanent|
|Contracts and Agreements – Corporate||Permanent|
|Contracts and Agreements – Vendor||7|
|Correspondence – Credit and Collection||7|
|Correspondence – Legal and Important Matters||Permanent|
|Correspondence – Other/General||7|
|Corporate Minute Books of Directors, Stockholders, Bylaws||Permanent|
|Insurance Records, Accident Reports, Claims||Permanent|
|Patents, Trademark Registrations and Copyrights||Permanent|
|Human Resources/Employment Records|
|Benefit Plan Disclosures, Annual Reports and Summary Reports||Permanent|
|Contracts and Agreements – Employee||AC+7|
|Defined Contribution Plan Agreement, Pension Plan Agreements, Profit Sharing Agreements||Permanent|
|Documentation for Verification of Employment (INS Form I-9)||AC+7|
|Documents for Appraisals, Corrections, Promotions, Demotions, Transfers, Layoffs, Terminations||AC+7|
|Drug Testing Results||Negative Results: AC+1
Positive Results: AC + 5
|EEO – 1 Reports||Permanent|
AC – After Closed, Terminated, Expired, Completed or Settled
|Employment Applications and Resumes||Non-Solicited – Discard Immediately
Not Hired – AC+3
Hired – AC+7
|Group Disability Records||AC+7|
|Life Insurance Benefits||5|
|Payroll Records and Summaries||AC+10|
|Sales Commission Reports||7|
|Time Reports/Earnings Records||7|
|Withholding and Exemption Certificates and Statements (W-2, W-4 and 1099) and Workers Compensation Benefits||10|
|Client / Customer Records|
|Relocation/Assignment Files and Related Documents (Final Accounting Analysis completed)||Later of Local Law or Client Contract|
 AC – After Closed, Terminated, Expired, Completed or Settled; US – Until Superseded