Haystack Associates, Inc. About Haystack






Our retention & security program services include:

New Programs

  • Retention schedules for information including US and Global legal security and retention requirements.

  • Program policies for retention, review, and disposal of information for all information including structured and unstructured data and e-mail.

  • Legal hold programs.

  • Privacy and security program policies and procedures.

  • Curriculum development and training.

  • Project management and guidance during implementation.

Existing Programs

  • Legal requirements review and updates.

  • Review of policies and procedures for legally defensible  retention / destruction, security, and privacy programs.

  • Compliance audits and recommendations.

  • Review, analysis, and recommendations for implementation of GRC, ECM, and Cloud software and systems.

Retention Program Policies and Schedules
corporate retention program ensures information required by regulatory agencies, auditors, and to support business decisions is retained and obsolete information is pulled from record keeping systems and destroyed when no longer needed or required. 

An important part of compliance and risk management programs, our retention programs include:

  • Schedules that identify information and retention of all types of records and information (paper and electronic) created and maintained throughout the company.

  • Data maps to identify record keeping systems across storage medias.

  • Documented legal requirements for retention, security, and privacy for each country and state where business is done.

  • Responsibilities, procedures, and policies for the storage, retention, and destruction of records that meet US federal, state, and international compliance requirements for the security, maintenance, retention, and destruction of information.

Privacy and Security Programs: 
US Federal, State, EU, other international requirements, as well as PCI standards create compliance requirements for corporate information privacy and security programs, breach notification, and security controls for the storage and disposal of information that contains personally identifiable information about clients, patients, employees, or customers.  Our services include IT Risk & Security Assessment, Security Program Development, and Compliance Dashboards and actionable work plans.

Reviews and Compliance Audits
Numerous US federal, state, and international laws create compliance obligations for documentation, retention, secure storage and destruction of information, and the management of corporate information assets.  Audits need to be performed annually as part of your GRC and security programs to monitor system practices, assess controls and meet legal requirements for monitoring security, privacy, and retention/disposal programs.  Legal requirements need to be reviewed and updated every 1-3 years to ensure compliance with current legal requirements for the retention, destruction, privacy, and security of information.


Information and Links:

Summary of Recent Legal Requirements that impact records management and retention programs.

Identify information system gaps, risk, and compliance issues with the Records Management Self Assessment questions.

For information about retention programs please contact
Denise Simons by:
E-mail: dsimons@haystackassociates.com
Phone:  (253) 631-1509

Copyright ©2000 - 2019 Haystack Associates, Inc. All Rights Reserved