INTRODUCTION
Edward Searle (Pty) Ltd and its affiliates has developed this policy to highlight and ensure compliance with information and data security requirements.
Edward Searle (Pty) Ltd and its affiliates views its information and records as a valuable asset.
Appropriate records management is vital to the maintaining and enhancing the value of this asset.
In addition, records management, through the proper
control of the content, storage and volume of records, reduces the vulnerability to legal challenge and financial loss
and promotes best value in terms of human and space
resources through greater
co-ordination of information and storage systems.
Edward Searle (Pty) Ltd and its affiliates is also required to align its procedures and processes with records, data and information protection laws. The policy applies to all who receive, create, have access to, manage, store and dispose records, including electronic records.
As an internal control, the policy provides directors and managers with the assurance
that records management, retention, disposal and business
continuity risks are being managed
and mitigated within the Edward Searle (Pty) Ltd Group.
PURPOSE
To exercise effective control over the retention of documents and electronic transactions:
Ø as prescribed by legislation; and
Ø as dictated by business practice.
Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. They are also necessary for defending legal action. For establishing what was said or done in relation to business of the Company and to minimize the Company’s reputational risks.
To ensure that the
Company’s interests are protected and that the Company’s and clients’ rights
to privacy and confidentiality are not breached.
SCOPE & DEFINITIONS
All documents and electronic transactions generated within and/or received by the Company.
Definitions:
Clients includes, but are not limited to, debtors, creditors as well as the affected personnel and/or departments related to a Sales service Agency of the Company.
Confidential Information means all information or data disclosed to or obtained by the Company by any means whatsoever and shall include, but not be limited to:
- financial information and records;
- personal information and all other information including information relating to the structure, operations, processes, intentions, product information, know-how, trade secrets, market opportunities, customers and business affairs.
Constitution: Constitution of the Republic of South Africa Act, 108 of 1996.
Data means electronic representations of information in any form.
Documents include books, records, security or accounts and any information which has been stored or recorded electronically, photographically, magnetically, mechanically, electro-mechanically or optically, or in any other form.
ECTA: Electronic Communications and Transactions Act, 25 of 2002.
Electronic communication means a communication by means of data messages.
Electronic signature means data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
Electronic transactions include e-mails sent and received.
ACCESS TO DOCUMENTS
Ø All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances
Ø where disclosure is under compulsion of law;
Ø where there is a duty to the public to disclose;
Ø where the interests of the Company require disclosure; and
Ø where disclosure is made with the express or implied consent of the client.
Ø Disclosure to 3rd parties: Information on clients: Our clients’ right to confidentiality are protected in the Constitution and in terms of ECTA. Information may be given to a 3rd party if the client has consented in writing to that person receiving the information.
Ø All employees have a duty of confidentiality in relation to the Company and clients.
HOW PERSONAL INFORMATION IS USED
Client’s Personal Information will only be used for the purpose for which it was collected and agreed.
This may include:
Ø Providing products or services to clients and to carry out the transactions requested;
Ø Conducting credit reference searches or verification;
Ø Confirming, verifying and updating client details;
Ø For purposes of claims history;
Ø For the detection and prevention of fraud, crime, money laundering or other malpractice;
Ø Conducting market or customer satisfaction research;
Ø For audit and record keeping purposes;
Ø In connection with legal proceedings;
Ø Providing our services to clients to carry out the services requested and to maintain and constantly improve the relationship;
Ø Providing communications in respect of Edward Searle (Pty) Ltd and its affiliates and regulatory matters that may affect clients; and
Ø In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
ACCESS AND SECURITY
Ø Records shall at all times be protected from unauthorized access, movement and tampering with, to sustain their authenticity and reliability.
Ø No Edward Searle (Pty) Ltd or Searle Hoist and Tool (Pty) Ltd employee may remove documents and records that are not available in the public domain from Edward Searle’s offices or storage facilities without the explicit and written permission of the Chief Information officer, or from the Operations Director.
Ø No Edward Searle (Pty) Ltd or Searle Hoist and Tool (Pty) Ltd staff member shall provide information and records that are not in the public domain to the public without written approval of the Information officer, or from the Operations Executive, as per the POPIA policy.
Ø Specific guidelines for requesting information are contained in the Promotion of Access to Information Manual that is maintained by the Information Officer.
Ø Personal information shall be maintained in terms of the Protection of Personal Information Act.
Ø Records storage areas shall at all times be protected from or against unauthorized access. In this regard the following measures shall apply:
Ø Records storage areas and records storage facilities shall be locked when not in use.
Ø Access to server rooms and storage areas for electronic records media shall be managed through appropriate access control.
Ø Proper operation and security practices relating to information technology devices including computers, laptops, I-pads, cellular phones, memory sticks and other. This includes security of data stored in the software, locking the computers off when one is not in the office or at his or her desk, and switching off of computers at the end of the work day.
DEPARTMENT AND BRANCH MANAGERS
Departmental and Branch managers are responsible for:
Ø The implementation of this policy in their respective department.
Ø Each department is responsible for attending to the destruction of its documents, which must be done on a regular basis.
Ø No Edward Searle (Pty) Ltd or its Affiliates records (including e-mail) may be destroyed, erased or otherwise disposed of without prior written request to your Manager, the Information officer, or the Operations Executive.
Ø
Edward Searle (Pty) Ltd, and Searle Hoist and Tool (Pty) Ltd personnel
are encouraged to use good judgment in securing any Edward Searle (Pty) Ltd or its
Affiliates, Confidential information
to the proper extent - if an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their manager.
FAILURE TO COMPLY WITH THIS POLICY
The Edward Searle (Pty) Ltd Group, views
its Information and Records Management Policy in a serious light and failure by
any employee to adhere to this policy constitutes misconduct and may result in
disciplinary action being taken against such employee in accordance with the Edward Searle (Pty) Ltd
Group’s Human Resources policies, as amended from time-to-time.
INFORMATION OFFICER
Name: Andre Rossouw
Telephone number: 011 882 2000
E-mail address: es.ac.ar@edwardsearle.co.za
DEPUTY INFORMATION OFFICER
Name: David De Welzim
Telephone number: 011 882 2000
E-mail address: david@edwardsearle.co.za
Revision of the policy
The policy will be reviewed at three-year intervals to ensure its relevance and alignment with applicable legal and governance requirements.
Where relevant however policies may be reviewed earlier than the above three-year period where there are major changes and / or gaps identified in the policy or where a shorter policy review period is dictated by law or other form of regulation.
Document Retention Schedule
The following types of documents will be retained for the following periods of time. At least one copy of each document will be retained according to the following schedule:
Corporate Records
Article of Incorporation to apply for corporate status | Permanent |
By Laws | Permanent |
Board policies | Permanent |
Resolutions | Permanent |
Board meeting minutes | Permanent |
Sales tax exemption documents | Permanent |
Tax or employee identification number designation | Permanent |
Annual corporate filings | Permanent |
Financial Records
Chart of Accounts | Permanent |
Fiscal Policies and Procedures | Permanent |
Audits | Permanent |
Financial statements | Permanent |
General Ledger | Permanent |
Check registers/books | 7 years |
Business expenses documents | 7 years |
Bank deposit slips | 7 years |
Cancelled checks | 7 years |
Invoices | 7 years |
Investment records (deposits, earnings, withdrawals) | 7 years |
Property/asset inventories | 7 years |
Petty cash receipts/documents | 3 years |
Tax Records
Annual tax filing for the organization | Permanent |
Payroll registers | Permanent |
Filings of fees paid to professionals | 7 years |
Payroll tax withholdings | 7 years |
Earnings records | 7 years |
Payroll tax returns | 7 years |
Personnel Records
Employee offer letters | Permanent |
Confirmation of employment letters | Permanent |
Benefits descriptions per employee | Permanent |
Pension records | Permanent |
Employee applications and resumes | 7 years after termination |
Promotions, demotions, letter of reprimand, termination | 7 years after termination |
Job descriptions, performance goals | 7 years after termination |
Workers’ Compensation records | 5 years |
Salary ranges per job description | 5 years |
UI-I9 Forms | 5 years after termination |
Time reports | 3 years after termination |
Insurance Records
Property Insurance policy | Permanent |
Workers’ Compensation Insurance policy | Permanent |
General Liability Insurance policy | Permanent |
Insurance claims applications | Permanent |
Contracts
All insurance contracts | Permanent |
Employee contracts | Permanent |
Construction contracts | Permanent |
Legal correspondence | Permanent |
Loan / mortgage contracts | Permanent |
Leases / deeds | Permanent |
Vendor contracts | 7 years |
Warranties | 7 years |
Donations / Funder Records
Grant dispersal contract | Permanent |
Donor lists | 7 years |
Grant applications |
7 years |
Donor acknowledgements | 7 years |
Management Plans and Procedures
Strategic Plans | 7 years |
Staffing, programs, marketing, finance, fundraising and evaluation plans | 7 years |
Vendor contacts | 7 years |
Disaster Recovery Plan | 7 years |
Email and Other Computer-Based Correspondence
This is in regard to correspondence/information that is developed and/or maintained by employees on the company’s computers, whether it is in regard to work or personal information.
Employee correspondence, e.g., emails | 7 years |