It is your responsibility to ensure vendors meet the retention requirements as well as delete the records after the retention has been met. Further, the University must be able to access the records for the entire retention period, especially if they need to be turned over to the public records office, auditor or an attorney.
For more information about the responsibilities inherent in using a third-party cloud service provider, please refer to our resource on Cloud-Based Applications Best Practices.
Category: