Yes. Using a third party vendor to store a database in the cloud or using third party services, such as Moodle, as part of interaction with students does not affect how these records are defined. Even if the records are not in our custody, these records are created on behalf of the University. Therefore, they are public records subject to requests and legal action.
Click on a question below to view the answer.
You may also limit the results by entering a search term.
It is your responsibility to ensure vendors meet the retention requirements as well as delete the records after the retention has been met. Further, the University must be able to access the records for the entire retention period, especially if they need to be turned over to the public records office, auditor or an attorney.
For more information about the responsibilities inherent in using a third-party cloud service provider, please see our resource on Cloud-Based Applications Best Practices.
Metadata is considered to be part of the record and must be preserved and managed the same as the content.
For those records which have not passed their retention, you must retrieve these records and manage them until the retention has been met. While migrating these records to your new vendor’s platform is not absolutely required, the records must be retained in a form that remains accessible and readable. We recommend wording to this effect be included in your contract to help eliminate any misunderstandings on this point.