The OGO Blog

You Need To Keep Your Credit Union Data Backups How Long?

What would happen if you were called upon to retrieve Credit Union data backups that were from 7 years ago? Would you be able to do it? If so, would they actually be readable and in a format that could be read?  Credit union CIOs are faced with the challenge of retaining records to ensure the continued operations of a Credit Union should a crisis occur. But how long is long enough? We did the research for you and while its not definitive, it should give you just the start you need to customize the right strategy for your Credit Union.

For starters – let’s assume we’re talking about critical and/or sensitive data when we are talking about backups. Appendix A to Part 749 – Record Retention Guidelines was developed by NCUA as an aid to Credit Unions for record retention. NCUA recognizes that Credit Union CIO must strike a balance between the desire to retain all the records that may be needed and the demands of space and resource allocation.

So how long is long enough? Depends on the data, some records should be retained permanently! NCUA lists these as:

1. Official records of the Credit Union that should be retained permanently are:
(a) Charter, bylaws, and amendments.
(b) Certificates or licenses to operate under programs of various government agencies, such as a certificate to act as issuing agent for the sale of U.S. savings bonds.
2. Key operational records that should be retained permanently are:
(a) Minutes of meetings of the membership, board of directors, credit committee, and supervisory committee.
(b) One copy of each financial report, NCUA Form 5300 or 5310, or their equivalent, and the Credit Union Profile report, NCUA Form 4501, or its equivalent as submitted to NCUA at the end of each quarter.
(c) One copy of each supervisory committee comprehensive annual audit report and attachments.
(d) Supervisory committee records of account verification.
(e) Applications for membership and joint share account agreements.
(f) Journal and cash record.
(g) General ledger.
(h) Copies of the periodic statements of members, or the individual share and loan ledger. (A complete record of the account should be kept permanently.)
(i) Bank reconcilements.
(j) Listing of records destroyed.

And everything else?

Unfortunately, there are no hard and fast retention timelines for most everything else. Since the destruction of records could impact a Credit Union’s legal standing, each CIO must take careful consideration on how and when said destruction takes place.  Since each state can impose their own retention laws, NCUA strongly recommends a Credit Union consider consulting with local counsel when setting minimum retention periods.

RELATED CONTENT

Why Should We Use Data Vaulting Instead of Tapes?

eBOOK – Backup And Recovery Strategies

Should I Move My Backups To The Cloud?

Once you’ve talked to your local counsel and understand  your state’s requirements, reach out to OGO for assistance in applying the right technologies to ensure your goals are met!