~3-page information security policy template on the retention of information.
Information that has lasting value to the organisation, or is subject to retention requirements mandated by applicable laws, regulations or contracts, must be retained for the defined period and adequately protected/secured during storage and use.
This policy complements the policy on information disposal. At the end of the defined retention period, the information may need to be disposed-of securely.
Supplied as an MS Word document, readily customised for your organisation's specific situation.