Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Defining and setting retention and security policies for employee documents

Log in to subscribe to topics and get notified when content changes.

Defining and setting retention and security policies for employee documents

Use Employee Document Management to configure how employee documents should be handled based on company policy, processes, and regulatory compliance.

To configure Employee Document Management:

Document types
Document types are at the center of the Employee Document Management application. All employee documents are required to have a document type assigned. Categorize your employee documents by assigning document types. Document types combine policies that determine how employee documents are managed. Use document types to combine policies that determine handling of an employee document. Use document types to:
  • Associate a security policy. Security policies determine who can access employee documents and determine purge authorization.
  • Associate a retention policy. Retention policies determine how long to keep a document and who the document is applicable to.
  • Place a legal hold. Legal holds temporarily prevent document purging or changes to the document.
  • Allow access to employees.
  • Configure employee documents to be moved automatically when an HR case is closed. Assign a topic detail associated with an HR service that has the Automatically move attachments box checked. See Configure an HR service.
How document types pull together topic detail, security policy, and retention policy.

Define policies for a document type

For each document type, you can determine who can access a document as well as define the retention policies associated with it, or place a legal hold. A document type can manage multiple documents.

Before you begin

Role required: sn_hr_ef.manager

About this task

Document types combine topic detail, retention policies, and legal holds. The default retention period for a document type is defined on the corresponding Center of Excellence (COE).

Note: The base system provides various document types as examples.

Procedure

  1. Navigate to the HR Administration > Employee Documents > Document Types.
  2. Click New or an existing document type to edit.
  3. Fill in the fields as appropriate.

Table 1. Document Type form
Field Description
Name Name that describes the document type.
Topic detail Topic detail associated with an HR service.

The topic detail categorizes the document type.

The HR service can be used to automatically move employee documents to the employee document repository when an HR case is closed.

Security policy Security policy associated with the document type.

Security policies grant authorized users the ability to view, create, move, or authorization to purge employee documents.

Application type Application associated with the document type.
Legal hold Indicates if a legal hold has been placed on the document type.

When checked, all employee documents with this document type are placed on legal hold.

Employee access Enables employees to access their own employee documents.

  1. Click Save to remain on the Document Type form or click Submit to return to the Document Type list. When you click Save, the following tabs appear.
    TabDescription
    Retention Policies Retention policy associated with the document type.

    The retention policy combines the retention period (determines how long a document should be saved) and HR criteria (filters who the policy is applicable to).

    See Add or modify a retention policy.

    Legal Holds Shows any legal holds placed on the document type with reason, date, and time stamps.
  2. After adding or editing the retention policy, click Save to remain on the Document Type form or click Submit to return to the Document Type list.

Define how long to retain employee documents

A retention period defines how long an employee document should be saved before being discarded. Retention periods are combined with conditions or criteria to form a retention policy.

Before you begin

Role required: sn_hr_ef.manager
Note: Retention periods are unique and cannot be duplicated. Before you can delete a retention period, you must be sure that a document type is not associated with the retention policy.

Procedure

  1. Navigate to HR Administration > Employee Documents > Retention Periods.
  2. Fill in the fields as appropriate.

Table 2. Retention Period form
Field Description
Title Name that describes the retention period.
Date field Starting point of the retention period. The fields that are available depend on the Employee Document [sn_hr_ef_employee_document] table.

Fields from the Employee Document [sn_hr_ef_employee_document] table used to define the beginning of the retention period.

Dot-walk and select a field to determine the starting point of the retention period.

Application type Application associated with the retention period.
Date offset type Offset that determines if the retention period should start before or after what was selected in the Date field.

Combined with the Date field, Date offset units, and Date offset quantity determines the length of the retention period.

For example:
  • Date field = Created
  • Date offset type = After
  • Date offset units = Years
  • Date offset quantity = 1
Using this configuration, the retention period is one year after the created date of the document.
Date offset units Unit of time that determines if the retention period should be measured in months or years.
Date offset quantity Number of months or years before or after the Date field selection.

  1. Click Submit or Update.

Add or modify default retention policies

Default retention policies use default retention periods to ensure that employee documents are not mistakenly purged. When a retention policy has not been assigned to a document type, the default retention policy is used.

Before you begin

Role required: sn_hr_ef.manager

You can edit default retention policies.

The HR Service Delivery base system provides default retention policies for each employee document associated with a Center or Excellence (COE) table.

Default retention policies are assigned to all documents that fall under a COE and the retention period is indefinite.
Note: If you change the default retention period, all new documents are assigned the new period, but existing documents still use the original retention period.

Default retention policies cannot be deleted when being used by a document type. Only one default policy for a COE is allowed.

Once a purge date is calculated and a legal hold is placed, the purge date does not change.

Once a purge date is calculated for an HR profile or Document type and Retention Policy and a legal hold is placed, the purge date does not change. When a legal hold is removed from the HR profile or Document Type:
  • If the purge date was calculated in the past, the document is purged after the Purge employee documents and Refresh Purge Dates for Employee Documents scheduled jobs run.
  • If the purge date calculated is in the future, the document is purged after the date is reached and after the scheduled jobs run.
    Note: Purge dates are not recalculated for Employee Documents related to HR profiles or Document Types that have been placed on Legal Hold.

Procedure

  1. Navigate to HR Administration > Employee Documents > Default Retention Policies.
  2. Click New to create a default retention policy or on an existing policy to edit.
  3. Fill in the fields as appropriate.

Table 3.
Field Description
Table COE table employee documents are associated with when the HR Service Delivery is licensed and activated.
Retention period Retention period identifying how long the document is retained.

The only field you can edit.

Application type Application associated with the default retention policy.

  1. Click Submit or Update.

Add or modify a retention policy

Set policies determining how long documents should be retained and who is covered. Retention policies combine the retention period and conditions or criteria.

Before you begin

Role required: sn_hr_ef.manager

Regulations, laws, and your company policies determine how long documents should be retained.

Once a purge date is calculated and a legal hold is placed, the purge date does not change.

To ensure that there are no accidental purging, the base system provides default retention policies. When a retention policy has not been assigned to a document type, the default retention policy is used.

When a document type is covered by multiple retention policies:
  • The policy with the longest retention period applies.
  • When there is a non-default default retention policy and a default retention policy with a retention period of indefinite, the non-default retention policy applies. Assuming the HR criteria matches and the retention period is applicable.
Retention policies have a one-to-one relationship to a document type, you cannot have the same retention policy for multiple document types.
Note: You can use the same retention period for multiple retention policies.

When you have multiple retention policies, but there is an overlap in criteria, the retention policy with the longest retention period is used.

For example: Document type = Disciplinary Notice
  • Retention policies:
    • US employees (retention period = End Date + 7 years)
    • US contract employees (retention period = End Date + 5 years)
  • If a user is both a US employee and contract employee, the US employees retention policy is used because it has a longer retention period.
Note: You can use the default retention policy for all document types. The default retention policy defines that all employee documents are retained while an employee is a current employee of your company. Once an employee leaves the company, a second retention policy is triggered based on HR criteria. When an employee does not satisfy the HR criteria and leaves the company, the original default retention policy is still in effect. The employee documents are retained indefinitely.

Procedure

  1. Navigate to HR Administration > Employee Documents > Retention Policies.
  2. Click New or an existing retention policy to edit.
  3. Fill in the fields as appropriate.

Table 4. Retention Policy form
Field Description
Applies to Employee Document [sn_hr_ef_employee_document] table and document type associated with the retention policy.

Select a table and document type the retention policy is based on.

HR criteria Who the retention policy applies to.

For example, you can select HR criteria based on a country. This criteria ensures everyone based in the selected country has the same retention policy.

Retention period How long an employee document should be saved.
Active Indicates if the retention policy is active and in use.
Note: Default retention policies cannot be deactivated.

  1. Click Submit or Update.

Add or modify default security policies

Default security policies ensure that employee documents are secure. The HR Service Delivery base system provides default security policies for each document type and determines who can access and has purge authorization.

Before you begin

Role required: sn_hr_ef.manager
Users are granted access to employee documents by:
  • Groups
  • Roles
  • Both groups and roles

The security policy can require authorization to purge and requires a user to belong to the group that has purge authorization.

See Manage HR Groups and Manage HR roles.

Procedure

  1. Navigate to HR Administration > Employee Documents > Default Security Policies.
  2. Click New or an existing default security policy to edit.
  3. For field descriptions, see Add or modify document security policies.
  4. Click Submit or Update.

Add or modify document security policies

Many employee documents contain confidential and personal information. Use document security policies to define access to employee documents and ensure that they are secure.

Before you begin

Role required: sn_hr_ef.admin

You can determine who can read, write, or authorize a purging of documents by adding or modifying document security policies.

Note: You can provide employees visibility into their own employee documents through their HR profile. Check the Employee access box on the Document type form. See Define policies for a document type.
Users are granted access to employee documents by:
  • Groups
  • Roles
  • Both groups and roles

The security policy can require authorization to purge and requires a user to belong to the group that has purge authorization.

See Manage HR Groups and Manage HR roles. Or see Groups and Roles.

Procedure

  1. Navigate to HR Administration > Employee Documents > Security Policies.
  2. Click New or an existing security policy to edit.
  3. Fill in the fields as appropriate.

Table 5. Security Policies fields
Table Description
Description Phrase that describes the HR employee document security policy.
Application type Application associated with the security policy.
There are three tabs to determine who can read, write, receive purge notifications, and authorize purging of employee documents.
Table 6. Security Policy tabs
Tabs Description
Read Groups: Groups a user must belong to search and read an employee document with the associated document type and security policy.
Roles: Roles a user must have to search and read an employee document with the associated document type and security policy.
Note: Users with the Employee Document Management Reader [sn_hr_ef.document_reader] role must also be added here to search and read documents associated with the document type and security policy.
Match all: Determines if both the conditions for groups and roles must be met for access.
Note: If you leave unchecked, the user only has to meet conditions from either Groups or Roles, not both.
Write Groups: The groups a user must belong to access.

Roles: Roles a user must have to search, read, and create an employee document with the associated document type and security policy.

Note: Users with the Employee Document Management Writer [sn_hr_ef.document_writer] role must also be added here to search, read, and create documents associated with the document type and security policy.
Match all: Determines if both the conditions for groups and roles must be met for write access.
Note: If you leave unchecked, the user only has to meet conditions from either Groups or Roles, not both.
Authorize Purge Authorization is required to purge documents, or send a notification before the purge process runs.
Groups: Group a user must belong to authorize or be notified of an upcoming purge.
Note: Only one person in the group is required to authorize.

  1. Click Save and the Document Types related list appears.
  2. Click New and you can create a document type to be associated with the security policy.
  3. Click Submit or Update.
Feedback