Rule 3341-6-53 | Information system & database decommissioning policy.

(A) Policy statement and purpose

All information systems, applications and/or databases have a life cycle. The university must have a policy that provides a pragmatic means of disposing of old, end-of-life information systems and databases that are aligned with university records retention policies and schedules. This policy shall govern how university information systems, applications and/or databases are decommissioned in compliance with university records retention policies and schedules.

(B) Policy

This policy applies to any information system, application and/or database that have been procured with university funds by any unit or employee of Bowling Green state university or any others who provide services or act under the name of the university, including contractors, vendors and consultants.

(C) Policy definitions

(1) Information system: a computer system or set of components for collecting, creating, storing, processing, and distributing information; typically including hardware and software, system users, and the data itself.

(2) Application or application program: an application program (application or app for short) is a computer program designed to perform a group of coordinated functions, tasks, or activities for the benefit of the user.

(3) Database: a comprehensive collection of related data organized for convenient access, generally in a computer.

(4) Database schema: the skeleton structure that represents the logical view of the entire database. It defines how the data is organized and how the relations among them are associated.

(5) Metadata: the data providing information about one or more aspects of other data; it is used to summarize basic information about data which can make tracking and working with specific data easier.

(6) Decommission: the act of ceasing to use an information system, application and/or database and appropriately disposing of it in a manner compliant with university records retention policies and information technology services policies.

(7) University procedures: the operating procedures developed by the responsible unit to implement this university policy. University procedures must be consistent with and not conflict with university policies. Procedures that conflict with university policies are void and unenforceable.

Any procedures developed to operationalize this policy must be reviewed and approved by the responsible unit prior to adoption and publication.

(D) Decommissioning information systems, applications and/or databases

(1) When an information system, application and/or database reaches its end-of-life and is either being replaced or is no longer needed, any unit may seek to decommission the information system, application and/or database by making a formal request to decommission said information system, application or database by delivering that request to information technology services. At a minimum, any requests to decommission an information system, application and/or database must be formally coordinated and approved in writing by each of the following three units:

(a) The university unit that is the primary user, or owner of the information system, application and/or database

(b) Information technology services

(c) The university records manager

(2) When decommissioning an information system, application and/or database, records retention policies may require that the records contained within the information system, application and/or database must be retained beyond the useful life of the information system, application and/or database. Prior to decommissioning an information system, application and/or database, the responsible office, with the counsel of the university records manager, will inventory the types of records contained within the said information system, application and/or database to ensure that the records contained therein will be maintained according to published university records retention schedules.

(3) With very few exceptions, information systems and/or applications all have an underlying database that collects the transaction history of an information system and/or application over the life cycle of the information system and/or application. For the sake of records retention purposes and to pragmatically avoid unnecessary software licensing, the underlying databases may be decoupled from their original information system and/or application if, and only if, the data contained within the underlying database can be retrieved in its original context to meet valid records requests throughout the required records retention schedule. For the avoidance of doubt, the following are considered adequate alternative ways of retaining databases for records retention purposes:

(a) Prior to decommissioning an information system and/or application, capture each and every standard report that comes standard with said information system and/or application into a .pdf document if practical.

(b) If it is impractical to capture all of an information systems and/or applications standard reports, the underlying database may be retained for records retention purposes. However, this alternative may only be employed if, and only if, the metadata or data schemas associated with the database can also be documented for future use in retrieving records via database queries to render records to satisfy any valid records requests.

(c) Finally, if neither of the above two alternatives can be achieved, then information technology services must retain the original information system, application and/or database for records retention purposes until all record series retention schedules have expired.

(4) As each record series reaches its record retention expiration date, information technology services will coordinate and seek approval to purposefully destroy records according to university records retention policies and procedures.