Data Retention

Overview

This policy governs the length of time data is retained at Volkis. These retention lengths will direct secure deletion at Volkis. The times of deletion may vary depending on when archiving and deletion is scheduled.

Retention length may differ based on client and contractual requirements.

Data retention lengths

Data type Retention length
Data marked as Personally Identifiable Information collected during client engagements Not retained
Penetration testing data 3 months after archiving
Client compliance supporting documentation 2 years
Security testing Reports 2 years
Compliance reports Reports 2 years
Client contact information Indefinite
Project management data Indefinite
Client and partner signed legal documentation Indefinite
Client proposal acceptance Indefinite
Tax and superannuation records for employees 5 years

Archiving is performed following the conclusion of all testing activities including retesting, debriefs, and direct testing follow-ups.