SJSU Information Security and Data Management Guidelines are described on the CSU Records Retention and Disposition site and in the SJSU Record Retention and Disposal Standard.
Certain campus offices periodically undergo CSU audits to ensure that records are being retained, archived, and destroyed appropriately and in accordance with the retention standards and information security guidelines. Information security audits in particular take place approximately every 3-4 years. Information about the audit cycle is available on the CSU Audit and Advisory Services page.