91622, 10.05 PM
This content matches your MGS Profile.
Enterprise Records Management (MIP-15)
MARRIOTT INTERNATIONAL POLICY (MIP)
REVISED: MAY 25, 2021
Enterprise Records Management (MIP-15)- Ml Standards.
REVIEWED: OCTOBER 01
2020
Region & Brand Applicability Table
BRAND NAME
‘Above Property
AC Hotels
Aloft Hotels
‘Autograph Collection
Autograph Collection - All
Inclusive
‘Autograph Collection
Residences
Bulgari
Bulgari Residences
Courtyard
Delta Hotels
Delta Hotels - All-Inclusive
Design Hotels
EDITION Hotels
EDITION Residences
Element Hotels
Fairfield
Four Points
htps:imgscloud mariol.comlslandards7id=1834
AP
EUR
MEA
wn91622, 10.05 PM
Gaylord Hotels v
Headquarters v
JW Marriott v
JW Marriott - All-Inclusive v
JW Marriott Residences v
Le Meridien v
Le Meridien Residences v
Marriott Executive Apartments v
Marriott Hotels v
Marriott Hotels - All-inclusive v
Marriott Residences v
BRAND NAME. uS/ CAN
Marriott Vacations Club v
MOXY Hotels v
Protea Hotels by Marriott v
Renaissance Hotels v
Residence Inn v
Ritz-Carlton Reserve v
Sheraton Hotels v
Sheraton Residences v
SpringHill Suites v
St. Regis Hotels v
St. Regis Residences v
The Luxury Collection v
The Luxury Collection - All- v
Inclusive
The Luxury Collection v
htps:imgscloud mariol.comlstandards7id=1834
Enterprise Records Management (MIP-15) - Ml Standards
v
v
CALA
v
v
AP.
EUR
4 886
6
MEA
4 886
‘
ant91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
Residences
The Ritz-Carlton v
The Ritz-Carlton - All-Inclusive v
The Ritz-Carlton Club v
‘The Ritz-Carlton Residences v
The Ritz-Carlton Yacht
Collection ¥
TownePlace Suites v
Tribute Portfolio v
Tribute Portfolio - All-inclusive v
W Hotels v
W Hotels - All-Inclusive v
W Residences v
Westin Hotels v
Westin Hotels - All-Inclusive v
Westin Residences v
v ¥ ¥
v v
v v v v
v v v v
v ¥ v v
v v v v
v v v v
v v v v
¥ v v v
v v v v
v v v v
v ¥ ¥ v
v v v v
v v v v
APPLIES TO: Architecture & Construction, Communications, Engineering, Event Management, Finance & Accounting,
Fitness & Recreation, Food & Beverage, Front Office, Furniture, Fixtures & Equipment, Golf, Housekeeping,
Human Resources, Legal, Information Protection,
, Purchasing, Quality Assurance & Guest Satisfaction,
Residential Operations, Retail, Risk Management & Loss Prevention, Sales, Marketing & Revenue Management, Spa,
Technology
Requirements
Applicabilty: Associates at al brands, all regions
Key Responsibilities
Section
”
Policy Owner: (unless otherwise stipulated, is
responsible for policy administration,
compliance monitoring, implementation, and
training)
Senior Vice President, Associate General Counsel (Michael Martinez)
Policy Approver: (unless otherwise
htps:imgscloud mariol.comstandards7id=1834
Executive Vice President, General Counsel (Rena Reiss)
ant91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
stipulated, is responsible for approval of
exceptions)
+ Chief Audit Executive (CAE) and Global Internal Audit Function have oversight responsiblity for the
facilitation of policy updates.
1. Policy Overview
Marriott International, inc. (Marriott or the Company) has established an Enterprise Records Management (ERM) Policy
to responsibly manage its Records, which are categorized as:
+ Company Records: Records that are or were valuable to or necessary for Marriott's conduct of business
operations, including the Personal Data of customers, associates, and business partners as defined by MIP-91
+ Transitory Records: Records generated during day-to-day business operations which have no business or legal
value to Marriott beyond a short period of time (e.g., an email setting up a meeting time).
+ Non-Business Records: Records of a non-business or personal nature.
As it relates to all Records (j,e., Company, Transitory, and Non-Business), Marriott seeks to ensure that:
+ Marriott appropriately manages the cost and risk associated with the storage of Records.
+ Records are appropriately retained pursuant to any Litigation Hold Directive.
+ Associates understand fully that all Records are governed by this Policy and remain subject to other relevant
Marriott policies,
As it relates to Company Records, Marriott seeks to ensure that:
+ All Company Records are retained for at least the minimum period specified by applicable laws and regulations,
and no longer than needed for legitimate business purposes.
For example, Company Records informing business decisions and fulfilling the Company's obligations to
customers, guests, business partners, regulators, associates, investors, auditors, and vendors are maintained for
their useful life and destroyed thereafter.
This Policy applies to:
+ All Records including, without limitation, those that are stored in hard copy, on computers, shared and local area
networks, film or electronic storage media (i.e. CDs, DVDs, portable and handheld devices).
+ All Records generated, received, or maintained in the operation of Marriott's business, irrespective of where they
are stored (e.g., on Mariott premises, in offsite/remote facilities).
+ All Marriott associates and all individuals and entities acting on behalf of Marriott and that have access to, or use
of, Records for a reason affecting or relating to Marriott's business.
+ All Records held by a third party if Marriott has access to and control over those Records,
2. Policy
htpsimgscloud mariol.comslandards7id=1834 ant91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
Itis the policy of Marriott to retain Records of continuing usefulness which preserve corporate history and satisfy all
legal, accounting, and tax requirements. Records are to be retained for at least the minimum period specified by
applicable laws and regulations and no longer than needed for legitimate business purposes.
3. Requirements
3.4 Company Records
Itis the policy of Marriott to securely destroy Company Records at the end of their specified retention period. This policy
includes the Records Retention Schedule Instructions, the Records Retention Schedule, the Maintenance, Retrieval, and
Destruction of Records, and the Customer Data Retention Schedule (Appendices A, B, C, and E respectively), The
Records Retention Schedule assigns official ownership for each Company Record to a Business Discipline (i.e., Finance
& Accounting, Law, Consumer Operations) and establishes, for each record type, a retention period at the end of which
Records must be destroyed.
3.2 Transitory and Non-Business Records
Although Marriott does not prohibit the creation or storage of Non-Business Records, associates should make efforts to
keep these activities to 2 minimum. Associates should anticipate that Marriott has the right to access and review these
Records periodically without notice.
Non-Business Records and Transitory Records should not be retained beyond their useful life. They should be removed
from Marriott systems and hardware on a routine basis.
3.3 Legal Compliance
3.3.1 Local Laws and Regulations
Record retention must comply with all applicable local laws as well as Marriott standards with the stronger regulation
overwriting the other. Record retention periods listed in the schedule are the minimum; retention may be longer based on
local laws, or where the statute of limitations has been waived due to a current or pending local tax audit. In any event,
Records should not be kept any longer than necessary without a legitimate business interest.
Associates noting discrepancies wherein a jurisdiction recommends a more conservative retention than indicated on the
schedule have an obligation to report this to the Law Department.
3.3.2 Litigation Hold Directives
Marriott has a legal obligation to retain Records that are relevant to pending or reasonably anticipated legal proceedings
Consequently, the Law Department will institute a litigation hold and issue a Litigation Hold Directive when it becomes
aware of actual or reasonably anticipated litigation. When the Law Department issues a Litigation Hold Directive,
affected associates must carefully follow the direction of the Law Department with regard to that Litigation Hold Directive.
In such circumstances, associates must immediately suspend the destruction of any Records relating to that Litigation
Hold Directive.
Any associate who reasonably anticipates that litigation or a governmental investigation will occur, even if not formally
commenced, and who has not received a Litigation Hold Directive should contact the Law Department immediately.
Pending such discussions, the associate should preserve all relevant materials,
htpsimgscloud mariol.comslandards7id=1834 sit91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
3.4 Email Auto-Purge
The Email Auto-Purge requirement establishes the default retention period for email retained on online mail servers.
This policy applies to all:
+ All Marriott email users
+ All Marriott email systems
+ All email sent or received using Marriott email and systems
3.4.1 Default Retention Period: Marriott systems will be configured to automatically purge all messages located in
Outlook inbox, drafts, sent items, deleted, notes, and junk older than one year. Marriott's policy will exclude contacts,
tasks and calendar items from being deleted. At the discretion of the Law Dept., retention time periods may be extended
as necessary or appropriate.
3.4.2 Destruction Frequency: Email will be purged on a daily basis from all online mail servers (i.e., any email older than
the current date 1 year will be destroyed nightly).
3.4.3 Email as a Company Record
When the contents of an email classify it as a Company Record, the email should be retained by the official owner of the
record in accordance with the associated retention period as dictated by the Records Retention Schedule (see
Appendices A, B, and C) and saved in a manner to preserve the record. The burden of determining whether a specific.
message is a Company Record should fall to each individual. Convenience copy recipients should not retain messages
longer than required for their respective jobs. When that need no longer exists, the information should be destroyed.
Questions about the proper classification of a specific message should be directed to the associate's department head or
the business discipline.
3.4.4, Litigation Hold Directive
A litigation hold directive from the Law Department supersedes this email auto-purge requirement. Email and accounts
for associates who have been placed on litigation hold are managed by Global Information Resources until the hold is
released,
3.5 Maintenance, Retrieval, and Destruction of Records
3.5.1 Maintenance of Records
Records (i.e., Company Records, Non-Business Records, and Transitory Records) shall be maintained in a safe, secure
environment that is appropriate for each Record's use and classification in compliance with appropriate MIPs.
Associates should use electronic information systems that maintain appropriate controls when creating or obtaining
Records and that will support them in the context of business purpose or the activity performed. Records should be
maintained in an accessible environment such that they can be retrieved, without undue burden, for the length of time
required by the Records Retention Schedule regardless of operating systems, software, or media changes over time,
3.5.2 Retrieval of Records
All Records retrieved from an offsite Marriott storage facility should be retained in the business area for no longer than
htpsimgscloud mariol.comslandards7id=1834 ett91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
thirty (30) days (and subsequently retuned to the storage facility) unless senior management receives written
authorization from the Law Department to retain the Records for a longer period of time. Limiting the duration of retention
for retrieved Records to thirty (30) days will prevent Records from being damaged, destroyed, lost or misfiled.
3.5.3 Destruction of Records
When the retention period ends and if no Litigation Hold Directive is in effect, Records should be disposed of or
eliminated from all storage media, including personal computers, databases, sharedinetwork drives, fle cabinets, off-site
storage, magnetic media, and backup tapes, Records should be disposed of by a method (e.g., shredding, recycling,
purging) appropriate to the content and level of confidentiality of the records in accordance with Marriott's Global
Information Security Policy (MIP-29),
Storing Records beyond the retention periods set forth in this Policy costs Marriott storage fees, prevents the efficient
retrieval and accessibility of necessary Records, creates risk, and hinders the consistent application of this Policy.
Therefore, exceptions to this Policy will be granted only in specific circumstances based on ongoing business needs or
legal requirements and must be explicitly approved by the Law Department.
4, Roles & Responsibilities
4.1 Law Department
The Law Department shall:
+ Dosign the ERM Policy and designate a Law Department associate to oversee its implementation,
+ Oversee the creation of, and subsequent modifications to, the Records Retention Schedule Instructions and
Records Retention Schedule.
+ Address any policy-related questions related to the Email Auto-Purge Policy.
4.2 Global Information Technology Department
The Global IT Department shall work in coordination with the Law Department to support the design, implementation,
and function of this Policy. Specifically, Global IT will oversee the technical implementation of the email auto-purge.
4.3 Business Disciplines
Marriott's business disciplines shall be responsible for implementing the policy, identifying any necessary modifications of
the program specific to their operations, and coordinating with the Law Department to update the Policy or Records
Retention Schedule with any changes. The Business Disciplines will review the retention schedule every two years to
confirm the accuracy therein
4.4 Associates
All Marriott associates will be responsible for complying with this Policy. A subset of associates may be responsible for
periodically certifying their departments have made their best efforts to comply with the Policy.
5. Definitions
htpsimgscloud mariol.comslandards7id=1834 mt91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
Active Records: Records that are currently used to conduct day-to-day business operations (e.g., a three-year strategy
against which a business discipline is executing, a project plan for a project that will be completed in six months).
Company Record:
fecords that are or were necessary to satisfy the needs of everyday business operations, legal and
regulatory requirements, fiscal responsibilities, and historical needs; records that are or were valuable to, or necessary
for, Marriott operations and are the property of Marriott International including the Personal Data of customers,
Associates and business partners as defined by MIP-91
Final Records: Final versions of Company Records,
ui n Hold
cctive: The Litigation Hold Directive issued by the Law Department when it becomes aware of actual
or reasonably anticipated litigation.
Non-Business Records: Records of a non-business or personal nature created or maintained by an associate for his or
her own purposes relating to activities or issues not relevant to the course of doing business (e.g., e-mail to a friend to
meet for coffee).
Records: All documented information generated or received by associates or third parties who handle Marriott
information, or any individual or entity acting on behalf of Marriott
Records include, but are not limited to: reports, letters, memoranda, e-mail, facsimiles, graphics, data, audits, expense
reports, meeting minutes, handwritten notes, calendars, agendas, outlines, timelines, summaries, presentations,
research materials, plot diagrams, charts, photographs, bound record books, publications, manuscripts, drawings,
statistical analyses, research materials, cards, maps, computer printouts, audio and video media, micrographics and
electronic media such as disks, diskettes, tapes, optical disks, CD-ROM, grading reports and voice recordings. Records
do not include library books, periodicals, copies of reports, blank forms, or stationery. Records are further categorized
into Company Records, Non-Business Records, and Transitory Records,
| Scope of Recor
Retention Schedule |
Key
htpsimgscloud mariol.comslandards7id=1834 att91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
Transitory Records: Records generated during day-to-day business operations which have no business or legal value
to Marriott beyond a short period of time (e.g., an e-mail setting a meeting time).
Works-In-Progress and Draft Records: Records including drafts, project materials, research results, or reference
information used in the development of a Company Record. Drafts are defined as preliminary, preparatory or tentative
versions of all or part of a record, whether or not such draft was superseded by a later draft and whether or not the terms
of the draft are the same as or different from the terms of the final record
6. Policy Compliance
This Policy must be complied with in accordance with all Marriott International Policies, including but not limited to:
+ Marriott's Ethical Conduct Policy (MIP-1)
+ Global Information Security Policy (MIP-29)
+ Business Continuity (MIP-30)
+ Mobile Devices (MIP-46)
+ Global Privacy Policy (MIP-91)
Managers and supervisors must ensure that the Policy is enforced through appropriate disciplinary measures, Any
associate in violation of a provision of this Policy shall be subject to discipline, up to and including termination.
7. Compliance Monitoring
Compliance with this poliey is monitored using existing processes as described above and through the MIP-01 Annual
Ethical Conduct Survey.
8. Documents Associated with this Policy
Records Retention Schedule Instructions (Appendix A) (DOC)
Records Retention Schedule (Appendix B) (XLS)
Records Retention Schedule for All US locations including HQ and properties (Schedule 1 - Appendix B) (XLS)
Maintenance, Retrieval, and Destruction of Records (Appendix C) (DOC)
Microsoft Skype Conversation History and Microsoft Teams Chats - Retention Period Extension (Appendix D) (DOC)
Customer Data Retention Schedule (Appendix E) (XLS)
Ethical Conduct (MIP-01)
Electroni¢ Communications (MIP-28)
Global Information Security Policy (MIP-29)
Business Continuity (MIP-30)
EFFECTIVE: JANUARY 13, 2012 | PUBLISHED: MAY 04, 2011
htpsimgscloud mariol.comslandards7id=1834 ort91622, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
Irthis documents older than December 15, 2022, vist Meritt Global Source to ensure you have the mosl up-to-date version of this
standard,
MARRIOTT CONFIDENTIAL AND PROPRIETARY INFORMATION
‘The contents of his matetial ara confidential and propretary to Marriot! Intemational, Inc. and may not be reproduced, disclosed, distributed or
used without te express permission ofan authorized representative of Marriot. Any olher use is expressly prohibit.
htpsimgscloud mariol.comslandards7id=1834 ont9118722, 10.05 PM Enterprise Records Management (MIP-15) - Ml Standards,
hitpsimgscloud mariolt.comstandards7i at