Evidence Retention Policy Reminders

If your are part of a large organisation, then it is likely that you will have an evidence retention policy which states how long you should keep evidence (both physical and logical) after the case has been completed. Foreman now has an admin section where this policy can be applied:

evidence_retention

When an ‘archived’ piece of evidence reaches the retention period (i.e. x number of months after the archival date), an email will be sent to the user who added the evidence initially into Foreman and all the current administrators (just in case that user is no longer in the team) so that they can destroy the evidence according to their policy. They can then update the evidence status in Foreman to ‘destroyed’ [More on Evidence statuses here]. To set up the emails, an automated daily task is required, for example using CRON (Linux) or Task Scheduler (Windows). The following script should be run once daily:

python run_foreman.py scheduled_tasks

When run, this checks all the currently archived pieces of evidence and sees if retention period has been set. If so, all those which are due destruction generate emails. A flag is set so that the email is only send once and not repeatedly. Please remember that the config file should point to the correct Foreman database and have an email server set up.

There are two options if a retention period is changed / no longer needed:

  1. Existing retention emails still required, and only evidence archived from this point should not have retention periods: Administrator should select “No” for Evidence Retention Reminders
  2. All retention emails should be stopped: Administrator should select “No” for Evidence Retention Reminders and tick Remove existing reminders
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s