What is a Retention Schedule?

A Retention Schedule is the most important document in Records Management.  It contains a list of every kind of record a company has, and how long they need to keep it.  Records Managers use the retention schedule as the primary planning document to control their records management program.

More advanced retention schedules will also include instructions to figure out what type of record a document is based on how it’s used.  Some may keep track of what department is responsible for each type of record, and other retention schedules may control what should be done with the record when it’s no longer being used.

From time to time, the rules about a document may change, or new types of documents may be created, and the list will have to be updated to include that new information.  By making those changes in one place, the retention schedule provides an easy way for an entire company with many employees to standardize their rules about how long to keep records.  The Retention Schedule is created and managed by the Records Manager.

In its simplest form, a Retention Schedule is a list of types of records and how long to keep them.

How do you determine how long each record is kept?

All records/non-records have a length of time they are to be kept.  This is called a “retention life”.  The retention life is included in the retention schedule.

What determines the length of time records are to be kept?  Laws.  Laws can be local, state, national, Federal, or International.  It depends where your organization is located and operates. Some companies are only in one state which makes these rules simpler. Another company may operate across the East Coast of the US, from Maine to Florida.  In this case, they will need to know the laws in every state they do business.  They will also need to understand any federal laws that apply to their records and decide how long each should be kept.  What determines how long a non-record is kept?  That is usually determined by the owner of the non-record.  The owner of the non-record is the business unit that creates and uses it. With no law guiding its disposition, a non-record may be kept as long as you want.  

What is a Record Category?

A Records Category are those records that are related to a particular function in an organization or related to a particular business unit.   A functional example would be “vital records”.  Vital records are those records that are fundamental and necessary for continued operations of an organization.  An example of a records category for a business unit would be records from an Accounting Department.

What is a Record Series?

A Records Series are similar records under a Records Category.  We’ve identified above that Accounting records can be a Records Category.  There could be records created by them for Accounts Payable, Budgeting, or Payroll.  Each of them would be a series under the category of accounting.

What are the parts of a Retention Schedule?

The columns of a retention schedule tell you everything you need to know about each record.

1. Record Series ID

The Record Series ID is the “code name” for each type of record.   Records Manager will create Record IDs for each record.  Record IDs for departments may start with a similar set of letters. Some codes you can figure out who the records belong to by those letters.  For example, a code that starts with “AC” may be a record from the Accounting Department.  If it starts with “HR” it may belong to the Human Resources Department.  The ID provides a convenient way to show that records are all the same type.

2. Record Series Name

The Record Series Name is a title for each type of record.  It’s a short in length.  Just enough to let you know what the records is.  For example, in the Human Resources Department they will have a record series called “Job Applications” and a record series called “Job Descriptions”. 

3. Record Series Description

The Record Series Description is a detailed explanation about each type of record. Some descriptions can be a few words.  Other kinds of records may require a longer and more complex description.   

4. Retention Life for Records & Non-Records

As noted in the beginning of this article, records are part of the Retention Schedule. The Retention Life is how long we must keep each type.

  • Retention Life for Records
    The laws for how long we keep records come from multiple areas. The laws could be local, state, federal or even international. If your company is one state, that reduces the laws you must research. If you have locations on the East Coast, that increases your research.  If your company is International, then your Records Managers will have a lot of research to do!
  • Retention Life for Non-Records
    Non-records are defined as those records that have no legal reason to keep. They are used in our daily operations. But there is no law saying when we must dispose of them.  Non-Records MUST be managed too.  You should retain non-records if they are needed.  Then they should be disposed of.  Retention for non-records can be determined by the records owner.

5. Legal Citation

A legal citation in records management is a reference back to a document or source that supports the life a record should be kept. Sources for legal citations could be court decisions, statues, regulations, or government rulings.

6. Record Owner

Every record has an owner.  An owner is the business unit that creates it and uses it.  Records managers will work with the owner to make sure they have all the details of the record which will be used in the retention schedule.

7. Retention Schedule Review Update

Creating your retention schedule is a great start.  But it doesn’t end there. New records can be added when they’re created.  Existing records and their retention lives should be reviewed to make sure they’re still accurate at an agreed upon point in the future. The Records Manager will decide when that should happen.  An update could be scheduled every two or three years.  Another way to perform the update is to take a part of your retention schedule each year and update it.  Updating your retention schedule in parts, gives you multiple smaller projects spread out over time which may be easier than one BIG project all at the same time.

8. Disposition Action

Creating your retention schedule is a great start.  But it doesn’t end there. New records can be added when they’re created.  Existing records and their retention lives should be reviewed to make sure they’re still accurate at an agreed upon point in the future. The Records Manager will decide when that should happen.  An update could be scheduled every two or three years.  Another way to perform the update is to take a part of your retention schedule each year and update it.  Updating your retention schedule in parts, gives you multiple smaller projects spread out over time which may be easier than one BIG project all at the same time.

At the end of their retention life, Records/non-records will be disposed of. This is called disposition.  Disposition may be the destruction of the record, keeping it permanently if that’s the law, or transferring it to another entity, such as NARA (National Archives and Records Administration).

Not all retention schedules contain all of the parts as listed above.

Some are very basic:

Some are more detailed:

What is a File Plan?

A file plan is a list of documents to be retained in a specific file. The records are indexed into that file when they are ingested into the system.   Let’s use your employee file as an example.  On date of hire all your personal information is entered into a record that goes into that file.  As you continue working for that company you may have an annual performance evaluation, a job promotion form, or perhaps you changed positions within the company.  That form will be included too.


A taxonomy is an approved list of words that we use to describe records.  You want to make sure that everyone is using the same words to describe the same thing.  If different words are used to describe, it can get confusing.  For example, let’s say we apply for a credit card.  Because it’s a new account, the Records Manager identifies that record as a “new account form”. But the employee issuing the credit card identifies it as “onboarding data” because that’s what the software company called the form.   They’re talking about the same thing, but not using the same words to describe it.   Using taxonomy in your retention schedule, ensures you use the same terminology.

How do you create a Retention Schedule?

Step One: Record Survey

A Records Survey is a list of questions that are sent out to each business unit.  The questions ask them to identify all the records that they create and use.  This is done in advance of the Records Inventory which is done in-person with each business unit.

Step Two: Records Inventory

Records are created all throughout an organization. A Records Manager must know all these records.  The starting point of a retention schedule is to create a list of those records.  That list is called a Records Inventory. A Records Manager or one of their staff will meet with each department in their organization. They will discuss all the records that department creates or uses.  From that discussion, a detailed list of each record will be created.

Whenever possible, get a sample of the record as a reference. It is important to know what information the record contains.  There may be PII (Personally Identifiable Information) in the record.  PII needs to be protected so access is only granted to those people that should have it. It is also important to know where the path each record travels in an organization.  Does the record stay within that department?  Does that department forward the record to another department?  All this information will be listed in the Records Inventory.

When all the records have been identified, they are ready to move on to creating the retention schedule.

Step Three: Creating the Schedule

Once the records inventory is complete, you will create a document to list all the records you discovered with all of their information.  The easiest format to create this list is in a spreadsheet.  It allows you to list things in columns and rows.   You will create column headings for each of the things we discussed in “What are the parts of a Retention Schedule”.  You will not have all the information about each record yet.  There is research to do to find out how long each record should be kept.  Some columns will be blank.

Researching the Retention Life for each record – This is a very important part of the process as you must keep your records as long as the law says.  This research can be completed in different ways:

  • You perform the research yourself – If you are only located in one state it will be easier and less time than if you were in multiple states. Performing the research by yourself means that you would visit each local, state, and federal web site to search each record and what they list as the time they should legally be kept.
  • Use record retention schedule software – There are several companies that allow you to use their software to search for the retention of each record in your retention schedule. You will need to know that their software has the retention for the states you’re in. There will also be a cost to use their software.
  • Use a consultant to do the research for you – If you do not have the staff or the time to do it yourself, consider using a consultant. Yes, there will be a cost for them to do this.   It will be more expensive than using software on your own.  You are paying for their knowledge and their time to do the research.

Select how long you’re going to retain each record and add it to the Retention Schedule – If you are only in one state, then the decision is easier.  First, compare the State Law against the Federal law.   There may not be a Federal Law for each record, only a state law.  If you have both a State and a Federal law governing a record, you need to check to see if one of those laws picked as the one to follow.  At times the Federal law overrides the State law, but not always.  If you are in multiple states, you will need to compare all the State laws to the Federal law if there is one, and then make your decision.  For example, when an employee leaves an organization, retention will begin as a terminated employee.  Each state may have a different time you need to keep that information.

Step Four: Approving the Retention Schedule

When you finish adding the information you need to the retention schedule, it should be approved before sending it out to all the departments in your organization.   You do want to start the approval process by sending the retention schedule to the people in the departments you did the records inventory with.  They will review the area of the retention schedule for their area only.  Depending on the size of your organization, you may have a legal department.  They would give the approval for the use of the retention schedule.  For smaller organizations that may not have a legal department, find out who the authorized department is.

Success!   Once the retention schedule is approved, it can be distributed to the business units in your organization who will use it.


COVID-19: Records Management as a function of Business Continuity

ERM in the time of Coronavirus

Many companies do not give adequate attention to their Business Continuity plans.  This is likely due to the “normalcy bias” — the assumption that a disaster is unlikely because the chance of any one disaster happening is low, and because one hasn’t experienced a disaster recently.

Why is it flawed?  Mere statistics. To illustrate: the probability of flipping a quarter ten times in a row and getting heads every time is extremely low, 0.09%.  However, if you try it daily for three years, it becomes almost certain that it will happen at least once.

Similarly, each possible cause of outage or disaster is individually unlikely.  But over a long period of time, many unlikely things add up to a certainty.  That some form of disaster (whether hurricane, cyber-attack, or epidemic) will occur is a “when, not if” situation. 

When a disaster does happen, 40 to 60 percent of effected businesses will never re-open according to research from FEMA.  Companies would be well advised to prepare for all identified risks. 

At the time of writing this, we may have just such an identified risk: the novel coronavirus SARS-CoV-2 (or COVID-19).  The Center for Disease Control and the Department of Homeland Security told businesses last week to begin preparing for disruptions due to an increasingly likely outbreak in the US. 

Records Management as
Business Continuity

FEMA lists a comprehensive records management plan as one of three most important recovery tools to deal with a disaster.

Why? It’s simple. An organization’s memory resides in its records.

Business continuity stretches from simple decisions like backups and DR software, to the steps that it takes to get a business back to a normal state.  First among those is the need to understand what normal consists of.  Our repositories are not just as an asset to protect during a disaster, but a system to help us know what needs to get done.

It is more likely now than ever that company leadership will proactively invest in business continuity projects.  If there was a time for Records Managers to make the case that RM is an essential part of a company’s Business Continuity planning, it is now.

An Electronic Document and Records Management System (EDRMS) strategy supports your Business Continuity efforts, getting you back to “business as usual” as quickly as possible. 

If you’re ready to bring Records Management into your Business Continuity planning, here’s some questions to ask yourself:

1. How will our employees access their records if they must work from home?

During a major outage, employees will need to have access to their regular working files to stay productive. Electronic Document and Records Management systems allow your employees to continue working off-site, while protecting your content through fine-tuned ABAC and RBAC permissions.

2. Are manual processes putting us at a higher risk?

During a disaster, employees may be unable to perform their normal duties: manual processes that weren’t explicitly documented are lost without their presence or experience.  A complete records repository means that you can recover these lost processes by examining the files and communications employees produce surrounding them.

Modern ERM systems support the creating of Forms and Workflows on the fly.  During a disaster, being able to structure your processes digitally means faster time to recovery, maintaining continuous operations even with a workforce working out of office.  This supports conducting business and delivering services efficiently, even during disruptions.

3. Is our data digitized, archived and backed-up properly for Disaster Recovery situations?
Records Management systems will capture your documents and data, replicating them to disaster-safe storage.  With Disaster Recovery mechanisms in place for Records Management systems, major outages are unlikely to result in significant data loss.
Modern ERM systems allow for easy integration with your LOB servers and platforms, meaning you can support Disaster Recovery objectives even for systems that are not natively DR-ready.

4. How can we stay compliant during disasters?

Having a complete records system makes tying up the loose ends during and after any outages or disaster recovery situations much easier. This includes proving losses and damages for insurance claims with documentation, as well as monitoring for fraud.

During and after a disaster, organizations will need to prove their compliance with regulation and law, all while showing that they took the necessary steps to reduce loss of life or damage to property.  This is essential from both a legal standpoint, as well as a Public Relations one.

The message is clear: 
Records Management is a critical Business Continuity initiative. To ensure your company has a comprehensive plan, make sure they see the critical role of Records Management. The steps you take today will keep critical processes operational during a crisis, reduce process downtime, and reduce the risk your company faces.

Extra Credit Reading:  The Australian Capital Territory produced a significant guide to Records Management and Business Continuity back in August 2008.  It’s as relevant today.

What is Records Management?

The goal of a records manager is to figure out what documents are important for a company to keep. For example, some important documents for a company to keep are the W-2s of their employees. Another important type of document that all companies have are contracts with their suppliers.

Documents which are important to keep are called records. Thus, Records Management refers to the practice of properly controlling these important documents, and Records Managers are the people who do this job.

Additionally, Records Managers have another important task. They need to figure out how long the law requires a company to keep certain types of documents. For example, US Law requires that employers keep copies of all job applications for at least one year. Determining how long to keep a record is called retention, and an important document called a retention schedule is the list of how long each type of record must be kept.

Keeping records for the correct amount of time is important, since improperly destroying records can come with both big legal fines and also long court cases.

Over the years, companies and governments realized that there were other types of information besides documents which needed to be managed. That’s when the term, Records and Information Management was created (“RIM”). Today, Records Managers control and manage all of a company’s information, including information which is and is not a record.

What is the Records Management Lifecycle?

An important concept in Records Management is the Records Management Lifecycle. The records management lifecycle is the entire process that a record can go through, from the day the record is created to the day it is destroyed. Destroying a record is called disposition. Listed below are the 4 parts of the Records Management Lifecycle:

1. Creating Records and Receiving Them From Other Systems

Records have more than one way to get into an organization. For example, if you fill out a job application while in the Human Resources Department, that was created while you were visiting that department. If you apply for a job online, your job application will be forwarded to them electronically. It wasn’t something they created but they received it and it is a record they must keep.

2. Using Records When They’re In The System and Modifying Them During Use

Records can be used by many people. Some records may be used for the information in it. No changes will be made to them. An example would be a sales report. Other records may be modified over time. Your employee file is a prime example. When you become an employee, they start an employee file just for you. During the time you work there, other records may be added to the file. An example would be a job review or a notice of promotion.

3.  Maintaining Your Records and Protecting Them from Unauthorized Use

This part of the records management lifecycle stores records in the correct place. It also protects them from people that should not see them.

  • Maintain – Records are stored in places called a repository. You can have more than one repository to store records. For example, there may be one repository for Human Resource records. There may be another for Contracts. The Records Manager will decide how any repositories are needed.They will also decide which records go in each of the repositories. As records are created, they will make sure the records go to the correct repository. Records will stay here until they can be destroyed
  • Protect – Records need to be protected from people that should not see them.Records may contain sensitive information. Let’s use your employee file as an example. It will contain your name, home address, phone number, email address, social security number, and your annual income. Only certain people should be able to see that information. Access to records is granted by the Records Manager. For your employee file, access could be restricted to Human Resources employees. Employees in Purchasing or IT would not need access. Granting access only to specific employees, protects your organization. It also protects your employees and your customers.

4.  Disposition of Records

The final step in the Records Management Lifecycle is disposition. Disposition is what we do with a record when we’re done using it. Depending on the type of record, what we do with it when we’re done using it may differ. There is destruction, preservation, and accession. Each one disposes of a record differently.

  • Destruction – Records falling into this category will be destroyed. That means paper records will be shredded to a size they cannot be read. Electronic records will be deleted from the system they were saved in. After destruction you will not be able to access and read them again.
  • Preservation – Some records may be kept permanently because the law tells us they must be kept forever. Other records may be kept after their retention life is expired. One reason is for historical purposes. For example, the founding documents of an organization. This could be their company charter or original bylaws. Another reason to keep records is for reference material. Engineering plans are a great example. Engineers refer back to see how something was built. The original records would give the engineer that detail.
  • Accession – Accession means sending records from a government agency to NARA (National Archives and Records Administration). The records legal life in the government agency is complete. The records are sent to NARA. NARA will follow their retention schedule for the disposition of these records.

From these four steps, companies develop rules to control and protect records and information from the beginning to the end of the Records Management Lifecycle.


10 Hard-won Records Management Insights

Here are ten RMA insights, that you don’t want to learn the hard way.

1. Auto-Categorization is not a magic antidote. If you aren’t careful about tagging and organizing your data, you’re making a lot of manual work down the road.

2. Organization is a magic antidote. Get organized upfront. It’s easier to provide structure to data from the beginning, than it will be to structure your data after the fact.

3. Keep It Simply Systematized. Use as few categories as your process allows. The fewer buckets you’re categorizing into, the easier it will be to maintain those categories (but make sure to see 4 below).

4. Metadata is your friend. Make sure your metadata is complete, and will allow you to separate a single category into multiple ones later, if need be. You don’t want to have to separate a category manually, believe me.

5. Be like a Ninja. The more transparent the Records Management process is to your end users, the more likely it is to succeed. Wherever possible, be like an RMA ninja.


6. But also like a Shark. The rules and regulations are always evolving. If you’re not moving your RMA process forward, you’re falling behind, or worse.

7. ‘Business Continuity’ is not just Jargon. It’s not, we swear. If your RMA system doesn’t aid business continuity, it’s not properly supporting your organization. Know it, live it, love it.

8. You’re leaking records. Records in the hands of partners, or on employee cellphones and laptops, are often just as responsive as the ones you keep on site. Know where your organization leaks records.

9. If it’s worth doing, it’s worth doing well. Implementation is key. Get it right the first time to save yourself a lifetime of headache. If you already got it wrong, please accept my condolences.

10. Make friends, a bunch of them. Get buy-in from other departments before you need them for your next project. You’ll thank us later.

Want more of our hard-won insight? Give us a call, or check out our Records Management University event!

Troubleshooting in 20 Questions

No matter how many possibilities you plan for, you can’t always prevent problems from coming up.

For a technical support representative faced with the responsibility of getting things working again, there’s one technique we use every time, with every problem situation.

If you’ve ever played the game 20 Questions, you know that there’s a technique to finding the correct answer to a completely unknown problem — If you try to guess at the very beginning you won’t get the answer. You have to cut the possibilities down, by asking broad questions:

“Is it alive?”
“Is it man-made?”
“Is it larger than a toaster?”

There are millions of possibilities, but by asking those questions that cut the field in half, we can get to the correct answer pretty quickly. The trick is to make sure that you start at the very highest level. You have to ask questions that divide your remaining possibilities in half each time. In this way, just like in 20 Questions, you should have a fairly solid idea of what’s wrong in about 20 questions – every time, no matter how complicated the problem is.

To ensure you’re cutting things in half, try to keep the questions binary in nature, for instance:

“Did it work before?”
“Is it happening to just one user, or more than one user?”
“Is it happening on just one machine, or more than one machine?”
“Can you reproduce the problem at will, or is it intermittent?”

Soon you will find a once unwieldy problem is cornered into one of 2 or 3 possibilities, each of which can just be directly checked to determine if they are, in fact, the root cause. Of course, once the root-cause is identified – then you can begin the joyous process of fixing it!

Keep Your Information Digital

Here at Feith we live by three words: CAPTURE, MANAGE, DELIVER.

These are the basic components of the document management equation: getting information into your system, managing that information, and getting it into the hands of stakeholders.

You probably already knew that, but it may surprise you to learn that when we talk to customers, the biggest area for improvement is in Capture.

That’s right—getting information into your database is what’s really eating up your team’s time. And whether it is through a web service integration, a high-speed scanning solution, or plain old drag-and-drop, we want to help your team gain back those valuable minutes. So here’s what we’ve learned:

If you want to cut down on the time it takes to do capture your information, then take a step back and connect the dots. Where is all this paper coming from? Paper forms and documents requiring wet signatures are probably the biggest culprits, but there are many times where files are printed and scanned into the database because users do not know any better way.

Try mapping your process end-to-end to see where those files can stay digital, and here’s a hint—you can ask us for help.

Who are the real stakeholders in your new project?

Here’s a hint: it may not be who you expect.

You’ve probably thought long and hard about all the ways your new software development project will save you time, money, and effort.

But have you stopped to ask your end-users for their opinions? With so much riding on your project, the last thing you want is to learn that it doesn’t work for them right after deployment– when making changes is the most costly and difficult.

Rethinking Stakeholders

If your project involves making changes to your software, then doesn’t it make sense that end-users have the most to gain from its success? This is the very heart of what it means to be a stakeholder, yet every day well-meaning business leaders overlook the assets sitting right in front of them. Employees are a fertile ground for new ideas, since at the end of the day they’re the people who will be using the software.
And worse, by leaving employees out they forgo the higher productivity and lower turn-over associated with engagement.

Leveraging Insight

Take the convenience store, Seven-Eleven. Many of us are familiar with Seven-Eleven Japan’s decision to put purchasing decisions on its lower-level employees. When Seven-Eleven took advice from the people most intimately aware of day-to-day spending patterns, they were rewarded with increased revenue and decreased overhead. Seven-Eleven didn’t have to put the entire business logic in the hands of their clerks—instead, they carefully judged what knowledge would be most useful to them and designed a framework for utilizing it.

Incorporating feedback vs. dividing authority

If you’re worried that accepting feedback will give employees the false idea that they are the decision-makers, then it’s time to reassess. The truth is that most employees feel more empowered and appreciated just by simply asking for their opinions.
Granted, if employees sense that you asked for their opinions without ever intending to listen, morale will certainly suffer. In all likelihood, you’ll find that there are at least a few valuable pieces of information to learn from them.

Have an organized plan for evaluating stakeholder requests

We recommend having a plan in place before you undertake a new software development project. Ideally, you will be able to objectively weigh the opinions of your stakeholders to make sure that their requests will truly produce the best results for your company– inside, and out.

Cultivate a culture where employees want to share their thoughts

This, perhaps, is the most daunting piece of advice I can offer, but it can be the most beneficial—knowing how people are spending their time and encouraging them to share ideas about how to optimize their process will reap serious rewards for your software development project, and more importantly—your bottom line.