Destroying a record is the final, irreversible act in its lifecycle, and paradoxically it is the moment that generates the most important new record of all: the proof that the destruction happened lawfully. A retention schedule authorizes disposal, but authorization alone does not demonstrate that an organization acted within that authority. Without contemporaneous documentation, a destroyed record becomes a gap that an auditor, regulator, or opposing litigant can characterize as concealment, negligence, or spoliation. Destruction certificates and disposition logs exist to close that gap. They convert an absence into evidence, transforming “the record no longer exists” into “the record was destroyed on this date, under this authority, by this person, using this method.”
This documentation is not bureaucratic ceremony. It is the connective tissue of a defensible disposition program: the demonstrable, repeatable application of an approved schedule that an organization can stand behind years later. Defensibility rests less on the destruction itself than on the ability to show that destruction was routine, authorized, consistent, and uninfluenced by any pending or anticipated legal matter.
What a Destruction Certificate Is
A destruction certificate (sometimes called a certificate of destruction or certificate of disposal) is a formal attestation that a defined set of records was destroyed. It is typically a discrete document tied to a single destruction event or batch, and it serves as the durable, signed proof that the event occurred as described. Where a vendor or service bureau performs the physical destruction, the certificate often originates with that provider and is countersigned or retained by the records owner.
A complete certificate generally captures:
- A description of the records or record series destroyed, specific enough to identify the population without reproducing its contents.
- The retention schedule item, disposition authority, or schedule citation that authorized the destruction.
- The date the records became eligible and the date destruction occurred.
- The volume or quantity (boxes, linear feet, media units, or system records affected).
- The destruction method (shredding, pulping, incineration, degaussing, cryptographic erasure, secure overwriting, or deletion plus purge for electronic records).
- The names and signatures of those who authorized, witnessed, and carried out the destruction.
- Confirmation that no legal hold, audit, investigation, or other freeze applied to the records at the time of disposal.
For physical media that may contain sensitive or personal information, the certificate also documents chain of custody up to the point of destruction, so that the records are accounted for from approval through final, irreversible disposal.
What a Disposition Log Is
Where a certificate documents a single event, a disposition log is the cumulative, ongoing register of all disposition activity across a program. It is the running history that lets an organization answer, at any time, what was destroyed, when, and on what authority. A log typically references the certificates it summarizes, creating a layered record: the log provides the index and pattern, while individual certificates supply the granular proof.
A well-maintained log establishes the existence of a routine. That pattern matters enormously. If disposition occurs on a regular, schedule-driven cadence and is logged consistently, a single destruction event is far easier to defend as ordinary business practice rather than a targeted purge. The log itself is a record and should be assigned its own retention period, frequently permanent or very long, because its evidentiary value persists long after the underlying records are gone.
Why This Documentation Matters Legally
The strongest reason to document destruction is the obligation to suspend it. Under the Federal Rules of Civil Procedure and parallel principles in regulatory and administrative contexts, once litigation is reasonably anticipated, the duty to preserve relevant information attaches and routine disposal of that information must stop. A defensible program demonstrates two complementary things: that destruction normally proceeds on schedule, and that it was properly halted when a legal hold required preservation.
Destruction documentation supports both halves of that showing. It evidences good-faith, routine operation of a records program, and it marks the boundary where routine yielded to preservation. When records are destroyed and a dispute later arises, the certificate and log allow an organization to show that disposal predated any preservation duty and followed an established schedule rather than an improvised decision. Absent that proof, a court may be left to infer the worst about why information is missing.
Documenting Destruction of Electronic Records
Electronic records complicate the picture because deletion is rarely a single, visible act. A file marked deleted may persist in backups, replicas, caches, or unallocated disk space, and “destruction” for digital information often means rendering it irretrievable rather than physically obliterating media. Documentation must therefore describe what was actually accomplished: logical deletion, purging, cryptographic erasure, or media sanitization, and whether backups and copies were included.
System-generated audit trails are central here. Modern electronic recordkeeping systems can log disposition events automatically, capturing the record identifier, the authority applied, the timestamp, and the acting account. These logs are valuable precisely because they are contemporaneous and harder to reconstruct after the fact. Their reliability, however, depends on configuration, access controls, and the integrity of the system that produces them.
It is worth noting how guidance in this area has shifted. NARA withdrew its longstanding endorsement of the DoD 5015.2 records management application standard in 2022, moving instead toward the Universal Electronic Records Management Requirements developed through its Federal Electronic Records Modernization Initiative. The practical implication is functional rather than product-based: systems are expected to support transfer, capture, and disposition with reliable, auditable records of those actions, regardless of any single certification.
Building a Defensible Practice
Sound destruction documentation follows a few durable principles. Tie every disposal to a citable authority in an approved schedule, never to ad hoc judgment. Capture documentation at the time of the event, not retroactively. Separate duties so that authorization, execution, and witnessing are not all performed by one person. Verify that no hold applies before destroying anything, and record that verification. Retain certificates and logs far longer than the records they describe, treating the proof as a distinct, valuable record class.
Done well, this discipline turns destruction from a liability into a strength. An organization that can produce clean, consistent evidence of authorized disposal demonstrates control over its information, compliance with its own schedules, and good faith should its practices ever be questioned. For broader context on how disposal fits within the records lifecycle, see the retention and disposition topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Records management (NARA) — National Archives (NARA)
- General Records Schedules — National Archives (NARA)
- Federal Rules of Civil Procedure — U.S. Courts
How to cite this page
APA
RM University Editorial Team. (2026). Documenting Destruction: Certificates and Logs. Records Management University. https://www.recordsmgmt.org/articles/documenting-destruction-certificates-and-logs/
MLA
RM University Editorial Team. "Documenting Destruction: Certificates and Logs." Records Management University, 16 June 2026, www.recordsmgmt.org/articles/documenting-destruction-certificates-and-logs/.