How do you document records destruction so it holds up against a DoD 5015.2 audit trail review?
Defensible destruction is not just deleting a file. Under the DoD 5015.2 model, the system and the records officer must be able to prove, after the fact, that the right records were destroyed at the right time, under an approved authority, by an authorized person. An audit trail review tests exactly that chain of evidence.
What the audit trail must capture
DoD 5015.2 expects destruction to be a tracked, system-logged event rather than an ad hoc action. At minimum, your documentation should show:
- The record identity affected (unique identifier, title, and the file plan or category it belonged to).
- The disposition authority that permitted destruction (the applicable schedule, such as an agency schedule or a NARA General Records Schedule item).
- That the retention period had fully elapsed and any holds were cleared before action.
- The date and time of destruction and the method (for example, cryptographic erasure or shredding of physical media).
- The identity of the person or process that approved and executed it.
Build evidence around three checkpoints
- Eligibility. Capture proof that the cutoff occurred and the retention clock expired. The record should never be eligible while a legal hold or litigation hold is in force.
- Authorization. Log the approval step separately from execution, so the audit trail shows a reviewer signed off before anything was destroyed.
- Confirmation. Record a destruction certificate or system event confirming completion, and retain that metadata even after the content itself is gone.
Make the trail tamper-evident and durable
Audit logs should be protected against alteration, time-stamped, and retained long enough to outlast the records they describe. Reviewers will look for gaps, manual overrides without justification, and destruction events that lack a linked authority. Keeping the disposition metadata (the proof of what happened and why) is what lets you answer an auditor with documentation rather than recollection.
Aligning destruction practices with your approved schedules and with broader guidance on disposition strengthens the whole program. For more on aligning programs with formal requirements, see compliance standards.
Sources & further reading
Authoritative government and non-profit references.
- Records management policy and guidance — National Archives (NARA)
- General Records Schedules — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). How do you document records destruction so it holds up against a DoD 5015.2 audit trail review?. Records Management University. https://www.recordsmgmt.org/questions/how-to-document-records-destruction-for-a-dod-5015-2-audit-trail-review/
MLA
RM University Editorial. "How do you document records destruction so it holds up against a DoD 5015.2 audit trail review?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-to-document-records-destruction-for-a-dod-5015-2-audit-trail-review/.
Related questions
- Can a commercial off-the-shelf system meet the NARA Universal ERM Requirements without being DoD 5015.2 certified?
- Can a company be fined or sanctioned for not following ISO 15489 in a lawsuit?
- Can a US company store its records on servers in another country, and what cross-border data rules apply?
- Can following ISO 15489 actually help us pass an audit or hold up in court?
- Can I just adopt ISO 15489 word-for-word as our records policy, or does it not work that way?