What are the steps to document a defensible destruction of electronic records so it holds up in an audit?
Defensible destruction means you can prove, after the fact, that records were destroyed routinely, in good faith, and according to an approved schedule, not to evade an obligation. The defense lives in your documentation. The goal is a clean evidentiary trail showing what was destroyed, why it was eligible, who authorized it, and that no hold applied.
Establish the authority first
Destruction is only defensible if it follows a documented policy and an approved retention schedule. Before anything is deleted, confirm that the records class has a defined retention period and a disposition action, and that the schedule was approved through your organization’s governance process. Ad hoc deletion, even of truly worthless data, is hard to defend because it looks selective.
Steps to document the destruction
- Identify the eligible records. Capture the record series, system of origin, date range, and the retention rule that makes them eligible for disposition.
- Verify retention has lapsed. Confirm the full retention period has run and that the triggering event (case closed, fiscal year end, etc.) actually occurred.
- Check for holds. Confirm no litigation hold, audit hold, investigation, or open records request applies. Record the date and source of the hold check.
- Obtain authorization. Secure sign-off from the records officer or designated approver before destruction proceeds.
- Execute and witness. Perform the deletion using a repeatable, documented method appropriate to the media and sensitivity of the data.
- Produce a certificate of destruction. Log the record series, volume, method, date, system, and the names of the approver and operator.
Make the trail audit-ready
Keep destruction logs and certificates as records in their own right, often retained longer than the items they describe. Ensure logs are tamper-evident and time-stamped, and tie each entry back to the schedule item that authorized it. Apply the same disciplined process consistently across systems so an auditor sees routine practice rather than exceptions.
For broader context on managing digital records through their lifecycle, see the electronic records topic hub.
Consistency, approved authority, and a hold check that is documented before deletion are what transform routine cleanup into defensible destruction.
Sources & further reading
Authoritative government and non-profit references.
- Records management policy and guidance — National Archives (NARA)
- ISO 15489-1 Records management — ISO
How to cite this page
APA
RM University Editorial. (2026). What are the steps to document a defensible destruction of electronic records so it holds up in an audit?. Records Management University. https://www.recordsmgmt.org/questions/steps-to-document-defensible-destruction-of-electronic-records-for-an-audit/
MLA
RM University Editorial. "What are the steps to document a defensible destruction of electronic records so it holds up in an audit?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/steps-to-document-defensible-destruction-of-electronic-records-for-an-audit/.
Related questions
- Are digital signatures legally valid on records?
- Are spreadsheets and database entries considered records I need to retain?
- Can a company be sanctioned for not preserving electronic records when it should have anticipated litigation?
- Can I just save a file as a PDF and call it a permanent electronic record?
- Can I store official records in the cloud?