Retention & Disposition
Retention schedules, records inventories, the General Records Schedule, and defensible disposition of records at end of life.
Every record an organization creates carries an implicit question from the moment it comes into existence: how long should we keep this, and what should happen to it when that period ends? Retention and disposition is the discipline that answers that question deliberately rather than by accident. It is the engine that converts a chaotic, ever-growing accumulation of documents, emails, datasets, and system records into a managed body of information with a defined beginning, a defined useful life, and a defined, defensible end. Without it, organizations keep everything forever — accumulating cost, risk, and clutter — or they delete inconsistently, exposing themselves to legal jeopardy and the permanent loss of evidence they were obligated to preserve.
At its core, retention and disposition is about applying rules systematically to records based on what they are and what they document, not on who happens to own a folder or how full a drive has become. It is simultaneously a legal compliance function, a risk-management practice, an operational efficiency measure, and an act of institutional memory. Getting it right means the records you need are available when regulators, auditors, litigators, historians, or your own staff come looking — and the records you no longer need are gone, cleanly and with documented authority.
What Retention and Disposition Actually Means
Two linked concepts sit at the heart of this topic. Retention is the decision about how long a record must be kept, expressed as a retention period and tied to a triggering event — for example, “seven years after the contract terminates” or “destroy when superseded.” Disposition is what happens when that period expires: the final action taken on the record. Disposition is broader than destruction. A record may be destroyed, but it may also be transferred to another body (such as a national archive or a successor organization) or preserved permanently because of its enduring legal, fiscal, or historical value. Treating disposition as a synonym for deletion is one of the most common conceptual errors in the field; permanent preservation is itself a disposition outcome.
These decisions are not made record by record in the moment. They are made in advance, in policy, through a retention schedule — and they are executed against a verified picture of what records the organization actually holds.
The Core Building Blocks
A working retention and disposition program rests on a handful of interlocking instruments, each of which is substantial enough to merit its own detailed treatment:
- The records inventory is the foundation. You cannot schedule what you cannot see. A records inventory is a structured survey of the record types an organization holds — their formats, locations, volumes, owners, and the business functions they support. It is fieldwork, not guesswork, and it precedes every other step.
- Appraisal is the analytical heart of the discipline. Appraising records means weighing their continuing value — administrative, legal, fiscal, and historical — to determine how long they should live and whether any should be kept permanently. Appraisal is where professional judgment, legal research, and stakeholder consultation converge.
- The retention schedule is the governing instrument that codifies those judgments. It groups records into categories (often called record series or “big buckets”), assigns each a retention period and a disposition action, and cites the authority behind each decision. A schedule is only useful if it is approved, maintained, and actually applied.
- Disposition methods are the operational endpoint — the concrete acts of destroying, transferring, or preserving records once their retention period lapses and any holds are cleared.
Running through all of this is the principle of defensible disposition: the idea that destruction must be the result of a documented, consistent, good-faith application of an approved schedule, not an ad hoc purge. Defensibility is what allows an organization to demonstrate, after the fact, that records were destroyed in the normal course of business under legitimate authority — and were not, for instance, eliminated to evade a legal obligation.
Governing Authorities and Standards
Retention and disposition does not operate in a vacuum; it answers to law and standards. In the public sector, federal agencies in the United States operate under statutory records management obligations, and disposition of federal records generally requires authority granted through the National Archives and Records Administration. The General Records Schedule (GRS) is a central instrument here: a government-wide schedule issued by NARA that authorizes disposition of common administrative records — personnel, financial, facilities, and similar functions — that nearly every agency creates. Agencies supplement the GRS with their own schedules covering mission-specific records unique to their programs.
The private sector is governed less by a single archival authority and more by a dense web of statute, regulation, and case law: tax rules, employment and safety regulations, sector-specific mandates in areas like healthcare and finance, privacy laws that may compel deletion as much as retention, and the rules of civil procedure that govern preservation during litigation. Standards bodies also shape practice; international standards on records management establish principles for authenticity, reliability, and lifecycle control that inform schedules everywhere.
A notable shift worth understanding: NARA withdrew its longstanding endorsement of the DoD 5015.2 records management application certification standard in 2022, moving instead toward the Universal Electronic Records Management Requirements and the broader Federal Electronic Records Modernization Initiative. The practical message is that the field is moving away from certifying records applications against a rigid checklist and toward defining functional requirements that any system — including modern cloud and content platforms — can be measured against.
Where It Fits in the Records Lifecycle
Retention and disposition is best understood as the back half of the records lifecycle. Records are created or received, then classified and used actively, then maintained as they become less active — and finally disposed of. But the discipline reaches backward as well as forward. The retention rules established here should ideally be designed in at creation, so that records are born already associated with the schedule that will govern their entire life. When retention is bolted on only at the end, organizations face the far harder task of retrospectively classifying mountains of legacy material. Lifecycle thinking turns disposition from a periodic cleanup crisis into a routine, automated, ongoing event.
Common Challenges and Good Practice
The difficulties are well known. Schedules drift out of date as laws and business processes change. Electronic records — especially email, collaboration platforms, structured databases, and the metadata around them — resist the tidy categories designed for paper. Legal holds must reliably suspend disposition for records relevant to litigation or investigation, and a hold that fails silently can be catastrophic. End users rarely want to be records managers, so reliance on manual classification erodes over time.
Good practice responds with a few durable principles. Keep schedules simple enough to be applied consistently, favoring broader buckets over hundreds of fragile micro-categories. Automate disposition wherever defensible so it does not depend on human follow-through. Document every disposition action to preserve defensibility. Reconcile holds before any destruction occurs. And review schedules on a regular cadence rather than treating them as set-and-forget artifacts.
Where the Topic Is Heading
The trajectory is toward automation, scale, and integration. As data volumes outstrip any possibility of manual handling, organizations are turning to rules-based and increasingly machine-assisted classification to apply retention at the point of creation. Privacy regimes are reframing retention as a positive obligation to dispose — minimizing data is now a compliance goal in its own right, not merely a cost saving. And the line between a records system and the everyday business applications where records actually live is dissolving, pushing the discipline toward managing records in place across diverse platforms.
Through all of this change, the underlying logic of retention and disposition holds steady: know what you have, decide deliberately how long it must live, and end its life on purpose and with proof. The tools evolve, the data multiplies, and the regulatory landscape shifts, but an organization that can demonstrate it kept what it had to keep and disposed of the rest by design will always be on firmer ground than one that simply let its records pile up.
Articles in Retention
Big Bucket vs. Granular Retention Schedules
A practical comparison of big bucket and granular retention scheduling, weighing compliance precision against usability, defensibility, and the realities of electronic records.
Documenting Destruction: Certificates and Logs
How destruction certificates and disposition logs prove records were destroyed under authority, what they capture, and why defensible documentation matters.
Event-Based vs. Time-Based Retention
An in-depth comparison of time-based and event-based retention triggers, how they work in records schedules, and how to apply each correctly.
How Legal Holds Suspend Disposition
An in-depth explanation of how legal holds override retention schedules to suspend the disposition of records subject to litigation, audit, or investigation.
Records Storage: On-site, Off-site, and Cloud
A principle-based guide to choosing among on-site, off-site, and cloud records storage and balancing access, cost, security, and retention obligations.
Setting Retention Triggers and Cutoffs
How records managers define event-driven and time-driven retention triggers and cutoffs so files are filed, closed, and dispositioned consistently.
Superseded and Obsolete Records
How records management programs identify, retain, and dispose of superseded and obsolete records under approved schedules without destroying anything that still has value.
The Cost and Risk of Over-Retention
Why keeping records longer than required raises legal, privacy, security, and cost exposure, and how disciplined disposition reduces organizational risk.
How to Appraise Records: Value-Based Retention Decisions
Appraisal is the judgment that determines how long records are kept and whether any are permanent. Here's how to weigh administrative, legal, fiscal, and historical value.
Records Disposition Methods: Destroy, Transfer, Preserve
When records reach the end of their retention period, disposition takes one of three forms — destruction, transfer, or permanent preservation. Here's how each works.
The General Records Schedule (GRS) Explained
The GRS provides government-wide retention authority for records common to most federal agencies. Here's what it covers, how agencies use it, and why it exists.
Defensible Disposition: Destroying Records the Right Way
Disposing of records isn't just deleting them. Defensible disposition means routine, documented, authorized destruction — with holds that stop it when litigation looms.
Conducting a Records Inventory: A Practical Guide
A records inventory is the survey of what records you have, where they live, and in what volume. It is the foundation of every retention schedule. Here's how to do one.
How to Build a Records Retention Schedule: A Step-by-Step Guide
A practical walkthrough of creating a defensible records retention schedule — inventory, appraisal, setting retention periods, approval, and maintenance.
Common questions
- Can a company be fined for keeping records longer than the law requires?
- Can any manager authorize destroying records, or does it have to be someone specific?
- Can deleting emails too soon be considered illegal spoliation of evidence?
- Can different copies of the same document have different retention periods?
- Can GDPR storage limitation requirements force you to delete records you are legally required to keep elsewhere?
- Can I just delete old records whenever I need to free up storage space?
- Can records be destroyed during litigation or an audit?
- Do I have to keep records in their original format to satisfy retention requirements?
- Do I really need a retention schedule if my company never deletes anything?
- Do state and local government agencies have to follow their state archives' retention schedules, and what happens if they don't?
- Does a litigation hold override my company's retention schedule?
- Does ISO 15489 carry legal weight outside the US or is it just a voluntary global baseline?
- Does legal or the records officer decide how long to keep records, and what happens when they disagree?
- Does storing records on blockchain satisfy retention and disposition requirements, and can immutable records ever be deleted?
- How do cross-border data transfer rules affect where you can store and retain electronic records?
Key terms
- Accretion
- Appraisal
- Big Bucket Schedule
- Certificate of Destruction
- Cutoff
- Dark Data
- Defensible Disposition
- Disposition
- Disposition Authority
- Event-Based Retention
- General Records Schedule
- Records Center
- Records Inventory
- Records Series
- Retention Period
- Retention Schedule
- Secure Destruction
- SF-115
- Temporary Records
- Time-Based Retention