The ABC's of Defensible Disposition

Whitepaper

Defensible Disposition is the final stage of the Information Lifecycle and a critical component of any Records and Information Management program. Read this whitepaper to understand the principals and actions needed to implement a successful practice.

25 May 202112 mins
People in a discussion

What is defensible disposition?

With few exceptions, all information has an end-of-life point. At that time, a decision must be made to either destroy it or keep it for archival or data mining purposes, a process called document disposition. Key to the disposition decision-making process is an organisation’s legally defensible records retention schedule (RRS). Once a decision is made to destroy — or keep — records, the process must be conducted in a manner that is compliant with the organisation’s policy. This might mean secure disposition of paper records or degaussing of magnetic tapes. If records must be kept for a valid business reason, it could mean anonymising them before moving them to a data lake.


Defensible disposition is making decisions about what data can be disposed of based on an official policy and then either moving it to a secure archive or destroying it in a compliant way.


What is a records retention schedule (rrs)?

TTo manage official business records properly, organisations must have an official, authorised records retention schedule. Schedules are constructed by researching how long records need to be kept in all the jurisdictions in which an organisation does business. In most cases, an organisation’s legal department is responsible for final approval of the research results provided by a vendor or an internal team.

The schedule lists the functions of an organisation — such as HR, accounting, sales and marketing — along with all the groups or classes of records and examples of each. Records are defined as information that is created, received, and maintained as evidence and information by an organisation or person in pursuance of legal obligations or in the transaction of business.

For each class of records, such as accounts payable and receivable or personnel, a retention rule is assigned based on regulatory, legal, and operational requirements that specifies the length of time the records must be retained. For example, the rule might require that records be retained for 10 years after creation or seven years after an event has occurred. In fact, some people prefer to call the records retention schedule a destruction schedule to discourage over-retention and promote disposition.

Organisations must also make policy decisions about how long data and information that is not considered official business should be kept, whether in paper or electronic format.