Earning the certification reflects Frank’s dedication to continuing to grow his expertise (especially in an area that’s quickly becoming critical for many of our clients). His expanded knowledge in AI governance further strengthens our Consulting team and it enhances the practical, forward‑looking guidance Zasio provides to organizations navigating emerging AI and compliance challenges.

Frank, who joined Zasio in 2015, brings a strong background in international financial services, banking, and regulatory compliance. He also holds the CRM, IGP, CIPP/US, and CIPM certifications and is licensed to practice law in Idaho and New York. It makes him a trusted resource for legal information governance insight and real-world application.

He most recently was a featured speaker at ARMA InfoCon in Phoenix, Arizona in October 2025.

The post Zasio Senior Analyst Frank Fazzio Earns AIGP Certification appeared first on Zasio.

Two Zasio team members are hitting the road in June to share their insight into all things retention and information governance.

Warren Bean, Vice President of Technology and Product Development, and Rick Surber, Senior Consultant, will be traveling together to Bismarck, North Dakota to co‑present at ARMA North Dakota’s Annual Spring Seminar on Wednesday, June 3.

The seminar brings together records and information management professionals from across the state, and Warren and Rick will be teaming up to deliver two timely, complementary sessions that reflect the evolving realities of the profession.

Their first session, “Beyond Records: The Future is Process‑Driven Retention Management,” addresses a challenge many organizations quietly struggle with: defining what actually counts as a record anymore. In an increasingly digital, interconnected environment, the lines between data, information, and records are blurred. Together, Warren and Rick will explore how shifting the focus from individual records to business processes can improve compliance, reduce risk, and better account for personal data, complex data relationships, and growing cybersecurity concerns.

In their second co‑presented session, “Mine the Gaps: Uncovering What You Don’t Know About Your Retention Schedule,” the focus turns to the blind spots that often exist within retention programs. Drawing on hands‑on experience, they’ll walk through practical methods for identifying gaps using system inventories, engaging key stakeholders, and staying current with legal and regulatory requirements. The session also covers common pitfalls, maintenance strategies, and ways to keep retention schedules defensible and aligned with real‑world business operations.

For Warren and Rick, the event is about more than presenting—it’s an opportunity to connect with peers, exchange ideas, and learn from the challenges others are facing. Zasio is proud to support ARMA North Dakota and looks forward to meaningful conversations and shared learning in Bismarck this June.  |  Additional Details

The post Zasio Staffers to Present at ARMA North Dakota Spring Seminar appeared first on Zasio.

What should have been a straightforward configuration quickly turned into weeks of workshops debating interpretation, translating subjective language into system logic, and discovering that many “standard” retention periods could not be automated at all. The schedule was not wrong. It simply was never written for a machine.

Building a system‑ready records retention schedule means shifting how we think about retention periods. In a digital environment, retention is no longer something people “apply” at the end of a record’s life. It is something systems execute continuously, at scale, and without stopping to ask questions. The challenge is not rewriting retention requirements, but expressing them in a way machines can reliably understand and enforce.

It is a common misconception that making a retention schedule system‑ready requires starting over or completely rewriting retention requirements. Rather, the retention schedule remains a policy document, with retention periods intentionally reflecting business lifecycles and legal recordkeeping obligations. System retention rules, by contrast, exist to support automation and system execution. Aligning retention periods with retention rules does not require a full redesign. In most cases, it requires thoughtful planning and targeted adjustments so retention periods translate more easily, reliably, and consistently into system logic.

The following are some top considerations to get you well-positioned when planning your retention schedule ahead for system retention rules later on:

Simplified Big Bucket Retention Schedule – For Systems, Less is More

The big bucket retention schedule shifts from detailed, departmental categories to broader, process-based groups with a single retention period. This streamlined approach is popular for a variety of reasons stemming from its simplicity. One reason is because it makes configuring systems easier: fewer categories mean fewer rules to manage, and organizing by processes aligns well with record lifecycles and system retention defaults. See more details on how process-driven retention in changing records management.

Retention Lives or Dies on the Event Trigger

When it comes down to it, executing the event trigger is more planning than the retention period. For a retention period of “Employee Separation + 10 Years” the difficulty lies in calculating the employee separation date portion of the retention period rather than the 10 years because the separation date is variable. Tying that event trigger calculation in the system to the correct date and correct employee are crucial for execution.

In a previous blog, I discussed best approaches for simplifying event triggers in your records retention schedule. Here is where those strategies for simplifying event triggers come in really handy.

If a Human Has to Interpret It, a System Cannot Execute It

If your retention schedule depends on someone stopping to interpret what a rule means, it’s going to break down. The goal is to create rules that are clear, objective, and easy for systems to execute without second-guessing. The best retention rules don’t require that element of human judgement or interpretation. For example, a retention period of Contract Expiration + 7 Years can be entered by entering the calculated expiration date of the set expiration date. Compare this to an event trigger of “No longer Useful + 3 Years” which requires subjective judgement in order to trigger the retention period.

Automated Record Management: Policy vs. System Logic

Meet Systems Where They Are – Or Somewhere in the Middle

When designing your retention schedule retention periods evaluate each to see if they can easily align to an event already available within your system(s). This will likely steer you away from those event triggers that are subjective in nature requiring human decision-making. For instance, common retention event triggers “Until Superseded” or “Active” likely won’t align with available system events, which might make you consider whether an alternate retention period should be considered for system readiness. You might find something that align similarly – for example your “Final Resolution” date aligns just fine with the system event  “Case Closure Date”. The closer the retention event aligns with available system events, the easier it when the time comes to implement in your system.

Separate Legal Requirements from Reality & Simplify

Legal retention rules are often written to demonstrate compliance, not to be executed by systems. As a result, they can introduce complexity when the complex legal language are carried over directly into your schedule’s retention periods.

Take I-9 records which are subject to a complex legal recordkeeping requirement detailed at 8 C.F.R. § 274a.2: they must be retained for three years after hire or one year after termination, whichever is later.

Why this hybrid retention is difficult to implement in systems:

“Whichever is later” requires:

• Tracking two dates
• Comparing them
• Waiting until termination to know the outcome

This makes the rule difficult to apply consistently and easy to get wrong.

Instead, consider simplifying this further to a singular retention period of termination + 3 years, which meets the minimum legal recordkeeping requirement and is much easier for a system to understand and apply. There is the possibility the simplified retention would result in the I-9’s being retained longer than legally required. Simplifying retention periods in this manner requires a risk assessment balancing potential over-retention against easier administration and likely improved compliance.

Writing a Retention Schedule with Translation in Mind

Designing a system‑ready retention schedule does not mean turning policy into code or rewriting retention requirements from scratch. It means expressing retention periods with greater clarity, consistency, and awareness of how they will eventually be executed by systems. By simplifying structure, prioritizing explicit and system‑available event triggers, and separating legal intent from execution reality, organizations can significantly improve success of retention automation. The most effective retention schedules are not the most complex. They are the ones written with translation in mind, bridging governance and technology without compromising compliance.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Seamlessly Automated Record Management: Smart Strategies for System-Ready Retention Schedules appeared first on Zasio.

China is recognized for having one of the most intricate and strictly regulated record keeping environments worldwide. Leveraging Zasio’s comprehensive jurisdictional research, organizations are provided with clear and defensible guidance on how archival, privacy, cybersecurity, and data governance requirements interact within the People’s Republic of China (PRC).

Why China Requires Specialized Record Keeping Insight

China’s legal and regulatory landscape is defined by centralized enforcement, extensive administrative controls, and a heightened focus on state supervision and data sovereignty. Record keeping obligations are not isolated; they are deeply integrated with national security concerns, privacy protections, and sector-specific regulatory oversight.

Key jurisdictional characteristics include:

• • Civil law system with robust administrative regulation and centralized enforcement
  • Mandarin Chinese as the main language for legal and governmental matters
  • Strict archival and retention requirements established by national and sector-specific regulators

Zasio’s China Research at a Glance

Zasio’s research on China is tailored for organizations seeking defensibility, precise compliance, and practical application across global operations.

Research scope and depth:

• • • 1,836 China-specific record keeping citations captured
    • Coverage anchored in authoritative, subscription-based legal research sources
    • Direct analysis of national laws such as the Archives Law, Personal Information Protection Law (PIPL), Data Security Law, and Cybersecurity Law
    • Review of State Council regulations, Cyberspace Administration of China (CAC) rules, and sector-specific administrative guidance

This research delves beyond basic summaries, identifying enforceable requirements that affect retention periods, data storage locations, and protection measures.

Core Record Keeping Obligations in China

Zasio’s research provides clear, citation-backed requirements for retention across essential record categories.

Accounting and financial records:

• • • General accounting records are typically retained for 10 years or 30 years
    • Key financial reports and select high-value records require permanent retention under the Administrative Measures on Accounting Records

Personnel and employment records:

Employers must retain personnel records for at least two years after termination in accordance with the PRC Labor Contract Law.

Archival classifications:

Official archival rules often mandate retention for 10 years, 30 years, or permanently, depending on the record type and its archival significance.

Industries Most Impacted

China’s record keeping and information governance rules are widely applicable, but they are particularly stringent in highly regulated sectors.

Industries most affected include:

• • • Life sciences and pharmaceuticals
    • Technology and internet platforms
    • Financial services
    • Manufacturing and telecommunications

Multinational organizations in these industries often encounter additional complexity due to data localization and cross-border data transfer requirements.

What Makes China Uniquely Challenging

China distinguishes itself globally by requiring organizations to balance multiple, occasionally conflicting regulatory objectives.

Notable complexities include:

• • • Legal mandates for long-term or permanent archival retention alongside privacy minimization and deletion requirements
    • Overlapping and sometimes competing obligations across archival, privacy, cybersecurity, and sector-specific regimes
    • Rigid data localization demands that significantly impact multinational business models

China’s evolving governance of artificial intelligence, algorithms, and automated decision-making adds further complexity. These new regulations increasingly link record retention and auditability to AI oversight and compliance.

Business Relevance for Global Organizations

China’s regulatory influence extends far beyond its borders. Organizations may be subject to Chinese regulations even when processing data outside the country, provided the data pertains to individuals or activities within China.

Organizations most affected include:

• • • Multinational enterprises
    • Pharmaceutical and life sciences companies
    • Technology, SaaS, and AI-driven platforms
    • Companies with cross-border data flows involving China

How Zasio’s Research Supports Defensible Compliance

Zasio’s jurisdictional research assists organizations in developing information governance strategies that withstand regulatory scrutiny.

Clients use this research to:

• • • Holistically map retention, privacy, data security, and archival obligations
    • Lower regulatory and enforcement risk through clear, citation-backed requirements
    • Synchronize records retention schedules with privacy and cybersecurity controls
    • Enable defensible technology configurations and data lifecycle decisions across global operations

China Record Keeping in One Sentence

China is one of the most complex record keeping jurisdictions globally. Zasio’s research captures over 1,800 enforceable requirements to help organizations confidently navigate overlapping archiving, privacy, data security, and AI governance obligations.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. Any references to legal or regulatory recordkeeping requirements are provided for general guidance purposes and may not reflect all obligations applicable to your organization. Additional or alternative requirements may apply based on your organization’s industry, jurisdiction, risk profile, and specific business activities. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Record Keeping and Information Governance in China: Jurisdiction Overview appeared first on Zasio.

But this one lingered.

Legal started pulling threads. And the deeper they dug, the worse it got. Emails missing. Documents had gone cold. Files vanished without a trace, and no one could say when, why, or who pulled the trigger.

What should have been routine turned into something else entirely: a credibility problem with teeth.

Defensible Disposition Key Takeaways:

• Defensibility is proven through consistent execution and documentation, not just a written policy.
• Addressing redundant, obsolete, and trivial (ROT) data is critical to reducing discovery costs and legal risk.
• Effective retention schedules require specific, trackable trigger events to ensure records aren’t kept indefinitely.
• Regular internal audits and documented destruction certificates are the primary evidence used to defend disposition actions.

Most organizations have a retention policy. On paper, at least. But when you look closer, the story changes. Fewer have developed a comprehensive defensible disposition framework, and that gap is where the trouble starts. Deleting records without a consistent process, proper authorization, and clear documentation might feel like routine cleanup, but it can look very different under the harsh light of legal scrutiny. Defensible disposition is the framework that ensures your organization lawfully and consistently destroys eligible records and non-records with a paper trail that holds up when the questions come.

What is Defensible Disposition?

Defensible disposition isn’t a single event. It’s a framework. One that either holds together under pressure… or doesn’t. It is the output of interlocking processes that must work together including a legally sound retention schedule, policies that cover everything you create (not just official records), consistent implementation across your systems and paper, regular auditing to catch drift, a solid litigation hold process, and a plan for when something goes wrong.

6 Step Defensible Disposition Framework

Step 1: Build a Retention Schedule You Can Actually Implement

Every disposition decision traces back to your retention schedule. If it’s incomplete, outdated, or impractical to apply, everything built on top of it becomes shaky.

First, it needs to reflect your organization, not a one-size-fits-all approach. Templates won’t capture the specifics of how you operate. If you manufacture regulated products, manage assets, or operate in a specialized or licensed environment, your schedule should reflect that. Just as important, it has to be written in a way your employees can navigate quickly. If people can’t find what they’re looking for, they won’t use it, and unclassified records quickly become unmanaged ones.

Second, it must account for the jurisdictions you operate in. Retention requirements vary widely, and organizations often underestimate how those differences stack up. In many cases, you’ll need to apply the most stringent requirement across jurisdictions or explicitly define exceptions. And this isn’t a “set it and forget it” exercise, laws and guidance change. A schedule that was accurate a year ago may already be outdated. Build regular review into your governance process and rely on current legal research, not static references.

Finally, every retention rule needs to be workable. That means clearly defining both the retention period and the trigger event that starts the clock. “Seven years for contracts” isn’t enough. Seven years from when? Execution? Expiration? Last activity? If the trigger isn’t clear, people fill in the gaps. And they don’t all fill them in the same way. And if the trigger can’t be tracked reliably, records tend to be kept indefinitely. A good test is simple: can your systems consistently identify the trigger date without requiring judgment calls?

Step 2: Beyond Records: Controlling ROT and Non-Record Content

Not everything your organization creates qualifies as a record. But that doesn’t mean it’s harmless. Left unmanaged, non-record content becomes its own kind of risk. Your Records and Information Management policy or your Retention Schedule needs to address this explicitly.

A major category here is ROT: redundant, obsolete, and trivial content. Think of duplicate files, outdated drafts, and low-value communications. Left unchecked, ROT increases discovery costs, slows systems, and makes it harder to find what matters. For many organizations, the biggest contributor is everyday communication. Emails, chats, and messages that serve a short-term purpose and then linger indefinitely. Your policy should define transitory, redundant, obsolete, and trivial content, explain when it is not treated as a record, and specify how routine deletion is authorized and carried out.

Not all information exists as documents, either. Data in systems like CRMs, ERPs, and databases don’t fit neatly into traditional retention categories. This is where process-driven retention comes into play. Instead of focusing on document types, you look at the business process behind the data and determine retention based on that. Your policy should map key systems to the processes they support, assign ownership, and define how disposition decisions are made and documented. If you don’t address this, large portions of your data environment remain effectively unmanaged.

Step 3: From Policy to Practice: Driving Adoption

A policy doesn’t matter if no one follows it. Defensibility isn’t about what’s written down. It’s about what actually happens day to day. That means embedding it in the systems where records live and supporting it with a repeatable process.

Start with individual-access systems like email, OneDrive, and local machines. These are often the least controlled environments, and they’re where both over-retention and accidental loss happen most frequently. You need clarity. What’s automated. What’s the user’s responsibility. And how you verify both. Because telling people what to do isn’t the same as making sure they do it.

Structured environments like SharePoint, document management systems, shared drives should be easier to control. In theory. In practice, they often aren’t. Sites multiply, structures drift, and retention controls aren’t applied consistently. Effective implementation means applying classification and retention rules at the point of creation or ingestion, not trying to clean things up later at scale. Periodic reviews help confirm that content is landing where it should and that outdated material is being removed as expected. And don’t forget paper records.

Paper records shouldn’t be overlooked. They carry the same legal weight as digital records, and they need to be included in your processes for storage, retrieval, and destruction. Otherwise, you’ve got a blind spot.

When records reach the end of the line, disposition follows a process. No guesswork. No shortcuts.

• Identify what’s eligible.
• Confirm the details.
• Get the right approval.
• Carry out destruction.
• Document everything.

That documentation, often in the form of a destruction certificate, is critical evidence that the process was followed properly.

Effective records management isn’t just about compliance, it directly benefits users when they understand its value. With strong training and ongoing communication, organizations can move beyond “check-the-box” habits and show how good practices save time, reduce risk, and make information easier to find. When users see how records management supports their daily work, they’re more likely to adopt it. The goal is to make it not just a requirement, but a clear advantage.

Step 4: Audit Before Someone Else Starts Asking Questions

A program that looks good on paper isn’t enough. You need to know it’s actually working. Regular audits are what turn policy into something defensible.

Formal audits should review how the retention schedule is being applied, whether records are stored appropriately, whether disposition workflows are followed, and whether documentation is consistently maintained. Findings should be tracked and resolved, and the audit trail itself becomes part of your compliance record.

Between formal audits, targeted spot checks can be just as valuable. Instead of trying to review everything, focus on specific systems, teams, or record types. For example, you might verify that retention labels in Microsoft 365 haven’t been altered, or that a newly onboarded group is correctly classifying records. These smaller checks help catch issues early, often before they become larger problems.

It also makes sense to trigger reviews based on events, not just schedules. System migrations, acquisitions, or major staffing changes are all points where governance can slip.

Step 5: Don’t Forget Litigation Holds

When litigation is reasonably anticipated, the clock starts ticking, whether anything’s been filed or not. At that point, routine deletion isn’t routine anymore. It stops. Routine disposition must be suspended for information within the hold’s scope until the hold is released.

Hold notices need to:

• Go out quickly;
• Be clear enough to act on;
• Be tracked so you know they were received and understood.

For ongoing matters, periodic reminders are standard.

Scope is a common weakness. A proper hold covers not just official records, but drafts, communications, and anything else that could be relevant. It also needs to be implemented at the system level. Automated deletions and lifecycle policies won’t stop on their own. They have to be explicitly suspended.

When the matter ends, the hold should be formally lifted and normal processes restored, with that transition documented just as carefully as the hold itself.

Step 6: When Things Go Wrong (Because Sometimes They Do)

Even well-designed programs run into issues. Missed holds, premature deletions, or system errors. What matters is how those situations are handled.

• The first step is to stop any related destruction and secure what remains.
• Then bring in the right stakeholders, often including legal, before taking action. Trying to fix things too quickly without proper guidance can make the situation worse.
• From there, conduct a documented investigation to understand what happened, when, and why.
• Determining whether the issue was inadvertent or intentional is critical, as that distinction carries different consequences. In some cases, the question of whether to self-report will arise. That decision typically sits with legal counsel, but in general, organizations that identify and address issues proactively tend to be viewed more favorably than those where problems emerge later through external discovery.
• Once resolved, address the root cause and document the fix.

That record becomes part of your overall compliance story.

Defensible Disposition Framework: Bringing It All Together

At its core, defensible disposition is about accountability. Knowing what you kept. What you destroyed. When it happened. And why. Because sooner or later, someone’s going to ask. And when they do, it won’t be about policy. It’ll be about proof. Being able to explain what you kept, what you destroyed, when it happened, and why. That doesn’t come from a single policy or tool, it comes from consistent execution over time.

The challenge isn’t just building the defensible disposition framework. It’s maintaining it through system changes, staff turnover, and competing priorities. And that’s exactly the point. You’re both building this for routine operations and for the moment when someone comes knocking, asking you to explain a record that no longer exists. When that happens, your documentation, your processes, and your consistency are what determine whether it’s a routine matter or something much more serious.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post What It Takes to Make Record Deletion Truly Defensible appeared first on Zasio.

Versatile 2026 brings together Zasio’s industry-leading information governance solutions in a simple-to-use platform, including electronic records management, retention schedule management, and physical records management. With Versatile 2026, you choose the features you need. Whether it’s gaining control over unstructured documents, tracking boxes across multiple locations, or building domestic or global retention schedules, there’s no need to purchase separate software.

“Versatile 2026 marks an important evolution in how organizations manage and govern their information,” said Kevin Zasio, Founder and CEO. “By unifying physical and electronic records into a single, cohesive collection, we’re removing long-standing barriers and giving organizations a clearer, more complete view of their information.”

Key Enhancements

Building on the success of Versatile 2025, the updated release delivers a more user-friendly experience with a cleaner navigation bar and redesigned home screen that places your most frequently used tools (recent updates, integrated digital repositories, and personal collections of records) front and center. A new floating toolbar keeps shortcuts within reach wherever you navigate.

In another exciting update, Electronic Records Management (ERM) is now fully integrated, putting your key digital assets in the same view as physical records and retention schedules.

“Behind Versatile 2026 is a dedicated team effort centered on elevating electronic records management and enabling seamless retention across physical and electronic records,” Zasio said. “Through extensive development and collaboration, they’ve created a more unified platform where both record types function together as a single cohesive collection.”

The new My Collections feature lets you group mixed content for audits or projects without moving records and makes it easy to share collections with others. Finally, our enhanced AI-powered Versatile Information Assistant (VIA) recommends retention schedules and citations based on user inquiries. VIA can ask clarifying questions to ensure proper context and allows you to browse recommendations before adding them to your existing retention schedule.

Designed for Simplicity and Power

Unlike many applications that become more complex with each update, Zasio ensures each new feature enhances usability.

“We take great care to enrich the user experience while adding functionality,” said Warren Bean, Vice President of Technology and Product Development. “We don’t think you should have to search the internet to figure out how to use our products. It should be intuitive.”

Versatile 2026 represents Zasio’s next major update to the company’s industry-leading information and compliance platform. It’s currently scheduled for release in early May. View the Versatile 2026 feature overview video here. Questions? Visit zasio.com or email connect@zasio.com for details.

###

Founded in 1987, Zasio has nearly 40 years of experience at the forefront of records management and information governance. Zasio prides itself on its ability to foster a culture of innovation mixed with long-term thinking, which translates into offering leading-edge records and information management solutions along with unparalleled support to its customers.

The post Zasio Unveils Versatile 2026: A New Milestone in Records Management Software appeared first on Zasio.

This webinar, hosted by ARMA International, reframes records retention as a core governance mechanism within the Information Governance Integrated Model (IGIM) and a foundational enabler of ARMA’s Generally Accepted Recordkeeping Principles® (The Principles®). Participants will explore how retention requirements sit at the intersection of business value, legal and regulatory obligations, risk management, and technology and how they can be leveraged to drive consistency, accountability, and defensible outcomes across the information lifecycle.

Drawing on real‑world experience, this session will examine how retention schedules support key principles such as Lifecycle Management, Availability, Protection, Compliance, and Transparency, and how they can be operationalized across modern digital environments. Attendees will learn practical strategies for modernizing retention programs, aligning them with IG goals, and embedding them into systems and processes to move beyond policy and into execution.

Whether you are refreshing an existing program or building governance maturity, this session will demonstrate why retention is not just compliance. It is governance in action.

Retention Is Governance: Using Records Schedules as the Backbone of IGIM

When: Thursday, April 30 at 12 p.m. (Mountain)

Presenter: Warren Bean, Vice President of Technology + Product Development

Registration: >>> HERE

The post Retention Is Governance: Using Records Schedules as the Backbone of IGIM appeared first on Zasio.

But behind the scenes, the ISHS had been managing these important collections with aging, unsupported records management tools and no internal records retention schedule. That changed when the state agency partnered with Zasio.

Through the implementation of Zasio’s physical records management solution, Versatile Enterprise (now known as Versatile 2026 with Advanced Physical Records Management) and a comprehensive records retention schedule developed with the help of Zasio’s Consulting Team, the historical society has improved daily operations and strengthened how staff locate, manage, and care for long‑term historical records.

Background

Spanning territorial-era documents from 1863 through manuscript collections, photographs, oral histories, and the archives of city, county, and state agencies, ISHS is responsible for preserving a vast and varied record set. With only 12 staff members, the agency required a system capable of efficiently managing high record volumes while maintaining the rigorous tracking and documentation standards essential to its mission.

Before Versatile, ISHS relied on two outdated systems: a legacy program “not necessarily developed for archives,” and a separate homegrown database at the State Records Center described as being on “life support.”

As State Archives Administrator David Matte noted, the system was unsupported, not user-friendly, and had been built by two programmers who were leaving. The transfer of nearly 35,000 active boxes from the Idaho State Records Center to the Historical Society underscored the need for a more robust and efficient records management system.

Implementing Versatile

After Zasio was selected and Versatile was implemented, day‑to‑day operations at ISHS improved significantly. Tasks that previously took hours (such as printing large spreadsheets and taping them together on a table for monthly billing) became fully automated and far easier and more reliable to manage with our records management software. Staff were able to work more efficiently with faster searching, bulk uploads, and dependable auditing tools (capabilities that simply weren’t possible with the previous systems).

Key improvements include:

• Automated billing and workflow processes, eliminating manual spreadsheet reconciliation.
• Faster, more precise searching, including the ability to drill down into sub‑entities within large agencies.
• Bulk inventory uploads, replacing handwritten box inventories and reducing errors.
• Robust auditing and space‑management tools, enabling staff to verify locations, correct past misplacements, and keep track of every box and its location during the move.

Versatile helped the agency conduct an audit of its archives for the first time. It’s also become a critical tool in the agency’s 50,000-square-foot expansion project (scheduled to open in 2027) and relocation of more than 30 semi-truck loads worth of boxes that will be transported to the new building.

“Versatile is key to the whole expansion project,” David said. “We know where every single box is from every agency and that information will be used in moving to the new building.”

Consulting

While Versatile solved system and workflow challenges, ISHS was in an awkward situation. It still did not have its own internal records retention schedule. Staff had long been responsible for helping and guiding other state agencies on proper retention, yet internally it relied on the general state schedule.

“It always felt a little weird… we should be leaders in that, and we couldn’t completely make the case for our leadership if we ourselves didn’t have a retention schedule,” David said.

The agency had wanted to develop a records retention schedule for years, but budget and timing never aligned. That changed once ISHS partnered with Zasio’s Records Retention Consulting Team. After a positive experience with Versatile, choosing to partner with Zasio to help create a new retention schedule was the obvious next step.

“I didn’t think of anybody else to create a schedule with,” David said.

Working closely with Frank Fazzio, Senior Analyst, ISHS and Zasio worked with departments across the agency to build the schedule. Frank and David went through multiple review sessions to refine, consolidate, and ensure retention rules were “as lean as they could be” while still aligned with the general state schedule.

“The retention schedule is amazing and everybody in the agency was very impressed with it,” David said. “It really has been one of the many highlights during the 18 years I’ve worked here.”

The Result: A Scalable Partnership for Preserving Idaho’s History

David repeatedly emphasized how positive the working relationship with Zasio has been, describing the company as customer‑oriented, highly skilled, and supportive from start to finish. He praised the software and the technical support during Versatile’s implementation. He also recognized Frank who provided steady guidance, and a collaborative approach to build the much-needed retention schedule.

David said he appreciates how Zasio took time to understand how the agency works and structured the project around those needs.

“We couldn’t have done it without Zasio,” he said.

The ISHS’s transformation shows how much of a difference the right software and support can make. ISHS has moved from outdated systems and informal processes to a more organized, efficient operation that’s better prepared for future growth. It can now preserve Idaho’s history with greater accuracy, efficiency, and confidence than ever before.

With Versatile and Zasio’s Consulting Teams’ expertise, ISHS has not only improved operations for today but also put tools in place that will support its work for years to come.

To learn more about Versatile 2026 with Advanced Physical Records Management, and our Consulting services, call 800-513-1000 or email connect@zasio.com

The post Idaho State Historical Society Modernizes Records Management with Zasio’s Versatile software and Consulting Services appeared first on Zasio.

In organizations today, paper records can be as absent as Dictaphones and fax machines. In their place lie complex digital ecosystems, constantly churning and being updated. These ecosystems often cross continents. Within this transformed landscape, records and information management professionals must also adapt. Retention schedules built around documents, even digital ones, are no longer enough to keep organizations compliant with retention and disposition laws. If a digital system can generate a regulated record on demand—or even if it merely contains regulated data—then the system itself must be part of the retention equation. In other words, retention decisions that ignore digital systems create false confidence in your RIM compliance.

The job of RIM professionals now requires data management.

Key Takeaways:

• Traditional RIM focused on static objects; modern RIM focuses on dynamic digital ecosystems.
• Process-driven retention manages the systems and data flows that generate records, not just the records themselves.
• Keeping underlying transactional data while deleting a record creates a “false confidence” in compliance.
• Success requires RIM professionals to master data mapping, system architecture, and cross-departmental collaboration.

The Future of Retention is Process-Driven

It’s helpful to think of computing systems as factories and records as the products being manufactured. It doesn’t matter if you’ve disposed of the end product when the raw material is still on the factory floor and can be used to create another same or a similar record. Under a process-driven retention approach, RIM professionals must focus on how data flows through systems and business processes, recognizing that records are often generated, regenerated, or reconstructed from underlying data long after a record is deleted. Process-driven retention shifts from managing documents to managing the processes and systems that process regulated content.

If an organization determines it must delete a financial report or a customer statement, but it keeps the underlying transactional database, the risk driving the disposition decision has merely been taped over.  In other words, you cannot claim compliance at the record level if the underlying data ecosystem still exists to recreate, substantially reconstruct, or functionally reissue the record.

Process-driven retention builds around the fact that data doesn’t stay in a static state. It’s instead constantly changing. Process-driven retention also appreciates that datasets are often dependent on other datasets to be meaningful. Accordingly, the process-driven RIM professional must recognize that retention outcomes must be determined by system behavior, not just by deleting isolated datapoints. A modern RIM program must be as much about how data systems behave as it is about how long records are kept.

Process-Driven Retention Requires RIM Professionals to be Curious

To adopt a process-driven retention mindset, RIM professionals must elevate their understanding of computing systems and technologies. They must learn new skills and domains. These include data mapping, IT system architecture, and data lifecycles. RIM professionals must begin thinking in terms of the retention implications of computing system event logs, audit trails, system metadata, data pipelines, and even “machine memory” in AI systems.

Process-driven retention also requires creating closer partnerships with privacy, IT, product and engineering teams, and cybersecurity professionals. In a process-driven retention world, these are the RIM professionals’ new cross-collaborators. RIM professionals must be the glue that binds these diverse fields to help their organizations achieve retention and disposition compliance.

New Questions for a New Era of Retention Management

The distinction between “Data,” “information,” and “record” was long an object of worship in the RIM field. Unless the object was a record, RIM professionals need not have been concerned. Such thinking is outmoded. In the process-driven retention age, RIM professionals must think fluidly, thinking through the retention implications of data in all of its forms.

RIM professionals must also shift their focus from classification to system comprehension. Instead of merely asking, “Is this a record?” the RIM professional’s most important question must now be “Show me how this works?”

Additional Resources

To learn more about Zasio’s approach to records retention management, check out our February 2026 Virtual Coffee Webinar with Jennifer Chadband, Warren Bean, and Rick Surber, as well as this written compendium.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post How Process-Driven Retention is Changing Records and Information Management appeared first on Zasio.

In litigation, records are not background material. They are evidence. And evidence carries consequences.

When a lawsuit begins, one of the first formal steps is discovery. Discovery requires organizations to produce relevant emails, messages, drafts, reports, and metadata. Opposing counsel does not begin by reading your retention policy. They begin by examining what exists, what is missing, and whether the organization followed its own rules.

As a former trial attorney, I learned quickly that documentation practices often determine outcomes more than dramatic testimony does. An offhand message, a missing file, or irregular deletion can shape credibility long before opening statements begin.

That experience clarified something essential. The purpose of a records and information management solution is not administrative efficiency. It is defensibility. The issue is rarely whether an organization had a policy. The issue is whether it followed that policy when it mattered.

Key Takeaways:

• Shift to Records Management Defensibility: In litigation, your records are evidence, not just administrative files. A judge evaluates your systems based on whether you followed a consistent, repeatable process.
• The Liability of “Keep Everything”: Over-retention expands your discovery footprint, increases legal costs, and creates unnecessary risks during a data breach.
• Consistency is Your Best Defense: Courts don’t penalize organizations for following a reasonable, pre-established retention schedule. They do scrutinize selective or irregular cleanup performed under the shadow of litigation.

How Discovery Tests Your Records Management System

Discovery does more than gather documents. It tests systems. Regulators and opposing counsel approach it with three key questions:

1. Did the organization preserve relevant information once it reasonably anticipated litigation?
2. Did it follow routine practices before that point?
3. Do any gaps suggest unmanaged systems or selective deletion?

In practice, those questions appear in everyday situations:

• A leadership team discusses a major decision in a messaging app, but no one preserves those conversations when a dispute arises.
• An employee deletes text messages, unaware that the issue has already escalated.
• Multiple versions of a contract circulate by email, but no one can identify the final draft.
• A company thinks it has a written policy, yet no one can locate a record of its approval.

None of these situations seem extraordinary until someone asks about them under oath.

How does a judge view missing business records?

Judges do not expect perfection. They expect reasonableness and good faith. Organizations demonstrate that standard through repeatable processes, not polished policy language. When execution lacks consistency, even innocent gaps raise questions. Those questions increase cost, scrutiny, and risk.

Why “Keep Everything” is a Liability

Many organizations assume that keeping all information indefinitely reduces exposure. Leaders believe it is safer to keep everything than to risk deleting something that might later be requested.

In practice, unlimited retention expands risk.

What is the risk of keeping records too long?

When organizations keep more data, they broaden discovery. Broader discovery increases review time, legal costs, and the chance that someone isolates statements from their original context. Redundant drafts and informal communications multiply the material teams must review and explain.

Over-retention also creates operational drag. When everything is saved, nothing is prioritized:

• Employees spend more time searching for the right version of a document.
• Critical information gets buried in outdated files.
• Systems slow.

Storage may be inexpensive. The consequences of excess are not.

The risks extend beyond litigation. The more information an organization keeps, the more it must secure. Sensitive contracts, employee records, personal data, and confidential communications can remain accessible long after they serve a purpose. If a breach occurs, exposure expands with the volume stored.

Defensible deletion strengthens position. Disciplined governance does not destroy evidence—it enforces policy. Courts do not penalize organizations for following a reasonable retention schedule. They do scrutinize selective or irregular cleanup.

The distinction matters. Every retained document can become a witness.

Common Pitfalls in Corporate Information Governance

Risk rarely comes from dramatic misconduct. It grows from small, ordinary gaps that no one thought would matter.

Many organizations manage records responsibly. At the same time, new technologies and decentralized communication add complexity.

Teams make business decisions in messaging and collaboration tools, but those conversations are not always preserved in a searchable way. Managers send texts or use personal devices for convenience. Employees forward work to personal email accounts. Business records are created outside official systems.

Disposition presents another challenge. Organizations often keep records that should be deleted because someone believes they might prove useful someday. Old drafts and unnecessary files build up. Over time, temporary exceptions become permanent practice.

AI adds another layer of complexity. AI tools generate drafts and analyses quickly, and the records questions are not yet settled. Consider a scenario where a team uses an AI tool to draft a legal summary, then revises it through several iterations—if a dispute arises, the organization may struggle to explain which version governed a decision, who reviewed it, and where the prompts and outputs are stored. Governance continues to evolve, but disputes already involve AI-assisted content.

These patterns often go unnoticed until litigation begins. At that point, organizations must explain why certain information was kept indefinitely while other records cannot be located. They must show when preservation began and demonstrate that deletion followed established timelines rather than reacting to scrutiny.

Uncertainty weakens position. Consistency strengthens it.

Litigation-Ready Governance in Practice

Preparing for litigation does not mean assuming it will happen. It means building systems that hold up if it does.

Organizations strengthen defensibility when they tie retention periods to clear drivers such as legal requirements, contractual obligations, or operational need. If asked why a category is kept for a specific period, leaders should have a clear answer. Not a guess.

They must also define preservation triggers clearly. When a dispute arises, employees need to understand what changes and what they must preserve. Consistent disposition remains essential. A defensible program includes regular deletion that follows established timelines. Irregular cleanup creates far more exposure than disciplined retention.

Organizations must govern high-impact communication channels intentionally. If leaders make critical decisions in chat or collaboration tools, the organization must apply the same rigor it applies to email and shared drives. Executives should understand how isolated messages may be interpreted years later, outside their original context.

These measures are not abstract ideals. They are safeguards that influence litigation outcomes.

Credibility Is the Real Asset

In litigation, credibility carries weight.

An organization that can demonstrate a clear retention rationale, consistent execution, and a functioning preservation process begins from a position of strength. An organization that cannot explain its practices begins at a disadvantage. Records governance is not administrative overhead. It is litigation posture.

Where Experience Matters

Designing a litigation-ready records program requires understanding how others examine policies under pressure. It requires anticipating the questions they will ask and the inconsistencies they may challenge.

At Zasio, we help organizations evaluate retention frameworks, assess preparedness, and align policy with operational reality. We focus not only on compliance but on defensibility.

Once litigation begins, records no longer function solely as internal tools. They become evidence that speaks for the organization. The only question is whether your organization’s records management software can withstand scrutiny when ordinary emails are elevated to courtroom exhibits.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post What a Trial Lawyer Knows About Defensible Records Management appeared first on Zasio.