At its records center in Newark, Ohio, Licking County Records & Archives manages a wide range of historic and permanent records that support daily operations, legal compliance, and public access.

As the department grew and record volumes increased, staff identified the need for a more robust records management solution.

Since implementing Versatile Professional in 2016 (now known as Versatile 2026 with Standard Records Management), the department has significantly improved how it catalogs, locates, tracks, and provides access to records. These improvements have made daily work faster, more accurate, and easier to manage for both staff and the public.

Licking County Records & Archives oversees records dating back to the early 1800s and has roughly 12,000 cubic feet of boxes. Most of these records are permanent and must be retained for historical, legal, administrative, or financial recordkeeping purposes. The collection includes court records such as case files, adoption records, wills, and trusts. The archive also houses records from the Prosecutor’s Office, Board of Commissioners, Recorder, Auditor, Planning Department, and Job and Family Services.

Prior to implementing Versatile, the department relied on a cataloging system designed for museum collections rather than government records. Although functional, it lacked several critical features required for effective records center operations.

“A lot of the fields this software wanted you to enter just didn’t really apply to us, and vice versa—the things that we needed, the software didn’t have,” Corinne Johnson, Records Center & Archives Manager, said.

The previous solution’s shortfalls became even more apparent when the department prepared to relocate from a temporary storage space into a full-scale records center. With a substantial increase in incoming records and a corresponding rise in requests from other County departments and the public, it became clear the existing system would no longer support quick retrieval, accountability, or long-term growth.

Staff needed a more reliable system that could keep up with demand.

Implementation

As part of its transition to a permanent records center, Licking County Records & Archives evaluated several software options. After reviewing demonstrations together, Versatile stood out immediately. Staff appreciated how intuitive and organized the system was, and how it matched day-to-day workflows.

With Versatile in place and supported by Zasio’s Support team, Licking County Records & Archives quickly standardized data entry, established clear internal guidelines, and took full advantage of the system’s capabilities. Over time, staff cataloged much of the collection down to the individual file level, dramatically improving search accuracy and making records easier to locate and retrieve.

Software + Favorite Features

Johnson described the transition to Versatile as overwhelmingly positive.

“The difference made by having a system tailored to our needs was like night and day,” Johnson said. “It’s much easier to use, and it offers a range of fields we never had before. We were excited that it essentially gave us a map of our archives.”

Key improvements included:

• Precise location tracking down to the bay, row, and box
• Robust search functionality using names, case numbers, and other identifiers
• A visual archive map displaying available and occupied storage space
• Checkout tracking to record when departments remove and return files

Abigail Torre, Reference Librarian & Archivist, has been using Versatile for six years.

“It was very self-explanatory and I was able to figure it out quickly,” Torre said.

Staff reported that Versatile was intuitive and required minimal training, allowing them to quickly navigate the system and complete daily tasks with ease.

But the biggest advantage of moving to Versatile has been its ability to save time. With the previous solution, staff members would rely largely on memory when it came time to find files and “eventually we would find it.” With the number of record requests staff receive, that approach is just not feasible or practical today.

“With Versatile, it takes no time at all,” Johnson said.

Technical Support

Staff describe their relationship with Zasio as consistently positive. The support team is responsive, knowledgeable, and easy to work with. When issues arise, Zasio staff are quick to respond and often work directly with the County’s IT team to resolve technical matters quickly.

“Every time I’ve had to contact Zasio Support, they always seem to know exactly what’s going on, and how to help,” Torre said.

Partnership + Conclusion

For Licking County Records & Archives, adopting Versatile marked a major step forward in modernizing its operations. The platform has made it easier to manage a growing and complex collection while improving speed, accuracy, and accountability.

With its intuitive design, powerful functionality, and strong support from Zasio, Versatile 2026 has proven to be a dependable, long-term solution. Licking County Records & Archives often recommends the system to other record centers and regularly demonstrates it to peers considering a move or expansion.

“I would absolutely recommend it,” Johnson said. “I can’t think of any reason why I wouldn’t recommend it. It’s been incredibly helpful for us.”

Today, Versatile plays a key role in helping staff preserve historic records, meet compliance requirements, and provide timely, reliable service to both County departments and the public.

To learn more about Versatile 2026 with Standard Records Mangement, call 800-513-1000 or email connect@zasio.com

The post Licking County Records & Archives Case Study: Versatile 2026 with Standard Records Management appeared first on Zasio.

Key RIM Program Takeaways:

• A legal records retention schedule is the anchor of every successful RIM program.
• Clearly defined ownership and cross-functional buy-in are required to move from policy to action.
• Technology should support established, documented workflows, not replace them.
• Start with small, departmental wins to build momentum for organization-wide implementation.

4 Pillars of Successfully Building a RIM Program

Whether you’re building from scratch or maturing an informal program, four pillars determine whether your RIM program holds up or falls apart: a records retention schedule, people, process, and technology. Nail these, and your organization gains a defensible, scalable foundation that protects against risk, supports compliance, and grows with your needs.

Pillar 1: Records Retention Schedule

A records retention schedule is the legal and operational blueprint that governs how long your organization keeps each record type, when to destroy it, and how to meet regulatory obligations without holding records longer than necessary. The records retention schedule (RRS) anchors your entire RIM program. It defines what records your organization creates, how long to keep them, and when to dispose of them. Without it, retention decisions vary from person to person, driving inconsistency and increasing compliance risk organization-wide.

Strong retention scheduling software starts with five key components: function, record series title, description, examples, and a global baseline retention period. Legal citations map to each record series, grounding retention periods in specific requirements. When jurisdictional differences arise, you can create country exceptions tied to those citations.

Watch for these common gaps when building or evaluating your RRS:

• Retention periods lack ties to legal or regulatory requirements, leaving your organization exposed.
• The RRS exists on paper but no one has communicated, trained on, or adopted it across the organization.
• Years have passed without a formal review or update, causing the schedule to fall out of step with current laws and business operations.

Pillar 2: People

People are the engine of any RIM program: the designated owners, cross-functional stakeholders, and trained employees whose daily habits determine whether your policies are ever truly followed. Without a clear owner, a RIM program doesn’t stall, it quietly fails. Assign a designated owner, whether that sits under Legal, Compliance, IT, or a dedicated RIM function, and make that accountability visible across the organization.

From there, build a cross-functional team. RIM touches every department, and stakeholders across the business hold critical knowledge about how teams create, use, and store records. Engage them early. Their input shapes a more accurate and practical program, and their involvement builds the buy-in needed to sustain it.

Training is not an afterthought; it is how accountability becomes action. Without it, even a well-designed program breaks down in execution. Develop a deliberate training strategy that reaches every level of the organization, and tailor materials to your audience: end users need different guidance than records coordinators or senior leadership.

Pillar 3: Process

Process refers to the standardized workflows and documented procedures that govern how your organization creates, classifies, stores, retains, and disposes of records. Without consistent, repeatable steps, even the best policies collapse under human variability. Inconsistent practices across departments create compliance gaps and retrieval challenges. Standardized workflows for classification, retention, and disposition reduce reliance on individual knowledge and eliminate the guesswork that leads to costly errors.

Start by mapping how records flow through your organization, from creation to disposition. Identify where records originate, where they live, and how they move between systems and teams. Use that map to shape workflows that fit how your organization truly operates.

Document everything. Standard operating procedures (SOPs) ensure your processes are repeatable and don’t depend on a single person’s institutional knowledge. Define who does what, when, and how for each key RIM activity.

Pillar 4: Technology

Technology encompasses the systems and tools, from document management platforms to AI-assisted classification, that enable your RIM program to operate at scale. The right tools make the difference between a program that works in theory and one that works in practice. Technology supports a RIM program; it doesn’t build one. Before evaluating tools, establish your policy, people, and process foundations. Organizations that implement a system before laying that groundwork often face poor adoption and wasted investment.

Modern tools, including AI-assisted classification, can accelerate and support this work. AI can help surface patterns, suggest classifications, and flag inconsistencies at a scale that manual review cannot match. But AI works best when you have already defined your underlying processes. It reinforces good process; it does not replace it.

Consider scalability. The tools you choose today should grow with your program, not constrain it. Also, pay close attention to integration. Siloed technology creates new records management challenges rather than solving existing ones. Assess how any new tool connects with your current business systems before committing.

From Pillars to Practice: Putting It All in Motion

The four pillars reinforce each other. A well-crafted RRS means little without people trained to follow it. Clear processes lose their value without technology to support them at scale. And technology investments fall flat without the policy and process foundation to guide them.

Building a RIM program is only half the work. Sustaining it requires ongoing governance. Schedule periodic program reviews to assess what works, what has shifted, and where gaps have emerged. Refresh your RRS on a regular cycle, typically annually or biennially, to reflect changes in regulation, business operations, and technology. Establish a rhythm of executive reporting as well. Leadership visibility into program health keeps RIM on the organizational agenda and secures the resources it needs to remain effective.

Start small and scale deliberately. Launch in one department, refine your approach, and expand from there. Set clear milestones so you can measure progress, recognize early wins, and maintain momentum across the organization.

A RIM Program Built to Last

Building a RIM program is not a one-time project; it’s an ongoing commitment. Organizations that lay the right foundation today position themselves to navigate regulatory changes, adopt new technologies, and manage records with confidence as they grow.

The path forward doesn’t require perfection. It requires a starting point. Choose your first pillar, take that first step, and build from there. The long-term value of a well-built RIM program far outweighs the effort it takes to get one off the ground.

Disclaimer: The purpose of this post is to provide general education on information governance software. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Building a RIM Program From the Ground Up appeared first on Zasio.

• Jurisdiction official name: French Republic
• Legal system type: Civil law system with a dual court structure (judicial and administrative)
• Primary language(s) of law/government: French
• General Description of RIM landscape: France imposes statutory record retention obligations across commercial, tax, employment, and regulated sectors. In addition, these requirements are influenced by GDPR compliance expectations. Retention periods are primarily set by the Commercial Code, Civil Code, and Tax Procedure Code. As a result, organizations must manage records across multiple legal frameworks. Data protection requirements under GDPR strongly influence retention schedule management.

Zasio Research Scope & Depth

• Total Zasio citations captured: 1,239
• Primary sources relied upon:
  • Commercial Code
  • Civil Code
  • Tax Procedure Code
  • Labor Code

Core France Recordkeeping Obligations

• How long must businesses keep accounting records? 10 years (Commercial Code)
• How long must employers keep personnel records? Generally, 5 years, with some records kept until retirement.
• Industries most heavily regulated: Healthcare and life sciences, financial services, telecommunications, advertising and e-commerce, public sector.
• Other Notable retention timeframes: Tax records 6 years; commercial correspondence and invoices 10 years; certain civil status records kept for life.

What makes this jurisdiction interesting

• Unique or surprising aspect: France’s data protection authority, the CNIL, is one of the most active and enforcement-oriented supervisory authorities in Europe, regularly issuing high-profile GDPR fines and public sanctions across both private and public sectors.
• Common organizational challenge: Aligning statutory retention obligations with GDPR data minimization and deletion requirements, particularly where business teams seek to retain data longer for operational or evidentiary reasons.
• Emerging trend: Intensified CNIL enforcement focused on data retention periods, cookie compliance, security measures, and failure to cooperate with regulatory investigations.

France Records Management Business Relevance

• Why this jurisdiction matters: France is one of the EU’s largest markets. As a result, it serves as a leading GDPR enforcement jurisdiction, setting practical benchmarks for compliance expectations across Europe.
• Most impacted organizations: Multinational companies processing EU personal data, digital platforms, healthcare and life sciences organizations, and entities operating customer facing technologies.
• How this research supports clients: It helps clients design defensible retention and deletion practices that comply with French statutory requirements and withstand CNIL scrutiny.

Disclaimer: The purpose of this post is to provide general education on records management solutions. The statements are informational only and do not constitute legal advice. Any references to legal or regulatory recordkeeping requirements are provided for general guidance purposes and may not reflect all obligations applicable to your organization. Additional or alternative requirements may apply based on your organization’s industry, jurisdiction, risk profile, and specific business activities. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Recordkeeping and Information Governance in France: Jurisdiction Overview appeared first on Zasio.

This update marks a significant step forward in records and information management, combining new features with Zasio’s long-standing focus on intuitive design and practical usability.

Building on the success of Versatile 2025, the 2026 release delivers a more user-friendly experience with a cleaner navigation bar and redesigned home screen that places your most frequently used tools (recent updates, integrated digital repositories, and personal collections of records) front and center. A new floating toolbar keeps shortcuts within reach wherever you navigate.

In another exciting update, Electronic Records Management (ERM) is now fully integrated, putting your key digital assets in the same view as physical records and retention schedules.

The new My Collections feature lets you group mixed content for audits or projects without moving records and makes it easy to share collections with others. Finally, our enhanced AI-powered Versatile Information Assistant (VIA) recommends retention schedules and citations based on user inquiries. VIA can ask clarifying questions to ensure proper context and allows you to browse recommendations before adding them to your existing retention schedule.

The desktop version will be made available for download to our on-premises customers soon. Zasio customers can keep an eye on your inbox or the Customer Portal for announcements.

Watch our new preview below!

The post Versatile 2026 Delivered to SaaS Customers; On-Premises Coming Soon! appeared first on Zasio.

Given the long and storied history of the National Archives, its centrality to American heritage, and its tradition of historic preservation, the controversy sits at the crossroads between practice and posterity for the information governance industry. Although records that touch the apex of American executive power are far removed from the daily experience of most of us, the episode nonetheless yields a variety of pertinent lessons that organizations can apply to enhance a records and information management program’s rigor, defensibility, resilience, and culture.

Key Takeaways:

• Adhering to established rules is always less costly than downstream “damage control” or litigation.
• Compliance culture starts with leadership; visible executive buy-in is a primary defense against scrutiny.
• Build RIM programs that depend on operational depth and documented processes rather than specific individuals.

Presidential Records Act Context & Controversy

Since its original enactment in 1978 and effective from 1981, the Presidential Records Act has operated to manage and maintain the working papers, correspondence, and other records of the President of the United States, preserving the details about events and decisions at the highest levels of American government for historians and future generations.

The present controversy concerning presidential records arose following the investigation into the retention of presidential documents not transferred to the National Archives in accordance with the Presidential Records Act.  Although the case was ultimately inconclusive, people continue to question whether the Act is binding.

The new DOJ memorandum takes the position that due to separation-of-powers concerns surrounding the autonomy and independence of the Executive branch, the Act is not binding on presidential records.

Although the final outcome will take some time to crystallize, several immediate principles and lessons can be drawn from the episode for records management professionals.

A Robust program is the foundation of compliance. Even an imperfect program that makes a substantial good-faith effort appreciably reduces risk compared to one that visibly disregards recordkeeping standards and obligations. Meticulous documentation of decisions, policies, procedures, and actions demonstrate that effort. Reports of unsecured or improvised storage of sensitive records (for example, keeping classified materials in unsecured common areas) illustrate how visible departures from accepted handling practices can materially increase the chances of scrutiny.

Err on the side of caution and over-compliance. It should never be necessary to rely on a favorable legal interpretation to withstand scrutiny. Classification, sensitivity, and retention categories should be taken seriously at the point of record creation rather than at the moment an investigation becomes a concern.

Culture and tone at the top set the standard. Leaders’ words and actions signal to both internal stakeholders and external parties about the seriousness with which recordkeeping is regarded. Engagement by high-level executives can foster a culture of compliance that propagates across the organization.

Building a Defensible Records Program

Build programs that outlast leadership. Although leaders are important, no leader stays in a role indefinitely. A defensible records management program should be constructed to withstand changes in leadership so that the transitions proceed seamlessly. The greater the operational depth of the program, the more resilient it will be to change.

How you respond matters most. If regulators investigate recordkeeping practices, the response can matter more than the underlying issue. A posture of cooperation and transparency can lead to formal and informal relief from potential consequences of deficiencies.

Proactivity is preferable to damage control. Diligent compliance with established recordkeeping rules and regulations greatly diminishes the risk of audit or investigation and can significantly mitigate the consequences when they do occur. Regardless of how the current legal questions are ultimately resolved, the time spent responding to investigative inquiries, managing the operational disruption of the search, preparing a defense, and subsequently litigating could have been avoided had the procedures been meticulously adhered to in the first instance. The effort required to proactively adhere to laws and regulations is often far smaller than the downstream consequences of non-compliance, which can include fines, administrative sanctions, civil penalties, and in some cases criminal liability.

Presidential Records Act Suit Conclusion

Ultimately, the Presidential Records Act controversy shows how consistent, visible compliance with recordkeeping rules reduces the likelihood of scrutiny and softens its impact when it does occur. The costs of inadequate compliance far outweigh the effort required to do it right. Careful records management is not merely a good business practice, it is a protection against avoidable risk. By proactively working towards compliance, records management professionals can spend their time focused on business operations rather than in a courtroom.

Disclaimer: The purpose of this post is to provide general education on information governance software. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Lawsuit Challenges DOJ Presidential Records Act Memo: Perspectives and Practical Recordkeeping Lessons appeared first on Zasio.

Earning the certification reflects Frank’s dedication to continuing to grow his expertise (especially in an area that’s quickly becoming critical for many of our clients). His expanded knowledge in AI governance further strengthens our Consulting team and it enhances the practical, forward‑looking guidance Zasio provides to organizations navigating emerging AI and compliance challenges.

Frank, who joined Zasio in 2015, brings a strong background in international financial services, banking, and regulatory compliance. He also holds the CRM, IGP, CIPP/US, and CIPM certifications and is licensed to practice law in Idaho and New York. It makes him a trusted resource for legal information governance insight and real-world application.

He most recently was a featured speaker at ARMA InfoCon in Phoenix, Arizona in October 2025.

The post Zasio Senior Analyst Frank Fazzio Earns AIGP Certification appeared first on Zasio.

Two Zasio team members are hitting the road in June to share their insight into all things retention and information governance.

Warren Bean, Vice President of Technology and Product Development, and Rick Surber, Senior Consultant, will be traveling together to Bismarck, North Dakota to co‑present at ARMA North Dakota’s Annual Spring Seminar on Wednesday, June 3.

The seminar brings together records and information management professionals from across the state, and Warren and Rick will be teaming up to deliver two timely, complementary sessions that reflect the evolving realities of the profession.

Their first session, “Beyond Records: The Future is Process‑Driven Retention Management,” addresses a challenge many organizations quietly struggle with: defining what actually counts as a record anymore. In an increasingly digital, interconnected environment, the lines between data, information, and records are blurred. Together, Warren and Rick will explore how shifting the focus from individual records to business processes can improve compliance, reduce risk, and better account for personal data, complex data relationships, and growing cybersecurity concerns.

In their second co‑presented session, “Mine the Gaps: Uncovering What You Don’t Know About Your Retention Schedule,” the focus turns to the blind spots that often exist within retention programs. Drawing on hands‑on experience, they’ll walk through practical methods for identifying gaps using system inventories, engaging key stakeholders, and staying current with legal and regulatory requirements. The session also covers common pitfalls, maintenance strategies, and ways to keep retention schedules defensible and aligned with real‑world business operations.

For Warren and Rick, the event is about more than presenting—it’s an opportunity to connect with peers, exchange ideas, and learn from the challenges others are facing. Zasio is proud to support ARMA North Dakota and looks forward to meaningful conversations and shared learning in Bismarck this June.  |  Additional Details

The post Zasio Staffers to Present at ARMA North Dakota Spring Seminar appeared first on Zasio.

What should have been a straightforward configuration quickly turned into weeks of workshops debating interpretation, translating subjective language into system logic, and discovering that many “standard” retention periods could not be automated at all. The schedule was not wrong. It simply was never written for a machine.

Building a system‑ready records retention schedule means shifting how we think about retention periods. In a digital environment, retention is no longer something people “apply” at the end of a record’s life. It is something systems execute continuously, at scale, and without stopping to ask questions. The challenge is not rewriting retention requirements, but expressing them in a way machines can reliably understand and enforce.

It is a common misconception that making a retention schedule system‑ready requires starting over or completely rewriting retention requirements. Rather, the retention schedule remains a policy document, with retention periods intentionally reflecting business lifecycles and legal recordkeeping obligations. System retention rules, by contrast, exist to support automation and system execution. Aligning retention periods with retention rules does not require a full redesign. In most cases, it requires thoughtful planning and targeted adjustments so retention periods translate more easily, reliably, and consistently into system logic.

The following are some top considerations to get you well-positioned when planning your retention schedule ahead for system retention rules later on:

Simplified Big Bucket Retention Schedule – For Systems, Less is More

The big bucket retention schedule shifts from detailed, departmental categories to broader, process-based groups with a single retention period. This streamlined approach is popular for a variety of reasons stemming from its simplicity. One reason is because it makes configuring systems easier: fewer categories mean fewer rules to manage, and organizing by processes aligns well with record lifecycles and system retention defaults. See more details on how process-driven retention in changing records management.

Retention Lives or Dies on the Event Trigger

When it comes down to it, executing the event trigger is more planning than the retention period. For a retention period of “Employee Separation + 10 Years” the difficulty lies in calculating the employee separation date portion of the retention period rather than the 10 years because the separation date is variable. Tying that event trigger calculation in the system to the correct date and correct employee are crucial for execution.

In a previous blog, I discussed best approaches for simplifying event triggers in your records retention schedule. Here is where those strategies for simplifying event triggers come in really handy.

If a Human Has to Interpret It, a System Cannot Execute It

If your retention schedule depends on someone stopping to interpret what a rule means, it’s going to break down. The goal is to create rules that are clear, objective, and easy for systems to execute without second-guessing. The best retention rules don’t require that element of human judgement or interpretation. For example, a retention period of Contract Expiration + 7 Years can be entered by entering the calculated expiration date of the set expiration date. Compare this to an event trigger of “No longer Useful + 3 Years” which requires subjective judgement in order to trigger the retention period.

Automated Record Management: Policy vs. System Logic

Meet Systems Where They Are – Or Somewhere in the Middle

When designing your retention schedule retention periods evaluate each to see if they can easily align to an event already available within your system(s). This will likely steer you away from those event triggers that are subjective in nature requiring human decision-making. For instance, common retention event triggers “Until Superseded” or “Active” likely won’t align with available system events, which might make you consider whether an alternate retention period should be considered for system readiness. You might find something that align similarly – for example your “Final Resolution” date aligns just fine with the system event  “Case Closure Date”. The closer the retention event aligns with available system events, the easier it when the time comes to implement in your system.

Separate Legal Requirements from Reality & Simplify

Legal retention rules are often written to demonstrate compliance, not to be executed by systems. As a result, they can introduce complexity when the complex legal language are carried over directly into your schedule’s retention periods.

Take I-9 records which are subject to a complex legal recordkeeping requirement detailed at 8 C.F.R. § 274a.2: they must be retained for three years after hire or one year after termination, whichever is later.

Why this hybrid retention is difficult to implement in systems:

“Whichever is later” requires:

• Tracking two dates
• Comparing them
• Waiting until termination to know the outcome

This makes the rule difficult to apply consistently and easy to get wrong.

Instead, consider simplifying this further to a singular retention period of termination + 3 years, which meets the minimum legal recordkeeping requirement and is much easier for a system to understand and apply. There is the possibility the simplified retention would result in the I-9’s being retained longer than legally required. Simplifying retention periods in this manner requires a risk assessment balancing potential over-retention against easier administration and likely improved compliance.

Writing a Retention Schedule with Translation in Mind

Designing a system‑ready retention schedule does not mean turning policy into code or rewriting retention requirements from scratch. It means expressing retention periods with greater clarity, consistency, and awareness of how they will eventually be executed by systems. By simplifying structure, prioritizing explicit and system‑available event triggers, and separating legal intent from execution reality, organizations can significantly improve success of retention automation. The most effective retention schedules are not the most complex. They are the ones written with translation in mind, bridging governance and technology without compromising compliance.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Seamlessly Automated Record Management: Smart Strategies for System-Ready Retention Schedules appeared first on Zasio.

China is recognized for having one of the most intricate and strictly regulated record keeping environments worldwide. Leveraging Zasio’s comprehensive jurisdictional research, organizations are provided with clear and defensible guidance on how archival, privacy, cybersecurity, and data governance requirements interact within the People’s Republic of China (PRC).

Why China Requires Specialized Record Keeping Insight

China’s legal and regulatory landscape is defined by centralized enforcement, extensive administrative controls, and a heightened focus on state supervision and data sovereignty. Record keeping obligations are not isolated; they are deeply integrated with national security concerns, privacy protections, and sector-specific regulatory oversight.

Key jurisdictional characteristics include:

• • Civil law system with robust administrative regulation and centralized enforcement
  • Mandarin Chinese as the main language for legal and governmental matters
  • Strict archival and retention requirements established by national and sector-specific regulators

Zasio’s China Research at a Glance

Zasio’s research on China is tailored for organizations seeking defensibility, precise compliance, and practical application across global operations.

Research scope and depth:

• • • 1,836 China-specific record keeping citations captured
    • Coverage anchored in authoritative, subscription-based legal research sources
    • Direct analysis of national laws such as the Archives Law, Personal Information Protection Law (PIPL), Data Security Law, and Cybersecurity Law
    • Review of State Council regulations, Cyberspace Administration of China (CAC) rules, and sector-specific administrative guidance

This research delves beyond basic summaries, identifying enforceable requirements that affect retention periods, data storage locations, and protection measures.

Core Record Keeping Obligations in China

Zasio’s research provides clear, citation-backed requirements for retention across essential record categories.

Accounting and financial records:

• • • General accounting records are typically retained for 10 years or 30 years
    • Key financial reports and select high-value records require permanent retention under the Administrative Measures on Accounting Records

Personnel and employment records:

Employers must retain personnel records for at least two years after termination in accordance with the PRC Labor Contract Law.

Archival classifications:

Official archival rules often mandate retention for 10 years, 30 years, or permanently, depending on the record type and its archival significance.

Industries Most Impacted

China’s record keeping and information governance rules are widely applicable, but they are particularly stringent in highly regulated sectors.

Industries most affected include:

• • • Life sciences and pharmaceuticals
    • Technology and internet platforms
    • Financial services
    • Manufacturing and telecommunications

Multinational organizations in these industries often encounter additional complexity due to data localization and cross-border data transfer requirements.

What Makes China Uniquely Challenging

China distinguishes itself globally by requiring organizations to balance multiple, occasionally conflicting regulatory objectives.

Notable complexities include:

• • • Legal mandates for long-term or permanent archival retention alongside privacy minimization and deletion requirements
    • Overlapping and sometimes competing obligations across archival, privacy, cybersecurity, and sector-specific regimes
    • Rigid data localization demands that significantly impact multinational business models

China’s evolving governance of artificial intelligence, algorithms, and automated decision-making adds further complexity. These new regulations increasingly link record retention and auditability to AI oversight and compliance.

Business Relevance for Global Organizations

China’s regulatory influence extends far beyond its borders. Organizations may be subject to Chinese regulations even when processing data outside the country, provided the data pertains to individuals or activities within China.

Organizations most affected include:

• • • Multinational enterprises
    • Pharmaceutical and life sciences companies
    • Technology, SaaS, and AI-driven platforms
    • Companies with cross-border data flows involving China

How Zasio’s Research Supports Defensible Compliance

Zasio’s jurisdictional research assists organizations in developing information governance strategies that withstand regulatory scrutiny.

Clients use this research to:

• • • Holistically map retention, privacy, data security, and archival obligations
    • Lower regulatory and enforcement risk through clear, citation-backed requirements
    • Synchronize records retention schedules with privacy and cybersecurity controls
    • Enable defensible technology configurations and data lifecycle decisions across global operations

China Record Keeping in One Sentence

China is one of the most complex record keeping jurisdictions globally. Zasio’s research captures over 1,800 enforceable requirements to help organizations confidently navigate overlapping archiving, privacy, data security, and AI governance obligations.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. Any references to legal or regulatory recordkeeping requirements are provided for general guidance purposes and may not reflect all obligations applicable to your organization. Additional or alternative requirements may apply based on your organization’s industry, jurisdiction, risk profile, and specific business activities. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post Record Keeping and Information Governance in China: Jurisdiction Overview appeared first on Zasio.

But this one lingered.

Legal started pulling threads. And the deeper they dug, the worse it got. Emails missing. Documents had gone cold. Files vanished without a trace, and no one could say when, why, or who pulled the trigger.

What should have been routine turned into something else entirely: a credibility problem with teeth.

Defensible Disposition Key Takeaways:

• Defensibility is proven through consistent execution and documentation, not just a written policy.
• Addressing redundant, obsolete, and trivial (ROT) data is critical to reducing discovery costs and legal risk.
• Effective retention schedules require specific, trackable trigger events to ensure records aren’t kept indefinitely.
• Regular internal audits and documented destruction certificates are the primary evidence used to defend disposition actions.

Most organizations have a retention policy. On paper, at least. But when you look closer, the story changes. Fewer have developed a comprehensive defensible disposition framework, and that gap is where the trouble starts. Deleting records without a consistent process, proper authorization, and clear documentation might feel like routine cleanup, but it can look very different under the harsh light of legal scrutiny. Defensible disposition is the framework that ensures your organization lawfully and consistently destroys eligible records and non-records with a paper trail that holds up when the questions come.

What is Defensible Disposition?

Defensible disposition isn’t a single event. It’s a framework. One that either holds together under pressure… or doesn’t. It is the output of interlocking processes that must work together including a legally sound retention schedule, policies that cover everything you create (not just official records), consistent implementation across your systems and paper, regular auditing to catch drift, a solid litigation hold process, and a plan for when something goes wrong.

6 Step Defensible Disposition Framework

Step 1: Build a Retention Schedule You Can Actually Implement

Every disposition decision traces back to your retention schedule. If it’s incomplete, outdated, or impractical to apply, everything built on top of it becomes shaky.

First, it needs to reflect your organization, not a one-size-fits-all approach. Templates won’t capture the specifics of how you operate. If you manufacture regulated products, manage assets, or operate in a specialized or licensed environment, your schedule should reflect that. Just as important, it has to be written in a way your employees can navigate quickly. If people can’t find what they’re looking for, they won’t use it, and unclassified records quickly become unmanaged ones.

Second, it must account for the jurisdictions you operate in. Retention requirements vary widely, and organizations often underestimate how those differences stack up. In many cases, you’ll need to apply the most stringent requirement across jurisdictions or explicitly define exceptions. And this isn’t a “set it and forget it” exercise, laws and guidance change. A schedule that was accurate a year ago may already be outdated. Build regular review into your governance process and rely on current legal research, not static references.

Finally, every retention rule needs to be workable. That means clearly defining both the retention period and the trigger event that starts the clock. “Seven years for contracts” isn’t enough. Seven years from when? Execution? Expiration? Last activity? If the trigger isn’t clear, people fill in the gaps. And they don’t all fill them in the same way. And if the trigger can’t be tracked reliably, records tend to be kept indefinitely. A good test is simple: can your systems consistently identify the trigger date without requiring judgment calls?

Step 2: Beyond Records: Controlling ROT and Non-Record Content

Not everything your organization creates qualifies as a record. But that doesn’t mean it’s harmless. Left unmanaged, non-record content becomes its own kind of risk. Your Records and Information Management policy or your Retention Schedule needs to address this explicitly.

A major category here is ROT: redundant, obsolete, and trivial content. Think of duplicate files, outdated drafts, and low-value communications. Left unchecked, ROT increases discovery costs, slows systems, and makes it harder to find what matters. For many organizations, the biggest contributor is everyday communication. Emails, chats, and messages that serve a short-term purpose and then linger indefinitely. Your policy should define transitory, redundant, obsolete, and trivial content, explain when it is not treated as a record, and specify how routine deletion is authorized and carried out.

Not all information exists as documents, either. Data in systems like CRMs, ERPs, and databases don’t fit neatly into traditional retention categories. This is where process-driven retention comes into play. Instead of focusing on document types, you look at the business process behind the data and determine retention based on that. Your policy should map key systems to the processes they support, assign ownership, and define how disposition decisions are made and documented. If you don’t address this, large portions of your data environment remain effectively unmanaged.

Step 3: From Policy to Practice: Driving Adoption

A policy doesn’t matter if no one follows it. Defensibility isn’t about what’s written down. It’s about what actually happens day to day. That means embedding it in the systems where records live and supporting it with a repeatable process.

Start with individual-access systems like email, OneDrive, and local machines. These are often the least controlled environments, and they’re where both over-retention and accidental loss happen most frequently. You need clarity. What’s automated. What’s the user’s responsibility. And how you verify both. Because telling people what to do isn’t the same as making sure they do it.

Structured environments like SharePoint, document management systems, shared drives should be easier to control. In theory. In practice, they often aren’t. Sites multiply, structures drift, and retention controls aren’t applied consistently. Effective implementation means applying classification and retention rules at the point of creation or ingestion, not trying to clean things up later at scale. Periodic reviews help confirm that content is landing where it should and that outdated material is being removed as expected. And don’t forget paper records.

Paper records shouldn’t be overlooked. They carry the same legal weight as digital records, and they need to be included in your processes for storage, retrieval, and destruction. Otherwise, you’ve got a blind spot.

When records reach the end of the line, disposition follows a process. No guesswork. No shortcuts.

• Identify what’s eligible.
• Confirm the details.
• Get the right approval.
• Carry out destruction.
• Document everything.

That documentation, often in the form of a destruction certificate, is critical evidence that the process was followed properly.

Effective records management isn’t just about compliance, it directly benefits users when they understand its value. With strong training and ongoing communication, organizations can move beyond “check-the-box” habits and show how good practices save time, reduce risk, and make information easier to find. When users see how records management supports their daily work, they’re more likely to adopt it. The goal is to make it not just a requirement, but a clear advantage.

Step 4: Audit Before Someone Else Starts Asking Questions

A program that looks good on paper isn’t enough. You need to know it’s actually working. Regular audits are what turn policy into something defensible.

Formal audits should review how the retention schedule is being applied, whether records are stored appropriately, whether disposition workflows are followed, and whether documentation is consistently maintained. Findings should be tracked and resolved, and the audit trail itself becomes part of your compliance record.

Between formal audits, targeted spot checks can be just as valuable. Instead of trying to review everything, focus on specific systems, teams, or record types. For example, you might verify that retention labels in Microsoft 365 haven’t been altered, or that a newly onboarded group is correctly classifying records. These smaller checks help catch issues early, often before they become larger problems.

It also makes sense to trigger reviews based on events, not just schedules. System migrations, acquisitions, or major staffing changes are all points where governance can slip.

Step 5: Don’t Forget Litigation Holds

When litigation is reasonably anticipated, the clock starts ticking, whether anything’s been filed or not. At that point, routine deletion isn’t routine anymore. It stops. Routine disposition must be suspended for information within the hold’s scope until the hold is released.

Hold notices need to:

• Go out quickly;
• Be clear enough to act on;
• Be tracked so you know they were received and understood.

For ongoing matters, periodic reminders are standard.

Scope is a common weakness. A proper hold covers not just official records, but drafts, communications, and anything else that could be relevant. It also needs to be implemented at the system level. Automated deletions and lifecycle policies won’t stop on their own. They have to be explicitly suspended.

When the matter ends, the hold should be formally lifted and normal processes restored, with that transition documented just as carefully as the hold itself.

Step 6: When Things Go Wrong (Because Sometimes They Do)

Even well-designed programs run into issues. Missed holds, premature deletions, or system errors. What matters is how those situations are handled.

• The first step is to stop any related destruction and secure what remains.
• Then bring in the right stakeholders, often including legal, before taking action. Trying to fix things too quickly without proper guidance can make the situation worse.
• From there, conduct a documented investigation to understand what happened, when, and why.
• Determining whether the issue was inadvertent or intentional is critical, as that distinction carries different consequences. In some cases, the question of whether to self-report will arise. That decision typically sits with legal counsel, but in general, organizations that identify and address issues proactively tend to be viewed more favorably than those where problems emerge later through external discovery.
• Once resolved, address the root cause and document the fix.

That record becomes part of your overall compliance story.

Defensible Disposition Framework: Bringing It All Together

At its core, defensible disposition is about accountability. Knowing what you kept. What you destroyed. When it happened. And why. Because sooner or later, someone’s going to ask. And when they do, it won’t be about policy. It’ll be about proof. Being able to explain what you kept, what you destroyed, when it happened, and why. That doesn’t come from a single policy or tool, it comes from consistent execution over time.

The challenge isn’t just building the defensible disposition framework. It’s maintaining it through system changes, staff turnover, and competing priorities. And that’s exactly the point. You’re both building this for routine operations and for the moment when someone comes knocking, asking you to explain a record that no longer exists. When that happens, your documentation, your processes, and your consistency are what determine whether it’s a routine matter or something much more serious.

Disclaimer: The purpose of this post is to provide general education on information governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post What It Takes to Make Record Deletion Truly Defensible appeared first on Zasio.