Policy-Driven Retention Schedules, Automated Enforcement, and Defensible Disposition — on AWS Infrastructure You Control
Every document an organisation creates or receives carries a retention obligation — sometimes explicit (a regulation specifies how long it must be kept), sometimes implicit (prudent business practice requires preservation for a reasonable period). Managing these obligations at scale — across document types, jurisdictions, business units, and regulatory frameworks — is one of the most consequential document management challenges organisations face.
Get retention wrong and the consequences are real. Dispose of records too early and you face regulatory penalties, spoliation sanctions, and the inability to defend your organisation in litigation. Keep records too long and you face inflated storage costs, increased eDiscovery burden, and the ongoing risk that retained data becomes a liability rather than an asset. The goal of a retention programme is not simply to keep or delete documents — it's to keep them for exactly as long as required, and then dispose of them defensibly.
FormKiQ provides policy-driven document retention and disposition on AWS — with configurable retention schedules, automated enforcement, legal hold management, and defensible disposition workflows that produce the audit evidence regulators, auditors, and courts require. Deployed into your own AWS account, FormKiQ gives records managers and compliance teams full control over the retention infrastructure, the enforcement logic, and the disposition evidence.
What Is Document Retention?
Document retention is the practice of keeping documents for a defined period based on legal, regulatory, or business requirements. A retention programme consists of three components:
| Component | What It Defines | Example |
|---|---|---|
| Retention schedule | Which document categories are retained, for how long, and what triggers the retention period | "Employee records: 7 years from separation date" or "Tax records: 4 years after filing" |
| Retention enforcement | How the organisation ensures retention rules are actually followed — automatically, not manually | Automated retention tracking with policy-driven enforcement — documents cannot be deleted before their retention period expires |
| Disposition | What happens when the retention period ends — destruction, transfer to archive, or permanent preservation | Audit-logged deletion, transfer-to-archive workflow, or permanent preservation designation |
Without all three components, a retention programme is incomplete. A schedule without enforcement is a policy that nobody follows. Enforcement without disposition creates a growing archive with no exit. And disposition without evidence is deletion without defensibility.
How Retention Works in FormKiQ
FormKiQ's retention system is designed around three principles: policies are configurable, enforcement is automatic, and every event is auditable.
Retention Policy Configuration
Retention policies in FormKiQ can be applied at multiple levels:
- Document level — retention rules applied to individual documents based on their classification or metadata
- Folder level — retention inherited by all documents within a governed folder structure
- Document type level — retention rules tied to document type definitions, automatically applied when documents are classified
Retention Triggers
The retention clock — the point from which the retention period is measured — can be configured per policy:
| Trigger Type | When the Clock Starts | Example |
|---|---|---|
| Creation date | From the date the document was created or ingested | "Retain for 7 years from creation" |
| Business event | From a specific business event recorded in metadata | "Retain for 3 years from employee separation date" or "Retain for 5 years from contract expiry" |
| Metadata value change | From the date a metadata value changes to a specified state | "Retain for 10 years from case closure" |
| End of fiscal year | From the end of the fiscal year in which the document was created | "Retain for 7 years from end of fiscal year" |
| Custom reference date | From any date field captured in the document's metadata | "Retain for 30 years from date of workplace exposure" |
This flexibility is essential because retention requirements rarely use the same trigger. Tax records are retained from filing date. Employment records are retained from separation date. Clinical records may be retained from the date of last treatment. Workplace exposure records are retained from the date of exposure. A retention system that only supports "retention from creation date" cannot satisfy these requirements.
Retention Enforcement
Once a retention policy is active, FormKiQ enforces it automatically:
- Deletion protection — documents under active retention cannot be deleted by any user, regardless of their role or access level
- Modification tracking — documents under retention can be accessed and, where permitted, annotated, but all modifications are version-controlled and audit-logged
- Expiry tracking — documents approaching or reaching the end of their retention period are flagged for disposition review
- Legal hold override — documents under legal hold are protected from disposition regardless of whether their retention period has expired
What Is Disposition?
Disposition is the action taken when a document reaches the end of its retention period. It is not simply deletion — it is a governed process that must be authorised, documented, and defensible.
Disposition Actions
| Action | What Happens | When It's Used |
|---|---|---|
| Destruction | Document content is permanently deleted from storage | When the retention obligation has been satisfied and no legal hold, litigation, or regulatory proceeding requires preservation |
| Transfer to archive | Document is transferred to long-term archival storage with permanent preservation | When the document has enduring value — institutional records, historical materials, permanent reference |
| Transfer to external authority | Document is transferred to a national archive, regulatory body, or other external authority | When legislation requires transfer (e.g., permanent federal records transferred to NARA, or national archives in other jurisdictions) |
| Reclassification | Document's retention category is changed and a new retention period is applied | When the document's status changes (e.g., an active contract becomes a historical record with a different retention requirement) |
Defensible Disposition
Defensible disposition means the organisation can demonstrate that every disposed document was:
- Subject to a defined retention policy — the policy existed, was approved, and applied to the document
- Retained for the required period — the retention period was served in full
- Not under legal hold — no active hold prevented disposition at the time of deletion
- Authorised — an authorised person or automated process approved the disposition
- Documented — the disposition event was recorded with the document identifier, disposition action, applicable policy, timestamp, and authorising actor
FormKiQ records all five elements in the audit trail for every disposition event. This means the organisation can produce disposition evidence years after the fact — proving that a document was retained appropriately and disposed of lawfully.
Disposition Workflow
| Step | What Happens |
|---|---|
| Eligibility identification | Documents reaching the end of their retention period are automatically flagged as disposition-eligible |
| Hold check | The system verifies that no active legal hold applies to the document — held documents are excluded from disposition regardless of retention status |
| Disposition review | Where configured, disposition-eligible documents are routed to a designated reviewer for approval before disposition is executed |
| Authorisation | The reviewer (or automated policy, for low-risk document types) authorises the disposition action |
| Execution | The disposition action is carried out — destruction, transfer, or reclassification |
| Audit record | The disposition event is recorded in the audit trail with all required evidence elements |
| Confirmation | Disposition confirmation is available for reporting, compliance evidence, and audit response |
Multi-Jurisdiction Retention
Organisations operating across jurisdictions face overlapping and sometimes conflicting retention requirements. The same document type may have different retention periods depending on the jurisdiction, the applicable regulation, and the business context. FormKiQ supports multi-jurisdiction retention through configurable retention rules:
- Jurisdiction-specific policies — different retention periods for the same document type based on jurisdiction (e.g., employment records retained for 3 years in Ontario, 7 years in Australia, 6 years in the UK)
- Longest-period-wins — when multiple retention requirements apply to the same document, the longest applicable period governs
- Regulatory tagging — documents tagged with the regulatory framework that drives their retention, enabling reporting by regulation
- Regional deployment — FormKiQ's multi-region deployment supports data residency requirements alongside jurisdiction-specific retention
Retention and S3 Storage Tiering
Retention programmes create large volumes of documents that must be preserved but are rarely accessed. FormKiQ leverages Amazon S3's storage classes to reduce the cost of long-term retention:
| Retention Phase | Typical S3 Tier | Cost Impact |
|---|---|---|
| Active retention (0–1 year) | S3 Standard or Infrequent Access | Full access speed; moderate cost |
| Mid-term retention (1–5 years) | S3 Glacier Instant Retrieval | Immediate access when needed; ~68% lower storage cost |
| Long-term retention (5–10+ years) | S3 Glacier Flexible Retrieval or Deep Archive | Minutes-to-hours retrieval; up to 95% lower storage cost |
Documents transition between tiers automatically based on lifecycle policies — without losing their metadata, search indexes, retention status, or audit trail. A document archived to Glacier Deep Archive for a 30-year OSHA retention requirement is still searchable, still under its retention policy, and still subject to legal hold.
Common Retention Schedules by Document Type
Retention requirements vary by jurisdiction, but the following table illustrates common retention periods across major document categories:
| Document Category | Typical Retention Period | Common Regulatory Drivers |
|---|---|---|
| Tax and financial records | 4–10 years from filing or fiscal year end | Tax authorities (IRS, CRA, HMRC, ATO); SOX |
| Employment records | 3–7 years from separation | Employment standards legislation by jurisdiction |
| Workplace safety / exposure records | 5–40 years from incident or exposure | OSHA, HSE, SafeWork Australia, provincial OHS |
| Patient / clinical records | 7–30 years depending on jurisdiction and patient age | Health records legislation by jurisdiction |
| Contracts | 4–10 years from expiry or completion | Limitation statutes by jurisdiction |
| Insurance records | 7–10 years from policy expiry | Insurance regulation by jurisdiction |
| Corporate governance records | Permanent or duration of entity | Corporate law by jurisdiction |
| Grant records | 3–10 years from closeout or audit resolution | Funding body requirements (2 CFR 200, Tri-Agency, UKRI) |
| Email and correspondence | 3–7 years depending on content and jurisdiction | Records management frameworks; professional requirements |
FormKiQ Editions for Retention and Disposition
| Capability | Core | Essentials | Advanced | Enterprise |
|---|---|---|---|---|
| Document Storage (S3) & API | ✓ | ✓ | ✓ | ✓ |
| Tagging, Search & Classification | ✓ | ✓ | ✓ | ✓ |
| Workflows, Queues & Rulesets | ✓ | ✓ | ✓ | |
| Encryption (KMS — in-transit & at-rest) | ✓ | ✓ | ✓ | |
| Document Control & Versioning | ✓ | ✓ | ✓ | |
| AI Processing & Analysis (Bedrock) | ✓ | ✓ | ||
| Enhanced Full-Text Search (OpenSearch) | ✓ | ✓ | ||
| Multi-Instance & Multi-Region Licensing | ✓ | ✓ | ||
| Vendor-Managed & Hybrid Deployment | ✓ | |||
| Compliance Consulting | ✓ | |||
| Support | Community | 2-business-day SLA | Private Slack + 40 hrs onboarding | 8-business-hour SLA + strategic support |
Getting Started
FormKiQ Core can be deployed to your AWS account in fifteen to twenty minutes. Retention and disposition capabilities — including configurable retention policies, workflow-based disposition, and S3 archival tiering — are available from Essentials onward.
Frequently Asked Questions
What is the difference between retention and archiving?
Retention is the policy that determines how long a document must be kept. Archiving is the practice of moving inactive documents to lower-cost storage while maintaining their governance. A document can be archived (moved to Glacier storage for cost savings) while still under active retention (its retention period hasn't expired). FormKiQ supports both — retention policies govern how long documents are kept, while S3 lifecycle policies manage the storage tier for cost optimisation.
What is defensible disposition?
Defensible disposition is the process of destroying or disposing of documents in a way that can be demonstrated to be lawful, authorised, and consistent with the applicable retention schedule. It requires evidence that the document was subject to a defined policy, that the retention period was served, that no legal hold applied, that the disposition was authorised, and that the event was documented. FormKiQ records all of these elements in the audit trail for every disposition event.
What happens if a document is under both retention and legal hold?
Legal hold always takes precedence. A document under legal hold cannot be disposed of regardless of whether its retention period has expired. The document is protected until all holds are released, at which point it resumes its normal retention lifecycle. If the retention period has already expired when the hold is released, the document becomes immediately eligible for disposition review.
How does FormKiQ handle retention across multiple jurisdictions?
FormKiQ supports configurable retention policies by document type, jurisdiction, and regulatory framework. Different retention periods can apply to the same document type based on the applicable jurisdiction — with the longest applicable period governing when multiple requirements overlap. Retention policies can be combined with multi-region deployment for organisations that need both jurisdiction-specific retention and data residency.
Can FormKiQ enforce retention automatically?
Yes. Once a retention policy is configured, FormKiQ enforces it automatically — documents under active retention cannot be deleted, documents approaching expiry are flagged, and disposition workflows are triggered when retention periods end. Manual tracking in spreadsheets or calendars is eliminated.