Governed Employee Records — from Recruitment Through Post-Separation Retention — with Jurisdiction-Aware Access Controls, Retention Policies, and Audit Trails on AWS
Employee records are among the most sensitive, highly regulated, and long-lived documents any organisation manages. Every employment relationship generates a document trail — offer letters, employment contracts, tax forms, policy acknowledgments, performance reviews, training certifications, disciplinary records, accommodation documentation, benefits enrolment, and separation records — that must be classified, protected, retained, and eventually disposed of according to rules that vary by document type, jurisdiction, and regulatory framework.
In most organisations, these records are scattered: some in the HRIS, some in shared drives, some in email, some in managers' personal folders, some in filing cabinets that were never digitised. Access controls are inconsistent — a manager who can view an employee's performance review can often also view their medical accommodation request. Retention policies are manual or absent. And when an employment tribunal, human rights commission, workplace safety authority, or auditor asks for a complete employee file, HR staff spend days assembling it from multiple sources. FormKiQ's HR and Employee Records Management solution provides a single governed repository for the entire employee document lifecycle — deployed directly into your AWS account, with document-level access controls, jurisdiction-aware retention policies, and audit trails designed for the unique confidentiality and compliance requirements of employment documentation.
The Employee Record Challenge
Employee records are unlike any other document type in the organisation. They are simultaneously operational (HR needs them daily), confidential (they contain personal and sensitive information), regulated (employment law prescribes what must be kept, for how long, and who can see it), and long-lived (some records must be retained for decades after the employment relationship ends).
| Challenge | What Goes Wrong | FormKiQ Resolution |
|---|---|---|
| Scattered records | Employee documents spread across HRIS, shared drives, email, paper files, and managers' folders | Single governed repository with structured metadata linking every document to the employee record |
| Inconsistent access | Anyone with HRIS access or shared drive permissions can see everything in the employee file | Document-level ABAC — medical records, investigation files, and accommodation requests restricted independently from routine HR documents |
| No jurisdiction awareness | Same retention rules applied regardless of employee location — or no retention rules at all | Configurable retention by document type, jurisdiction, and regulatory framework within a single employee file |
| Manual retention tracking | HR staff manually track retention periods in spreadsheets — or don't track them at all | Automated retention enforcement with configurable retention clocks (from hire date, separation date, or event date) |
| Audit trail gaps | No record of who accessed sensitive employee documents or when | Every document access, view, download, and modification logged with timestamps and actor identification |
| Post-separation risk | Separated employee files stay in active storage indefinitely or are deleted without defensible disposition | Automated archival transition with jurisdiction-aware retention that continues after separation |
| Compliance exposure | Unable to produce a complete, defensible employee file when required by a tribunal, regulator, or auditor | Complete governed file with audit trail, retention evidence, and access history — producible on demand |
The Employee Document Lifecycle
Employee documents follow a lifecycle tied to the employment relationship. FormKiQ manages each phase with appropriate governance:
| Lifecycle Phase | Documents Created or Collected | Governance Applied |
|---|---|---|
| Recruitment | Applications, CVs/resumes, interview assessments, reference checks, background screening results | Classification, access restricted to hiring team, retention per recruitment record requirements (varies by jurisdiction — typically 6 months to 3 years for unsuccessful candidates) |
| Offer and Acceptance | Offer letters, employment contracts, compensation letters, relocation agreements, pre-employment health declarations | Version control, eSignature, governed storage from acceptance date |
| Onboarding | Tax forms, banking/direct deposit authorisations, benefits enrolment, emergency contacts, policy acknowledgments, equipment agreements, training certifications, identification documents | Document collection workflows, completeness tracking, eSignature for acknowledgments, HRIS metadata synchronisation |
| Active Employment | Performance reviews, goal-setting documents, training records, policy re-acknowledgments, compensation changes, promotion letters, commendation records, professional development documentation | Version control, approval workflows, annual cycle tracking, management-chain access controls |
| Sensitive Events | Accommodation requests, medical documentation, statutory leave records, workers' compensation, disciplinary records, investigation files, grievance documentation, whistleblower records | Heightened access controls (ABAC), restricted visibility separate from routine HR file, legal hold capability |
| Separation | Resignation letters, termination documentation, separation agreements, exit interview records, statutory termination notices, final pay documentation, restrictive covenant agreements | Offboarding workflow, eSignature for separation agreements, transition to post-separation retention |
| Post-Separation Archive | Complete employee file — retained per jurisdictional requirements | Automated archival, jurisdiction-aware retention (ranging from 1 year to 30+ years depending on document type and jurisdiction), legal hold, defensible disposition |
Access Control for Employee Records
Employee records demand the most granular access control of any document type. A single employee file may contain routine documents visible to the immediate manager alongside medical records, investigation files, or accommodation requests that must be restricted to specific HR roles:
| Access Layer | What It Controls | Example |
|---|---|---|
| Employment status | Different access rules for active vs. separated employees | Active employee documents visible to current manager and HR; separated employee documents restricted to HR and legal |
| Document sensitivity | Sensitive documents restricted independently within the employee file | Medical records, accommodation requests, and investigation files visible only to designated HR roles — not to the employee's manager |
| Management chain | Documents visible based on organisational reporting structure | Performance reviews visible to direct manager, skip-level manager, and HR business partner |
| HR function | Access differentiated by HR role — recruiting, benefits, compensation, employee relations, compliance | Compensation documents visible to compensation team and HRBP; benefits documents visible to benefits team |
| Jurisdiction | Access governed by jurisdiction-specific rules | EU/UK employee documents accessible only to HR personnel operating under GDPR/UK GDPR-compliant access policies; Canadian employee documents governed by provincial privacy legislation |
| Legal and investigation | Investigation files and litigation-related documents restricted | Workplace investigation files visible only to investigating HR representative and legal counsel |
| Employee self-service | Employees access their own records — pay statements, signed agreements, policy acknowledgments — but not peer records or management-only documents | Each employee can view and download their own governed documents |
Multi-Jurisdiction Retention
Employment record retention is uniquely complex because retention periods vary by document type, jurisdiction, and regulatory framework — and the retention clock may start from different reference points (hire date, separation date, event date, or end of benefit period).
Retention Principles
- Document-type retention — different retention periods for different document categories within the same employee file (tax records vs. performance reviews vs. medical records)
- Jurisdiction-aware retention — different retention rules for the same document type based on the employee's location or the governing jurisdiction
- Event-triggered retention — retention clock starts from a specific event (separation date, end of leave period, incident date) rather than document creation date
- Longest-period-wins — when multiple retention requirements apply to the same document, the longest applicable period governs
- Legal hold override — documents under legal hold are protected from disposition regardless of retention schedule
Retention by Jurisdiction — Examples
| Jurisdiction | Document Category | Typical Retention | Regulatory Driver |
|---|---|---|---|
| Canada (Federal) | Employment records | 3 years post-separation | Canada Labour Code |
| Canada (Ontario) | Employment records | 3 years post-separation | Employment Standards Act |
| Canada (Quebec) | Payroll records | 6 years | Quebec Tax Administration Act |
| Canada (British Columbia) | Employment records | 5 years after last entry | Employment Standards Act |
| United Kingdom | Personnel files and training records | 6 years post-separation | Limitation Act 1980 |
| United Kingdom | Statutory sick pay records | 3 years after end of tax year | SSP Regulations |
| United Kingdom | Maternity/paternity records | 3 years after end of tax year | SMP/SPP Regulations |
| European Union (GDPR) | Employee personal data | As long as necessary for the purpose; must justify retention period | GDPR Article 5(1)(e) |
| Australia | Employee records | 7 years post-separation | Fair Work Act 2009 |
| Australia | Workplace health and safety records | 30 years for exposure/health monitoring records | WHS Regulations |
| United States | Tax withholding records | 4 years after tax due or paid | IRS / Internal Revenue Code |
| United States | Employment eligibility verification (I-9) | 3 years from hire or 1 year from separation, whichever later | IRCA |
| United States | Payroll records | 3–7 years depending on state | FLSA, state wage laws |
| United States | Benefits enrolment | 6 years from plan year | ERISA |
| United States | Workplace injury and exposure records | 5 years from incident; medical records 30 years post-employment | OSHA 29 CFR 1910.1020 |
| New Zealand | Employment agreements and wage/time records | 6 years | Employment Relations Act 2000 |
| Singapore | Employment records | 2 years post-separation (key employment terms: entire employment + 2 years) | Employment Act |
FormKiQ supports all of these retention models within a single deployment — different retention periods applied to different document types within the same employee file, with retention clocks configured per jurisdiction.
HR Document Workflows
FormKiQ provides configurable workflows for the recurring document processes in HR operations:
Onboarding Document Collection
| Workflow Step | What Happens |
|---|---|
| Packet generation | Onboarding document set generated from templates — jurisdiction-appropriate tax forms, policy acknowledgments, benefits enrolment, equipment agreements — customised by role, location, and jurisdiction |
| Distribution | Documents distributed to new hire via secure link or portal access |
| eSignature collection | Policy acknowledgments, employment agreements, and authorisation forms signed electronically with audit trail |
| Completeness tracking | Dashboard tracks which documents have been signed, which are outstanding, and which are overdue — with automated reminders |
| Filing and classification | Signed documents returned to FormKiQ and filed in the employee record with metadata, version history, and retention policy applied |
Performance Review Cycles
- Template generation — review templates generated and distributed to managers with pre-populated employee metadata
- Completion tracking — review completion tracked across the organisation with reminders and escalation
- Manager and employee signatures — completed reviews signed by manager and employee via eSignature
- Filing — signed reviews filed in the employee record with appropriate access controls (visible to management chain and HR, not to peers)
Policy Acknowledgment Campaigns
- Bulk distribution — updated policies distributed to all affected employees or specific groups (by location, department, role)
- Individual signature tracking — each employee's acknowledgment tracked individually with timestamp and signature record
- Completion monitoring — dashboard shows completion rates by department, location, and individual — with automated follow-up for outstanding acknowledgments
- Filing — signed acknowledgments filed in each employee's record with the specific policy version referenced
Separation and Offboarding
- Separation document generation — separation agreements, statutory termination notices, final pay documentation, and benefits continuation notices generated from templates
- eSignature for separation agreements — multi-party signing with legal review gates
- Exit document collection — exit interview records, equipment return confirmations, and access revocation confirmations collected and filed
- Retention transition — employee file automatically transitions to post-separation retention with jurisdiction-appropriate retention periods applied by document type
AI-Powered HR Document Processing
FormKiQ's AI Processing and Analysis module — powered by Amazon Bedrock — automates classification and extraction for HR documents:
| AI Capability | HR Application |
|---|---|
| Document type classification | Automatically classify incoming HR documents — offer letters, tax forms, benefits enrolment, policy acknowledgments, performance reviews — and file to the correct section of the employee record |
| Metadata extraction | Extract employee name, employee ID, effective dates, compensation figures, and other key data from HR documents |
| Sensitivity classification | Identify documents containing medical information, accommodation details, investigation content, or other sensitive data for heightened access controls |
| Completeness analysis | Analyse onboarding document sets for completeness — flagging missing required documents before the employee's start date |
| Policy acknowledgment verification | Verify that policy acknowledgment documents are properly signed and dated |
All AI processing runs within your AWS account through Amazon Bedrock. Employee document content never leaves your cloud environment.
Document Generation for HR
FormKiQ's Document Generation module automates the production of employee documents:
| HR Event | Generated Document | What Happens Next |
|---|---|---|
| New hire confirmed | Offer letter generated with compensation, title, start date, and location data | Routed to hiring manager for review, then to candidate via eSignature |
| Offer accepted | Onboarding packet generated — jurisdiction-appropriate tax forms, policy acknowledgments, benefits enrolment | Distributed to new hire; completeness tracking initiated |
| Role change | Updated employment letter, revised policy acknowledgments for new role/department/jurisdiction | Routed for eSignature; filed in employee record |
| Annual review cycle | Performance review templates generated for each employee with pre-populated data | Distributed to managers; completed reviews collected and filed |
| Separation initiated | Separation agreement, exit checklist, statutory termination notices, benefits continuation documentation | Routed through HR and legal review; eSignature for separation agreement |
| Policy update | Updated policy acknowledgment forms distributed to affected employees | Tracked distribution with completion monitoring and follow-up |
Integration with HRIS and Enterprise Systems
FormKiQ's Integration Framework Modules connect employee records to the systems that manage employee data:
| Framework | HR Integration Use Cases |
|---|---|
| HRIS Integration | Employee records linked to HRIS data — hire, role change, leave, and separation events trigger document workflows in FormKiQ; organisational structure mapped to access controls |
| ERP Integration | Payroll documentation, expense records, and financial documents linked to employee records |
| Case Management Integration | Workplace investigations, complaints, and grievance cases linked to employee records with appropriate access restrictions |
For organisations with an HRIS, the HRIS Integration Framework Module (available on Advanced and Enterprise editions) provides event-driven automation — HRIS lifecycle events trigger onboarding workflows, policy re-acknowledgment, and separation processes in FormKiQ automatically. For organisations without a formal HRIS, FormKiQ's HR and Employee Records Management solution operates independently as the governed employee document repository.
Compliance and Regulatory Alignment
| Framework | HR Record Requirements | FormKiQ Capabilities |
|---|---|---|
| GDPR / UK GDPR | Employee personal data processed lawfully, retained only as long as necessary, subject to data subject access requests | Data residency enforcement, retention controls, access request workflows, processing audit trails |
| PIPEDA / Provincial privacy legislation (Canada) | Employee personal information governed by federal and provincial privacy legislation | Canadian data residency (Montreal, Calgary), consent management, retention controls |
| Australian Privacy Act / Fair Work Act | Employee records retained for 7 years post-separation; health monitoring records 30 years | Configurable retention by document type, long-term archival storage |
| Employment Standards Acts (Canada — by province) | Province-specific retention for employment records, payroll, and statutory leave documentation | Jurisdiction-aware retention with provincial configuration |
| Employment Rights Act 1996 / Equality Act 2010 (UK) | Personnel records retained for limitation periods; equal opportunity monitoring documentation | Retention scheduling, access controls, sensitivity classification |
| Fair Work Act 2009 (Australia) | Employee records retained for 7 years; specific requirements for pay, leave, and termination records | Configurable retention by document type and category |
| HIPAA (US) | Health-related employee records in self-insured health plans and employee wellness programs | Encryption (KMS), ABAC, sensitivity classification, audit trails |
| Workplace health and safety legislation | Exposure records, incident records, and medical monitoring records — retention varies from 5 to 40 years by jurisdiction | Long-term retention with jurisdiction-specific configuration, archival tiering |
| Anti-discrimination and human rights legislation | Records of complaints, investigations, accommodations, and related proceedings — retention through limitation periods | Access controls, legal hold, sensitivity classification, audit trails |
| SOC 2 | Access logging, security controls, and operational monitoring for employee data handling | Audit logging, access controls, encryption, operational monitoring |
Who Uses HR and Employee Records Management on AWS
| Industry | HR Record Challenges | Key Drivers |
|---|---|---|
| Healthcare | Clinical staff credentialing, licensure tracking, workplace exposure records, health and safety documentation across high-turnover environments | Workplace safety record retention (up to 30 years), patient privacy training, professional registration tracking |
| Financial Services | Licensing documentation, background screening, compliance training records, compensation documentation, fitness and propriety assessments | Financial regulatory requirements (FCA, APRA, FINRA, OSFI), SOC 2, licensing retention |
| Manufacturing | Safety training records, workplace exposure documentation, workers' compensation files, union/collective agreement documentation across multiple facilities | Workplace safety retention (up to 40 years for exposure records), multi-facility access control, collective agreement compliance |
| Government & Public Sector | Civil service documentation, classification records, security clearance documentation, pension records, statutory records | National archives requirements, public sector personnel record statutes, security clearance retention |
| Higher Education | Faculty tenure documentation, credential verification, adjunct records, student employee files across campuses | Data protection regulations (GDPR, FERPA for student employees), tenure review documentation, multi-campus governance |
| Technology | Global employee records across jurisdictions, equity/options documentation, visa and work authorisation, remote worker compliance | Multi-jurisdiction retention (GDPR + provincial privacy + state law), work authorisation tracking, global mobility |
| Retail & Hospitality | High-volume onboarding, seasonal employee documentation, multi-location compliance, young worker documentation | High-turnover document volume, jurisdiction-specific young worker protections, multi-location access control |
| Professional Services | Multi-jurisdiction employment across offices, secondment documentation, professional licensing, partnership/equity documentation | Multi-jurisdiction compliance, professional regulatory retention, partnership governance |
FormKiQ Editions for HR and Employee Records Management
HR and Employee Records Management is available as a Solution Layer on FormKiQ Advanced and Enterprise:
| Capability | Core | Essentials | Advanced | Enterprise |
|---|---|---|---|---|
| Document Storage (S3) & API | ✓ | ✓ | ✓ | ✓ |
| Tagging, Search & Classification | ✓ | ✓ | ✓ | ✓ |
| OCR (Tesseract) | ✓ | ✓ | ✓ | ✓ |
| OCR & IDP (Textract) | ✓ | ✓ | ✓ | |
| SSO (SAML — Entra, Google, Auth0) | ✓ | ✓ | ✓ | |
| Workflows, Queues & Rulesets | ✓ | ✓ | ✓ | |
| Encryption (in-transit & at-rest) | ✓ | ✓ | ✓ | |
| Document Control & Versioning | ✓ | ✓ | ✓ | |
| Antivirus & Anti-Malware | ✓ | ✓ | ✓ | |
| AI Processing & Analysis (Bedrock) | ✓ | ✓ | ||
| Document Generation | ✓ | ✓ | ||
| eSignature Integration | ✓ | ✓ | ||
| HRIS Integration Framework | ✓ | ✓ | ||
| Document Gateway Modules | ✓ | ✓ | ||
| Enhanced Full-Text Search (OpenSearch) | ✓ | ✓ | ||
| Solution Layers (HR & Employee Records) | ✓ | ✓ | ||
| Multi-Instance & Multi-Region Licensing | ✓ | ✓ | ||
| Vendor-Managed & Hybrid Deployment | ✓ | |||
| Custom SLAs & Compliance Consulting | ✓ | |||
| Support | Community (Slack & GitHub) | Support Portal (2-business-day SLA) | Private Slack + videoconference + 40 hrs onboarding | Rapid response (8-business-hour SLA) + strategic architecture support |
Deployment Models
| Model | Description | Availability |
|---|---|---|
| Customer-Managed AWS | Deploys directly into your AWS account via CloudFormation. Full control of infrastructure, networking, encryption keys, and operations. | All editions |
| Vendor-Managed | FormKiQ manages the AWS infrastructure on your behalf — deployment, updates, and operational support. | Enterprise |
| Hybrid | You retain control of specific components (encryption keys, network config) while delegating operational management to FormKiQ. | Enterprise |
Every deployment is a dedicated, isolated instance in an AWS account owned by or designated by the customer. FormKiQ does not operate a shared multi-tenant environment.
Getting Started
FormKiQ Core can be deployed to your AWS account in fifteen to twenty minutes using a one-click install via AWS CloudFormation. HR and Employee Records Management capabilities — including AI Processing, Document Generation, eSignature Integration, and HRIS Integration Framework — are available on FormKiQ Advanced and Enterprise.
For organisations evaluating HR and employee records management on AWS, FormKiQ offers a Proof-of-Value program — a three-month deployment in a FormKiQ-managed AWS environment that provides full platform access in a non-production setting.
Frequently Asked Questions
What is HR and employee records management on AWS?
HR and employee records management on AWS refers to managing the full employee document lifecycle — recruitment records, employment agreements, onboarding documentation, performance records, training certifications, and separation documents — in a governed document management platform deployed within your own Amazon Web Services environment. This gives organisations full control over employee data, encryption, access, and audit trails.
How is this different from the document management in my HRIS?
HRIS platforms manage employee data — personal information, compensation, benefits, organisational structure. They treat documents as attachments to employee records, with no independent classification, document-level access controls, jurisdiction-aware retention, or audit trail for document access. FormKiQ provides the governed document layer — every document independently classified, access-controlled at the document level, retained per jurisdiction-specific rules, and auditable. For organisations with an HRIS, FormKiQ integrates via the HRIS Integration Framework to synchronise employee data and lifecycle events. For organisations without a formal HRIS, FormKiQ operates independently as the employee document repository.
How does FormKiQ handle employee records across multiple jurisdictions?
FormKiQ supports jurisdiction-aware retention — different retention periods applied to different document types within the same employee file, based on the employee's location and the applicable regulatory framework. A Canadian employee's records can follow provincial Employment Standards Act requirements while a UK employee's records follow Employment Rights Act and Limitation Act periods, all within the same FormKiQ deployment. Retention clocks can be configured to start from hire date, separation date, event date, or other reference points as required by the applicable jurisdiction.
How does FormKiQ handle sensitive HR documents like medical records and investigation files?
FormKiQ provides attribute-based access control (ABAC) at the document level. Within a single employee file, routine HR documents can be visible to the employee's manager and HR business partner, while medical records, accommodation requests, and investigation files are restricted to designated HR roles. All access events are recorded in the audit trail with timestamps and actor identification. Sensitivity classification powered by Amazon Bedrock can automatically identify documents containing health information or other sensitive content for appropriate access restriction.
What happens to employee records after separation?
When an employee separates, FormKiQ automatically transitions their document file to post-separation retention. Retention periods are calculated from the separation date (or other configured reference point) based on document type and jurisdiction. Documents are archived to cost-optimised S3 storage tiers while remaining searchable and subject to access controls. Legal holds can be applied to preserve documents for ongoing proceedings regardless of retention schedule.
Can employees access their own records?
Yes. FormKiQ's ABAC model supports employee self-service access — each employee can view and download their own governed documents (signed agreements, pay statements, policy acknowledgments) without access to other employees' records or management-only documents within their own file. Self-service access is configured through metadata-driven access rules rather than requiring separate user provisioning.
How does FormKiQ handle policy acknowledgment campaigns?
FormKiQ's Document Generation module produces policy acknowledgment documents and distributes them to affected employees or specific groups. Individual eSignature tracking records each employee's acknowledgment with timestamp and signature. Completion dashboards show progress by department, location, and individual, with automated follow-up for outstanding acknowledgments. Signed acknowledgments are filed in each employee's record with the specific policy version referenced.
What happens to employee records if we change our HRIS?
Employee documents managed in FormKiQ are independent of the HRIS platform. When you migrate to a new HRIS, your employee files, metadata, retention policies, access controls, and audit trails all persist — only the integration layer needs to be reconfigured. This is particularly important for separated employee records, which must be retained for years or decades after departure regardless of which HRIS is in use.