Business Function Record Class Name

To add more business functions

or record classes, simply right
click on the number of the last
row and select "insert 1 below".

Administration
Departmental Administration
Internal Services
Records Destruction Certification
Reference Materials
Audit
External Financial Audits
Internal Financial Audits
Sarbanes-Oxley Compliance
Training Attendance and Certification
Compliance
Governmental Compliance and Reporting
General Policies, Programs, and Procedures
Records Destruction Certification

Sarbanes-Oxley Compliance

Finance
Acquisitions and Divestments
Bank Account Set-up and Management
Bank Transcations and Account Reconciliations
Budgets and Financial Forecasting
Customer Credit and Financing
External Financial Audit
Financial Statements
Investment Management
Strategic Business and Planning
Human Resources
Benefit Enrollment and Participation
Benefit Plan Administration
Compensation Planning
Employee Medical Records
Employee Recruitment and Selection
 Equal Employment Opportunity
Training and Development Programs
IT
Application Documentation
Information Systems Administration
Legal
Component Violations
Copyrights, Trademarks, and Patents
Equal Employment Opportunity
Licenses, Permits, and Certifications
Litigations and Claims
Tax
Annual Report & Franchise Tax Returns & Work Papers
Federal Tax Returns
Foreign Tax
Miscellaneous Payroll Tax Returns
State and Local Tax Records
Tax Accounting
Tax Audits and Appeals
Tax Planning and Forecasting
 Record Class Code Retention Period

6 Years
ADM100
ADM105 3 Years
ADM110 10 Years
ADM115 1 Year

AUD100 10 Years
AUD105 3 Years
COM115 7 Years
AUD115 3 Years

COM100 5 Years
COM105 10+ Years
ADM110 10 Years

COM115 7 Years

FIN100 10 Years
FIN105 6+ Years
FIN110 6 Years
FIN115 1+ Years
FIN120 6+ Years
AUD120 10 Years
FIN125 10 Years
FIN130 6+ Years
FIN135 6+ Years

HRE100 6+ Years
HRE105 6+ Years
HRE110 6 Years
HRE115 Indefinitely
HRE120 3 Years
HRE125 6 Years
HRE130 3+ Years

ISY100 6+ Years
ISY105 6+ Years

LEG100 6 Years
LEG110 6 Years
HRE125 6 Years
LEG120 3+ Years
LEG125 6+Years

TAX100 Indefinitely
TAX105 Indefinitely
TAX110 Indefinitely
TAX115 6 Years
TAX120 10 Years
TAX125 1+ Years
TAX130 Indefinitely
TAX135 10 Years
 Retention Citation Data Sources Contains PII

Google Drive

https://www.sec.gov/rules/final/33-8180.htm

SharePoint

https://www.sec.gov/rules/final/33-8180.htm

Oracle

PeopleSoft Yes
WorkDay Yes
https://www.irs.gov/privacy-disclosure/tax-code-regulations-and-official-guidance
Authorized Manager Notes:
Cloud Collaboration/Communication App Data Types

*Apps are listed in alphabetical order. The

subsets of each app is included below.*

Box and Box Enterprise

All files and metadata such as:

- Author
- Creation date
- Last modified date
- MD5Hash
- Parent folder name
- Path
- Revision

Dropbox
 All files: Folders, Subfolders, Files
Related Metadata such as:
- Creation date
- Folder path
- Revision ID

Dropbox Business

All of the above, plus: Native files that

have been uploaded, Microsoft Office
files created in Dropbox, Dropbox Paper
Files

Confluence (On the web and on-premise)

- HTML content of the page

- Comments on pages
- Attachments for the page
- Labels for attachments and pages
- Ancestors for the page/attachments
- Historical information and related
metadata, including:
- Author of the page
- Created by/on
- Last updated by/on
- Previous Version created by/on
Google Suite

- Email Messages (metadata is

embedded in email)
- Attachments (embedded in the email)
- Labels from Gmail
Metadata collected:
- Email to
Gmail - Email from
- Email Bcc
- Email Cc
- Email ID
- Email subject
- Important
- Starred

- All files
- Select folders
Metadata collected:
- Title
Google Drive - Creators
- File creation
- File last modified
- Path
- Revision number
- Folder
 - Direct messages (DMs)
Google Hangouts - Messages in rooms in Google Chat and
Hangouts

Jira (Cloud or Server)

- Multiple or individual projects

- Issues, including: description, name,
creator, updater, status, type, progress,
priority, resolution, due date, summary,
components, original estimate, time
spent, votes, issue links, and custom
fields
- Attachments
- Comments

Microsoft 365
 Embedded in email:

- subject
- body_preview
- importance
- parentFolderId
Microsoft Outlook
- isDeliveryReceiptRequested
- isRead
- hasAttachments
- webLink
- isDraft
- Attachments: pictures/audio/text
 - Files in folders
- Metadata related to files such as:
- File creation
Microsoft OneDrive - File last modified
- Document path
- Creator

- Files stored on the sites including

Microsoft SharePoint subsites.
- Metadata from those files
 - All messages from channels, group
chats, and users
- Metadata including:
- Group ID
Microsoft Teams - Members
- Team ID channels
- Attachment ID
- Channel messages
- Chat members

Quip and Quip Enterprise

 - All accessible documents from a user
account – public folders and private
documents
- To-do lists
- Spreadsheets
- Metadata fields, including created on,
expanded users, and updated on
- Comments made on files
- Chats

Salesforce
 Historical information and related
metadata, including:
- File Name
- File ID
- Author
- File Creation
- File Last Modified
- File Size
- Extension

Slack and Slack Enterprise

- All or selected workspaces

- All or selected channels, both private
and public
- Messages posted on channels, direct
messages (dms) and multi-person
instant messages (mpim)
- Edited and deleted messages (only
available if 'Keep Everything' is selected
as a setting in Slack Enterprise)
- Files posted on channels, dms and
mpims
- Posts created in the files section,
channels, dms and mpims
- Snippets created in the files section,
channels, dms and mpims
- Files created in the files section,
channels, dms and mpims

Facebook Workplace

- Facebook Group posts

- Comments on posts
- Attachments: notes, file uploads, and
photos

Zendesk
 - Tickets (open, closed, suspended,
deleted)
- Attachments included in tickets
- Labels for attachments and pages
- Ancestors for the page/attachments
- Historical information and related
metadata, including:
- Ticket ID (#)
- Ticket Name
- Ticket Type
- Organization
- Ticket Status
- Zendesk Assignee
- Zendesk Requester
- Group
- Ticket Priority
- List of tags

Zoom

- Meetings
- In Meeting Chat
- Audio Recordings of meetings
- Video Recordings of meetings
- Transcripts of meetings (only
available from Zoom business
accounts)
 Native Retention Settings

Box Governance allows admins to secure, preserve, and classify their content. (However, you'll need a Box
Enterprise account to get this add-on.) Users can set global or folder-based retention policies directly in the
platform. Users can also select predefined or custom retention schedules to ensure nothing gets lost. Once the
schedule is set, users can choose a “disposition action” or decide what happens to the content when the retention
time period is up. They can also choose who gets notified of these actions.
Dropbox doesn't have a way to set retention periods for live documents, but it does allow admins to save
deleted and previous versions of files for specific periods of time. During this time, admins can recover these
files. However, after the period of time is up, the deleted files are marked for permanent deletion and are purged
from Dropbox's storage servers. Once files have been permanently deleted, they can't be restored.

*It's important to note: Retention periods differ depending on the Dropbox plan you have.*

Dropbox Basic, Dropbox Family, and Dropbox Plus accounts have a 30-day retention period.

*It's important to note: Retention periods differ depending on the Dropbox plan you have.*

Dropbox Professional and Dropbox Business accounts have a 180-day retention period. You can also restrict
the end user from permanently deleting anything from your system.

Dropbox Business teams can get an Extended File Version History Add-On that can recover accidentally
deleted content and undo unwanted file changes, for up to 10 years

Confluence allows you to view global and space audit logs to review changes that've been made in your site. The feature
To access retention controls for Google Suite services, you need to purchase a Google Vault license for every user that yo

Custom Retention Rules for Gmail - You can set custom retention rules for a specfic period of time with certain
conditions. For Gmail, you can specify data by organizational unit, date ranges, and specific search terms.

Custom Retention Rules for Google Drive - You can specify retention rules by organizational unit and define
expiration based on last modified dates (to address staleness) and created dates (to address compliance
requirements), or trashed dates.
Custom Retention Rules for Google Hangouts - You can specify by organizational unit or for all rooms in the domain. You
can define expiration based on when messages were sent.

Jira has different storage capacities for different plans, however right now the platform is not enforcing storage limits as
To access retention rules for Microsoft products, Microsoft 365 Compliance Center offers solutions to help keep you com

With retention policies for Outlook, you can create retention policy "tags" that employees can voluntarily apply to their
For OneDrive, Microsoft has what's called a Preservation Hold Library which is only visible to site collection administrat

For OneDrive, Microsoft has what's called a Preservation Hold Library which is only visible to site collection administrat
With retention policies for Teams, you can:

1. Retain Teams chats and/or channel messages for a specified duration and then do nothing.
2. Retain Teams chats and/or channel messages for a specified duration and then delete the data.
3. Delete Teams chats and/or channel messages after a specified duration.

Retention Limitations:

- Teams requires a retention policy that's separate from other workloads. In other words, you have to create specific
retention policies for Teams chats and/or channel messages. For this reason, you can't include Teams in org-wide
retention policies.

- Teams doesn't support advanced retention settings, such as the ability to apply a policy to content that contains
keywords or sensitive information. Currently, retention policies in Teams apply to all chat and/or channel message
content.

- Microsoft doesn't yet support configuration for retention of private channel messages, but files shared in private
channels are supported.

- A Teams retention policy will trigger a process to delete chat and channel messages when those messages expire
(based on message creation date). However, depending on service load, it may take up-to seven days to permanently
delete these messages from backend storage and Teams app. Also, these messages will be searchable with
compliance tools (eDiscovery, end user search) till they are permanently deleted from backend storage
Quip offers an add-on product, Quip Governance, that offers three helpful retention functionalities to Quip Admins:
Quip's data retention policies enable an admin to control how long data is retained within a Quip site. Using various
settings, admins can either retain content for a set amount of time prior to enabling users to delete it, or they can use
data retention rules to automatically remove stale content from their Quip site. The retention periods available are:
Indefinitely: If selected, the policy will prevent end users from deleting all content until the policy is retired. (Only
available for custom policies; not available for site-wide policies.)

Days after creation: The policy will be active for n days after a document was created. For example, if the time is set
to 30 days, the expiration action will take effect 30 days after the file was created.
Days after modification: The policy will be active for n days after a document was created. For example, if the time is
set to 30 days, the expiration action will take effect 30 days after the file was last modified. Modifications include
Quip actions such as editing, commenting, and new users accessing the document.

**Once a retention period expires, admins have three deletion actions to choose from:

1. Enable Users to Delete Content: Content cannot be permanently deleted until expiration happens. If users delete a
file, it will remain in trash until its retention period is up.

2. Move to trash: Content will be moved to trash after the retention period expires. After 30 days, all users will be
removed and the content will no longer be visible. Important to note: Content can be recovered via API if needed,
and unless "Retain content until expiration" is selected, documents can be permanently deleted by users.

3. Delete Immediately: The document is deleted *irrevocably* 30 days following when the retention policy expires.
Important to note: Unless "Retain content until expiration" is selected, documents can be permanently deleted by
users.
Salesforce offers an add-on subscription called Salesforce Shield that helps protect, monitor, and retain your data in Sale

By default, Slack will retain all messages and files for the lifetime of your workspace. You can adjust your retention setti

By default, Facebook Workplace will keep everything forever unless deleted. As it stands currently, there are no retentio
Tickets are permanently stored in Zendesk, but archived after 120 days. For more on ticket archiving, see Zendesk's pol

Zoom allows you to retain Zoom meeting recordings, transcripts of meetings, and chats. To retain this data, you need
a Pro, Business, or Enterprise account. Your account type will also dictate your storage capacity, however, you can
add on more storage at any time.

Other things to note:

- Admins can record and preserve the meetings of certain users, groups, or all members in their organization.
- Admins can control whether or not individual users or participants have the ability to store meeting recordings on
their own devices.
- If an admin chooses to preserve the meetings of all organization members, they can either be stored on their local
device or in Zoom’s Cloud.
-Admins need to enable IM Management to gain access to Zoom chat storage and archival.
- The default period for the cloud is 2 years and local devices in 1 year. Zoom chats can be stored up to 10 years max
and 1-day minimum after messages are received.
 Native eDiscovery Method

Box Governance does a good job of preserving and collecting

information. It does have some limitations when it comes to its
data index, which inhibits processing and search.

Currently, Box indexes the first 10,000 characters of a document

which presents some difficulties around search accuracy and
indexing scanned documents, PDFs, or images. Another exception
to Box’s indexing is that it does not index previous versions of a
document, only the current version. Box partners with Onna to
help power more eDiscovery capabilities.
Dropbox has a Data Governance Add-On available to Dropbox
Business Teams. This add-on enables teams to collect and export
content that's been created or modified by a specific user with a
legal hold functionality. Outside of this add-on, they reccomend
working with an eDiscovery solution that integrates with their API.

Dropbox has a Data Governance Add-On available to Dropbox

Business Teams. This add-on enables teams to collect and export
content that's been created or modified by a specific user with a
legal hold functionality. Outside of this add-on, they reccomend
working with an eDiscovery solution that integrates with their API.

Confluence does not currently offer a native workflow for

eDiscovery or legal hold.
Google Vault also supports legal hold, search and export features,
and audit reports for eDiscovery. Here is a full list of data types that
vault is compatible with.
*Keep in mind that if you don't already have Google Workspace
Business or Enterprise Editions, you can purchase Vault for
$5/user/month.*
Jira does not currently offer a native workflow for eDiscovery or
legal hold.
Microsoft 365 offers the following eDiscovery tools:1. Content Search - Search for email, documents, and instant messag
Note: The preserved versions of OneDrive documents are not
searchable by eDiscovery tools.

Note: The preserved versions of SharePoint documents are not

searchable by eDiscovery tools.
Note: eDiscovery of private channels work differently than eDiscovery of standard channels. See here to learn more: htt
Onna is the only platform to natively collect and preserve data from
Quip and Quip Enterprise.
Salesforce does not currently offer a native workflow for
eDiscovery or legal hold.

Slack does not currently have a native eDiscovery option. Many

organizations, including Slack themselves, use Onna as their
eDiscovery solution.

Facebook Workplace does not currently offer a native workflow for

eDiscovery.
Zendesk does not currently have a native eDiscovery option. Many
organizations use Onna as their eDiscovery solution.

Zoom does not currently have a native eDiscovery option. Many organizations use Onna as their eDiscovery solution —
Learn more about Onna eDiscovery for Box.
Learn more about Onna eDiscovery for Dropbox.

Learn more about Onna eDiscovery for Dropbox Business.

Learn more about Onna eDiscovery for Confluence.

Learn more about Onna eDiscovery for Google Suite.
Learn more about Onna eDiscovery for Jira.
Learn more about Onna eDiscovery for Microsoft 365.
Learn more aboout Onna eDiscovery for Quip and Quip Enterprise.
Learn more about Onna eDiscovery for Salesforce.

Learn more about Onna eDiscovery for Slack.

Learn more about Onna eDiscovery for Facebook Workplace.

Learn more about Onna eDiscovery for Zendesk.

Learn more about Onna eDiscovery for Zoom.

Onna is a knowledge integration platform that unlocks enterprise knowledge from today’s most popular workplace app