Data Retention & Legal Hold
To satisfy corporate governance and regulatory compliance frameworks—such as SAMA, CMA, and the National Center for Archives and Records (NCAR) guidelines—AIIA provides granular data retention policies and legal hold locks.
Administrators can establish default lifecycle rules for all audit deliverables, evidence uploads, and system logs, with compliance overrides to protect data from modification or premature deletion.
Retention Framework
AIIA governs files and data using a three-stage lifecycle:
- Active State: Records are open for querying, editing, and references in current engagements.
- Archived State: Records are locked (read-only) and excluded from default searches, but kept for historical audit references.
- Purged State: Data is permanently and securely deleted from object storage and database tables.
Retention Policy Configuration
AIIA allows custom retention timelines to be configured for different document classes via the Admin → Data Retention portal:
| Document Category | Default Active Period | Default Archive Period | Total Retention |
|---|---|---|---|
| Audit Reports | 2 Years | 8 Years | 10 Years |
| Audit Workpapers | 2 Years | 5 Years | 7 Years |
| Evidence Files (Blobs) | 1 Year | 6 Years | 7 Years |
| Audit Trails & Log Events | Permanent | Permanent | Permanent |
| PBC Client Requests | 1 Year | 4 Years | 5 Years |
[!WARNING] Purging is Irreversible: Once the retention window expires, data is purged from the database and underlying MinIO/S3 object stores using secure erasure methods. Purged records cannot be recovered.
Legal Hold Mechanism
A Legal Hold is an administrative lock that overrides all standard retention policies. It is designed to preserve records during active litigation, regulatory inquiries, or external investigations.
How Legal Holds Work
- Immutability: When a Legal Hold is active on an Engagement, Finding, or specific Workpaper, the underlying data, metadata, and attached evidence files cannot be edited, archived, or deleted by any user, including System Administrators.
- Purge Prevention: If an item's retention period expires while it is under a Legal Hold, the automated purge job will skip the item, preserving it in its read-only archived state.
Creating and Releasing a Legal Hold
- Navigate to the target module page (e.g., Engagements or Findings).
- Open the specific item and go to Settings → Legal Hold.
- Toggle the Enable Legal Hold switch.
- Input the Hold Reason and reference code (required for the audit trail).
- Save. The item will show a 🔒 Legal Hold lock banner.
- To release the hold, a user with the
CAEorAdminrole must manually toggle the switch off, entering a release justification.
Compliance & Logs
- System Logs: All automatic archiving runs, manual purges, and Legal Hold toggles emit a detailed
AuditLogEventmapping the exact user, target item, and reason. - Notification Warnings: 30 days prior to any scheduled automatic purging event, the system dispatches notifications to the CAE and Platform Administrators to allow for review and optional extension of the hold window.