Record Retention – Data Integrity & Archival

Record Retention – Data Integrity & Archival

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • QMS & Data Integrity • QA, IT/OT, Manufacturing, Labs, Supply Chain

Record Retention defines how long you keep quality‑critical records—in a trustworthy, retrievable state—and Archival defines how you preserve, migrate, and prove those records remain complete and readable over time. In regulated manufacturing, retention and archival are inseparable from Data Integrity principles (ALCOA+), and are enforced through Document Control, validated systems (CSV), and e‑record regulations such as 21 CFR Part 11 and EU Annex 11.

“Retention isn’t a box of PDFs. It’s a governed, validated capability to produce the right record, complete with metadata and audit trail, on demand—today and ten years from now.”

TL;DR: Build a retention schedule that maps each record type (eBMR, DHR, QC data, training, equipment, supplier, distribution) to a required period and authoritative system of record (MES/eBMR, LIMS/ELN, QMS, WMS). Preserve originals, metadata, and audit trails. Validate export/migration, encrypt and control access, back up with tested restores, and maintain readability through format obsolescence. Govern it under Part 11/Annex 11 with change control, and tie the whole lifecycle to Data Retention & Archival policy.

1) Why Record Retention Matters

  • Patient/User Safety & Product Quality: Retained records substantiate that each batch/device met requirements at the time of release (eBMR, DHR).
  • Regulatory Proof: Inspectors expect trustworthy originals with audit trails and e‑signature attribution per Part 11 / Annex 11.
  • Traceability & Recalls: Retention underpins Lot Traceability, Serialization, SSCC, and distribution records—critical to targeted recalls and field actions.
  • Legal & Commercial Risk: Retained, reliable records reduce liability and enable supplier recovery and warranty defense.

2) Key Concepts: Retention vs Archival vs Backup

  • Retention = how long to keep records accessible and complete (content + metadata + audit trail + signatures).
  • Archival = how you preserve records over time (media, format, migration, readability, integrity checks).
  • Backup/Restore = disaster recovery mechanism; not a substitute for governed archival (different objectives, controls, test evidence).

GxP rule of thumb: If a record supports quality decisions (release, deviation, CAPA, validation, complaints, stability, training, supplier, distribution), it belongs in a controlled system with defined retention and verified archival processes—not on shared drives or ad‑hoc exports.

3) The Retention Schedule—Building Your Map

Create a master retention schedule under Document Control. For each record type capture:

  • Record Type: (e.g., MMR/MBR, eBMR, DHR, QC raw data, calibration, training, supplier qualification, SCAR, change control, CAPA, audit trails, labels/UDI, distribution/ASN, EPCIS events).
  • System of Record: (MES/eBMR, QMS, LIMS/ELN, WMS, ERP, label management, EDI/EPCIS).
  • Minimum Retention Period: define per regulatory/market requirement and business risk, and state the trigger (e.g., from batch release, from equipment retirement).
  • Format & Archival Method: original e‑records with audit trails; validated exports; preservation formats; checksum policy.
  • Access Controls & Encryption: who can view/export; key management and off‑boarding.
  • Disposal Method: how to defensibly destroy after retention (approved disposition with audit trail).

Keep the schedule versioned with e‑signatures and change history (see Part 11, Annex 11, and QMSR). Align with your Data Retention & Archival policy and Data Integrity expectations.

4) What to Retain—By Domain

5) Data Integrity by Design—ALCOA+ in Retention

Retention must preserve ALCOA+ attributes: Attributable, Legible, Contemporaneous, Original, Accurate—plus Complete, Consistent, Enduring, and Available (see ALCOA+). That means:

  • Attribution & E‑Signatures: retain signer identity, meaning of signature, and time.
  • Originals & Metadata: keep native e‑records with context (units, versions, instrument IDs, status, calculations).
  • Audit Trails: preserve creation/modification/review/export events and reason codes (Audit Trail).
  • Controlled Copies: if exporting, use validated, non‑editable formats with checksums and cross‑reference to originals.
  • Availability: retrieval timeframes defined in SOPs; practical SLAs for inspection and recall support.

6) Electronic Records in Validated Systems

GxP records should live in validated, role‑controlled systems, not unmanaged file shares:

Validate retention/archival functions during CSV—including export, migration, restore, and audit trail preservation tests.

7) Archival Strategy—Online, Nearline, Offline

  • Online (Active): high‑availability storage for frequent access; shortest retrieval times.
  • Nearline: cost‑optimized repositories with indexes and metadata; controlled export pathways.
  • Offline (Deep Archive): immutable storage with periodic readability checks and rehydration procedures.

Define who moves records between tiers, when (e.g., X months after release), and how integrity is verified (hashes, chain‑of‑custody, reconciliation logs). Keep the movement itself in the audit trail.

8) Format Obsolescence & Migration

Plan for readable formats across your retention horizon:

  • Preservation Formats: validated PDFs for human‑readable snapshots; preserved native files for re‑analysis (e.g., instrument raw data).
  • Migration Testing: prove no data loss or semantic changes post‑migration; retain old reader versions where justified.
  • Metadata & Context: export complete context (units, calculation versions, instrument firmware, recipe versions).

All migrations are Change Control events requiring impact assessment, validation evidence, and approvals.

9) Backup, Restore & Disaster Recovery

Backups underpin availability but do not replace archival governance:

  • Scope: include data + metadata + audit trails + configuration (recipes, permissions).
  • RPO/RTO: define targets consistent with recall and inspection readiness.
  • Testing: restore tests on representative data sets, including audit trails and e‑signatures.
  • Segregation & Immutability: protect backups from alteration and ransomware.

Record restore test evidence under QMS with deviations/CAPA for failures (see CAPA).

10) Security, Access & Encryption

  • Least Privilege: defined roles and periodic access reviews; disable local admin loopholes.
  • Encryption: at rest and in transit; managed keys with dual control and revocation on off‑boarding.
  • Export Controls: watermarking, hashes, and tamper‑evident packages; log who exported what and why.
  • Segregation of Duties: authors cannot approve their own records or purge schedules.

Security controls themselves generate records—retain them appropriately and review under Internal Audit.

11) Legal Hold & Regulatory Holds

Define a procedure to suspend routine destruction when litigation, inspection, or investigation is anticipated or ongoing. The system should place affected records under a “do not delete” hold and log the hold lifecycle. Reconcile holds with the retention schedule to avoid accidental purge.

12) System Retirement & Decommissioning

When replacing MES, LIMS, WMS, or label systems:

  • Data Mapping: identify all record types, metadata, audit trails, and links (e.g., between eBMR and LIMS results).
  • Extraction & Verification: use validated export pipelines with reconciliation reports.
  • Read‑Only Access or Migration: maintain a validated viewer for the retired system or migrate to a preservation repository; test readability and traceability.
  • CSV Evidence: plan and execute under CSV with documented acceptance criteria.

13) KPIs, Health Checks & Continuous Improvement

  • Retrieval SLA: % of requested records retrieved within target time.
  • Integrity Incidents: number of missing/altered records; audit trail gaps.
  • Restore Success: pass rate for periodic restore tests.
  • Retention Compliance: % records with assigned retention; % due for destruction processed with approvals.
  • Access Review Hygiene: age of orphan accounts; separation of duties violations.
  • Format Risk: % critical records in preservation‑assured formats; migration backlog.

Feed findings into CAPA and management review per QMSR/ISO 13485.

14) How This Fits with V5 by SG Systems Global

V5 Solution Overview. The V5 platform is designed for retention and archival. Configuration is versioned, evidence is attributable, and cross‑module interlocks (identity, status, signatures) are testable and reportable—ideal for Part 11/Annex 11 compliance and long‑term proof.

V5 MES & eBMR. Executed records, device readings, parameter limits, and signatures are captured in context with immutable audit trails. Exports for archival are validated and checksum‑verifiable.

V5 QMS. Policies, SOPs, training, CAPA, change control, and audits live under Document Control with e‑signatures and full traceability. Periodic review packs and retrieval logs show inspection readiness.

V5 WMS. Goods receipt, directed picking, FEFO/FIFO, quarantine, serialization, SSCC, and ASN events are retained with chain‑of‑custody proof—linking warehouse actions to batch/device release.

Bottom line: V5 turns retention from ad‑hoc exports into a living control system—the same records you generate to run operations are the records you can prove, preserve, and produce tomorrow.

15) FAQ

Q1. Do PDFs satisfy retention requirements?
Sometimes—if they are validated, complete, and traceable to the original with preserved metadata and audit trails. For many data types (e.g., instrument raw data), native formats must also be retained for re‑analysis.

Q2. Can backups replace archival?
No. Backups serve disaster recovery. Archival ensures long‑term readability, controlled access, and evidentiary integrity, including audit trail preservation and defensible disposition.

Q3. How long should we retain eBMR/DHR?
Define per your markets and product risk in a governed schedule. The schedule must be approved and enforced via Document Control and executed in validated systems.

Q4. What exactly is “complete” for data integrity?
Content plus metadata (who, when, meaning), plus audit trails, plus context (versions, units, devices), and the ability to render the record as originally approved (see ALCOA+).

Q5. How do we handle format obsolescence?
Maintain a preservation format strategy, keep viewer runtimes where justified, and perform validated migrations under Change Control with before/after verification.

Q6. Who owns retention—QA or IT?
Joint ownership. QA owns policy and acceptance criteria; IT/OT owns technical controls. Decisions are documented under QMS and validated via CSV.

Q7. Can we destroy records after retention expires?
Yes—if not under legal/regulatory hold. Destruction must be authorized, logged, and irreversible, with a disposition record retained.

Q8. What about linked records (e.g., eBMR ↔ QC results ↔ labels)?
Retain the linkage as well as the records. Validated exports should preserve identifiers and foreign keys; viewers must reconstruct context on demand.

Q9. How do inspectors test our retention?
They request specific records from different eras, compare rendered outputs to policy, review audit trails and signature logs, and examine restore/migration evidence. Be ready to retrieve fast and complete.

Q10. Does EPCIS or serialization data need special handling?
Yes. Treat event data as regulated distribution records. Retain EPCIS events, SSCC hierarchies, and serial numbers per your traceability obligations.

Related Reading
• Foundations: Data Integrity | Data Retention & Archival | Document Control | ALCOA+
• E‑Records & Validation: 21 CFR Part 11 | Annex 11 | CSV | Internal Audit
• Operations Systems: MES | eBMR | LIMS | ELN | WMS
• Traceability & Distribution: Lot Traceability | EPCIS | Serialization | SSCC | ASN
• Release & Decisions: Release Status (QA Disposition) | Lot Release | QP Release



Related Business Terms and Concepts