Retention Guide is an online, hosted database outlining the mandatory record retention and destruction requirements found in statute and regulations applicable to organisations in South Africa.

The Retention Guide is updated regularly to reflect all the legislative changes that impact on records retention. In this regard we review on average more than 2000 new regulatory instruments annually.
Only product of its kind in SA
  • Regulatory Universe of the Organisation

    More than 3 000 acts of Parliament are currently on the South African statute books of which approximately 860 are principal acts.

    Such laws and their requirements may attach to:

    • (i)    the activities of the organisation (i.e. you process unwrought precious metals or provide financial advice),
    • (ii)   the particular form the organisation does business as (i.e. you are a company or listed company),
    • (iii)  the particular sector to which the organisation belong (i.e. you are a mine or bank), and
    • (iv)  which jurisdiction the organisation operate in (i.e. South African mines are regulated differently from mines in the        USA), etc.

    In conjunction with the organisation’s legal representatives we then create a regulatory profile for the organisation which should be the natural starting point for any compliance effort.
  • Regulatory Record Retention Requirements – Retention Guide

    Best practice dictates that an organisation should review/assess all acts, regulations, etc. within its Regulatory Universe for regulatory records retention requirements and other prescribed handling criteria.

    It should seek among other answers to the following questions:

    • • What records must the organization create and retain?
    • • For how long should it be retained and when does this requirement to retain start?
    • • Where should it be kept?
    • • In what format should it be kept (i.e. paper, electronic or microfilm)?
    • • How should these records be stored (i.e. stored securely)?
    • • Who should be the custodian for such records?

    We maintain a hosted database of regulatory record retention requirements called the Retention Guide, which is provided online through the website.

    The relevant areas covered by the Retention Guide include acts as well as their subordinate measures like regulations and practice notes. The Retention Guide answers among others all the questions stipulated above where such information is provided by the relevant act or subordinate measure. In some instances where acts or regulations do not stipulate specific retention periods but nevertheless still requires retention the Retention Guide suggests retention periods based on a set methodology.

    Click here to view our Retention Guide brochure
  • Evidentiary Requirements for Records

    We do a review of all the business processes and activities within the organization (work/business process analysis) to determine the need for records to be created and/or retained for purposes of evidence.

    This assessment would identify areas where the organization regularly faces the risk of litigation or need to justify its actions to internal or external stakeholders and third parties. This evidentiary assessment indicates which records are required to be pro-actively created and/or maintained by the organization and will assign to each of these records a low, medium or high value for evidentiary purposes along with a suggested retention period and handling criteria. This relates to the requirement for evidence that can with reasonable certainty be predicted pro-actively. It should not be confused with an evidentiary hold that may later in the life cycle of a record be placed on it because of the fact that it may be relevant for potential/current litigation as the former is made at the time of record creation and retention whilst the latter is made during the retention period or when the retention period has expired and the record comes up for destruction.
  • Records Management Policies

    Records must be managed in accordance with a defined policy framework that treats records in a comprehensive yet technology neutral way

    Failure to do so could expose an organisation to legal and operational risk as recent judgments in South Africa and the US have shown. In particular, these cases highlight the fact that the retention and destruction of records (whether paper or electronic) can have severe legal consequences if not properly managed.

    We currently use a combination of best practice standards as a basis for these policies.
  • Records Retention and Destruction Policies

    As recent South African and US cases have shown, it is imperative that records retention and destruction be conducted in accordance with a documented policy. Compliance with statutory record-keeping requirements is not optional.

    While it is unlikely that lawmakers will hunt down those without a credible records management practice, a company can be called to account for its lack of policy in multiple situations.

    Non-compliance due to weak corporate governance and regulatory risk management measures can lead to fines or imprisonment, suspension or revocation of licences, qualified audit reports and the danger of reputational damage, which can even lead to the destruction of an organisation – as in the Andersen case in the US.

    We currently use a combination of best practice standards as a basis for these policies.
  • Records Conversion and Migration Policies

    In the changing business and technological environment conversion and migration present activities that will be undertaken by many organisations during the lifetime of their records.

    As technology changes and organisations evolve it is continuously important to optimise processes and storage capabilities which may involve among others a move to more efficient or cost effective systems or transfers of data from one system or platform to another. This may involve either the conversion of data from one format or medium to another or the migration of data from one system or location to another.

    Data Conversion and Migration must be conducted in accordance with a policy and prescribed procedures. Failure to do so could expose an organisation to legal challenges around the authenticity and reliability of Converted or Migrated records.

    We currently use a combination of best practice standards as a basis for these policies.
  • Records Imaging / Digitisation Policies

    Document imaging/digitisation of records must be conducted in accordance with a policy and prescribed procedures.

    Failure to do so could expose an organisation to legal challenges around the authenticity and reliability of imaged records.

    The Electronic Communications and Transactions Act, 25 of 2002 under certain circumstances permit the retention of records in electronic (including imaged) form. However, an organisation carries the onus to prove that imaged records are reliable and that they have not been unlawfully tampered with.

    We currently use a combination of best practice standards as a basis for these policies.
  • ISO 15801 Compliance Manager

    Document Imaging or Digitisation exercises must followDocument Imaging or Digitisation exercises must follow the approaches outlined in SANS 15801: 2005, Electronic Imaging & information stored electronically - Recommendations for trustworthiness & reliability in order to ensure the trustworthiness and reliability of the records in question.

    In this spreadsheet based tool we have analysed SANS 15801 and set out its requirements in very practical and user friendly terms, providing guidelines, tick-lists and options. This is a very useful tool for anyone wishing to implement the principles stated in this document.
  • Annual Standards, Court Case and Regulatory Update to Policies

    We provide an annual legal review and update service for all policies drafted by us.

    This means that we annually assess these policies in light of new South African regulatory changes, decided court cases and amendments to ISO/SANS standards.
  • Information Sensitivity Compliance Guidelines

    This is a database similar to the Retention Guide that lists all information sensitivity requirements found in the South African law.

    These requirements come from a variety of regulatory instruments and also include the sensitivity requirements found in the Protection of Personal Information Bill.
  • Strategic Legal Sensitisation Sessions

    During these sessions we sensitise management and records staff to the particular legal and practical issues surrounding the area of records and information management in the organisational context.

    These sessions provide management and records staff with the basic knowledge necessary for them to make strategic decisions in regard to their records management programmes.
  • Records Related Legal Issues Training

    We provide a one day course covering all the information and records related legal issues which includes - Records Management Sensitisation; The Legal and Regulatory Issues regarding Records Management, Records Retention and Destruction, Imaging or Digitisation, Conversion and Migration, How to approach your Records Management Project's Governance Issues, Strategies for e-mail handling and Best Practice Requirements.

  • Retention Assessments - Cleaning House Services

    We assess the records actually present in the organisation against the regulatory records retention requirements in the Retention Guide and provide the organisation with a list of regulatory requirements for each record.

  • Information Sensitivity Cleaning House Services

    We assess the records actually present in the organisation against the regulatory sensitivity requirements in our information sensitivity requirements database and provide the organisation with a list of requirements for each record.

1 September 2013
  ISO TC46 SC11 is currently reviewing ISO 15489. The resultant new standard is expected to be quite different from the current ISO 15489
8 August 2013
  The following standards were adopted in South Africa as part of the new management system standard for records:
  • SANS 30300: Information and documentation - Management systems for records - Fundamentals and vocabulary
  • SANS 30301: Information and documentation - Management systems for records - Requirements