Author: Government recordkeeping
Cenitex and Public Record Office Victoria (PROV) have issued a joint statement outlining new data retention arrangements that will shape how Victorian Government departments and agencies manage information within the Cenitex managed Microsoft 365 shared tenancy. The guidance confirms default retention periods, new storage and backup options, and strengthened administrative controls that affect all organisations using the Cenitex tenancy, ensuring government data is stored, protected and disposed of in line with PROV Standards and legislative obligations. Read the full joint statement below for detailed guidance and requirements.
Default Cenitex retention periods for the shared Microsoft 365 tenancy
Cenitex sets a default retention period for data within the shared Microsoft 365 tenancy, to ensure that systems and the records (data and information) Cenitex holds can be recovered in case of deletion. Departments and agencies that are Cenitex customers can request Cenitex to adjust retention periods for their data outside of the default periods or can modify SharePoint retention beyond the defaults such as none, 2, 5 and 7 years.
The current default retention periods in the shared Microsoft 365 tenancy are:
- OneDrive - 7 years for licensed accounts, and no retention for unlicensed accounts (data is deleted after 93 days).
- SharePoint - 7 years for sites created before 4 June 2025, 1 year for sites created from that date.
- Exchange and Exchange Online - perpetual.
Cenitex has worked with department and agencies to ensure that SharePoint retention policy adjustments are controlled by implementing a per department/agency approval group. Only the SharePoint Site Owner can request a SharePoint retention policy change, and the change will only be actioned after a member of the department or agency's approval group has approved it.
Additional storage options
Cenitex has recently released Microsoft Archive and Microsoft Backup as storage options, their capabilities complementing retention policies.
- Microsoft Archive - SharePoint sites can be nominated for archive. Access is removed from the site and is retained in storage for as long as needed. Departments or agencies can request that Cenitex return a site from archive when access is required.
- Microsoft Backup - SharePoint, OneDrive and Exchange Mailboxes can be added to backup. This service protects data for a year against catastrophic failure or human error and can be applied to archived sites for long term storage and protection.
Retention policies, archive and backup provide a multi-tiered storage solution for departments and agencies to employ at their discretion.
Lawful record retention
Note: Data and information are defined as records under the Public Records Act 1973 and must be managed in accordance with PROV Standards.
Departments and agencies must ensure that they retain records for the minimum lawful retention period specified by Retention and Disposal Authorities (RDAs) issued by the Keeper of Public Records. This includes ensuring that permanent value records are identified and transferred to PROV to form part of the State Archival Collection.
Records may be retained for a longer period if needed (for example, for a legal proceeding, Freedom of Information applicant or for administrative purposes), but storing data unnecessarily will result in:
- Higher storage costs
- Increased risk of data leaks or breaches.
Those responsible for Information Technology and Records Management within departments and agencies should work together to ensure that:
- Records are retained and usable for the minimum lawful required retention period
- An effective disposal program is implemented for records held in all formats and within all systems and storage environments
- Storage arrangements are in place which will ensure obligations can be met, while costs are kept as low as possible.
Enhanced administrative control for departments and agencies
In consultation with the Shared Tenancy Working Group, Cenitex has provided departments and agencies with enhanced administrative control over their data and information holdings, to ensure they are managed, stored and disposed of correctly by those entities. Authorised officers within departments and agencies have been delegated administrative control which will allow them to adjust retention settings and permanently delete data. This has enhanced their ability to manage their information to ensure they meet their recordkeeping obligations, while managing costs responsibility and mitigating risks associated with unnecessary over retention.
Cenitex and department/agency responsibilities
Cenitex provides ICT support and solutions for government and proactively looks for opportunities to enhance its service offerings. The Cenitex Microsoft 365 shared tenancy is not a records management solution. It is the responsibility of each department and agencies within the tenancy to ensure that records are created, captured, managed, stored and disposed of in accordance with PROV Standards. Most departments and agencies employ third party records management solutions, with records transferred or managed by their records management solution. Those departments and agencies which do not have a third-party solution will need to determine how best to meet their recordkeeping obligations.
See also: PROV guidance on Managing Records in M365.
Material in the Public Record Office Victoria archival collection contains words and descriptions that reflect attitudes and government policies at different times which may be insensitive and upsetting
Aboriginal and Torres Strait Islander Peoples should be aware the collection and website may contain images, voices and names of deceased persons.
PROV provides advice to researchers wishing to access, publish or re-use records about Aboriginal Peoples