Business systems. Records in business systems should be destroyed using the functions of the system where possible, in order to maintain system integrity. Deletion is practical but only appropriate where the system is in active use. If the system is not in active use, or contains highly sensitive information, records should be overwritten rather than just deleted, to prevent them from being recovered. A record of destruction or audit log should be retained.
Electronic document and records management systems (EDRMS). An EDRMS should ensure that the destruction of a record includes all versions and renditions of that record. Where the same record appears in more than one file, the record and its renditions should be removed from the file. The record should be finally deleted once all occurrences of the record have been destroyed. Retention of record metadata will ensure the agency is aware of the records it has held and the dates they were destroyed or otherwise disposed of.
Back-up systems. If a record has been destroyed, copies held in back-up systems also need to be destroyed. If it is impractical to destroy specific records within the back-up system, then it is possible to wait until the back-up media has been recycled. However, back-up cycle times should be taken into consideration. If the cycle time is too long, records in the back-up system should be overwritten. The acceptable time period may be determined by conducting a risk assessment.