Toggle menu

Data Retention Manager

Version 2
This documentation is for version 2 of the DRM, released in April 2023. It has the ability to delete process instance data, distinguish between sealed/unsealed histories, and set the retention period based on open/last modified date. For version 1 see Data Retention Manager (version 1)

The Data Retention Manager (DRM) lets you set up schedules that will delete data saved using the platform's History Service and data that remains in the workflow engine once a process instance has ended.

Histories are, by default, created whenever a user starts a workflow process on your site. Histories can also be written by individual form submissions.

You can set up bespoke schedules for each type of history, or save "global" schedules that can be reused and applied to multiple histories. Each schedule has a retention period that can target all histories of a certain type, or just those with specific "labelc" values. A background task (a scheduled End Point) runs each night, checks your schedules, and deletes any data that falls outside of your retention periods.

The DRM has been designed to be used via an iCM Form App shortcut so that it can be secured to an appropriate iCM administrator group of users. It also integrates with the My Account template, allowing your site users to see records of the data they have created and delete the corresponding history.

Assumptions

The standard DRM assumes that the histories saved in the iCM database follow our standard conventions for labels and subject data, described in the History Conventions knowledge base article. When creating schedules our "labelc" policies (notes, attachments, reporting etc) can be found in the Labelc Histories and Reporting Data article.

What Happens to the Data?

History records that have DRM policies applied to them are deleted. When a history record is deleted, any history digests that include the data are automatically updated (this is a standard feature of the history service).

When you set up DRM schedules you can optionally choose to delete the data of terminated process instances too.

Once data has been deleted it cannot be recovered.

The DRM keeps an audit log of what has been deleted.

Other Data Stores

The default DRM behaviour deletes data from the platform's history service and workflow engine. It does not delete form data stored as iCM objects (accessible via the Form Data Browser).

Custom deletion plugins (for example for Case Management) may behave differently and are documented separately.

Understanding Data Retention Schedules

The schedules you create in the Data Retention Manager are important. They irreversibly delete data from the platform that cannot be recovered. You need to make sure that your schedules only delete the data you want to be deleted, but also make sure that data is not left behind that should be removed.

Creating and Managing Schedules

Schedules can be applied to each type of history data saved in the database. They are managed using an iCM Form App shortcut that links to the "Retention Manager" form.

Global Schedules

Global schedules can be created and applied to multiple histories. As they are updated the change is applied to all histories that use them.

Data Retention Audit Log

When a history is deleted by the schedule an audit log is written to the History Service.

Deleting Case Management Records

Case Management has its own integration with the Data Retention Manager to cater for the histories it records, data indexed for Case Search and to handle long running cases.

My Account Integration

Users are able to delete history records relevant to them using the "User Delete Retention Manager" form. This is often displayed as a panel on the My Account template article.

Installation

The DRM is made up of a single form and a group of End Points. It can be accessed using a form shortcut and configured to appear in the My Account template.

Share this page

Facebook icon Twitter icon email icon

Print

print icon