Record Retention Guideline

Click here to print the Record Retention Guidelines from the Management Advisory Services website.



“Records” includes paper, electronic records, reports or data in other media.

The Office of Legislative Audits completed their fiscal compliance audit of UMBC for the period beginning March 19, 2015 and ending October 30, 2018.   Campus Departments/Units are instructed to maintain records for four years or until audit requirements are met, whichever is later; therefore, as a general rule, Departments/Units can elect to dispose of records dated prior to October 30, 2018 that meet the 4-year minimum. Often federal and state regulations and grant/contract documents dictate longer retention periods. Always keep records for the longest time limit that applies.

See Electronic Code of Federal Regulation-200.333 Retention Requirement for Records.

The retention requirement, “four years or until audit requirements are met, whichever is later,” requires further explanation. In most instances “audit” refers to the legislative audit conducted by the Maryland Office of Legislative Audit, unless otherwise noted. The specific record itself may or may not have been examined as part of the audit process. The requirement of “until audited” is fulfilled when the official audit report is issued.  The auditors may recommend that certain records be corrected. Such records, even when they meet retention requirements, must be retained during the period that any review is pending.

Please see the UMBC Records Retention Schedule for guidance.

For questions regarding record retention, please contact MAS.  Questions regarding the archiving of records can be directed to Laurainne Ojo-Ohikuare, UMBC Archivist.


Please keep in mind that if litigation, claims, complaints, or audits are started before a retention period ends, all related records MUST be retained until final action is taken.



When disposing of records, exercise caution when records contact Personally Identifiable Information (PII), Protected Health Information (PHI), or confidential financial information.  Physical records containing sensitive information should be shredded.

Deletion of an electronic record may not eliminate all remnants of the record. Electronic data must be securely removed from any disk, tape, USB drive, hard drive, photocopier, facsimile machine, or other device with electronic storage before the device is transferred or discarded. Questions regarding the disposing of electronic records can be directed toDoIT through RT Ticket.



The audit process involves several steps, detailed below.