Run HR Records Retention and Secure Purge Audit Checklist — Free

Audit Setup and Retention Scope

Audit scope defines the HR record categories included in review critical (required)

Scope should identify which record types are included, such as personnel files, payroll records, benefits records, recruiting files, I-9s, leave records, and disciplinary records.

Yes No N/A

Applicable federal and state retention schedules are identified and current critical (required)

Verify the audit references the current retention schedule sources used by the organization and any state-specific overrides.

Yes No N/A

Record inventory includes format and storage location

Confirm the inventory distinguishes paper, electronic, and hybrid records and identifies where each record set is stored.

Yes No N/A

Audit date and reviewer are documented

Capture when the audit was performed and who completed it.

Retention schedule reference document is attached or linked

Reference the policy, SOP, or retention matrix used for the audit.

Retention Period Compliance

Personnel files are retained for the required period under applicable law and policy critical (required)

Verify personnel records are retained according to the applicable federal and state schedule.

Yes No N/A

Payroll and wage records are retained for the required period critical (required)

Confirm payroll records, time records, and related wage documentation meet the applicable retention requirement.

Yes No N/A

Recruiting and applicant records are retained or purged according to schedule

Check applicant tracking, interview notes, and hiring decision records against the retention schedule.

Yes No N/A

I-9 and employment eligibility records are managed separately from general personnel files critical (required)

Verify Form I-9 records are stored and retained in accordance with applicable requirements and are not mixed into general personnel files.

Yes No N/A

Leave, accommodation, and medical-related HR records are segregated and retained appropriately critical (required)

Confirm sensitive records are separated from general files and retained according to the applicable schedule and confidentiality requirements.

Yes No N/A

No record category is retained beyond its approved retention period without documented legal hold critical (required)

Expired records should not remain in active or archive storage unless a documented legal hold or other approved exception applies.

Yes No N/A

Access Control and Record Integrity

Access to HR records is limited to authorized personnel critical (required)

Review role-based access for paper files, shared drives, HRIS, and document management systems.

Yes No N/A

Sensitive records are stored separately or access-restricted critical (required)

Medical, accommodation, disciplinary, and investigation records should be protected from general access.

Yes No N/A

Records are protected against unauthorized alteration or deletion critical (required)

Confirm version control, audit logs, permissions, and backup controls are in place for electronic records.

Yes No N/A

Physical files are stored in locked cabinets or secured rooms

Inspect whether paper records are protected from casual access, theft, and environmental damage.

Yes No N/A

Records retrieval and chain-of-custody procedures are documented

Verify there is a process for checking records out, tracking access, and returning files without loss.

Yes No N/A

Expired Record Identification and Secure Purge

Expired records are identified using a documented retention review process critical (required)

The organization should have a repeatable method for identifying records that have reached the end of their retention period.

Yes No N/A

Legal holds and open investigations are checked before destruction critical (required)

Verify no records subject to litigation hold, audit hold, or investigation are included in purge lists.

Yes No N/A

Secure destruction method matches record format critical (required)

Select the approved destruction method used for the record type and storage medium.

Destruction is witnessed or vendor certificates are retained critical (required)

Confirm there is proof of destruction, such as a certificate of destruction, destruction log, or witness sign-off.

Yes No N/A

Purge log includes record type, date, volume, and approver

The purge log should support auditability and show what was destroyed, when, and by whom.

Yes No N/A

Destruction occurred using an approved vendor or internal process critical (required)

Verify the destruction process follows company policy and vendor management requirements.

Yes No N/A

Closeout and Corrective Actions

All deficiencies and non-conformances are documented critical (required)

Record each gap found during the audit with enough detail to support remediation.

Yes No N/A

Corrective actions are assigned with owners and due dates critical (required)

Each corrective action should identify the responsible person, target completion date, and required follow-up.

Yes No N/A

Repeat audit interval is defined

Select the planned cadence for the next retention audit.

Inspector sign-off completed critical (required)

Final sign-off by the auditor or reviewer.

Get your results

Enter your email — we'll send you a PDF of your filled-out template, plus the occasional MangoScoop newsletter (templates, workflow tips, product updates). Unsubscribe anytime — link is in every email.

Email (required)

Your name (optional)

Run: HR Records Retention and Secure Purge Audit Checklist

Audit Setup and Retention Scope

Retention Period Compliance

Access Control and Record Integrity

Expired Record Identification and Secure Purge

Closeout and Corrective Actions

Get your results