Governance & Compliance Controls
DocLock's governance features work together to keep documents preserved, retained, certified, and traceable. This page explains how the controls that actually exist in the app fit together, and links to the screen where you use each one. It is an overview — for step-by-step instructions follow the links.
The controls at a glance
| Control | What it does | Where to use it |
|---|---|---|
| Legal Holds | Freeze a folder or document so it can't be deleted, archived, moved, or purged until released. | Legal Holds (management/legal-holds) |
| Retention & Archive | Decide where archived files live, how long they're kept, and when they may be purged. | Archive & Retention (management/archive-settings) |
| Official Records | Permanently certify a document as an immutable official record. | Official Records (documents/official-records) |
| Audit Trail | A filterable, chronological log of all document events for traceability. | Audit Trail Report (reports/audit-trail) |
| Audit Vault | An append-only, hash-stamped log of governance actions, with signed export. | Audit Vault tab on the Legal Holds page |
| Permissions / RBAC | Decide who can even see and use each control above. | Role and permission management (administrators) |
How the pieces relate
flowchart TD
A[Active document] -->|aged or inactive| B[Archive & Retention rules]
B -->|retention expires| C[Disposition Queue]
C -->|approve| D[Destroyed + Certificate of Destruction]
C -->|extend| B
A -->|legal obligation| E[Legal Hold]
E -->|blocks| B
E -->|blocks| C
A -->|certify| F[Official Record - immutable]
B --> G[Audit Trail / Audit Vault]
C --> G
E --> G
F --> G
- Retention drives the lifecycle. Archive rules age documents into the archive and, when their retention expires, into the Disposition Queue, where each one is either destroyed or extended.
- A legal hold overrides retention. While a hold is active, the affected content shows as LOCKED and can't be destroyed or auto-purged — the archive settings even include an explicit Exclude documents under legal hold from auto-purge option.
- Official records are a one-way certification. Once declared, a record is immutable — it can't be edited, moved, archived, or deleted.
- Everything is logged. Governance actions land in the Audit Vault (append-only, hashed) and general document activity lands in the Audit Trail Report.
Access is controlled by permissions (RBAC)
Each governance screen is gated by a permission, so users only see the controls they're allowed to use:
- Legal Holds and Archive & Retention require View Configuration (
CONFIGURATION.VIEW). - Audit Trail Report requires View Reports (
REPORTS.VIEW).
If a screen doesn't appear in your menu, you don't hold the required permission — an administrator manages these through role and permission assignments.
A typical compliance flow
- Define retention and archive behaviour on the Archive & Retention page so documents age and purge predictably.
- Place a legal hold when content becomes subject to litigation or audit, freezing it on the Legal Holds page.
- Certify official records for documents that must stay immutable (Official Records).
- Review expired items in the Disposition Queue and decide to destroy or extend.
- Prove it using the Audit Trail Report for general traceability and the Audit Vault export for hold-and-destruction evidence.
What is not in the app
To set expectations honestly:
- There is no custom report builder — the Audit Trail Report uses fixed filters and columns.
- Declaring an official record happens from a document's own actions menu, not from the Legal Holds page (that page only lists certified records).
- The Audit Vault demo records are append-only and hash-stamped for illustration; exports are provided as a signed CSV bundle.