Documents tell the story of a not-for-profit organization: its programs, people, community impact, events, and more. And just as it’s unnecessary to keep everything permanently, sometimes important documents accidentally get tossed or deleted.

A policy that spells out what to do with all the files helps management and the Board run the organization smoother. Document retention policies are a necessary part of nonprofit management, but not everyone knows what to include or how to go about file storage.

Now that organizations are back in the office, planning events, and working in their communities again, it’s an excellent time to review their strategy for keeping and destroying paper or electronic files.

What is a Document Retention Policy?

A document retention policy lays out responsibilities for document maintenance and destruction: how long to keep certain records, whether they should be stored digitally or physically, on-site or off-site, and who’s responsible. In these ways, it’s more like a document management policy. The document retention policy can act as a standalone document or be part of an employee handbook, Board bylaws, or volunteer training.

The extent and detail of a document management policy varies. There are generic templates available, though policies should be customized to fit each not-for-profit’s (NFP) unique needs.

Staff, volunteers, the Board of Directors, and outside advisors are all obligated to follow it. Why?


Donors, stakeholders, legal and regulatory agencies, and volunteers have an obligation to know how a nonprofit organization uses its funds. Though this is typically the purview of financial reporting, an updated document retention policy can help organizations stay accountable to the communities they serve.

Fiduciary Duty

The Board of Directors has a fiduciary duty to serve the best interests of the organization and its donors. A document retention policy helps Board directors and members fulfill their responsibilities in this area. More transparency and a commitment to governance signals to current and potential donors that the organization cares about the data it’s entrusted with.


Further, NFPs are required to indicate on Form 990 whether they have a document retention and destruction policy. It’s not required to have one, but the IRS does ask.

For many organizations, in practice this isn’t a formal, written document or it hasn’t been updated; or, more often, it’s not followed.

Storage Space

Physical storage for large amounts of paper files takes up space. Storage units and off-site storage facilities cost money. Electronic documents take up space on individual computers, in email inboxes, and network storage – and the more data that’s stored on a network, the more susceptible the organization could be to data breaches. Whether the motivations are decreasing cost, organizing files, or staying compliant, a document retention policy helps to achieve all three goals.

Minimum Required Guidance

There isn’t one set of specific requirements that NFPs must follow. These are general guidelines with minimum requirements for most documents; organizations may opt to keep certain files longer than required.


  • Audit reports
  • Year-end financial statements
  • Checks for important purchases or payments
  • Legal correspondence
  • Deeds, mortgages, and bills of sale
  • Income tax determination letter
  • Depreciation schedules
  • Insurance records, current accident reports, claims, policies, etc (active and expired)
  • Meeting minutes, Bylaws, and charter
  • Patents and related papers
  • Trademark registrations and copyrights
  • Retirement and pension records
  • Tax returns and worksheets
  • Annual reports

7 Years

  • Accounts payable ledgers and schedules (includes Forms 1099)
  • Tax withholding statements
  • Expired contracts, mortgages, notes, and leases
  • Expense distribution schedules
  • Invoices
  • Payroll records and summaries
  • Personnel files for terminated employees
  • Timesheets

3 Years

  • Bank statements and credit card receipts
  • Sales records
  • Petty cash vouchers
  • Internal audit reports
  • Employment applications
  • Inventory records for products, materials, and supplies

2 Years

  • Bank reconciliations
  • General correspondence
  • Customer or vendor correspondence
  • Duplicate deposit slips


  • Contracts still in effect should be kept for the duration of the contract period.

Paper documents not otherwise mentioned above should be discarded after three years. Electronic documents should be destroyed after one year and scrubbed from individual computers, databases, networks, and/or USB drives or back-up storage. That would also typically include text messages and emails.

Other Document Retention Guidance for Not-for-Profits

In addition to the above timeframes, there are a few other guidelines that not-for-profits need to adhere to.

If there’s an ongoing government investigation or litigation, NFPs must retain all documentation related to those proceedings. Organizations can check with their legal counsel if this situation arises. Organizations should also keep paper and electronic files that would be needed to comply with Single Audit requirements. Government grants and other types of government relief usually have their own document retention standards.

Organizations should also be aware that state governments and state agencies may have different rules. It’s best to check with outside advisors before formally adopting a new document retention policy or updating an existing one.

For questions about your not-for-profit’s document retention policy, contact Jonny Rosch, CPA, a Partner in PBMares’ Not-for-Profit practice.