Skip to content

Quick Start

The following is intended to be a quick start for those familiar with data retention tools and are looking to quickly deploy Content Retention Manager for Confluence.

Warning

We recommend trying our app out first on a development, test, or staging tenant first to familiarize yourself with the features and capabilities. This will help make sure the app conforms to your policies and expectations.

In this guide we'll do the following

  1. Install the app
  2. Set your policy
  3. Audit your content
  4. Grant extensions
  5. Deploy automated retention enforcement

Prerequisites

  1. A defined company policy on data retention or information governance. We'll want to use this to define our policy within Content Retention Manager for Confluence.
  2. An active Confluence Cloud space.
  3. A user account with Confluence Admin (Site-Admin) privileges.

Installation

  1. Install Content Retention Manager for Confluence on the Atlassian Marketplace on your desired Confluence instance.
  2. You can find Content Retention Manager for Jira by clicking the top-level menu Apps -> Manage your apps, then under Apps section on the left navigation pane.

Setting up your Retention Policies

Leave automation off for now

It is advisable to audit your content after setting the retention policies. Enabling automation at this stage may result in the deletion and potential irreversible purging of expired content from your space. Please keep in mind that the primary objective of this application is to assist with data compliance.

  1. Click the Policies tab. Here you will set your team's defined retention policy in days and designate and granular entity-specific retention policies.

    Feature Definition
    Default Retention Where you select your site-wide retention policy. This will be your global default across all spaces.
    Retention Rules Where you can set custom retention policies for specific entities, such as spaces or users.
    Policies Where you create your custom content retention policies to be set against projects or your global default. The days you set will help the audit tool flag all content that is nearing the end of the retention period or has expired past the retention policy. When automation is enabled, Retention Manager will purge content from Confluence according to these policies.

  2. Create a custom policy in Policies if you don't see a preset policy that matches your desired retention schedule. Refer to the Adding a Policy step below. Each policy has a defined retention period and a warning period. The warning period happens at the set number of days before expiration to notify users and admins of the upcoming content removal. This will help your team keep an eye on content expiring before they expire and request content to be excepted against the policy. Extensions can be granted manually on the Content Audit tab.

  3. Be sure to click Save to apply your changes to the Policies settings. The changes will only take effect after they are saved.

Policy Settings

Adding a Policy

  1. Click the Add Policy button in the Policies section to create a new policy.

  2. In the Add Policy dialog, start by entering a unique identifier in the Code field to distinguish the policy being created. Next, provide a clear and descriptive name in the Name field. In the Description field, outline the purpose and scope of the policy to ensure its intent is easily understood.

  3. In the Trigger dropdown, select when the retention period should begin, such as when the content was last modified or created. Specify the duration for which the content should be retained in the Retention (days) field.

  4. Additionally, in the Warning (days) field, enter the number of days before the retention period ends to mark the content as ending retention status as a warning.

  5. Finally, select the appropriate Automation setting, choosing between applying the global automation settings (Default) or disabling automation for this policy (Disabled).

  6. Once all the fields are filled out, click Apply to add the policy.

Add Policy

Adding a Rule

  1. Click the Add Rule button in the Retention Rules section to create a new rule.

  2. In the Add Rule dialog, first select the entity type for which you want to create the rule. For example, if you select User as entity type, you can then search for the user by their names and select a user for the rule.

  3. In the Policy Definition dropdown, specify the retention policy for the selected user. This policy will override the default retention policy for contents created or last-modified by the user.

  4. Optionally, you can select a time frame to limit what contents the rule applies to. Toggle the Apply to a time frame switch and specify the start and end dates.

  5. Click Apply to add the user rule.

Add User Rule

You can also select Space entity type and add a rule for a specific space, as shown below.

Add Space Rule

Information

If content matches multiple rules, the user-based rule overrides the space-based rule. When content matches multiple user-based rules, the rule for the user who last modified the content takes priority over the rule for the user who created it.

By following these steps, you can customize your retention policies to fit the specific needs of your team and organization. Remember, auditing your content first ensures that you can review and adjust these policies before any automated actions take place.

Audit your content

Click on Content Audit tab. Here you will find the dashboard that allows you to comb through all content by status against the defined retention policy. You can use Filters to sort through content that is in the following statuses:

Status Definition Document Status
Retained Content is in an active state and available. This means it hasn't expired per your policy or any extensions. Accessible & Discoverable
Extended Content in which an admin has granted a specific retention policy that can either be shorter or longer than the company's global retention period. Accessible & Discoverable
Evergreen Content in which an admin has extended the retention policy indefinitely. This content will never expire or be automatically removed. Accessible & Discoverable
Ending Content is nearing end of your retention period and you should determine if it needs to be granted an extension or if it's ok to be removed. Accessible & Discoverable
Ended Content has expired against your defined retention policy. When a retention period of content ends, the content is first Deleted (recoverable) then Purged (irrecoverable) after a defined period of time in your Policies. Deleted / Purged

Content Audit

Setting extensions

To extend the retention period for individual content, select one or more items and click Add Extension. You can also bulk edit multiple pieces of content to save time. There are two types of extensions:

  • Defined Extensions, which allows you to set an explicit retention date by content. This sets a specific date in the future you would like this content to conform to.
  • Indefinite “Evergreen” Extensions, which allows you to mark content such that it never expires against a retention policy.

Information

Extensions are applied to individual content and take precedence over all policy settings, including retention rules.

Add Extensions

Remove Expired Content

Warning

Only after you have audited your content and granted extensions to your retention policies, should you begin removal of any content that has expired against your company's defined retention period.

There are two methods for removal in Content Retention Manager for Confluence

  1. Manual - The admin can remove individual content or bulk remove all ad-hoc in the Content Audit tab. This is recommended for your first time using the content since it's likely you will have a very large amount of content at first to remove.

  2. Automation - On the Automation tab you can enable automated deletion and purging of content. This allows the app to routinely remove content from your instance based on it's retention status. As content expires against the retention policy, it is first deleted, then purged based on your settings.

    a. Automated Deletion - Allows the app to automatically delete content as it expires against the retention policy. When content is deleted, it is not longer visible or recoverable to standard users, but is recoverable to Site and Confluence Administrators. Content that is deleted but not purged is also considered “discoverable” in terms of regulations, laws, and investigations.

    a. Automated Purge - Automated purge allows the app to fully remove content from your system after a period of time. At this point the content is irrecoverable to anyone and is no longer considered “discoverable.”

Setting up Automated Content Removal

Leave automation off until you have performed a manual audit of all content you wish to retain and purge.

Once you enable automation any expired content will be purged as defined by the policies you set.

Note: Automated purging occurs based on the configured period after the retention period ends, following its last modification date, not from when it was deleted.

  1. Click the Automation tab. This is where you can enable automation.

  2. You can enable the toggle to automatically delete content, if desired.

  3. You can enable the toggle to automatically purge content, if desired.

  4. Set the number of days after the retention period you want the content purged (no longer discoverable).

  5. Click Save. At this point, automation will start deleting or purging any content based on your policies and the lifecycle of the content with Atlassian Confluence.

Warning

We recommend you have a few days between expire and purge as a backstop should content be removed that should have been retained but not flagged ahead of time.

Automation Settings

Final Steps and Considerations

Remember, ongoing retention management is critical to conform to the array of laws and regulations, how you plan on enforcing is up to your team's operational plan. With Content Retention Manager for Confluence to can decide how much automation or manual process you would like. We recommend starting with manual auditing and removal for a period of time as you get familiar with the product. This will also make sure you don't accidentally remove something important.

Content Status

Atlassian has multiple status levels to understand on how content exists. Discoverability for investigations and compliance is considered any time anyone (including an admin) can access or recover content.

Document Status Visibility Discoverable
Current Anyone Can View (limited to the content's visibility settings) ✅
Archived Visible to document owner, Users can archive and unarchive content ✅
Deleted / Trashed Not generally visible but recoverable by Space and Confluence Admins ✅
Purged No longer visible nor recoverable. Any trace of the content is removed. ❌

Discoverability and Liability is critical to understand

Archiving and Deleting is not enough, so long as someone can recover a file, it's considered discoverable to most laws and regulations. So it's important that you actively maintain a policy that factors in what you want to be discoverable according to your Legal and HR teams.

Don't forget the Audit Log

The Audit log is a permanent record for you to provide for any investigation to know who and when may have set or updated a policy, defined an extension, deleted, or purged content. If the content is deleted or purged by automation it'll show up as such. The log only identifies content on a limited ID, it will not log the content itself.

Audit Logs