All too often, companies think that they have proudly “solved retention” by investing in an extensive SaaS platform that now delivers “real-time” legal retention periods for every jurisdiction where they operate.

Leadership sees this as a breakthrough: no more spreadsheets, no more guesswork, no more sleepless nights over whether HR files or tax records had been held too long. In other words, “our job is done.”

Then something happens – the company becomes embroiled in a massive regulatory action and numerous departments suddenly have to find records quickly, confirm that they have properly destroyed confidential information (after the retention period is over), and show that the company takes its retention obligations (and limitations) seriously.

In other words, the celebration is over.

Further investigation shows that while the information is available, the actual retention schedules were inconsistent across regions – and sometimes even departments. Certain “event-based” records were never destroyed because staff didn’t know how to interpret the trigger. Merged subsidiaries had conflicting rules. Employees weren’t trained on the policies. The software had delivered the law—but the organization hadn’t delivered the practice.

Instead of lowering risk, the new system heightened it. What looked like progress had become a liability.

The Mirage of Progress

This story is familiar. SaaS platforms that deliver retention law guidance are powerful: they surface meticulously researched requirements, cover hundreds of jurisdictions, and update dynamically as laws change. They are indispensable to any modern organization trying to build a defensible retention schedule.

But here’s the trap: having the research is not the same as living the policy. Software can tell you what the law requires—but it cannot decide how to reconcile conflicts, classify hybrid records, or weave rules into everyday workflows. It cannot remind a manager to approve destruction or explain to a front-line employee what an “event-based trigger” means in practice.

Too often, organizations mistake software adoption for program maturity. The result? An elegant library of legal rules with no evidence of operational use. In litigation or regulatory review, that gap looks less like oversight and more like willful neglect.

Where the Platform Ends—and People Begin

Retention guidance platforms can be thought of as a GPS: they point the way, but they do not walk the path for you. They provide breadth and depth of research across jurisdictions, they update quickly as new laws are passed or old ones are re-interpreted, and they give compliance teams a single reference point where once there were scattered spreadsheets. These are not small advantages—they form the necessary foundation of any defensible program.

But, at least today, no GPS on the market actually gets you to your destination! Platforms do not translate requirements into the categories that make sense for your business. They cannot embed rules into IT systems or workflows. They cannot train staff to understand what a retention trigger means in practice, nor can they build a culture where records are seen as assets rather than burdens.

That final leap—from static guidance into living practice—does not belong to software. It belongs to the Information Governance professional, whose task is to interpret the map, build the pathways, and ensure the organization takes each step in practice rather than only in theory.

The IG Professional as Translator and Builder

The role of the IG professional is not simply to “own the schedule.” It is to breathe life into it.

They interpret the platform’s guidance through the lens of the organization’s reality. They reconcile conflicting jurisdictions, decide what categories make sense for the business, and draft policies that are more than shelfware. They work with IT to automate retention rules into systems, with Legal to ensure holds are defensible, and with business units to assign ownership.

Most importantly, they cultivate understanding. They build training that is not canned but contextual, helping staff know what retention means for the data they touch daily. They foster a culture where records management isn’t an afterthought, but part of how the business protects trust, manages risk, and operates efficiently.

Toward a Living Retention Culture

A true retention culture is never static; it is designed to move with the organization. Schedules are not frozen in time but continuously reviewed and revised. Rules are not isolated in policy binders but embedded into everyday systems and workflows. Responsibility does not sit with one team but is shared across Legal, IT, Compliance, and the business itself. Compliance is not asserted but demonstrated through audit trails, certificates of destruction, and well-documented training. And as new laws emerge, as acquisitions reshape the enterprise, as processes evolve, the culture adapts.

In this environment, SaaS platforms play an important role, but they are scaffolding rather than structure. The Information Governance professional is what makes the framework durable—connecting the research to the reality, and ensuring that retention is not just prescribed, but practiced.

Regulated companies know well the dangers of “paper compliance.” Regulators don’t just want to see that you knew the rules—they want evidence that you lived them. In retention, the difference between guidance and culture is stark.

Simply put:

• A downloaded schedule without implementation is evidence against you.

• A platform without training is confusion dressed as compliance.

• A policy without integration is a liability waiting to surface.

The organizations that succeed are those that treat retention software as a starting point, not an endpoint.

And, when software and stewardship converge, retention shifts from a static checklist to a living system. That is where compliance becomes sustainable, where risk is truly reduced, and where information governance fulfills its promise.