The Legal Basis for Record Keeping
Regulation 84 of S.I. 284/2016 requires contracting authorities to keep sufficient documentation to justify decisions taken at every stage of the procurement. Documentation must be retained for at least three years from the date of award of the contract, and must be made available to the European Commission on request. For CWMF projects, the retention period is typically aligned to the project lifecycle, which may extend to 10 years or more.
The Freedom of Information Act 2014 creates an overlapping obligation: procurement records held by public bodies are subject to FOI access requests, except where commercial sensitivity or third-party privacy exemptions apply. Contracting authorities should assume that any procurement record may eventually be subject to public scrutiny.
What Must Be Retained
At minimum, the procurement file must include: the pre-procurement decision (business case, estimated value, procedure selection); the procurement documents as issued (specification, conditions of contract, evaluation criteria); all tender queries and clarifications (sent and received); copies of all tenders received (including unsuccessful tenders); the evaluation record; the award decision notification; evidence of the standstill period; the signed contract; and any post-award amendment or variation approvals.
For CWMF projects, the file must also include: stage gate approval documents at each gate; the design team appointment records; the tender report; the contract sum analysis; and monthly cost report snapshots. Post-project review documents (Gate 6) must be retained for the full project lifecycle.
Format and Storage
Records must be stored in a manner that allows retrieval within a reasonable time. Electronic records must be backed up and protected against loss. For above-threshold procurements, paper records should be complemented by electronic copies held on a shared drive or document management system. The preferred format for long-term retention is PDF/A (archival-grade PDF) for document files.
Contracting authorities should have a documented records management policy that covers: where procurement records are held; who is responsible for maintaining them; how long they are retained; and the disposal procedure after the retention period expires. The absence of such a policy is itself an internal audit finding.
Making Records Auditor-Ready
Records are only as useful as they are accessible. An auditor (C&AG, internal audit, external review team) should be able to reconstruct the entire procurement decision from the file within a day. Files should be organised chronologically, with a cover index listing each key document and its date. Handwritten notes from evaluation meetings should be retained even where they are subsequently typed up.
GovIQ maintains a complete digital procurement file for each procurement run through the platform. Every decision, document and event is timestamped and stored in the audit chain. At audit time, a single export produces a complete, signed file ready for external review — eliminating the risk of records being scattered across email inboxes, shared drives and physical files.
Let GovIQ route your next procurement automatically.
Get a free procurement audit report — your procedure, documents and audit trail in one signed pack.
Get free audit report