A regulator-ready Unit4 archive tuned for UK FOI (7+ year floor), UK higher-education HESA / REF / OfS, UK public-sector NAO audit, Nordic Arkivlagen / Arkivlova / Arkivloven, HMRC payroll, GDPR right-to-erasure, and services-firm client contract retention.
Cloud archive stores the data. Compliance archive proves to a regulator that the data has been retained correctly, accessed appropriately, and produced on demand — for the full retention window, sometimes 15+ years.
Unit4's typical customer base — UK higher education, UK public sector, Nordic public sector, European professional services, nonprofits — sits inside some of the most demanding long-term retention regimes in the ERP world. UK FOI sets a 7-year floor with longer periods for specific categories. UK HE customers add HESA return reproduction, REF cost-attribution evidence, and OfS data-template resubmission windows. UK public-sector customers add NAO and devolved-audit obligations. Nordic public-sector customers operate under national archive law with multi-decade horizons. Professional-services customers add client-contract retention obligations baked into every engagement contract. A generic cloud archive — file in object storage, query it later — does not satisfy any of these requirements on its own.
The Unit4 compliance archive layers regulator-ready retention metadata, immutable storage, formal evidence chains, and pre-built regulator-aligned extract formats on top of the Syntra ETL Unit4 cloud archive. Every record carries explicit retention metadata. Every access produces audit-grade evidence. Every regulator extract — HESA Finance Statistics Return, FOI response, NAO audit pack, REF cost attribution, OfS submission, HMRC payroll reproduction, Nordic national-archive deposit bundle — ships as a ready-to-run saved format, not a bespoke build per request.
The compliance archive is also the right answer for customers whose retention obligations outlast multiple ERP generations. A 2009 Agresso transaction subject to a 15-year HESA-aligned retention horizon needs to be queryable in 2024 — without an Agresso instance, without a Unit4 contract, without an AIB skillset. The Unit4 compliance archive makes that 15-year answer practical at $5K–$20K per year — and produces the evidence to satisfy whoever asks.
Each pillar addresses a specific regulator-evidence requirement we have hit in real customer deployments.
Every archived record carries earliest-deletable date, source-system extract date, retention policy applied, retention-review schedule, and legal-hold status. Auditors see the full retention chain in one query.
Object-versioning with legal-hold prevents tamper. SHA-256 hash chains demonstrate data has not been altered post-extract. Satisfies UK Public Records Act and Nordic Arkiv-law authenticity requirements.
HESA Finance Statistics Return, FOI responses, NAO audit packs, REF cost capture, OfS templates, HMRC payroll, Nordic deposit bundles — ship as saved queries, not bespoke builds per request.
Every query logged with user, timestamp, query text, rows returned, fields touched, masking applied, unmask events. Log itself stored immutably and exported to SIEM — auditor evidence for who accessed what when.
Formal Evidence Pack report — extract chain, load chain, query chain, lifecycle chain, retention-policy attestation — produced on demand for regulator submissions. Not bespoke. Not 'we'll build one'.
Record-level redaction with cryptographic evidence when GDPR erasure applies, with documented exception handling when regulatory retention overrides erasure. Configurable per data domain.
Built on top of the Unit4 cloud archive. Typical deployment runs 4–6 weeks for the compliance layer on top of the underlying archive.
Workshop with compliance, internal audit, legal, records management, HE / Public Sector regulatory liaison. Inventory every retention obligation: UK FOI floor, HESA / REF / OfS, NAO / devolved audit, HMRC payroll, Nordic Arkiv-laws, GDPR, client-contract retention. Output: retention-policy matrix per data domain.
Retention rules configured per data domain in the archive engine. Earliest-deletable dates calculated, retention-review schedules set, legal-hold flags applied where active disputes / investigations require, lifecycle tiering rules aligned to retention shape (hot during high-query years, archive tier during long-tail retention).
Pre-built saved queries activated and tuned for the customer's specific regulator footprint: HESA Finance Statistics Return for HE customers, NAO audit-pack shape for public sector, Nordic national-archive deposit bundle for Nordic customers, client-engagement extracts for services firms. Validated against historical regulator submissions.
Evidence Pack report templated per regulator: UK FOI evidence pack, HESA submission evidence, NAO audit-pack evidence, Nordic deposit-evidence, HMRC payroll-evidence, GDPR erasure-evidence. Pack content driven by extract chain + load chain + query chain + lifecycle chain — generated on demand, not assembled per request.
Read-log pipeline configured. Audit-log events streamed continuously to customer SIEM (Splunk, Sentinel, Elastic, Sumo). Immutable log storage with object-versioning legal-hold. Alerting configured for sensitive-field unmask events and retention-policy exceptions.
Dry-run a representative regulator request end-to-end: FOI request for HE customer, NAO request for public-sector customer, HESA reproduction request for university, client-audit request for services firm. Validate extract + Evidence Pack + read-log. Compliance / internal audit / records-management sign-off on the compliance archive as production.
Pre-built extract formats and Evidence Packs tuned to the specific shapes regulators ask for — refined across UK HE, UK public-sector, and Nordic deployments.
7+ year retention floor enforced. FOI-response extract format pulled from archived gltrans + apvoucher with NI / personal-data masking. Read-log evidence for FOI tribunal cases. Public-records-aligned retention metadata.
HESA Finance Statistics Return reproduction. REF cost attribution from project actuals against research projects. OfS access-and-participation cost reporting. KEF return shapes. Each with reconciliation back to original Business World ledger.
NAO-ready data shapes — full transactional GL, AP voucher detail with supplier evidence, payroll evidence, asset register movements. Same formats accepted by Audit Scotland, Wales Audit Office, NIAO. Read-log proves access controls.
Payroll reproduction from archived acrpayroll + payslip tables. P60 / P11D regeneration. Statutory-pay evidence. PAYE-aligned retention metadata. Former-employee self-service portal satisfies access without keeping Agresso alive.
Multi-decade retention horizons supported. In-country residency (Sweden Central, OCI Stockholm). Open Parquet format for archive-deposit stability. National-archive deposit-ready bundles produced on demand.
Per-engagement retention rules driven by client Flexi-Field. Timesheet / expense / project-actuals retention per engagement contract. Automatic legal-hold for engagements in dispute. Client audit responses with full evidence chains.
A Unit4 compliance archive is a Unit4 (Business World / Agresso / ERPx / Coda) data archive built specifically to satisfy long-term regulatory retention requirements with documented evidence chains. For Unit4's typical customer base it covers: UK Freedom of Information Act minimum 7-year retention, UK higher-education HESA returns and re-submission obligations, REF (Research Excellence Framework) cost-attribution evidence, OfS (Office for Students) data templates and resubmission windows, UK NAO (National Audit Office) public-sector audit packs, HMRC payroll retention (6 years), Nordic public-sector retention regimes (Swedish Arkivlagen, Norwegian Arkivlova, Danish Arkivloven), GDPR right-to-erasure with cryptographic evidence, and professional-services-firm contract retention obligations (typically 7+ years per client engagement contract). The compliance archive layer adds documented retention metadata, immutable storage, formal evidence-of-retention reports, and pre-built regulator-ready extract formats on top of the underlying Unit4 cloud archive.
UK FOI Act and associated public-records guidance set a floor of 7-year retention for most financial and operational records held by public bodies, with longer periods for specific categories. The Unit4 compliance archive applies a 7-year-floor retention rule by default to financial transactional data extracted from Business World / Agresso, with the actual retention period typically set higher (10–15 years) to give a safety margin against retrospective FOI requests. Every archived dataset carries retention metadata — earliest-deletable date, source-system extract date, hash signature, retention policy applied, retention review schedule. Pre-built FOI response extract formats let public-body customers respond to FOI requests in minutes — typically with a one-click extract against archived gltrans, apvoucher, and supplier-payment data filtered to the requested scope, with NI / personal-data masking applied where appropriate.
Higher Education customers in the UK have a particularly intricate retention profile — HESA Finance Statistics Return, HESA Student Record, HESA Staff Record, REF (Research Excellence Framework) cost capture, OfS (Office for Students) data templates, KEF (Knowledge Exchange Framework) returns. Many of these require not just data retention but the ability to *reproduce* a return retrospectively, sometimes years after submission, in response to UKRI, HESA, or OfS audit queries. The Unit4 compliance archive ships with pre-built extract formats for the most commonly requested HE returns — HESA Finance Statistics Return shape pulled from gltrans + Flexi-Field-tagged cost centres, REF cost attribution from project actuals against research projects, OfS access-and-participation cost reporting from departmental rollups. Each format includes the metadata HESA / OfS / UKRI auditors actually ask for: data-as-of date, submission date, applied accounting policies, and reconciliation back to the original Business World ledger.
The UK NAO and its public-sector equivalents (Audit Scotland, Wales Audit Office, Northern Ireland Audit Office) audit central government, local authorities, NHS bodies, devolved administrations, and significant arm's-length bodies. Their audit cycle typically requires 7+ years of detailed transactional evidence: full general-ledger transaction history, AP voucher detail with supplier evidence, payroll evidence per pay period, asset register movements, project / programme cost capture, grant disbursement evidence. The Unit4 compliance archive provides NAO-ready extracts — saved queries that produce the exact data shapes NAO field teams request, with read-log evidence proving who accessed what and when, and with hash chains demonstrating data has not been altered post-extract. For local authorities and NHS bodies running Business World, this means responding to NAO requests in hours rather than the weeks it took to regenerate AIB reports from a live Agresso instance.
Yes. Nordic public-sector customers (Swedish kommuner running Business World, Norwegian fylker, Danish regioner, Finnish maakunnat) operate under national archive law — Arkivlagen (Sweden), Arkivlova (Norway), Arkivloven (Denmark), Arkistolaki (Finland) — with retention periods often longer than UK equivalents and specific obligations around digital-archive accessibility, authenticity verification, and format-stability over multi-decade horizons. The Unit4 compliance archive uses open Parquet format (vendor-neutral, ISO-standardised columnar storage) for storage stability, applies SHA-256 hash chains and immutable object versioning for authenticity, supports in-country data residency (Azure Sweden Central, OCI Stockholm, AWS Stockholm), and produces extract formats aligned with national archive-deposit specifications. Where customers need to deposit data with the national archive at end-of-retention, the compliance archive produces deposit-ready bundles automatically.
Professional-services firms running Unit4 (consulting firms, law firms, architecture practices, engineering services firms — Unit4's services-firm sweet spot) typically have contractual retention obligations baked into client engagement contracts: 7-year retention of timesheet and expense detail per engagement, 10-year retention of project deliverables and supporting financial evidence, sometimes indefinite retention of certain regulated-industry engagements (financial services, defence, healthcare clients). The Unit4 compliance archive supports per-client / per-engagement retention rules — timesheet and expenseclaim data tagged with the engagement Flexi-Field carries the client-specific retention policy, with automatic legal-hold marking for engagements in active dispute. Client audit requests are served from the archive with the same evidence chains used for regulator responses.
This is one of the genuinely hard problems of long-term data retention — and the Unit4 compliance archive handles it explicitly. The archive supports record-level redaction with cryptographic evidence: when a GDPR erasure request is received for a data subject, the records identifiable to that subject are redacted in place (the underlying Parquet objects rewritten with the subject's personal fields nulled), a tamper-evident audit log entry records the redaction with the original record hash, and a cryptographic proof is produced that satisfies the controller-evidence requirement. Where regulatory retention (e.g. HMRC payroll, UK Public Records Act) overrides GDPR erasure for specific fields, the rule engine handles the conflict per documented policy — typically by retaining the financial transaction with personal identifiers masked rather than fully erased. The full erasure-vs-retention policy is configurable and documented per data domain.
Every operation on the compliance archive produces evidence. Extract: source-system metadata (Unit4 instance, schema version, extract date, extract-user identity, SQL query executed, rows returned, hash signature per record). Load: Parquet object created, storage location, encryption-key reference, retention-policy applied, retention-review schedule, manifest signature. Query: user identity, timestamp, query text, rows returned, fields accessed, masking-policy applied, unmask events if any. Lifecycle: tier transitions (hot → cool → archive), retention-review approvals, end-of-retention deletion events with retention-policy compliance confirmation. All evidence is stored immutably (object-versioning with legal-hold), exported continuously to customer SIEM, and surfaced through a formal Evidence Pack report for regulator submissions. The Evidence Pack is the artefact UK FOI, HESA, NAO, HMRC, Nordic archive authorities, and client auditors ask for — and it is produced on demand, not bespoke per request.
30-minute call. Walk through your Unit4 regulatory footprint — UK FOI, HESA / REF / OfS, NAO, Nordic Arkiv-laws, HMRC, client contracts — and your current Agresso retention model. Leave with a compliance archive design, an Evidence-Pack approach for each regulator, and a 15-year retention cost projection.