SharePoint Archiving Best Practices for Compliance and Cost Savings

But as usage increases, so do two unavoidable challenges:

• Escalating storage costs – Microsoft charges around $180–$200 per terabyte (TB) per month once you exceed your licensed allocation. For large tenants, that quickly becomes six figures per year.

• Tightening compliance obligations – Frameworks like GDPR, HIPAA, SOX, ISO 27001, NIST, and the Australian Essential 8 demand strict retention, defensible deletion, and auditability.

The dilemma? Simply deleting files may reduce storage bills, but it risks non-compliance. Retention policies may satisfy regulators, but they don’t stop your storage from exploding in cost.

The solution is archiving: systematically moving inactive content out of costly SharePoint storage into secure, compliant, and lower-cost storage — without losing access or auditability. This article explores SharePoint archiving best practices to achieve both compliance and cost efficiency.

Understand the Difference Between Retention and Archiving

One of the most common mistakes organizations make is assuming Microsoft’s retention features are equivalent to archiving. They are not.

Retention policies (Microsoft Purview):
These prevent documents from being deleted or altered during a specified period. For example, you can set a 7-year retention for financial files. However, those files remain in your active SharePoint environment, consuming expensive storage.

Archiving:
This is about moving older or less frequently accessed content to a different tier of storage (e.g., Azure Blob). Users may still see stubs or shortcuts in SharePoint, but the heavy lifting of storage cost is moved elsewhere. Metadata, security, and accessibility are preserved.

Example:
A construction company keeps every project’s documents for 10 years. If they rely solely on retention, those files remain live in SharePoint, pushing storage bills above $250,000 annually. With archiving, the same files are securely stored in Azure Blob at a fraction of the cost, while still being retrievable for audits or disputes.

Best practice: Use retention to ensure legal minimums are met. Use archiving to keep costs sustainable while retaining compliance. Both should work together.

Align Archiving with Compliance Requirements

Archiving decisions cannot be random; they must reflect the regulatory landscape your business operates in.

Industry frameworks and requirements:

• Financial services (SOX, SEC, APRA CPS 234 in Australia): Often mandates financial record retention for 7 years or more. Non-compliance can result in penalties and reputational damage.

• Healthcare (HIPAA): Requires health records to remain accessible, immutable, and secured for extended periods. Archiving provides a way to meet those obligations without costly live storage.

• Public sector (Essential 8, ISO 27001): Emphasizes governance, protection against accidental loss, and traceability. Archiving ensures agencies can produce records on demand.

Real risks and penalties:

• Under GDPR, improper handling of data can result in fines of up to €20M or 4% of annual global turnover.

• The SEC has fined firms millions for failing to retain communication records properly.

• In healthcare, HIPAA penalties can run up to $1.5M per year, per violation.

Best practice checklist:

• Map each compliance framework you fall under.

• Translate requirements into archiving rules (e.g., “Archive project data after 2 years of inactivity, retain for 7 years in immutable storage”).

• Document the rationale — auditors will want to see not just the process but the justification.

Create a Clear Archiving Policy

An archiving policy is more than a technical setting. It is a formal governance document that defines what, how, and why data is archived. Without it, you risk inconsistency, shadow IT, or gaps that auditors will notice.

A good archiving policy should cover:

• Scope – Define what libraries, sites, or content types are included. Example: “All completed project sites will be archived 12 months after project close.”

• Archiving rules – Define triggers such as inactivity (no edits in 24 months), age (files older than 3 years), or event-based (employee departure).

• Exemptions – Identify exceptions (e.g., files under legal hold).

• Retention length – How long archived content stays before defensible deletion (aligned with regulation).

• Access controls – Who can request or restore archived content.

• Audit process – How archiving will be verified and reported.

Example policy excerpt:

“All SharePoint documents not accessed in the past 36 months will be archived to Azure Blob storage via Squirrel. Archived files will be retained for 7 years, encrypted at rest, and logged for all access. Exceptions apply to documents under MIP label ‘Legal Hold.’ Restores must be requested via IT Service Desk.”

Best practice: Publish your archiving policy in your governance documentation. Communicate it to business units so users understand that archiving is not deletion — their files remain accessible when needed.

Automate the Archiving Process

Manual archiving is not sustainable. Expecting staff to move files manually, export libraries, or classify documents invites error and inconsistency. Worse, it creates compliance blind spots.

Why automation matters:

• Consistency: Automation ensures the same rules are applied across all libraries.

• Compliance: Automated logs and policy enforcement prove due diligence.

• Scale: Organizations with millions of documents cannot rely on manual intervention.

Example without automation:
A legal department instructs staff to “move files older than 3 years to a separate library.” Compliance drops because staff forget, misunderstand, or leave.

Example with automation:
Squirrel applies rules automatically (e.g., archive files older than 24 months), replaces them with stubs in SharePoint, and logs every action. Compliance is achieved without staff intervention.

Best practice:

• Use metadata or MIP labels to drive archiving decisions.

• Apply idle-time rules (last modified >24 months).

• Replace files with stubs so users can still access them seamlessly.

• Ensure every archive event is logged for audit.

Ensure Secure, Auditable Storage

For compliance, archiving is not just about moving files to cheaper storage. The storage itself must be secure, auditable, and compliant.

Key requirements:

• Immutability: Archived files must be protected against tampering or deletion until their retention period ends. Azure Blob supports Write Once Read Many (WORM) options.

• Encryption: Data should be encrypted at rest and in transit. Azure provides automatic encryption with customer-managed keys.

• Audit trails: Every access or restore event should be logged and reportable.

• Accessibility: Files must remain retrievable within reasonable timeframes for eDiscovery or regulator requests.

Best practice:
Use Azure Blob as the underlying storage with Squirrel providing:

• Stub file placeholders in SharePoint so users do not feel the archive gap.

• Immutable storage configurations.

• Full reporting dashboards to satisfy audits.

This ensures compliance is not compromised while achieving cost savings.

Review and Update Policies Regularly

Archiving policies cannot be “set and forget.” Regulations change, and so does your business.

Examples of change:

• GDPR interpretations continue to evolve.

• Australia’s Essential 8 maturity model has updated requirements.

• NIST releases revisions that shift compliance expectations.

Best practice:

• Conduct an annual governance review.

• Involve IT, Legal, and Compliance teams.

• Review audit logs from your archiving solution to ensure policies are being enforced.

• Adjust rules as needed (e.g., change idle time from 24 months to 18 months if storage costs spike).

Proactive reviews protect you against regulatory surprises and maintain stakeholder trust.

FAQs

Q: How long should we keep archived SharePoint data?
It depends on industry rules. Financial services may require 7 years. Healthcare can extend to the lifetime of a patient. Always align with your sector’s legal requirements.

Q: Does archiving reduce SharePoint storage usage?
Yes. Proper archiving removes files from SharePoint’s active quota, cutting down Microsoft’s storage charges.

Q: Is archiving with third-party tools compliant with Microsoft’s shared responsibility model?
Yes. Microsoft manages the platform; you manage your data. Using solutions like Squirrel ensures you meet your responsibilities.

Q: Can archived files be restored quickly for an audit?
Yes. With Squirrel, stub files remain in SharePoint and can restore on demand with a click, ensuring compliance with audit requests.

Conclusion

SharePoint archiving is no longer optional. Organizations face spiraling storage costs and tightening compliance obligations. Deletion puts compliance at risk; retention policies inflate costs. Archiving delivers the best of both worlds: regulatory alignment and financial sustainability.

Best practices include:

• Understanding the distinction between retention and archiving.

• Aligning policies with compliance frameworks.

• Documenting and communicating a clear archiving policy.

• Automating the process to eliminate errors.

• Using secure, auditable storage.

• Balancing compliance with hard cost savings.

• Reviewing policies regularly to stay aligned with evolving regulations.

With solutions like Squirrel, organizations can automate SharePoint archiving, reduce costs by 70% or more, and remain fully compliant with frameworks like GDPR, HIPAA, SOX, ISO 27001, and Essential 8.

Learn more about how Squirrel ensures compliant SharePoint archiving →