Compliance
ASQA Standards for RTOs: what 'retrievable and transferable' actually requires

Every RTO knows it has to keep records. The Standards for RTOs are not subtle about it, and most quality and compliance managers can recite the headline: keep your student and training records, keep them secure, keep them for the required period. So the box gets ticked. The records are in the student management system, the course materials are in Canvas, and there is an export sitting on a drive somewhere. Retained. Done.
The Standards ask for something harder than that, and the gap between the two is where an audit goes wrong. The obligation is not only that records are retained. It is that they are retrievable and transferable to the regulator. Those two words carry the weight, and they are the ones most RTOs have never actually tested.
Retrievable is a verb, not a filing cabinet
"Retained" describes where a record sits. "Retrievable" describes whether you can get it back, in a usable form, on the regulator's timeline rather than your own. A record that exists but cannot be produced on request is not retrievable, whatever your storage tells you.
This is easy to wave away until you picture the actual moment. ASQA asks for the assessment evidence and completion records for a cohort from a few years ago. The trainer who ran it has moved on. The course has been reset or rolled over in Canvas for the new intake. The export you were relying on has not been opened since the day it was made. Now you find out whether "retained" was ever "retrievable." That is a poor time to learn the answer.
Transferable is the second half, and it is just as load bearing. The records have to be able to leave your systems and reach the regulator in a form they can use. A backup that only restores into your own environment, or an export in a format nobody can read without the original system, is retained but not transferable. Both words have to be true at the same time, and on demand.
The retention window outlives the system, and the staff
Part of what makes this hard is time. The retention periods under the Standards are long and specific. Records that prove a qualification was issued have to be kept for many years, up to thirty for the evidence that lets you reissue a credential. Assessment evidence has its own minimum, and the 2025 Standards lengthened it. Whatever the exact duration for a given record, it is measured in years, usually well beyond the working life of the Canvas course it lives in, and well beyond the tenure of the people who set it up.

The records you have to produce are often older than the system holding them, and older than the staff who set it up.
That long horizon is exactly why this cannot be left as an IT problem. One of the most consistent things I have seen across years of working with these systems is that IT craves direction from the business. Left to itself, IT will keep the lights on and assume someone will speak up if a particular record matters. The most useful thing a compliance leader can do is give that direction: say which records matter, how long they must survive, who has to be able to retrieve them, and in what form they must transfer. IT enables that decision. It does not make it. When retention is treated as a setting someone configured once, nobody owns the question of whether it still works.
Backup is not archive, and an LMS proves it
Here is where Canvas specifically trips people up. A learning management system is a moving target. Every year new courses are added and old ones retired. New students enrol, and earlier ones become alumni. The live data, the current enrolments, submissions, attendance and grades, is time sensitive and can change by the hour. The archive data, the completed courses and the records of students who finished long ago, does not change at all, but it is exactly what ASQA may ask you to produce years later.
Those are two different jobs, and people routinely collapse them into one. They treat a backup as if it were an archive. A backup answers "can I get back to where I was last night." An archive answers "can I produce a complete and faithful record of something that happened years ago." Both data sets matter, and both deserve protecting, but they are not the same and should not be handled the same way. The completed-course records that satisfy a retention obligation belong in something built to hold them faithfully for the long term, not in last week's operational backup that gets overwritten on a cycle.
And the archive still has to be tested. A seven-year-old export you have never restored is not a record you can stand behind. It is a guess that the file is complete and still readable. The only way to turn that guess into a record is to restore it and look.
The export that looks like compliance and is not
Most RTOs that feel covered are relying on a Common Cartridge export of their Canvas courses. It feels like the retained record. It carries two problems, and both bear directly on "retrievable and transferable."
The first is that almost nobody has restored one. An export that has never been brought back into a working environment is an untested assumption, not a proven record. The second is quieter and more serious for an RTO. A Common Cartridge export captures course content, the structure, pages, files, assignments and quizzes, but it does not include student enrolments, submission history, or the gradebook. That is how the Canvas export format works. It is not a fault in your process. But those omitted items, who was enrolled, what they submitted, and what they were graded, are precisely the completion evidence a records obligation is about. So the artefact many RTOs are trusting to be retrievable and transferable can be silently missing the records that matter most, while being unproven on the records it does carry.
What "retrievable and transferable" actually takes
The fix is not a bigger storage budget. It is two deliberate acts.
First, set the retention policy as a business decision, in plain terms: which records, how long, retrievable by whom, and transferable in what format. Write it down so it outlives the people and the systems it depends on.
Second, prove it. Take a real course that matters, restore it into a test environment, never production, and check that what came back matches what should have, including whether the enrolment and completion evidence is even present. Then write down what you tested, when, and what the result was. That written record is the difference between asserting your records are retrievable and being able to show it. It is the evidence your next audit asks for, and it is a record you can put in front of an auditor without scrambling.
You do not want to discover the true state of your records on the day ASQA asks for them. A record you cannot produce on request is not a record. It is a hope with a filename.
If you want a structured way to run that proof on a single course, we publish a free Canvas Restore Drill Template with the steps, the verification checklist, and a restore log laid out to fill in. The obligations themselves are set out in the ASQA Standards for RTOs. And if you would rather this ran automatically and produced the signed record on a schedule, that is what we are building. We are taking on a small number of design partners now.
← All resources