939.1 Archive tree

Freeze /Design /Site /Commissioning /O&M with 911 names. HVM bollard evidence is immutable.

Build a top-level archive that mirrors delivery: /Design, /Site, /Commissioning, and /O&M. Use the exact naming rules defined in 911 File Index & Naming Rules to keep filenames stable and machine-sortable. Mark the archive “write-protected” after handover so core evidence chain records cannot be altered. For context pages and drawings that aid retrieval years later, include a documentation & certificates subfolder with a one-page index.

Under /Design store the controlled “Issue-for-Use” set and superseded lists; under /Site store geo-tagged photo logs and inspection packs; under /Commissioning store SAT evidence, test scripts, and sign-offs; under /O&M store training records and asset register & serials. Tie every folder to a project RACI so ownership is clear.

939.2 Manifest & checksums

CSV of files with SHA, size, Page ID (919). Integrity verified on restore.

Export a manifest CSV listing every file path, size (bytes), last-modified UTC, and a cryptographic SHA-256 checksum. Include the page locator “Page ID” to link each bundle to 919 Handover Pack Index & Checklists. Store one signed “archive manifest” PDF next to the CSV for human review.

On every restore, recompute hashes and compare to the manifest. Flag any mismatch and replace from the second copy (see §939.6). For CAD/BIM bundles, snapshot a “bookmarked PDF” index to give auditors a quick browseable overview of deliverables.

939.3 Retention & access

Define roles/terms; read-only after handover (736). Access supports audits and warranty (854).

Publish a retention schedule (e.g., 10–15 years post-handover) that aligns with contract and local authority expectations. Configure RBAC with read-only permissions for the core bundle immediately after 736 Handover Pack Index. Maintain a separate writable “working” area for future additions, but never overwrite the frozen set.

Document who can access the archive during audits or a warranty claim and the escalation path for urgent requests. Cross-reference 854 Warranty & Spares Policy so replacement decisions and serial lookups are fast and defensible.

939.4 Restore drills

Annual test of random restores. Proves crash rated bollard records are usable.

Run an annual “restore drill” by sampling 5–10% of items across folders and media. Measure time-to-restore, manifest match rate, and link integrity (e.g., models opening with referenced Xref bundles). Record outcomes in a short AAR and file it under /O&M/Records.

For automatic systems, include telemetry logs that evidence operations and health signals; see 541 Remote Fault Logging for what to export and how to prove completeness.

939.5 Cross-links to assets

Serials, locations, photos tied to 732 asset list and 932 model. Faster fault tracing (541).

Make your archive “click-through.” From the 732 Asset Register & Serials row, link to the as-built photo set, O&M section, and the element in the federated model defined in 932 BIM Coordination & Data Exchange. Include the Site ID and location descriptors so replacements are unambiguous.

For automatic lanes, keep a minimal “operations proof” pack: daily counters, alarms summary, and selected health pings—enough to show usage and duty without drowning auditors in data. This speeds fault tracing and supports predictive maintenance decisions.

939.6 Legal & client copies

Dual media sets; escrow if required. Avoid single-point loss.

Hold at least two independent copies (e.g., primary cloud with retention lock + offline WORM drive). If contracts require, place a third copy with an independent escrow agent. Register each medium in the chain of custody and perform periodic spot checks to confirm readability and hash parity.

Store client-readable formats alongside native files (e.g., PDFs, IFC, MP4), and include a “Read Me First” that points to the Handover Pack index and the archive manifest.

939.7 Update protocol

Only via 118 change log and 537 control. Preserve history.

Post-handover updates must never overwrite the frozen set. Route any new or corrected files through 118 Change Log and governed 537 Change Control & Versioning. Tag the update with a Release ID, write a brief release note, and snapshot a fresh manifest CSV. Keep a superseded file list so auditors can follow the full trail.

939.8 Decommission & EoL

Archive lessons, recycling proofs (367). Close the loop responsibly.

At end-of-life, capture the final configuration, removal method, and environmental outcomes (e.g., steel recycling receipts). Cross-link to 367 Sustainability of HVM/Crash-Rated Bollards and store a concise lessons-learned note tied to the relevant lessons-learned register.

Where systems interface with site security, confirm credentials are revoked and any integrations are cleanly decommissioned, then document the RTS or final shutdown status.

939.9 Auditor checklist

Presence, integrity, traceability, consent, retention. One page to sign off archive quality.

Use a one-page checklist to confirm: (a) the archive is complete against the scope, (b) hashes match the manifest, (c) cross-links resolve from register → photos/models → certificates, (d) access complies with privacy/consent where applicable, and (e) retention controls are active. File the signed checklist under /O&M/Audit and reference the current Release ID.

939 Final Archive & Retrieval — FAQ