Anyone with Super Admin privileges can access Vault at ediscovery.google.com. As we mentioned in the Reports section, it's really important that you don't use a shared admin@yourschool.com account, but instead grant individuals admin privileges. This is particularly important when it comes to the audit log reporting within Vault due to the sensitive nature of the data, and to comply with GDPR regulations.
The first thing you'll need to do is set retention rules for Google Vault in line with your schools policy. You can choose to retain Drive, Mail and Groups data indefinitely, or set any period of days from the day an email was sent, or the last date a Drive file was edited.
A hold allows you to set an indefinite retention for an individual user or entire organisation that overrides any retention policy you may have set. Holds are useful if you have individual users who may handle legal documents with a different retention policy than the general one set.
Search allows you to search files or mail for an individual or organisation between specific dates or that contain key terms. Searches are useful when helping users to restore files they have deleted, or during investigations where a bullying incident may have occurred.
You can export all held data and searches to perform more advanced analysis
You can see the audit logs for a matter to see what actions were performed, by whom and when they were carried out. You can also access a more general Audit log from the reports section of the Google Vault dashboard.