Presentation on theme: "SharePoint Records and Compliance"— Presentation transcript:
1SharePoint Records and Compliance Anthony WoodwardAustralia
2Introductions Anthony Woodward Chief Technology Officer RecordPoint Technology professional with fifteen years of experience in information technology focusing on Records management and collaboration.Software Engineer when my schedule lets meMember of the Microsoft Partner Council (SharePoint) and a Microsoft Virtual Technical Specialist.Broad range of corporate and government business problems including technical publishing, product data management, and records management.Anthony & RecordPointPaula & Intergen
3Why do we need to Records Manage at all? Do I care?Why do we need to Records Manage at all?
4Examples of What NOT to do! Compliance Hall of Shame Examples of What NOT to do! Compliance Hall of ShameLuke DuffyFormerly of National Australia BankNow Serving Time, Took Down CEOBernie EbbersFormer CEO of WorldComNow Serving 25 YearsKen LayFormer CEO of EnronFacing 175 YearsLiu Jinbao was a former CEO of Bank of China (Hong Kong) Limited and vice-chairman of Bank of China.Liu was abruptly transferred back to Beijing to become vice-chairman of Bank of China in May Investigations subsequently found Liu to have "committed economic crimes" in connection with his previous appointment as the head of the Shanghai branch of the Bank of China. Liu was subsequently dismissed from his post.Liu, along with three other senior managers, were also alleged to have made "unauthorized distribution for personal purposes" of funds belong to the Bank of China before BOCHK was established. The Standard speculated that the amount involved was HK$30 million.Chinese court has sentenced him to death.Gale NortonSecretary of the InteriorHeld in Contempt of CourtMorgan StanleyFined $1.45 BillionStock Price DownCEO RemovedLiu JinbaoFormer CEO of Bank of ChinaNow on Death Row
5Are you one of those in the Board Room or “middle management”? Are you one of those in the Board Room or “middle management”?
6Value Proposition for Records Management Value Proposition for Records ManagementGlobally the courts will view the following as “BAD” =NOT having a Records Management ProgramNOT having a consistent deployed Records Management ProgramNOT having a Data map (knowing the where, how, when regarding retrieval of your own data)NOT having performed an audit of your Records Management Program and eDiscovery PlanSingle Enterprise Search / e-Evidence Discovery (records & non-records)Consistency in the control and classificationConsistency in ability to manage business recordsCentralised application & release of Hold OrdersCentralised disposition authority for the enterprise
7Any Predictions on how this will turn out? Any Predictions on how this will turn out?
8What are the Implications? What are the Implications?More audit and court fines, out-of-court settlements, etc. regarding than another other document type.Implications of Unified Communication: Retention of those Communications, Instant Messaging (IM), fax, v-Mail, Snail Mail, ??? (what’s next Blogs, Wikis, Twitter, Facebook?)What is your corporations Legal Position?Keep everything destroy nothingKeep nothing destroy everythingAll is created equalRegulatory DriversEnsure timely and complete disposition / expunge of “ALL” copiesEnsure privacy and record security policy
14Enterprise Content Management CreateControlProtectCreate and organize content easilyManage content policy, information architecture and taxonomyReduce risk and manage compliance with centralized toolsPersonalTeamOrganization
15ECM Approach1ECM has evolved, where content creation and organization is intuitive and simple through discovery and collaboration2Ensure compliance is achieved through content policy, information architecture and taxonomy3Centralized eDiscovery across the Office platform helps protect organizations by improving compliance without affecting user productivity
17What is Records Management? Practice of identifying, classifying, archiving, preserving, and destroying records according to a set of pre-defined standards
18Why Records Management? Increasing pressure to manage risk more effectively through improved compliance with regulatory and corporate policiesGovernment and industry regulationsSingapore Government Information Management handbook, ISO & ISO 16175, MoReq and DODLegal eDiscoveryCourt Handbook of Singapore etc.
19Records Management Challenges Difficulty applying retention policies to contentHigh costs of complying with new laws and regulationsDifficulty providing access to controlled recordsHeavy reliance on ITPoor user adoption of records management solutions
20Records Management Strategy You should view retention and records management as a component of the overall document lifecycle to reduce risk and improve compliance with increased adoption
21Content Lifecycle Add metadata at each step of the way Review Publish/ CreateCollaborateReviewApprovePublish/DeclareExpireArchive/DestroyAdd metadata at each step of the way
23What’s New in SharePoint 2013? SharePoint 2010 features, plus:Site RetentionSite MailboxeseDiscovery PortalCloud ParitySharePoint 2010:Content OrganizerDocument SetsDocument IDsLocation-based metadata defaultsMetadata navigationIn-Place RecordsSite-based eDiscovery and Holds
24What’s new in SharePoint 2013 Microsoft’s two key goals for SharePoint 2013:Investment in ‘cloud-first’. For example, you can now do records center in the cloud.By making most aspects of content easier to use, you get better adoption and information governance.
27Site RetentionCompliance features of SharePoint Server 2013 have been extended to sites.You can create and manage retention policies in SharePoint Server 2013, and the policies will apply to SharePoint sites.
28Site RetentionCompliance officers create policies, which define the following:The retention policy for the whole siteWhat causes a project to be closedWhen a project should expire
33Unified Discovery across Exchange, SharePoint and Lync Find it all in one place (unified console)Find more (in-place discovery returns the richest data)Find it without impacting the user (Give legal team discovery, leave IWs alone)Discovery Center in SharePointUnified Preserve, Search and ExportExchange Web ServicesConnect to Exchange to get mailbox dataLync Archiving to ExchangeExchange is the compliance store for LyncSearch InfrastructureExchange and SharePoint use the same search platform
34Legal can create discovery sets for in-place preservation View in-place hold stats in real timeCreate queries to trim down content required for analysis or export
35Add Exchange mailboxes, SharePoint sites and file share sources Preserve content in original location with true fidelity
36Unified search query across Office platform Reduce preservation set size with additional filtersView breakdown of results and size statistics at-a-glancePreview content prior to exportMultiple message types, including Lync
37Tabbed resultsPreserve discussions and feeds from SharePoint
38Export content to EDRM XML standard format Options for de-duplication, IRM removal and document versioning
39Cloud Parity Records Center: cloud parity Document IDs Multi-State RetentionPer-Item Audit ReportsHierarchical File PlansFile Plan ReportIn-Place Records Management in the cloudTaxonomyCentral Content TypesContent OrganizerVirtual Folders (Metadata Navigation)
42Records Management Challenges Difficulty applying retention policies to differing contentGranular Retention control – OOTB SharePoint only has limited actions:Heavy reliance on ITPoor user adoption of records management solutionsRecords can still mean managing Paper/ Physical records
43Considering Records in SharePoint? How much content do you have?What types of content do you have?Can you maintain the experience?What are your compliance requirements?Who will be using SharePoint, and how?How long do you plan on keeping your content?In SharePoint…In your company…What version of SharePoint do you have?
44Considering Compliance for SharePoint? What are your compliance requirements?VERSDODMoReqGovernment Records -Information Management HandbookANSIISO 15489Sarbanes-OxleyUETANAAIS40ISO 16175FRCP
45COMPLIANCE Source - http://rimtech.ca So what does those limitations mean for SharePoint as a compliant record keeping tool?The answer is…not much at all.RIMtech has conducted an exhaustive comparison of the recordkeeping capabilities of SharePoint, versus the requirements of US DoD We conclude that SharePoint 2010 delivers 72 out the requirements. Many organizations however do not need some of the capabilities. We then defined what we called the F1000 Requirements – a subset of that we believe most organizations can get by and still meet formal recordkeeping requirements. The F1000 specifies 105 capabilities. Hence, SharePoint 2010 is deficient by 33 capabilities to meet F1000, and 196 capabilities to meet US DoDSource -
46Microsoft’s ResearchA considerable amount of the requirements of International Council of Archives standard is delivered SharePoint 2010.88% of Records functionality as defined by the ICA standard (ISO 16175) is now available “out of the box” using Sharepoint 2010Additional configuration and Third party applications are required to provide specific records compliance functionality
47RecordPoint Delivers Compliance to ISO standards Built into SharePoint Seamless end user records experienceRecords Manager tools:Rules drivenDefinable aggregationDisposal Reports/ WorkflowsExport/ Import tools for RecordsPhysical File/ Record Management in SharePointFile Request ManagementRecords ReportingSingle view for Records teamEnhances SharePoint Term Store for BCS
48Deliver Best-in-Class Hybrid Cloud PublicComing SoonTodayCommon TechnologiesIdentity ▪ Virtualization ▪ Management ▪ DevelopmentPrivateKey Points:We believe IT will be a hybrid world – a mix of on-premises and off-premises solutions – spanning private clouds (whether in your datacenter or a hosting company’s), public clouds and traditional IT.We’ve combined years of experience running apps at internet scale with our years of experience in on-premises software to create this broad and deep array of cloud solutionsOur solutions span private and public cloud environments – and our services span productivity, database, business applications, and infrastructureIn the world of hybrid cloud environments, a distributed computing fabric that brings things together on behalf of your IT professionals and your developers writing applications – you need commonalties across identity, virtualization, management, and application developmentMicrosoft is uniquely positioned to provide these commonalitiesLet’s take a deeper look at how we’re approaching cloud. For Microsoft, our uber vision is to have a continuous cloud service for every person and every business -- kind of harkens back to Bill Gate's vision, a PC on every desktop. That grounds you in how broad we’re thinking about the importance of the cloud.Talk Track:We want to cloud optimize every business – so EVERY business can employ cloud technologies in their own way -- at their own pace. To do this, we’re really taking all of the years of experience we have at running applications at Internet scale, which started with MSN in 1995 all the way to BING and Hotmail today, and combining that with our expertise in on-premises software.We're pouring all of this into three cloud environments that run several distinct categories of services.What are those cloud environments?(2) public cloud – where we manage the platform for you; and…(1) private cloud – where businesses control their environment by using cloud-enabled on-premises products(3) a mix of the two – or what we call hybrid cloud environments or hybrid IT.We’re anchoring the private cloud environment with a cloud-optimized operating system and management solution, Windows Server and System Center, which manages everything from infrastructure to applications to clouds – private and public -- making it possible for you to manage hybrid cloud environments.By the same concept, Microsoft’s public cloud offerings are anchored by Windows Azure, which is a comprehensive IT platform across both compute, storage, network capabilities and higher-level services like relational databases.CLICK - FIRST ANIMATION(1) Productivity -- with Lync Server, Exchange Server and SharePoint Server on the private, and Office 365.Whether it's public or private, our services across both fall into a few categories:(2) Database -- with SQL Server private cloud enabled, and SQL Azure in the public cloud space(3) Business Applications -- with Microsoft Dynamics enabled on the private cloud, and Dynamics CRM Online available through our public cloud.(4) And last – Infrastructure -- there's Windows Intune providing desktop management & security running on the cloud, and the Windows Azure platform.But, it's not just the fact that we have this deep and broad set of services and platform capabilities across public and private, it's the commonalities between the two that provide the real magic and uniqueness in Microsoft’s business cloud strategy.CLICK – SECOND ANIMATIONDelivering Best-in-class Hybrid clouds… I mentioned hybrid environments before. We believe all companies are going to have multiple cloud environments private, public cloud, service providers… welcome to the world of hybrid IT – a place businesses are going to call home for a long time to come.In this hybrid world, you absolutely need a distributed computing fabric that brings things together on behalf of your IT professionals and your developers writing applications.These commonalities of identity, virtualization, management, and application development are what makes Microsoft's platform very unique.Common Identity – The majority of our enterprise customers use Active Directory (AD) to manage their identity infrastructure. Through federation, you can also extend AD to offer consistent/secure SSO experiences for applications spanning across private and public clouds. Coca Cola Enterprises set up an Office 365 solution with single sign on for their employees and business partners using a combination of on-premises and public cloud based components. (http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid= )Common Virtualization – through capabilities like the Windows Azure VM role, we help you deliver application portability across private and public clouds.Common Management – Through System Center 2012, which we’ll cover later, we offer full visibility and control for IT professionals across private and public clouds environments. At the same time, we continue to empower your application owners with self-service to make sure they can deliver agile app experiences to their businesses. Common Development – The developer experience from Microsoft on the Windows Platform is unparalleled. The .NET framework allows developers to use the same set of skills to rapidly build great applications for the client, phone, browser, server and the cloud. Manage the entire application lifecycle with Visual Studio. Use the most popular languages for development so you don’t have to retrain your developer staff on a new paradigm.CLICK – THIRD ANIMATIONThis entire picture is one of the biggest advantages Microsoft offers our customers. To summarize, our private and public cloud technologies easily work with each other – creating synergies for a hybrid cloud environment. From the best experience with the most-used apps, to higher-level services for public cloud, to providing better TCO on private cloud than our competitor like VMware, Microsoft is committed to delivering the best-in-class hybrid cloud solutions to its customers. I’ll go deeper on all of this as we continue our conversation.The RecordPointDifferenceHybrid Support & the CommonsRecordPoint Collects from CloudTotal Cost of OwnershipOn Premise or Hosted SolutionPrivateHybrid Support & the CommonsBuilt in AzureHigher-level ServicesPublic