Presentation on theme: "SharePoint Records (Information) Management"— Presentation transcript:
1SharePoint Records (Information) Management What works, what doesn’t?Chris CaplingerRecordLion, Inc.
2Who am I?And why am I talking about Records Management and SharePoint? Founder and President of Vice President of the St. Louis Chapter of ARMA Former CTO and co-founder of Co-author of “SharePoint 2010 ECM”
3Session Overview What we are going to discuss: RIM Components (Mostly) SharePoint 2013 On Premise and OnlineWhat RIM features work and what are the issuesThe RecordLion SolutionWhat we will briefly discuss:Microsoft ExchangeWhat we are not going to discuss:Rights ManagementTechnical details on SharePointSomething else that’s likely important to you
4The Cost of Obsolete Information Data GrowthOrganizations double amount of data they store each yearMoore’sLawInformation BreachThe more data you keep, the greater the risk of information breachNoiseMore data you keep - the harder it is to findThe more data you keep - the harder it becomes to analyzeData is useless if it can’t be analyzedLegal CostsOpponents discovering information that could have been destroyed can cost millions of dollars.Error in obsolete data are prone to penaltiesLocal company fined for old accounting data
79 Big RIM Rocks File Plan Management Classification Event based retentionDispositionAuditingHandlingPhysical File HandlingLegal HoldseDiscovery
8File Plan Management and taxonomy “By failing to prepare, you are preparing to fail.” - Benjamin Franklin
9File Plan OverviewA document or a way to document the retention schedules for all your information.Your Records Manager should create and maintain your File PlanYou must publish your File PlanFile Plans should include a cutoff event, retention period and disposition information
11File Plan, what works? Record Managers need File Plan Management Use Excel SpreadsheetUse SharePoint List(s)Use a third party productTaxonomy StructureShow example of Excel SpreadsheetLocation Based for Homogenous environmentsContent Type Based for Heterogeneous environments
12Location Based Taxonomy Only possible if similar information is stored together!One site (or site collection) for each business unitHuman ResourcesAccountingCorporateLibraries for high level record typesEmployee RecordsHiring RecordsEmployee BenefitsFolders for different casesEmployeesCandidatesBenefit YearFind information by browsing!
13Find information by searching Content Type BasedCrucial in heterogeneous environments!Use Content Type PublishingCentral location for document types and policiesHelps ensure governanceFind information by searching
14Record Centers vs. In-Place Records CenterIn PlaceRecord StatusGood for archive and in- active recordsGood for active and collaborative informationSecurityRecords are kept separate and secureInformation is secured while activeAccessibilityGood when only Records Managers accessGood when teams still need accessVersionsFinal version is a recordAll versions are recordsPolicies are driven byUsually by locationUsually by Content TypesAdministrationHarderEasier
15! ! ! File Plan Issues Taxonomy is not generated from File Plan Changing File Plan does not change taxonomy!No help in understanding regulations and laws
17Classification Overview Classification assigns information to a specific class of content which should be related to policies.Creates defensible policy assignmentSimplifies searchingReduces cost of eDiscovery
18Classification, what works? Drop Off LibrariesRoute content based on MetadataMetadata foldering (great for handling case type files)Available in SharePoint 2010, 2013 and OnlineEmployee RecordsJohn DoeJane DoeFred Smith
19Classification, what works? Location based classificationUpload from libraryDrag and drop on browserDrag and drop using Synced Libraries (also OneDrive Business)!Potential Governance Risk
20Classification Issues !No Meta Data ClassificationForces too many Content Types!No Automatic Document ClassificationMeta Data ExtractionClassification for Content Types!No ClassificationMove to SharePoint?Leave in Exchange?
22Retention OverviewRetention is a component of a file plan. Specifically it specifies how long after an event before disposition takes place.What drives retention periods?Industry regulationsFINRA, SOxCorporate policiesLocal, state and federal lawsIRS, DOLFile Plans should include a cutoff event, retention period and disposition informationBarclays fined $3.75M
23Retention, what works? Assigning policies per Content Type or Location TemptationRecommendedSite RetentionClose and Delete Sites based on rules
24! ! Retention Issues No Case Based Retention No Event Based Retention Need to dispose all related document (ex. Employee Files, Tax Records, Loan Files)!No Event Based RetentionRequired for casesDate column retention is not enoughCustom policies require experienced developer
26Disposition OverviewDisposition refers to the formal disposal of content from your organization.For disposition to work you need a…File PlanReview and Approval capabilitiesDestruction and/or Transfer processNot all content needs this process, but your important records should be reviewed before being destroyed!
27Disposition, what works? Deletion of contentRecycle BinPermanent (but not forensic)Deletion of entire sitesAlso Exchange MailboxesTransfer to other SharePoint locations
28! ! Disposition Issues No Review and Approval features Custom workflow required!Forensic destructionSQL data?OneDrive for Business Documents?Is this important to your organization?Forensic Discovery UnlikelyPotentially more secure!?!
30Auditing Overview Needed for defensible RIM and eDiscovery Needed to see if Records Management is workingAids in reporting
31! Auditing, what works? Content Auditing This WILL slow your system down
32! ! ! Auditing Issues No way to determine accuracy Classification accuracyRecords declaration accuracyDisposal accuracy!Difficult to impossible to analyzeExcel ExportNo cubes or custom reporting!Performance
35SharePoint Email records only Moving records to SharePoint Not for active or non-record sMoving records to SharePointAutomatic (Third Party)Drag and Drop (Limited)Move in Outlook (Third Party)
36Exchange Retention for all messages on a mailbox 2010 and newerCustom retention for specific locations2010 and newerMessage classification (2013 and Online)In-Place Legal HoldsCustom policy tags for Calendar and Tasks are only available in Exchange 20132010 used deleted or modified dates2013 can use receive dateIn-Place ArchivingEliminates PST (Good for compliance)
37Exchange or SharePoint It will be difficult (or maybe impossible) to create the policies for your File Plan in ExchangeDetermine how to identify records in ExchangeMove identified records to SharePointCreate policies for non-records in ExchangeCall to action…RecordLion eliminates the need to move records to SharePoint, since it can use the same file plan for both SharePoint and Exchange.
39Physical Files Overview Do you need paper?Quick ROI with scanningElectronic creation is even betterWhen you store paper consider…A safe dry place.Are they secure? (Who’s viewing and copying?)Do they have retention schedules?How is it being destroyed.
40Physical Files, what works? OrganizationLibraries and folders can match physical locationsBy Record TypeBy Date (typically year)Organizational/DepartmentalContent TypesRarely homogeneousUse when possible
41Physical File Issues!No integration into commercial records centersIron MountainRecallThe File Room!No trackingNo auditingCheck In/Out not a solution!No file requests/fulfillment!Barcodes and LabelsBuilt for electronic documents!Not in sync with similar electronic records
43Legal Holds OverviewSuspending the normal disposition of information when it is reasonably expected.Legal holds can protect you from spoliation fines or in some cases, incarcerationLegal holds should suspend the information management policiesLegal holds should lock information from further editingIdentifying the correct information is key to successful legal holdsLegal holds are required for present and future informationAmendments to the Federal Rules of Civil Procedure (FRCP) from December 1, 2006 require organizations to hold electronic records (in addition to physical records) until the legal matter was settled.Just as important to find the information that should be held is the ability to eliminate information that is not relevant.
44Legal Holds, what works?Legal holds aren’t the problem… finding the right information isClassification is keyeDiscovery CenterIn-Place Holds (Records Center not necessary)Record Centers
46eDiscovery, what works? eDiscovery Center Site Collection Single place to collect informationAutomatically places Legal HoldsAbility to export dataIntegration with Microsoft ExchangeEnterprise wide searchingLegal Holds are typically done before eDiscoveryExported data includes complete list of exported dataExport and Hold can include documents, list items, pages, blogs and Exchange objectsRecord CentersSite TemplateBasic search and hold
47! ! ! eDiscovery Issues What about your other information? Unstructured Data can be difficult to search!Conversion to usable formats
50RecordLion Difference File Plan (Retention Schedule)Import/Create/Modify“All” your contentClassificationFolders AND/OR Content Type AND/OR Meta DataDispositionDefensible DispositionAudit Trail“All” your audit informationAdvanced ReportingContentNot just SharePoint
53Steps to Success in SharePoint #1 - Build File PlanWhere information is storedWhere information comes fromWhat is a record and when to declare themHandle non-records#2 - Implement File PlanCreate taxonomy (the flatter the better)Publish File Plan#3 - Start collecting and classifying information#4 - Monitor your success
54Sensible Records Management #1 - Make sure you can find what you’re looking forClassify informationCreate an easy interface for searchingWithout this your business will not be efficient1st, Physical 2nd, SharePoint 3rd#2 - Make sure you keep records long enoughLock records (declare)Create a file plan/retention scheduleWithout this you are risking spoliation fines (ignorance won’t fly in court)#3 - Destroy records when legally possibleApprove and destroy records when it’s legally possible#4 – Start considering your other informationNetworks Shares, IM, Social Networks, Mobile Devices