Post on 31-Mar-2015
transcript
RecordLion, Inc.
SharePoint Records (Information) Management
What works, what doesn’t?
Chris CaplingerRecordLion, Inc.
RecordLion, Inc.
Who am I?
And why am I talking about Records Management and SharePoint?
Founder and President of
Vice President of the St. Louis Chapter of ARMA
Former CTO and co-founder of
Co-author of “SharePoint 2010 ECM”
RecordLion, Inc.
Session Overview
What we are going to discuss:• RIM Components• (Mostly) SharePoint 2013 On Premise and Online• What RIM features work and what are the issues• The RecordLion Solution
What we will briefly discuss:• Microsoft Exchange
What we are not going to discuss:• Rights Management• Technical details on SharePoint• Something else that’s likely important to you
RecordLion, Inc.
The Cost of Obsolete Information
• Organizations double amount of data they store each year
Data Growth
• The more data you keep, the greater the risk of information breach
Information Breach
• More data you keep - the harder it is to find• The more data you keep - the harder it becomes to analyze
Noise
• Opponents discovering information that could have been destroyed can cost millions of dollars.
• Error in obsolete data are prone to penalties
Legal Costs
Moore’sLaw
Data is useless if it
can’t be analyzed
Local company
fined for old accounting
data
RecordLion, Inc.
9 Big RIM Rocks
1. File Plan Management2. Classification3. Event based retention4. Disposition5. Auditing6. Email Handling7. Physical File Handling8. Legal Holds9. eDiscovery
File Plan Managementand taxonomy
“By failing to prepare, you are preparing to fail.”
- Benjamin Franklin
RecordLion, Inc.
File Plan Overview
A document or a way to document the retention schedules for all your information.
• Your Records Manager should create and maintain your File Plan• You must publish your File Plan• File Plans should include a cutoff event, retention period and
disposition information
RecordLion, Inc.
RecordLion, Inc.
File Plan, what works?
• Use Excel Spreadsheet• Use SharePoint List(s)• Use a third party product
Record Managers need File Plan Management
• Location Based for Homogenous environments• Content Type Based for Heterogeneous environments
Taxonomy Structure
RecordLion, Inc.
Location Based Taxonomy
One site (or site collection) for each business unitHuman ResourcesAccountingCorporate Libraries for high level record types
Employee RecordsHiring RecordsEmployee Benefits
Folders for different casesEmployeesCandidatesBenefit Year
Only possible if similar information is stored together !
Find informationby browsing !
RecordLion, Inc.
Content Type Based
Use Content Type Publishing• Central location for document types and policies• Helps ensure governance
Find information by searching
Crucial in heterogeneous environments !
RecordLion, Inc.
Records Center In Place
Record Status Good for archive and in- active records
Good for active and collaborative information
Security Records are kept separate and secure
Information is secured while active
Accessibility Good when only Records Managers access
Good when teams still need access
Versions Final version is a record All versions are records
Policies are driven by Usually by location Usually by Content Types
Administration Harder Easier
Record Centers vs. In-Place
RecordLion, Inc.
File Plan Issues
Taxonomy is not generated from File Plan
Changing File Plan does not change taxonomy
No help in understanding regulations and laws
!!
!
Classification
RecordLion, Inc.
Classification Overview
Classification assigns information to a specific class of content which should be related to policies.
• Creates defensible policy assignment• Simplifies searching• Reduces cost of eDiscovery
RecordLion, Inc.
Classification, what works?
Drop Off Libraries
• Route content based on Metadata
• Metadata foldering (great for handling case type files)
Employee RecordsJohn DoeJane DoeFred Smith
RecordLion, Inc.
Classification, what works?
Location based classification
Drag and drop on browser
Drag and drop using Synced Libraries (also OneDrive Business)
Upload from library
Potential Governance Risk !
RecordLion, Inc.
Classification Issues
No Automatic Document Classification
• Meta Data Extraction• Classification for Content Types
No Email Classification
• Move to SharePoint?• Leave in Exchange?
No Meta Data Classification
• Forces too many Content Types
!
!
!
Retention
RecordLion, Inc.
Retention Overview
Retention is a component of a file plan. Specifically it specifies how long after an event before disposition takes place.
What drives retention periods?• Industry regulations• FINRA, SOx
• Corporate policies• Local, state and federal laws• IRS, DOL
File Plans should include a cutoff event, retention period and disposition information
Barclays fined $3.75M
RecordLion, Inc.
Retention, what works?Assigning policies per Content Type or Location
Temptation
Recommended
Site Retention
• Close and Delete Sites based on rules
RecordLion, Inc.
Retention Issues
No Case Based Retention
• Need to dispose all related document(ex. Employee Files, Tax Records, Loan Files)
No Event Based Retention
• Required for cases• Date column retention is not enough• Custom policies require experienced developer
!
!
Disposition
RecordLion, Inc.
Disposition Overview
Disposition refers to the formal disposal of content from your organization.
For disposition to work you need a…• File Plan• Review and Approval capabilities• Destruction and/or Transfer process
Not all content needs this process, but your important records should be reviewed before being destroyed!
RecordLion, Inc.
Disposition, what works?
• Recycle Bin• Permanent (but not forensic)
Deletion of content
• Also Exchange Mailboxes
Deletion of entire sites
Transfer to other SharePoint locations
RecordLion, Inc.
Disposition Issues
No Review and Approval features
• Custom workflow required
Forensic destruction
• SQL data?• OneDrive for Business Documents?• Is this important to your organization?
• Forensic Discovery Unlikely• Potentially more secure!?!
!
!
Auditing
RecordLion, Inc.
Auditing Overview
• Needed for defensible RIM and eDiscovery • Needed to see if Records Management is working• Aids in reporting
RecordLion, Inc.
Auditing, what works?
Content Auditing
This WILL slow your system down !
RecordLion, Inc.
Auditing Issues
Difficult to impossible to analyze
• Excel Export• No cubes or custom reporting
No way to determine accuracy
• Classification accuracy• Records declaration accuracy• Disposal accuracy
Performance
!
!
!
RecordLion, Inc.
SharePoint
Email records only
• Not for active or non-record Emails
Moving records to SharePoint
• Automatic (Third Party)• Drag and Drop (Limited)• Move in Outlook (Third Party)
RecordLion, Inc.
Exchange
Retention for all messages on a mailbox• 2010 and newer
Custom retention for specific locations• 2010 and newer
Message classification (2013 and Online)
In-Place Legal Holds• 2010 used deleted or modified dates• 2013 can use receive date
In-Place Archiving• Eliminates PST (Good for compliance)
RecordLion, Inc.
Exchange or SharePoint
It will be difficult (or maybe impossible) to create the policies for your File Plan in Exchange
• Determine how to identify records in Exchange• Move identified records to SharePoint• Create policies for non-records in Exchange
Call to action…
Physical Files
RecordLion, Inc.
Physical Files Overview
• A safe dry place.• Are they secure? (Who’s viewing and copying?)• Do they have retention schedules?• How is it being destroyed.
When you store paper consider…
• Quick ROI with scanning• Electronic creation is even better
Do you need paper?
RecordLion, Inc.
Physical Files, what works?
Organization• Libraries and folders can match physical locations• By Record Type• By Date (typically year)• Organizational/Departmental
Content Types• Rarely homogeneous• Use when possible
RecordLion, Inc.
Physical File Issues
No integration into commercial records centers• Iron Mountain• Recall• The File Room
No tracking• No auditing• Check In/Out not a solution
No file requests/fulfillment
Barcodes and Labels• Built for electronic documents
!
!
!!
Not in sync with similar electronic records !
Legal Holds
RecordLion, Inc.
Legal Holds Overview
Suspending the normal disposition of information when it is reasonably expected.
• Legal holds can protect you from spoliation fines or in some cases, incarceration• Legal holds should suspend the information management policies• Legal holds should lock information from further editing• Identifying the correct information is key to successful legal holds• Legal holds are required for present and future information
RecordLion, Inc.
Legal Holds, what works?
Legal holds aren’t the problem…finding the right information is
Classification is key
• In-Place Holds (Records Center not necessary)
eDiscovery Center
Record Centers
eDiscovery
RecordLion, Inc.
eDiscovery, what works?
• Site Collection• Single place to collect information• Automatically places Legal Holds• Ability to export data• Integration with Microsoft Exchange• Enterprise wide searching
eDiscovery Center
• Site Template• Basic search and hold
Record Centers
RecordLion, Inc.
eDiscovery Issues
What about your other information?
Unstructured Data can be difficult to search
Conversion to usable formats
!
!
!
RecordLion, Inc.
SharePoint RIM Q&A
Introducing RecordLionInformation Lifecycle
RecordLion, Inc.
RecordLion Difference
• Import/Create/Modify• “All” your content
File Plan (Retention Schedule)
• Folders AND/OR Content Type AND/OR Meta Data
Classification
• Defensible Disposition
Disposition
• “All” your audit information• Advanced Reporting
Audit Trail
• Not just SharePoint
Content
RecordLion Demonstration
Implementation
RecordLion, Inc.
Steps to Success in SharePoint
#1 - Build File Plan• Where information is stored• Where information comes from• What is a record and when to declare them• Handle non-records
#2 - Implement File Plan• Create taxonomy (the flatter the better)• Publish File Plan
#3 - Start collecting and classifying information
#4 - Monitor your success
RecordLion, Inc.
Sensible Records Management
• Classify information• Create an easy interface for searching• Without this your business will not be efficient• Email 1st, Physical 2nd, SharePoint 3rd
#1 - Make sure you can find what you’re looking for
• Lock records (declare)• Create a file plan/retention schedule• Without this you are risking spoliation fines (ignorance won’t fly in court)
#2 - Make sure you keep records long enough
• Approve and destroy records when it’s legally possible
#3 - Destroy records when legally possible
• Networks Shares, IM, Social Networks, Mobile Devices
#4 – Start considering your other information
RecordLion, Inc.
Thank You!Q&A
Chris Caplingerchris@recordlion.com
@chrislcap