Retention&DispositionInaCloudEnvironment

FinalReportpreparedfor:

InterPARESTrustbythemembersofthe

R&DinaCloudEnvironmentProjectCommittee

May17,2016

2

This research project was conducted under the research agenda of InterPARES Trust(ITrust 2013-2018), a multi-national, interdisciplinary research project exploring issuesconcerning digital records and data entrusted to the Internet. Its goal is to generatetheoretical andmethodological frameworks to develop local, national and internationalpolicies,procedures,regulations,standardsandlegislation,inordertoensurepublictrustgrounded on evidence of good governance, a strong digital economy, and a persistentdigitalmemory.InterPARES Trust, directed by Dr. Luciana Duranti, is based at the Centre for theInternational Study of Contemporary Records and Archives of the School of Library,Archival and Information Studies at the University of British Columbia, in Vancouver,BritishColumbia,Canada.MajorfundingforTheInterPARESTrustProjectisprovidedbyaSocialSciencesandHumanitiesResearchCouncilofCanadaPartnershipGrant.Sixteenindividualsweremembersofthisteamsincetheinceptionoftheproject:LeadResearcher:Dr.PatriciaC.FranksProjectResearchers:AlanDoyle LindaNobregaJaneMorrison LaraWilsonGraduateResearchAssistants:

Fall2013 MarkDriscoll(SJSU),KatieFerrante(UBC)Spring2014 MarkDriscoll(SJSU),KarlaHarriott(SJSU),AnoushehShabani(UBC)Fall2014 RyanBanks(SJSU),AnoushehShabani(UBC)Spring2015 RyanBanks(SJSU),VickiCasteel(SJSU),KelseyPoloney(UBC),AlisonWeck

(UBC)Fall2015 Hoan-VuDo(SJSU,KelseyPoloney(UBC),AlisonWeck(UBC)Spring2016 TaraHaghighi(SJSU),KelseyPoloney(UBC),ConnieRedic(SJSU)

TableofContents1. Introduction..............................................................................................................................42. PurposeandScope..................................................................................................................43. Methodology...........................................................................................................................44. Terminology..............................................................................................................................55. LiteratureReview....................................................................................................................56. Findings....................................................................................................................................6

6.1 Phase1:CloudServices................................................................................................66.1.1 AggregatedResponsestoCloudServiceQuestionnaire.............................66.1.2 CloudServices.............................................................................................96.1.3 CloudServiceProfiles...............................................................................10

6.2 Phase2:UserFeedback..............................................................................................326.2.1 Participantinformationandexperiencewithcloudservices...................326.2.2 Retentionanddispositionpoliciesandpractices.....................................326.2.3 Basiccloudsecurityrequirements............................................................336.2.4 Retentionanddispositionfunctionalityofferedbyservicesinuse..........34

7. Discussion...............................................................................................................................367.1 Retentionanddispositionfeaturesincludedacross20originalservices...................377.2 Similaritiesanddifferencesamong8categoriesofcloudservices............................38

8. ResearchLimitations..............................................................................................................389. Conclusions/NextSteps..........................................................................................................39

9.1 BestPracticesforRetentionandDispositioninacloudenvironment.......................399.2 RecommendationsforVendors..................................................................................399.3 RecommendationsforRIMProfessionals...................................................................40

9.3.1 Corporateculture:RIMinvolvementinclouddecision............................419.3.2 Betterunderstandingofcloud..................................................................41

10. Relateddocumentsandpublications.....................................................................................4110.1CompanionDocuments............................................................................................4110.2RelatedResearch......................................................................................................43

11. FurtherResearch....................................................................................................................4312. References..............................................................................................................................4413. AppendixA.............................................................................................................................4614. AppendixB.............................................................................................................................47

2

RetentionandDispositioninACloudEnvironment 1. IntroductionEffective Information Governance is increasingly recognized as an imperative for corporatecompliance and risk mitigation. Defensible records retention and disposition programs cutcosts fordiscoveryandstorage, reducerisk,and increasecompliance. Ninety-fivepercentofthe 1,060 IT professionals responding to a 2016 survey indicated their organizations employcloud services, with 71% using hybrid cloud environments (RightScale, 2016). Although agreater portionof theorganization’s records are in the “possession”or “custody”of a cloudservice provider, the organizationmaintains ultimate responsibility to preserve and producethoserecordsforaslongasnecessary.It is,therefore,essentialthatorganizationscan“trust”thatrecordsresidinginthecloudcanberetainedanddisposedofinaccordancewiththesamerequirementsthatgoverntheretentionanddispositionofrecordsstoredwithintheenterprise.2. PurposeandScopeThisstudywasdesignedtocontributetoabetterunderstandingofthedifficultiesencounteredwhenmanagingrecordsinacloudenvironmentbyansweringtwoquestions:

§ How does the use of cloud services affect an organization’s ability to retain anddisposeofrecordsinaccordancewiththelawandotherguidelines?

§ Whatcanbedonetomitigatetherisksthatarisefromthegapsbetweentheabilitytoapplyretentionanddispositionactionstorecordsresidingwithintheenterpriseandthoseresidinginthecloud?

Answers to these questions can be used to to develop a deeper understanding of the risksassociatedwithretentionanddispositioninthecloudenvironmentandtodesignaframeworkfor best practices in choosing cloud service providers based on records managementfunctionalities present in cloud solutions. This study identifies requirements for serviceprovidersandsystemsthatstorerecordsinthecloudthat,ifpresent,wouldengendertrustintheclientorganizationthattherecordscanberetainedanddisposedofinaccordancewiththesame requirements that govern the retention and disposition of records stored within theorganization. It also provides guidance for identifying records retention and dispositionfunctionalities in cloud-based systems and services under review and suggestions on how tomitigaterisksposedbygapsbetweenwhatisprovidedandwhatisrequired. 3. MethodologyThis studyaddressed twomain topics: the functional requirementsneeded for retentionanddispositioninthecloud(alongwithusers’knowledgeofcloudusage),andthefunctionsexistinginservicesprovidedbyalimitednumberofcloudvendors.Thisresearchwasconductedusingatwofoldapproach.First, informationwascollectedonaselectionofmajorcloudservices,andsecond, users of cloud products and services belonging to a records and informationmanagementprofessionalassociationweresurveyed.

3

The literature reviewwascompletedduring the firstphase inorder to identify thenecessaryfunctional requirements for retention and disposition in the cloud. The standards andguidelinesexaminedinclude:

• ISO15489,parts1and2:Recordsmanagement• ISO23081,parts1,2,and3:MetadataforRecordsmanagement• ISO16175,parts1,2,and3:Electronicofficeenvironments• DoD5015.2:RecordsManagementApplicationsDesignCriteria• MoReq2010:ModularRequirementsforRecordsSystems• ARMAInternational’sTheGenerallyAcceptedRecordkeepingPrinciples

Using the functional requirementsextracted, a checklistwas created toexamine the level ofrecordsretentionanddispositioncapabilities includedinvariouscloudservices(seeAppendixA).A list of specificmajor cloud offeringswas compiled through the literature review. The userchecklistservedasaguidetoinvestigatethecapabilitiesofthosecloudproviders.Informationwasgathered throughacombinationofpubliclyavailableproduct information,whitepapers,and interviews with company representatives. The resultant vendor profiles compare thefunctionalitiesprovidedagainst thoseneededtocomplywithrecordsmanagementstandardsandguidelines.Duringthesecondphaseofthestudy,informationwasgatheredfromauserperspective.Thiswas accomplished through a questionnaire on cloud use distribute to ARMA Internationalmembers.Acompleteexecutivesummaryofthesurveyresults,whichincludedadiscussionofeach question, was published in 2015. The answers revealed the level of involvement ofRecords and Information Management professionals in cloud decisions made by theirorganizations, their understanding of retention and disposition functionalities in the cloudservicesused,andthetypesofcloudservicesthatwerebeingusedbytheirorganizations.TheExecutive Summary (InterPARES Trust, 2015) can be downloaded from the InterPARES Trustwebsite.4. TerminologyThe InterPARES Trust Terminology Database (http://arstweb.clayton.edu/interlex/) is thesourceofdefinitionsoftermsusedinthisresearchproject.5. LiteratureReviewA review of the literature revealed five themes central to discussions of retention anddisposition in the cloud.These include: riskanalysis and riskmanagement, legal regimesandstandards, information governance, emerging approaches to retention and disposition, andtrust.Anin-depthliteraturereviewforthisstudywaspreviouslyreleasedthroughInterPAREStrustinJuly2014,andasecondversionwasreleasedinJune2015.

4

In the area of risk analysis and management, the literature emphasized the need fororganizationstofullyunderstandallpossibleriskfactorsandthenmanagethosefactorsinthecloudenvironment.LegalandeDiscoveryrisksarediscussedinarticlesbyA.Duttaetal(2013)andA.Groundsetal(2013),bothofwhomemphasizethatanycloudsystemmustbecompliantwith legal needs. Practical security risks are cited by J. Gold (2012), including the problemsassociatedwithcontractualagreementswithvendors. Legalstandardswereasignificantpartofthisstudy’sfocus,andtheexistingliteratureincludesadiscussionofthelegalenvironmentasrelatedtocloudcomputing.ChangestolegalsystemsarerecommendedbyE.Goh(2014)inordertobetterprotectinformationinthecloud.Othersources suggest possible legal solutions for addressing cloud systems through legislation orregulations. The literature in this area reveals that many information professionals haveidentifiedaneedforchangeinlegalstandardspertainingtothecloud. Discussionsof informationgovernancerelatedtothisstudyareconcernedwithretentionanddisposition practices that complywith ISO 15489 and the involvement of cloud providers ineducatinguserson informationgovernanceneeds.Cloudvendorsareencouragedtobecomeinvolvedintherecordsprogramsofanorganizationbyprovidingconsultingservicesratherthanactingmerelyasathird-partysystemprovider. The emergence of new approaches to enforcing retention and disposition in the cloudwerediscussed more often by IT professionals than by Records and Information Managers. Thisliterature focusedmainlyon retentionanddisposition functionalityavailable in various cloudofferingsandtheadoptionofnewtechnologicaldevelopmentsincloudstorage. Trust is an important area to consider for cloud systems, as they are a relatively newtechnology.Theliteratureshowsatensionbetweentheperceivedbenefitofcloudservicesandthe potential security or legal risks.While a number of articles recount positive experienceswithcloudstorage,othersshowsomeskepticismaboutthecloudandlacktrustinitsreliability.Publications by S. Pearson (2011) and Burda and Teutenerg (2014) specifically discuss howbetteraccountabilityfromcloudproviderscanbuildtrustforconsumers,andthebestwaytoimprovetrustistomaketherisksofclouduseobvioustousers.BothversionsofthecompletedliteraturereviewcanbedownloadedfromtheInterPARESTrustwebsite(https://interparestrust.org/). 6. Findings6.1 Phase1:CloudServices6.1.1AggregatedResponsestoCloudServiceQuestionnaireThe questionnaire included in Appendix A is comprised of 25 items grouped into sevencategories: privacy and security considerations, establishing disposition authorities, applyingdisposition authorities, executing disposition authorities, documenting disposal actions,reviewingdisposition,andintegration.

5

Onequestionnairewascompletedforeachofthecloudservicesunderreview(seeTable1)bygathering information from websites, published white papers, and vendor presentations, aswellasinterviewswithcompanyrepresentativeswhenpossible.Table1:CloudServicesExploredasPartoftheStudyAmazonWebServiceshttp://aws.amazon.com/

MicrosoftOneDriveforBusinesshttps://onedrive.live.com/about/en-us/

Archivematicahttps://ww.archivematica.org/en/

MSSPAdd-onGimmalhttp://www.gimmal.com/

ArchiveSocialhttp://archivesocial.com/

MSSPAdd-onCollabwarehttp://www.collabware.com/

CenturyLinkCloud/Tier3http://www.centurylink.com/business/cloud/

NextPointhttp://www.nextpoint.com/

Cloud9Discoveryhttp://www.cloudninediscovery.com/

Office365https://products.office.com/en-us/business/office-365-business

Crashplanhttp://www.code42.com/products/crashplan/

Preservicahttp://preservica.com/

DropboxforBusinesshttps://www.dropbox.com/

Rackspacehttp://www.rackspace.com/

Egnytehttps://www-avl.egnyte.com/

SharePointOnlinehttps://products.office.com/en-us/SharePoint/collaboration

GoGrid(aDATAPIPECompany)https://www.datapipe.com/gogrid/

Smarshhttp://www.smarsh.com/

GoogleAppsforBusiness/includeGoogleVaulthttps://www.google.com/work/apps/business/

SymantecEnterpriseVaulthttp://www.symantec.com/enterprise-vault-cloud/

HPDigitalSafehttp://www8.hp.com/us/en/software-solutions/digital-safe-cloud-archiving/

Duringthecourseoftheinvestigation,somecloudprovidersaddednewservices(e.g.,AmazonWeb Services added Glacier for low-cost data archiving and backup) while others partneredwithothervendors tocreatenewofferings (e.g.,ArchivematicapartneredwithDuraCloud tolaunchacloud-based,long-term,digitalpreservationservicecalledArchivesDirect).A profile ofArchivesDirect was added to this study after the final report was in draft form;however,statisticsinthissectionwerenotupdatedtoreflecttheaddition.TheanswerstothequestionsregardingArchivesDirectwereincludedinthegapanalysis(seeAppendixB).Whileitisdifficulttocategorizecloudserviceswithcompletecertaintyduetoacquisitionsandexpansionofofferings,thecloudservicesreviewedfellintoseveralbroadcategorizesasshowninTable2.

6

Table2:Cloudservicesunderreview.

FileSharingandCloudStorage

RecordsManagementExtender

Infrastructure/Platform/ManagedServices

LitigationSupport&eDiscovery

DropboxEgnyteOneDriveforBusiness

CollabwareGimmal

AmazonWebServicesCenturyLink(Tier3)GoGrid/DATAPIPERackspace

CloudNineNextPoint

ArchivingSolution

EnterpriseContentManagement

Long-termDigitalPreservation

Backup&DataProtection

ArchiveSocialGoogleVault(Email&chats)SmarshSymantecEnterpriseVault

Office365andSharePointOnline

ArchivematicaPreservicaArchivesDirect(profileaddedlate,notincludedinstatistics)

CrashPlanHPDigitalSafe

Questions 1-5 relate to vendor services:More cloud vendors provide encryption for contentwhile in transit (75%) than for content residing in the cloud (55%).Approximately50%allowindependentauditsof systems. Only40%store contentonphysical servers locatedwithinajurisdictionapprovedfortheclient,andstillfewer,35%,storebackupcopiesonserverslocatedwithinanapprovedjurisdiction.

Questions6-8relatetoestablishingdispositionauthorities.Thecloudservicesexploreddidnotrefertodispositionauthorities,asarchivalandrecordsmanagementtermsarenotoftenusedbycloudvendors.However,70%allowretentionperiodstobeappliedtocontent,andindexingcapability is present in 60% of the systems. Destruction can be automated in 45% of theservices.Questions 9-13 relate to applying disposition authorities and locking down records for viewonly. One half of the cloud services reviewed allow records that are not in an aggregation(individualrecords)tobedestroyed(50%);fortypercentallowrecordsnotinanaggregationtobe (40%) at a future date. Less than half (45%) allow a disposition authority (retention anddispositionspecifications)tobeappliedtoaggregationsofrecords.Questions14-17relatetoexecutingdispositionauthorities.Alargemajority,75%,allowrecordstobedeletedaccordingtoaretention/dispositionschedule,butonly60%allowbackupstobedeletedaccordingtotheretentionanddispositionschedule.Multipleretentionrequirementscanbetrackedin30%ofthecloudsystemstoallowthemanualorautomaticlockorfreezeonthe disposition process when more than one disposal authority is associated with anaggregationofrecords,butonly10%oftheservicesalertuserstoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationswithdifferentretentionrequirements.

7

Questions18-19relatetodocumentingdisposalactions.Thesamepercentageofcloudservices60%,documentdisposalactions inprocessmetadataasautomatically recorddisposalactionsand report them to the administrator. However, in some cases, the metadata exported isdescriptiveanddoesnotincludeoperationalmetadataaddedwhileinthecustodyofthecloudprovider.Questions 20-24 relate to reviewing disposition. More than half, 65%, provide systemgenerated reportson thedispositionprocess,and40%provide theability to interfacewithaworkflowfacilitytosupportscheduling,review,andexporttransferprocesses.Fewerservicesprovide additional disposition review functionality: 30% allow records to be marked fordestruction, 25% store all decisions made during the review in metadata; and 20% presentelectronicaggregations,theirmetadata,anddisposalauthorityforreview.Question25 isrelatedto integration.Only35%oftheservices indicatedtheyuseametadatascheme compatiblewithother systems, such as EnterpriseContentManagement SystemsorRecordsManagement Systems. In some instances, third party providers develop connectorsthatallow integrationofcloudserviceswithotherproducts.Forexample,Preservica includesmultipleconnectorstoallowcontenttobeingestedfromContentDM,DSpace,Outlook,LotusNotes,andSharePoint.6.1.2CloudServicesInformationonthetypeofservicemodelwasgleanedfromvendor information foundonlineand directly from someof the vendorswhomade themselves available to discuss our initialfindings for their checklist. For our assessment purposes, the vendors we reviewed weresubsequentlygroupedintothefollowingcategoriesrelatedtotheirprimaryfunctionalservice:

§ ArchivingSolution:ArchiveSocial,GoogleVault(emailandchat),Smarsh,andSymantecEnterpriseVault.

§ BackupandDataProtection:CrashPlanandHPAutonomyCloudServices§ EnterpriseContentManagement:Office365/SharePointOnline.§ FileSharingandStorage:DropboxforBusiness,Egnyte,andOneDriveforBusiness.§ Infrastructure/Platform/ManagedServices:AmazonWebServices,CenturyLink(Tier3),

DataPipe(GoGrid),andRackspace.§ LitigationSupportandeDiscovery:CloudNineandNextPoint§ Long-termDigitalPreservation:Archivematica,ArchivesDirect(lateadd),andPreservica.§ RecordsManagementExtender:CollabwareandGimmal.

Theability togather information fromvendorswasmixed.Of thevendorswhowereactivelyengaged in our data gathering, some completed our checklist in detail and gave us extrainformation as well. Of the vendor information that was gathered from online or otheravailableresources,the informationrevieweddidnotprovidethe levelofgranularitythatwesoughtthroughourchecklisttool.Vendorscompletedorverifiedcompletedquestionnairesfor7ofthe20cloudservicesintheGAPanalysisinAppendixB(7orthe21cloudservicesprofiled):Archivematica,ArchivesDirect,ArchiveSocial,Collabware,Gimmal,Preservica,andSmarsh.

8

6.1.3CloudServiceProfilesThechecklistcategoriesconsistedofthefollowing:

§ Privacy&securityconsiderations § Establishing&applyingdispositionauthorities § Executingdispositionauthorities § Documentingdisposalactions § Reviewingdisposition § Integrationwithothersystems

The primaryweaknesses revealed by vendor responseswere in the executing, documenting,andreviewingdispositionsections—retentionanddispositionfunctionalities.Profilesofthe20originaland1additionalcloudservice(ArchivesDirect)areincludedinthissection.Eachprofileislistedonaseparatepage.Theyareincludedinalphabeticalorderofcategoryofserviceandnotcloudservicename.Forexample,ArchiveSocial,GoogleVault(emailandchat),Smarsh,andSymantecEnterpriseVaultarelistedfirstunderthecategoryofArchivingSolutionfollowedbyCrashPlanandHPDigitalSafeserviceslistedunderthecategoryofBackupandDataProtection.

9

Introduction:ArchiveSocial isasocialmediaarchivingsolutionforrecordsmanagement,regulatorycompliance,andeDiscovery. ArchiveSocial captures and preserves records from social networks including Facebook,Twitter,LinkedIn,andYouTube.

R&DFunctionalityPresent

R&DFunctionalityLacking/Unverified

PrivacyandSecurityConsideration:(Questions2-5)Contentisencryptedwhenintransitandatrestinthecloud,andthephysicalandbackupserversarelocatedwithinajurisdiction.

PrivacyandSecurityConsideration:(Question1)UnsureifvendorallowindependentauditsofsystemsandprocessesasauditsarecarriedoutthroughAmazon

EstablishingDispositionAuthorities:(Question1)Indexingcapabilityissupported;theyusecustomtagging.Retentionperiodsareapplied.

EstablishingDispositionAuthorities:(Question8)Destructioncan’tbeautomated(automaticnotificationfordestruction,butnotdestructionitself)

ApplyingDispositionAuthorities:(Questions9-13)Dispositionauthoritycanbeappliedtoaggregationsofrecords.Recordscanbelockeddownforviewingonly,beretainedindefinitely,andnotinanaggregationcanbetransferredordestroyedatafuturedate.

ExecutingDispositionAuthorities:(Question15)Backupscan’tbedeletedaccordingtotheretention/dispositionschedule

ExecutingDispositionAuthorities:(Questions14,16-17)Recordscanbedeletedaccordingtoretentionanddispositionscheduleandusersarealertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements(onlyfornativeconversations).Multipleretentionrequirementscanbetrackedtoallowthemanual/automaticlockorfreezeontheprocess.

ReviewingDisposition:(Question24)Thereisn’taninterfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocesseseitherprovidednorsupported

DocumentingDisposalActions:(Questions18-19)Disposalactionsaredocumentedinprocessmetadataandcanbeautomaticallyrecordedandreportedtotheadministrator.

Integration:(Question25).UnsureifmetadataschemeiscompatiblewithothersystemssuchasECMorRMS(contentcanbeexportedtoHTMLorExcelformats;retentionperiodsnottransferrabletoothersystems)

ReviewingDisposition:(Question20-23)Electronicaggregationsarepresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed.Recordscanbemarkedfordestruction,transfer,furtherreviewandalldecisionsaremadeduringreviewstoredinmetadata(useoftaggingindicatesdecisionsmade).Thesystemcangeneratereportsonthedispositionprocess

Assessment:ArchiveSocial provides some level of recordsmanagement functionalities through their services. Thesystem “communicates directly with each social network to capture complete records in their raw,native format with complete metadata” (http://archivesocial.com/our-approach-social-media-archiving). They fulfill most of their privacy and security needs with the exception of allowingindependentauditsofsystemsandprocess.Theyalsofulfillmostoftherequirementsforestablishing,applying, and executing disposition authorities. In addition, ArchiveSocial allows for the review anddocumentationofdispositionactions.

ArchiveSocial (Archiving Solution) – Verified

10

Introduction:GoogleVault is an add-on forGoogleApps to allowusers to retain, archive, search, and export theirorganization'semailandchatmessagesforeDiscoveryandcomplianceneeds.YoucanalsosearchandexportfilesstoredinGoogleDrive.Vaultisentirelyweb-based,sothereisnoneedtoinstallormaintainanysoftware. ItprovidesthefollowingeDiscoveryservices:Emailandchatarchiving, legalholds,drivefilesearch,emailandchatsearch,export,andaudioreports.

R&D Functional ity present R&D Functional ity lacking/unverif ied

PrivacyandSecurityConsiderations:(Questions1-3)Vendorallowsindependentauditsofsystemsandprocesses.Contentisencryptedwhenintransitandwhenatrestinthecloud.

PrivacyandSecurityConsiderations:(Questions4-5)Thephysicalandbackupserversarenotlocatedwithinanapprovedjurisdiction

EstablishingDispositionAuthorities:(Questions6-8).Itcanaccommodatecustomers’taxonomyforindexing.Retentionperiodscanbeappliedandbeautomated

ApplyingDispositionAuthorities:(Question10,13)Unsureifrecordscanbelockeddownforviewingonlyorifrecordscanbetransferredatafuturedate

ApplyingDispositionAuthorities:(Question9,11-12)Dispositionauthoritycanbeappliedtoaggregationsofrecords.Recordscanberetainedindefinitely,andbedestroyedatafuturedate

ReviewingDisposition:(Question22)Unsureifalldecisionsaremadeduringreviewstoredinmetadata

ExecutingDispositionAuthorities:(Question14-17)Recordsandbackupcanbedeletedaccordingtotheretention/dispositionschedule.Usersarealertedtoconflictsrelatedoflinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements.Ifmorethanonedisposalauthorityisassociatedwithanaggregationofrecords,allretentionrequirementscanbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess

Integration:(Question25)UnsureifthemetadataschemaiscompatiblewithothersystemssuchasECMorRMS

DocumentingDisposalActions:(Question18-19)Disposalactionsaredocumentedinprocessmetadata.Alldisposalactionscanbeautomaticallyrecordedandreportedtotheadministrator(reportingrequiresauditactionbyadmin?)

ReviewingDisposition:(Question20-21,23-24)Electronicaggregationsarepresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed(adminviewretentionrules&theircreators).Recordscanbemarkedfordestruction,transfer,andfurtherreview.Systemcangeneratereports(auditreports,variousfields).Hastheabilitytointerfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocessprovidedorsupported(emailsandchat)

Assessment:GoogleVaultprovidesafirmfoundationforRetentionandDispositionfunctionalityandoffersmostofthe services on the checklist. It is fully integratedwith Gmail, whichmeans that when searching foremailwithVault,itincludestheorganization’sGmailArchive.ThismeansthatmessagesareavailableinVaultassoonastheyarereceivedbyGmailandthefirst1MBofeachmessageanditsattachmentsareimmediately searchable in Vault, the equivalent of about 250 pages. Google Vault supports hangoutchats andGoogleTalk chats.GoogleVault canalsoaccommodate indexing,which includes .pdf, .xslx,and.docxfiles.

Google Vault (Archiving Solution)

11

Introduction:Smarsh delivers cloud-based archiving solutions for the information-driven enterprise. The Smarshplatform provides a unified compliance and eDiscovery workflow across the entire range of digitalcommunications,includingemail,socialmedia,websites,instantmessagingandmobilemessaging.R&DFunctionalityPresent R&DFunctionalityLacking/UnverifiedPrivacyandSecurityConsiderations:(Question2)Contentisencryptedwhenintransittothecloud

PrivacyandSecurityConsiderations:(Questions1,3-5)UnsureifSmarshallowsindependenttoaudititssystemsandprocesses.Unsureifthecontentisencryptedwhenatrestinthecloud.Unsureifthephysicalandbackupserversarelocatedwithinanapprovedjurisdiction

EstablishingDispositionAuthorities:(Question7)Retentionperiodscanbeapplied

EstablishingDispositionAuthorities:(Question6,8)Unsurewhatindexissupportedandifdestructionisautomated

ApplyingDispositionAuthorities:(Question10-11)Recordscanbelockeddownforviewingonlyandberetainedindefinitely

ApplyingDispositionAuthorities:(Question9,12,13)Unsureifdispositionauthoritycanbeappliedtoaggregationsofrecords.Orifrecordsnotinanaggregationbetransferred/destroyedatafuturedate

ExecutingDispositionAuthorities:(Question14)Recordscanbedeletedaccordingtotheretention/dispositionschedule

ExecutingDispositionAuthorities:(Question15-17)Unsureifbackupscanbedeletedaccordingtotheretention/dispositionschedule.Usersarenotalertedtoconflictsrelatedtolinksfromrecordsthataretobedeletedtootherrecordsaggregationsthathavedifferencerecordsdispositionrequirements.Multipleretentionrequirementscan’tbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess.

DocumentingDisposalActions:(Question19)Alldisposalactionscanbeautomaticallyberecordedandreportedtotheadministrator

DocumentingDisposalActions:(Question18)Unsureifthedisposalactionsaredocumentsintheprocessmetadata

ReviewingDisposition:(Question23)Thesystemcangeneratereportsonthedispositionprocess

ReviewingDisposition:(Question20-24)Unsureiftheelectronicaggregationspresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed.Unsureifrecordscanbemarkedfordestruction,transfer,furtherreviewandifalldecisionsaremadeduringreviewstoredinmetadata.Unsureiftheabilitytointeractwithworkflowfacilitytosupportscheduling,review,andexporttransferprocessesprovidedorsupported

Integration:(Question25)UnsureifthemetadataschemaiscompatiblewithothersystemssuchasECMorRMS

Assessment:Smarshincludesfunctionsforthecapture,control,andsupervisionofinformation.SmarshprovidesgovernmentrecordsmanagementservicesincludingapplicationofretentionperiodsandFOIA,andlitigationpreparedness.Someenterpriseservicesincluderiskandgovernancerelatedtorecordsretention,litigationpreparednessthroughpolicyenforcement.However,thereisalackofprivacyandsecuritycapabilitiesandfewservicesforestablishing,applying,andexecutingdispositionauthorities.

Smarsh (Archiving Solution) - Verified

12

Symantec Enterprise Vault (Archiving Solution) Introduction:SymantecEnterpriseVaultintroducesinnovativenewtechnologythatexpandsthearchivingplatformtosupport end-user archiving for email platforms such asGoogleMail,Office 365 or any IMAP enabledmailsystemandenhancestheproductivityofbothITstaffandenterpriseend-usercustomers. R&D Functional ity present R&D Functional ity lacking/unverif ied

PrivacyandSecurityConsiderations:(Questions1-3)Vendorallowsindependentauditsofsystemsandprocesses

PrivacyandSecurityConsiderations:(Questions4-5)Unsureifphysicalandbackupserversarelocatedwithinanapprovedjurisdiction

EstablishingDispositionAuthorities:(Questions6-8)Contentisencryptedwhenintransitandwhenatrestinthecloud.Indexingcapabilityissupportedanditcanaccommodatecustomers’taxonomyforindexing.Retentionperiodscanbeappliedanddestructioncanbeautomated.

ExecutingDispositionAuthorities:(Question16)Unsureifusersarealertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements

ApplyingDispositionAuthorities:(Questions9-13)Dispositioncanauthoritybeappliedtoaggregationsofrecords.Recordscanbelockeddownforviewingonlyanditcanberetainedindefinitely.Recordsnotinanaggregationcanbetransferredordestroyedatafuturedate

DocumentingDisposalActions:(Questions18-19)Unsureifdisposalactionsaredocumentedinprocessmetadata(assumed).Unsureifalldisposalactionscanbeautomaticallyrecordedandreportedtotheadministrator(assumed)

ExecutingDispositionAuthorities:(Questions14-15,17)Recordsandbackupscanbedeletedaccordingtotheretention/dispositionschedule.Ifmorethanonedisposalauthorityisassociatedwithanaggregationofrecords,thesemultipleretentionrequirementscanbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess

ReviewingDisposition:(Questions20-24)Unsureifelectronicaggregationsarepresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed(assumed).Unsureifrecordscanbemarkedfordestructiontransfer,furtherreview(assumed).Unsureifalldecisionsaremadeduringthereviewstoredinmetadata(assumed).Unsureifthesystemgeneratesreportsonthedispositionprocess(assumed).Unsureiftheabilitytointerfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocessesprovidedorsupported(assumed)

Integration:(Question25)UnsureifthemetadataschemaiscompatiblewithothersystemssuchasECMorRMS(assumed).

Assessment:Symantec Enterprise Vault provides storage predictability, helping organizations keep applications atpredictablestoragelevelsbyreclaimingprimarystorageon-premisesorleveragingunlimitedstorageinacloudarchivingservice. ItcanalsohelpreducethevolumeofdatatobemigratedtoOffice365andshrinktheprojecttimelinewhileminimizingtheriskofpermanentdataloss.

13

Introduction:CrashPlanisabackupsoftwareandservicessuiteprovidedbyCode42.ItisanenterpriseSaaSsolutionthat backs up all distributed end-user data such as Apple OS X®, Windows and Linux laptops anddesktops. The platform enables IT, security and business teams to limit risk, meet data privacyregulationsandrecoverfromdataloss,nomatterthecause.

R&D Functional ity present R&D Functional ity lacking/unverif ied PrivacyandSecurityConsideration:(Questions1-4)Vendorallowsindependentauditsofsystemsandprocesses.Contentisencryptedwhenintransitandrestinthecloud.Thephysicalserverslocatedwithinanapprovedjurisdiction

PrivacyandSecurityConsideration:(Question5)Unsureifbackupserversarelocatedwithinanapprovedjurisdiction

EstablishingDispositionAuthorities:(Question7)Retentionperiodscanbeapplied

EstablishingDispositionAuthorities:(Questions6,8)Unsurewhatindexingcapabilityissupportedandifdestructioncanbeautomated

ApplyingDispositionAuthorities:(Questions9-11)Dispositionauthoritycanbeappliedtoaggregationsofrecords.Recordscanbelockeddownforviewingonlyandcanberetainedindefinitely,

ApplyingDispositionAuthorities:(Questions12-13)Unsureifrecordsnotinanaggregationbetransferredordestroyedatafuturedate

ExecutingDispositionAuthorities:(Questions14,17)Recordscanbedeletedaccordingtotheretention/dispositionschedule.Ifmorethanonedisposalauthorityisassociatedwithanaggregationofrecords,themultipleretentionrequirementscanbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess

ExecutingDispositionAuthorities:(Questions15,16)Unsureifbackupsbedeletedaccordingtotheretention/dispositionschedule,andifusersarealertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements

ReviewingDisposalActions:(Question21,24)Recordscanbemarkedfordestruction,transfer,andfurtherreview.Hastheabilitytointerfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocessesprovidedorsupported

DocumentingDisposalActions:(Question18-19)Unsureifdisposalactionsaredocumentedinprocessmetadataorifalldisposalactionscanbeautomaticallyrecordedandreportedtotheadministrator.

ReviewingDisposalActions:(Questions20,22-23)Unsureifelectronicaggregationsarepresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed.Unsureifalldecisionsaremadeduringreviewstoredinmetadata.Unsureifthesystemcangeneratereportsonthedispositionprocess

Integration:(Question25)UnsureifthemetadataschemaiscompatiblewithothersystemssuchasECMorRMS

Assessment:CrashPlanfulfillsmostoftheprivacyandsecurityserviceswiththeexceptionofhavingbackupserverslocated within an approved jurisdiction. It lacks some of the services in establishing, applying, andexecutingdispositionauthorities.

CrashPlan (Backup and Data Protection)

14

HP Digital Safe (Backup and Data Protection)

Introduction:HPDigitalSafe isan intelligent,hostedarchivingsolutionthatcanhelpbusinessesmeettheirdatamanagementneeds,withincreasedbusinessagilityandcostsavingsinthecloud.Leveragingthe world’s largest, private hosted cloud, Digital Safe is a market-proven solution that can helpbusinessessupporttheiruniqueinformationandbusinessobjectives. R&DFunctionalityPresent R&DFunctionalityLacking/Unverified

Privacyandsecurityconsiderationssupportedarecontentencryptedwhenintransitandwhileatrestinthecloud,physicalandbackupserverslocatedwithinanapprovedjurisdiction(questions2-5).

Privacyandsecurityconsiderationsnotsupported:thevendorallowedindependentauditsofsystemsandprocesses(question1).

Dispositionauthoritiesaresupportedbyappliedretentionperiods,recordslockeddownforviewingonly,recordsretainedindefinitely,recordsandbackupsdeletedaccordingtoretention/dispositionschedule(questions7,10-11,14-15).

Dispositionauthoritiesnotsupported:indexingcapabilities,automateddestruction,dispositionauthoritybeappliedtoaggregationsofrecords,recordsnotinaggregationbedestroyedortransferredatafuturedate,usersalertedtoconflictsrelatedtolinksfromrecordstobedeleted,multipleretentionrequirementsbetrackedtoallowthemanualorautomaticlockontheprocess(questions6,8-9,12-13,16-17).

Therearenodisposalactionsorreportsthataresupported:disposalactionsdocumentedinprocessmetadata,alldisposalactionsbeautomaticallyrecordedandreportedtoanadministrator,electronicaggregationspresentedforreview,recordsmarkedfordestruction,transferorfurtherreview,alldecisionsmadeduringreviewstoredinmetadata,systemgeneratereportsonthedispositionprocess,theabilitytointerfacewithworkflowfacilitytosupportscheduling,reviewandexporttransferprocess(questions18-24).

Metadataschemaisnotcompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoenableintegration(question25).

Assessment:DigitalSafe’sbenefitsincludesecure,privatehostedarchiving:Identify,manage,andcontrolmostdatatypes across enterprise repositories in a hosted archive to support policy management, litigationpreparedness,ensurecomplianceandmitigaterisk.Datacentersecurity:Datawithinthelargest,privatecloud is secured and protected across multiple geographically separated SOC2 data centers utilizingsplit-cellWORMtechnologytopreventdataloss.eDiscoveryresponsiveness:Robustidentification,legalhold, processing, and export capabilities are integratedwith Digital Safe to accurately and efficientlyidentifypotentiallyresponsivedata.

15

Introduction:Office365 isa cloud-basedofficeproductivity suiteoffered in severaldifferentplans thatcan includeofficeapplications(Word,Excel,PowerPoint,Outlook,Publisher,andOneNote) inthecloudaswellasonpremise,storagethroughOneDriveforBusiness,andvideoconferencingthroughSkype.Profilescanbe created and communication facilitated through email, newsfeeds, and Yammer (additional stepsnecessaryforYammer).SharePointOnlinecanbeusedasastandaloneofferingoraspartoftheOffice365suite.Recordsmanagementfeaturesare included inalloptions,butcompliancefeaturesarebuiltintoonlytheEnterpriseplans.

R&D Functional ity present R&D Functional ity lacking

Privacyandsecurityconsiderations(questions1,2,4,and5)allowforindependentauditsofsystemsandprocesses,encryptionofcontentintransit,andphysicalserversandbackupslocatedwithinanorganizationapprovedjurisdiction.

Privacyandsecurityconsiderations(question3).Contentisnotencryptedwhileatrestinthecloud.

Dispositionauthorities(questions6-8,10-14,and17)aresupported,includingindexing,applyingretentionperiods,automaticdestruction,lockdownofrecordsforviewing,indefiniteretention,destroyingortransferringrecordsnotinanaggregation,andtrackingmultipleretentionrequirementstoallowmanualorautomaticlockorfreezeonthedispositionprocess.

Thefollowingissueswithdispositionauthorities(questions9,15-16)exist:Adispositionauthoritycannotbeappliedtoaggregationsofrecords,backupscannotbedeletedaccordingtoaretention/dispositionschedule,andusersarenotalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordaggregationsthathavedifferentrecordsdispositionrequirements.

Disposalactionsandreports(questions18,21,23-24)aresupportedinthatdisposalactionsaredocumentedinprocessmetadata,recordscanbemarkedfordestruction,transferandfurtherreview,thesystemgeneratesreportsonthedispositionprocess,andthereisanabilitytointerfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocesses.

Thefollowingdisposalactionsandreports(questions19-20,and22)featuresarelacking:Disposalactionscannotautomaticallyberecordedandreportedtotheadministrator,electronicaggregationsarenotpresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformation,andnotalldecisionsmadeduringthereviewprocessarestoredinmetadata.

Metadataschemaiscompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoenableintegration.

Assessment:Retention functionality isbuilt intoOffice365/SharePointOnline.Retentionperiodscanbeapplied toindividualdocumentsoraggregationsofdocuments in libraries.Connectorsallowautomatic ingestofcontentfromsourcesystems,suchasfromlegacysystems.Integrationisprovidedonthebackendforobjectsthatneedtobemovedtoa long-termdigital repository (suchasPreservica).Severalsolutionsare available to enable more robust retention and disposition capabilities (such as Collabware andGimmal). One cloud solution, Records 365, was designed specifically for Office 365. Office365/SharePointonlinehaslimitedretentionanddispositionfeaturesthatmaybesufficientforsmallerorganizations or for initial installations to better understand its capabilities. However, those whodemandmore robust recordsmanagement functionality would be wise to look at the integration ofthird-partysolutions.

Microsoft Office 365/SharePoint Online (ECM)

16

Dropbox (File Sharing & Storage)

Introduction:DropboxisaSoftwareasaService(SaaS)providerforcloudstorage.Inadditiontoafreedesktopappwith some free storage, Dropbox has other services with more capabilities. The three options forservices include: Pro (for individuals), Business (for teams), and Enterprise (for large organizations).Theseoffervarying levelsof storage spaceadmincontrols, and security functions fordifferentprices.Dropboxallowsfilestobeaccessedfromanydevice,andemphasizestheabilitytokeepbackupsoffilesandallowsforeasysharingandcollaboration. R&D Functional ity present R&D Functional ity lacking or unverif ied

PrivacyandSecurityConsiderations(Questions1-5)Independentauditsandencryptionintransitandatrestaresupported.UsersareinformedoftheJurisdictionsofservers,andtherearemanylocationstochoosefrom.

EstablishingDispositionAuthorities(Questions7-8)Retentionperiodsanddestructioncannotbeautomated.

EstablishingDispositionAuthorities(Questions6-7)Userindexingissupported.Retentionperiodscanbeappliedmanually.

ApplyingDispositionAuthorities(Question9)Dispositionauthoritiescannotbeappliedtoaggregatesautomatically.

ApplyingDispositionAuthorities(Questions9-13)Dispositioncanbeappliedtoaggregatesonlyifdonemanually.Recordscanbelockeddownforviewingonlyandretainedindefinitely.Recordsnotinaggregationscanbedestroyedortransferredatfuturedates.

ExecutingDispositionAuthorities(Questions16-17)Usersarenotalertedtoconflictsbetweendispositionrequirementsofindividualrecordsandaggregates.Multipleretentionperiodscannotbetrackedorlockeddown.

ExecutingDispositionAuthorities(Questions14-15)Recordsandtheirbackupscanbedeletedaccordingtoaretentionanddispositionscheduleifdonemanually.

ReviewingDisposition(Question20)Onlyauditsarepresentedforreview,notelectronicaggregationswithrecordsmanagementmetadataandcontent.

DocumentingDisposalActions(Questions18-19)Disposalactionsaredocumentedinprocessmetadata,automaticallyrecorded,andreportedtotheadministrator.

Integration(Question25)Unsureifmetadataschemaiscompatiblewithothersystems.

ReviewingDisposition(Questions20-24)Auditsofrecordscanbereviewedandrecordscanmanuallybemarkedforreview,destruction,ortransfer.Decisionsmadeduringreviewarerecordedinmetadata.System-generatedreportsareproduced.Abletointerfacewithworkflowforscheduling,transfer,andexport.

Assessment:TherecordsmanagementcapabilitiesofDropboxaresufficientonlyifanorganizationiswillingtoapplyretention and disposition schedules manually. The easy to use cloud storage is appealing in itscollaborative capabilities, backups, and encryption, but the service does not provide extensiveaggregate-level retention planning functions. This would most likely not be an adequate service forlarger organizations or government agencieswhichwould need greater control for legal compliance,FreedomofInformationrequests,andlitigationoreDiscovery.

17

Egnyte (File Sharing & Storage)

Introduction:Egnyte isahybridcloudservice forenterprise storageandsharing.Egnyteoffers secure storage forabusiness to share fileswithin anenterprise and collaborateon those files fromdifferentdevices. Thehybridenvironmentmeansthatbothon-siteandcloudstoragecanbemanagedcentrallyandrecordscanbeprogressivelyadded to thecloud.Egnytecomplieswithanumberofdata securityandprivacystandards,includingHIPPAandISO/IEC27001:2013.

R&D Functional ity present R&D Functional ity lacking or unverif ied

PrivacyandSecurityConsiderations(Questions1-3)Serversareauditedannually;contentisencryptedintransitandatrest.

PrivacyandSecurityConsiderations(Questions1,4-5)Independentauditsarenotsupported.Noinformationisgivenonthejurisdictionofphysicalandbackupservers.

ApplyingDispositionAuthorities(Questions10-11)Recordscanbelockeddownforviewingonlyandcanberetainedindefinitely.

EstablishingDispositionAuthorities(Questions6-8)Unclearifthesefunctionalitiesareoffered.Includes:indexingcapabilities,applicationofretentionperiods,automaticdestruction.

ExecutingDispositionAuthorities(Questions14-15)Recordsandtheirbackupscanbedeletedaccordingtoaschedulethroughauserdashboard.

ApplyingDispositionAuthorities(Questions9,12-13)Unsureifdispositioncanbeappliedtoaggregatesorifrecordsnotinanaggregatecanbedestroyedortransferredatafuturedate.

DocumentingDisposalActions(Questions18-19)Disposalactionsaredocumentedinprocessmetadataandareautomaticallyrecordedandreportedtoadministrator.

ExecutingDispositionAuthorities(Questions16-17)Unsureifusersarealertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements.Multipleretentionperiodscannotbetrackedforfreezeorlock.

ReviewingDisposition(Question23)Thesystemcangeneratereportsonthedispositionprocess

ReviewingDisposition(Questions20-22,24)Unsureifaggregationscanbepresentedforreviewwithrecordsmanagementmetadata,ifrecordscanbemarkedforreview/transfer/destruction,ifdecisionsinreviewarerecordedinmetadata,orifsystemisabletointerfacewithworkflow.

Integration(Question25)Metadataschemaiscompatiblewithothersystems.

Assessment:Egnyte is an appropriate service to use for integrating workflows and sharing in a collaborativeenterprise. However, for records management functionalities, it falls short of providing adequateretentionanddispositioncapabilities inthecloud.Withouttheabilitytomarkrecordsfordestruction,automaticallyapplyretentionschedules,orapplydispositiontoaggregates,organizationsusingEgnytewouldhavedifficultiesimplementingsoundmanagementpracticestotheirrecordsinthecloud.Manualdestructioncouldbecarriedout,butthis isnotthemostefficientmethodfor largeorganizations.Theinabilitytomarkaggregatesfordispositionmeansthataseparateserviceorprocesswouldberequiredtomonitorrecordsunderaparticularschedule,makingRIMworkflowsmoreconvolutedandpronetoerrors.

18

OneDrive (File Sharing & Storage)

Introduction:Microsoft’sOneDriveisafilehostingandsharingservice.Userscanuploadfilestothecloudandthensyncbetweendevices,allowing forcross-platformaccess.Userscanalsoshare their fileswithspecificpersons,orsharethempublicly.Personswithaccesstohostedcontentcandownloadthemasazipfile.Thefilehostingcanbeaccomplishedthroughawebbrowseroradesktopapplication.Increasedstoragespaceisavailableforpurchase,upto1TB.

R&D Functional ity present R&D Functional ity lacking or unverif ied

PrivacyandSecurityConsiderations(Questions1-2,4-5)Thevendorallowsindependentauditsofsystemsandprocesses.Contentisencryptedintransittothecloud.Physicalandbackupserversarelocatedinmultiplejurisdictions.

PrivacyandSecurityConsiderations(Question3)Contentisnotencryptedatrestinthecloud

EstablishingDispositionAuthorities(Question7)Retentionperiodscanbeappliedmanually

EstablishingDispositionAuthorities(Questions6,8)Usertaxonomyforindexingisnotoffered.Destructioncannotbeautomated.

ApplyingDispositionAuthorities(Questions10-13)Recordscanbelockeddownforviewingonlyandretainedindefinitely.Recordsnotinanaggregationcanbedestroyedortransferredatafuturedate.

ApplyingDispositionAuthorities(Question9)Dispositioncannotbeappliedtoaggregationsofrecords.

ExecutingDispositionAuthorities(Questions14-15)Recordsandtheirbackupscanbedeletedaccordingtotheirretentionscheduleifdonemanually.

ExecutingDispositionAuthorities(Questions16-17)Usersarenotalertedtoconflictsrelatedtolinksbetweenrecordswithdifferentretentionperiods.Multipleretentionperiodscannotbetrackedtofreeze/lockforlegalpurposes.

DocumentingDisposalActions(Questions18-19)Disposalactionsarenotdocumentedinmetadatanoraretheyautomaticallyrecordedandsenttotheadministratorasareport.

Reviewingdisposition(Questions20-24),Aggregationsarenotpresentedforreviewwithmetadata,andactionsduringreviewarenotrecorded.System-generatedreportsondispositionarenotoffered.Recordscannotbemarkedforfutureaction.Interfacingwithexistingworkflowsisnotoffered

Integration(Question25)metadataschemasarenotcompatiblewithothersystems

Assessment:MicrosoftOneDriveisbestsuitedforpersonalfileorganizationandsharing.Userswithmultipledeviceswill find theserviceuseful in its sync functionsandability tousecontacts in theWindowsaccount tosharefiles.IndividualscanalsoknowthatinformationstoredinOneDriveissecureandencrypted,anddeleted records can be easily recovered. However, the lack of automated records managementfunctionalities or compatible metadata schemas means that this service is not ideal for largerorganizationsorpublicagenciesneedingtocomplywithlegaldemands.Institutionswithalargevolumeofrecordswouldhavedifficultymanuallycarryingoutretentionscheduleswithouttheability tomarkaggregates or even individual files as having a particular retentionperiod.Without these capabilities,OneDriveshouldnotbeadoptedbygovernmentorotherlargeorganizations.

19

Amazon Web Services (IaaS/PaaS/Managed Services)

Introduction:AmazonWebServices (AWS) isa securecloudservicesplatform thatoffers computepower,databasestorage,contentdeliveryandotherfunctionalitiestohelporganizationsscaleandgrow.R&DFunctionalityPresent R&DFunctionalityLacking/Unverified

PrivacyandSecurityconsiderations(questions2&3)allowforcontentencryptedwhileintransitandatrestinthecloud.

PrivacyandSecurityconsiderations(questions1,4&5)donotallowforindependentauditsofsystemsandprocesses,physicalserversandbackupserverslocatedinapprovedjurisdictions.

Dispositionauthorities(questions7-11&14)aresupportedinlargerpart,retentionperiodscanbeapplied,destructioncanbeautomated,dispositionauthoritymaybeappliedtoaggregationsofrecords,recordsmaybelockeddownforviewingonlyandretainedindefinitely,recordscanbedeletedaccordingtoaretention/dispositionschedule.

Thefollowingissueswithdispositionauthoritiesarenotsupported(question6,12,13&15-17):Indexingcapability,recordsnotinanaggregationbedestroyedortransferredatafuturedate,backupsbedeletedaccordingtoaretention/dispositionschedule,usersalertedtoconflictsrelatedtolinksfromrecordsandifmorethanonedisposalauthorityisassociatedwithaggregationcanthesemultipleretentionrequirementsbetrackeddowntoallowmanualorautomaticlockorfreeze.

Thefollowingdisposalactionsandreportsfeaturesarenotsupported(questions18-24):disposalactionsdocumentedinprocessmetadata,disposalactionsareautomaticallyrecordedandreportedtoadministrator,electronicaggregationspresentedforreviewsobothcontentandrecordsmanagementmetadatacanbereviewed,recordsmarkedfordestruction,transferorfurtherreview,decisionsmadeduringreviewstoredinmetadata,systemgeneratereportsonthedispositionprocess,abilitytointerfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocessesprovidedorsupported

Metadataschemaiscompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoenableintegration(question25).

Assessment:AmazonWebServicesoffersbasicstorageanddataarchivingoptionswithstrongencryption.However,when it comes to retention and disposition, the primary focus is on disposition authorities such asappliedretentionperiods,automateddestructionofrecordsandindefiniteretention,withoutallowingforreview,integration,orretentionanddispositionofaggregations.

20

Introduction:CenturyLinkisthethirdlargesttelecommunicationscompanyintheUnitedStatesandisrecognizedasaleader in the network servicesmarket by technology industry analyst firms. The company is a globalleader in cloud infrastructure and hosted IT solutions for enterprise customers. CenturyLink providesdata, voice andmanaged services in local, national and select internationalmarkets through its highqualityadvancedfiberopticnetworkandmultipledatacentersforbusinessesandconsumers.

R&DFunctionalityPresent R&DFunctionalityLacking/Unverified

Privacyandsecurityconsiderations(questions1-5)allowfor:independentauditsofsystemsandprocesses,encryptedcontentwhenintransitandrestinthecloud,physicalandbackupserversarelocatedwithinapprovedjurisdictions.

Thefollowingissueswithdispositionauthoritiesarenotsupported(questions16-17):usersalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregations,multipleretentionrequirementscanbetrackedtoallowthemanualorautomaticlock/freezeontheprocess.

Dispositionauthorities(questions6-15)aresupportedinlargerpart,accommodatecustomerstaxonomyforindexing,appliedretentionperiods,automateddestructionofrecords,recordscanbelockedforviewing,dispositionauthorityareappliedtoaggregationsofrecords,recordsmayberetainedindefinitely,nonaggregatedrecordsmaybedestroyedortransferredatafuturedate,recordsandbackuprecordsmaybedeletedaccordingtoretentionschedule.

Disposalactionsandreports(questions20-22,24)arenotsupported:electronicaggregationsarepresentedforreviewalongwiththeirrecordsmanagementmetadata,recordsmaybemarkedfordestruction,transferorfurtherreview,theabilitytointerfacewithworkflowfacilitytosupportscheduling,reviewandexporttransferprocessesprovidedorsupport.

Disposalactionsandreports(questions18,19&23)aresupported:disposalactionsaredocumentedinprocessmetadata,disposalactionsmaybeautomaticallyrecordedandreported,systemmaygeneratereportsonthedispositionprocess.

Metadataschemaisnotcompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoenableintegration(question25).

Assessment:CenturyLink provides most services for retention and disposition actions and should be a strongcontenderwheninvestigatingvendors.Theyfulfillalltheservicesinprivacyandsecurityandallbuttwodispositionauthorities.

Century Link (Tier3) (IaaS/PaaS/Managed Services)

21

Introduction:GoGrid is the world's first multi-cloud-server control panel that enables customers to deploy andmanage on-demand server hosting.Datapipe, a global leader inmanaged hybrid IT solutions for theenterprise, has recently acquired GoGrid. GoGrid’s proprietary orchestration and automationtechnologiesareuniqueinthemarket,providing1-ButtondeploymentforBigDatasolutionsthatspeedcreationandresultsofnewcloudprojects. R&DFunctionalityPresent R&DFunctionalityLacking/Unverified

Theonlyprivacyandsecurityconsiderationpresentisindependentauditsofsystemsandprocesses(question1).

Privacyandsecurityconsiderationsnotsupported:contentencryptedwhenintransitandatrestinthecloud,physicalandbackupserverslocatedinapprovedjurisdictions(questions2-5).

Dispositionauthoritiesaresupportedbyindexingcapability,appliedretentionperiods,recordsthatcanbelockeddownforviewingonlyandbackupscanbedeletedaccordingtoretention/dispositionschedule(questions6,7,10&15).

Dispositionauthoritiesnotsupportedareautomateddestructionofrecords,dispositionauthoritybeappliedtoaggregationofrecords,recordretainedindefinitely,recordsnotinaggregationbedestroyedortransferredatafuturedate,recordsbedeletedaccordingtoretention/dispositionschedule,usersalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationthathavedifferentdispositionrequirements,multipledisposalauthoritiesareassociatedwithanaggregationofrecords(Questions8,9,11-14,16&17).

Therearenodisposalactionsorreportsthataresupported:disposalactionsdocumentedinprocessmetadata,alldisposalactionsbeautomaticallyrecordedandreportedtoanadministrator,electronicaggregationspresentedforreview,recordsmarkedfordestruction,transferorfurtherreview,alldecisionsmadeduringreviewstoredinmetadata,systemgeneratereportsonthedispositionprocess,theabilitytointerfacewithworkflowfacilitytosupportscheduling,reviewandexporttransferprocess(questions18-24).

Metadataschemaisnotcompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoenableintegration(questions25).

Assessment:GoGrid/DataPipe offers very few retention and disposition functions. They specialize in basic datastorageandprovideascalableandreliablefile-levelbackupservice.Thefollowingistheresponsibilityof the customer: encryption in transit, encryption at rest, securedatadeletion, databackup, securityaudits,managingandmonitoringthefirewallservice,andmore.

GoGrid/Datapipe (IaaS/PaaS/Managed Services)

22

Rackspace (IaaS/PaaS/Managed Services)

Introduction:RackspaceInc.isamanagedcloudcomputingcompanybasedinWindcrest,TX.Theyhavetwoprimarylines of business: Cloud Servers and Dedicated Servers. Rackspace helps design, build, and operateworkloadsacrossbothenvironmentsdependingontheindividualneedsofthecustomer.R&DFunctionalityPresent R&DFunctionalityLacking/Unverified

Privacyandsecurityconsiderationssupportedareindependentauditsofsystemsandprocesses,contentisencryptedwhenintransitandatrestinthecloud(questions1-3).

Privacyandsecurityconsiderationsnotsupported:physicalandbackupserverslocatedwithinanapprovedjurisdiction(questions4-5).

Dispositionauthoritiessupportedareindexingcapabilities,appliedretentionperiods,automateddestruction,dispositionauthorityappliedtoaggregationsofrecords,lockeddownrecordsforviewingonly,recordsretainedindefinitely,recordsnotinaggregationcanbedestroyedatafuturedate,recordsandbackupscanbedeletedaccordingtotheretentionschedule(questions6-12,14-15).

Dispositionauthoritiesnotsupported:recordsnotinanaggregationbetransferredatafuturedate,usersalertedtoconflictsrelatedtolinksfromrecordstobedeletedtoothersrecordsaggregationsthathavedifferentrecordsdispositionrequirements,multipleretentionrequirementsbetrackedtoallowmanualorautomaticlock(questions13,16-17).

Disposalactions&reportssupported:disposalactionsdocumentedinprocessmetadata,disposalactionsareautomaticallyrecordedandreportedtotheadministrator,recordsmarkedfordestruction,transferandfurtherreview,decisionsmadeduringreviewstoredinmetadata,systemcangeneratereportsonthedispositionprocess,abilitytointerfacewithworkflowfacilitytosupportscheduling,reviewandexporttransferprocesses(questions,18-19,21-24).

Metadataschemaiscompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoenableintegration(question25).

Assessment:Rackspaceisanapplicationspecificarchivevendor.Theserviceofferssolutionstailoredtoapplicationdata,specificallyemailarchiving.UsingRackspacewouldrequiresomesetupworktointegratewiththecustomer’s email software, but no additional software or hardware is needed. Rackspace uses itsexistinginfrastructureasarepositoryfordatastorage.Additionally,aprivatecloudcanbehostedattheclient'sowndatacenter,inapartnerdatacenter,oratRackspace.Archivedemailcanbeaccessedfromanywebbrowser.Redundantstorageisusedforemailretention,andninecopiesofeachmessageareheld across multiple data centers. Users can locate and recover deleted emails. Their securitymanagementmodelisbasedonthe'Plan,Do,Check,Act'modelasrecommendedbyISO27001.

23

CloudNine (Litigation Support and eDiscovery) Introduction:CloudNine is a Software as a Service (SaaS) online eDiscovery tool.Marketed towards law firms andlarge corporations, the service lets users upload data, automatically convert and process, and thenreview their discovery data. CloudNine is meant to reduce the duration of eDiscovery reviews andoutsourcingforprocessing. R&D Functional ity present R&D Functional ity lacking or unverif ied

PrivacyandSecurityConsiderations(Questions2-3)Contentisencryptedatrestandintransittothecloud

PrivacyandSecurityConsiderations(Questions1,4-5)Itisunverifiedwhetherthevendorallowsindependentaudits.Jurisdictionforphysicalandbackupserversmayormaynotbeinapprovedlocations.

ApplyingDispositionAuthorities(Question10)Recordscanbelockeddownforviewonly

EstablishingDispositionAuthorities(Questions6-8)Unsureifvendorallowsforindexing,applicationofretentionperiods,orautomateddestruction.

ApplyingDispositionAuthorities(Questions9,11-13)MostofthisisoutofscopeforaneDiscoverytool.Thefollowingfunctionalitiesareunverifiedornotoffered:dispositionsappliedtoaggregates,indefiniteretention,recordsnotinanaggregationcanbedestroyedortransferredinthefuture.

ExecutingDispositionAuthorities(Questions14-17)Questions14and15(canrecordsandbackupsbedeletedaccordingtotheretentionschedule)arebothoutsideofthescopeofCloudNine’spurpose.Usersarenotalertedtoconflictsrelatedtodifferentretentionperiods,andretentionperiodscannotbetrackedtofreezeorlocktheprocess.

DocumentingDisposalActions(Questions18-19)Unclearifactionsaredocumentedinmetadataorifactionsareautomaticallyrecordedandsenttoadministrator

ReviewingDisposition(Questions20-24)Thesefunctionalitiesareoutofscopefortheservice.

Integration(Question25)Unsureifmetadataschemaiscompatiblewithothersystems

Assessment:CloudNineisaspecializedtoolforlitigationanddiscoverypurposes,andthereforehaslessofafocusonretentionanddispositionorlong-termstorage.Fororganizationssuchaslawfirmsorcorporationsatarisk for litigation, this isaneffective tool for facilitatingeDiscovery inanorganizedway.However, fororganizationsseekingtostoretheentiretyoftheirinstitutionalrecordsinthecloud,thisserviceshouldonlybesupplementary.

24

NextPoint (Litigation Support and eDiscovery)

Introduction:NextPoint is litigation support software foreDiscovery. It is focusedon collectingemail, socialmedia,andwebsitesforuseinlitigation.Thedataiscollected,thenimagedandindexedforuserstoreviewforlitigation.NextPointprovidescollaborationfunctionalitiesandavarietyoftagging,indexing,andsearchcapabilities.ThemodulesofNextPointare:Collect,Analyze,Review,Exchange,andPreparation.EachoftheseisaimedataspecificstepofeDiscoveryandlitigationprocesses. R&D Functional ity present R&D Functional ity lacking or unverif ied

PrivacyandSecurityConsiderations(Questions2-3)Contentisencryptedintransitandatrestinthecloud.

PrivacyandSecurityConsiderations(Questions1,4-5)Unsureifindependentauditsarepermitted.BackupandphysicalserversareprovidedthroughAmazonWebServices,whichhasdatacentersinmultiplejurisdictions.

EstablishingDispositionAuthorities(Question6)Someindexingcapabilitiesaresupported.UsertaggingandsearchesforeDiscoveryareoffered.

EstablishingDispositionAuthorities(Questions7-8)Unclearifretentionperiodscanbeapplied.Destructioncannotbeautomated.

ApplyingDispositionAuthorities(Question10)Recordscanbelockeddownforviewingonly.

ApplyingDispositionAuthorities(Questions9,11-13)MostdispositionfunctionsareoutofscopeforNextpointasaneDiscoverysoftware.Applicationofdispositionauthoritiestoaggregates,indefiniteretention,anddestructionortransfersofrecordsnotinanaggregateareallfunctionalitieswhichareeithernotofferedornotverified.

ExecutingDispositionAuthorities(Questions14-17)ThesefunctionalitiesarealloutofscopeforNextpoint:deletionofrecordsandbackupsaccordingtoaretentionschedule,useralertsforconflictsbetweendifferentretentionperiods,andtrackingorlockingmultipleretentionperiods.

DocumentingDisposalActions(Questions18-19)Disposalactionsarenotdocumentedinprocessmetadata.Actionsarenotautomaticallyrecordedandsenttoadministrator

ReviewingDisposition(Questions20-24)ThesecapabilitiesareoutofscopeforNextpoint:Presentingcontentandmetadataofaggregatesforreview,markrecordsforfuturereview/transfer/destruction,reviewdecisionsstoredinmetadata,system-generatedreportsondisposition,abilitytointerfacewithworkflow.

Integration(Question25)Themetadataschemaisnotcompatiblewithothersystems.

Assessment:Asalitigationsoftwaresolution,NextPointshouldnotbeusedasthesolecloudproviderofaninstitution.NextPointhasfunctionalitiesspecifictoeDiscoveryneedswhichmakesitusefulforlawfirmsandorganizationsthatareatriskforlitigation.However,whenitcomestostoringandapplyingretentionanddispositionschedulestoanorganization’srecords,adifferenttypeofcloudprovidershouldbeused.NextPointdoesnotprovidesignificantstorageorrecordsmanagementfunctionalitiesduetothenatureofitsservices.

25

Introduction:Archivematica is a standards-based, open-source preservation system for long-term access totrustworthy,authentic,andreliabledigitalcontent.ItcomplieswiththeISO-OAISfunctionalmodel,andall of its functions take place within a web-based dashboard accessed through a web browser.Archivematica interacts with other software (e.g., Archivist Toolkit). Access toMemory (AtoM) is itsarchives catalog andde factodisseminationplatform. It runson Linux and canuse a local or a cloudserviceprovidersuchasMicrosoftAzuretohostdata. R&D Functional ity present R&D Functional ity Lacking or Not Applicable

ArchivematicadoessupportQuestions1,4-5inthePrivacy&SecurityConsiderationscategory.Archivematicaallowsindependentauditsofsystemsandprocesses.Physicalserversandbackupserverscanbelocatedinajurisdictionapprovedfortheorganization,sinceAIPsarestoredintheclient’spreferredrepository.

Archivematicadoesnotprovideencryptionforcontentintransittooratrestinthecloud(Questions2-3,Privacy&SecurityConsiderations).

Archivematicadoesallowrecordstoberetainedindefinitely,DispositionAuthorities(Question11).

Dispositionauthorities,questions6through17,withtheexceptionof11,arenotsupportedbyArchivematica—thisincludesindexingcapabilities,applyingretentionanddestructionrules,andlockingdowncontentforviewingonly,retainingrecordsindefinitely,anddestroyingortransferringrecordsatafuturedate.Recordsandbackupscannotbedeletedaccordingtotheretention/dispositionschedule,usersarenotalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationswithdifferentretentionrequirements,andmultipleretentionrequirementscannotbetrackedtoallowmanualorautomaticlockorfreezeonthedispositionprocess.

Question20,DisposalActions&Reports,asksifelectronicaggregationsarepresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformation.Theresponseis“partial.”

Question18-19,21-24,DisposalActions&Reportsarenotsupported.Disposalactionsarenotdocumentedinprocessmetadataorautomaticallyrecordedandreportedtotheadministrators.Recordscannotbemarkedfordestruction,transfer,orfurtherreview.Decisionsmadeduringreviewarenotstoredinmetadata.Thesystemdoesnotgeneratereportsonthedispositionprocess.Theabilitytointerfacewithworkflowfacilitytosupportscheduling,review,andexporttransferprocessesarenotprovidedorsupported.

Themetadataschemaiscompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystemstoallowintegration(Question25).

Assessment:Archivematica is designed for long-term preservation and therefore does not support dispositionauthorities or most disposition actions. Records managed through this OAIS-compliant preservationsystem would have to be retrieved through a Dissemination Information Package for production inresponse toeDiscovery. This is a verygood solution fororganizationswith the technical expertise toinstall Archivematica and associated software. But it focuses on only one segment of the recordslifecycle:dispositionthroughpreservation.

Archivematica (Long-Term Digital Preservation) – Verified

26

Introduction:ArchivesDirect is an open-standards, hosted solution that combines the Archivematica preservationworkflow toolwith archival cloud storage andpreservation service fromDuraSpace.Users access thesuite of digital preservation functions via an online dashboard. Archivematica produces standardized,interoperable Archival Information Packages, automatically transfers AIP packages to DuraCloud forlong-term secure archival storage. Some key features available in ArchivesDirect include assigningpermanent identifiersandchecksums,viruschecking, identifyingandvalidatingfileformats,extractingtechnical metadata, normalizing files upon ingest to preservation-friendly formats, and generatingdetailedPREMISandMETSmetadatatofacilitateinter-repositorydataexchange.R&D Functional ity present R&D Functional ity lacking OnlyoneDispositionAuthorityfeatureissupported(Question11).Recordscanberetainedindefinitely.

Privacyandsecurityfeaturesareeitherunknown(auditsandstoragelocationdependentupontheuser)orlacking(encryptionwhenintransittothecloudandwhenatrestinthecloud).

Disposalactionsaredocumentedinprocessmetadata(Question18)..

Dispositionauthorities(questions6-17)arenotsupportedexceptforquestion11.Indexingcapabilityisnotpresent,retentionperiodscannotbeapplied,destructioncannotbeautomated,retentionanddispositionspecificationscannotbeappliedtoaggregationsofrecords,recordscannotbelockeddownforviewing,andrecordsandbackupscannotbedeletedaccordingtoretentionanddispositionrequirements.Usersarenotalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootheraggregationsthathavedifferentrecordsdispositionrequirements.Ifmorethanonedisposalauthorityisassociatedwithanaggregationofrecords,multipleretentionrequirementscannotbetrackedtoallowautomaticormanuallockorfreezeontheprocess.

Themetadataschemas(METSandPREMIS)arecompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementSystems,makingIntegrationpossible.

ExceptforQuestion18(disposalactionsdocumentedinprocessmetadata),noneofthedisposalactionsandreportsfunctionalitiesarepresent,includingautomaticrecordingofdisposalactionsandreportingtotheadministratorandmarkingrecordsfordestruction,transfer,orfurtherreview.Decisionsmadeduringreviewarenotstoredinmetadata,thesystemdoesnotgeneratereportsonthedispositionprocess,andthesystemdoesnotinterfacewithworkflowtosupportscheduling,review,andexporttransferprocessesprovidedorsupported.

Assessment:Thissolutionislimitedinscope.Recordsmanagementfeaturesarenotaddressedwiththeexceptionofthefacttherecordscanbeingestedandretainedindefinitely,agoaloflong-termstorage.Objectscanbeaccessedorremovedfromtherepository.Disposalactionsaredocumentedinprocessmetadata,andintegration ispossiblebasedonthemetadatastandardsused. Thisopen-sourcesolution is suited forlong-termpreservationbasedon the archival storage and access features available.However, it doesnot include retention and disposition functionality. Other solutions should be investigated to enableretentionanddefensibledeletionofrecords.Note:Lateentry;notincludedinthegapanalysisinAppendixB.

ArchivesDirect ( Long-Term Digital Preservation) - Verified

27

Introduction:Preservica provides digital preservation technology, consulting services, and research products.Preservicaisalsothenameofthethecompany’sdigitalpreservationandaccesssoftwarebasedonthetrusted digital repository standard ISO 14721- Open Archival Information System (OAIS) – ReferenceModel. In addition to providing compliant workflows for ingest, data management, storage, access,administration,andpreservation,itprovidesaUniversalAccessmodulethatallowscontenttobesharedwiththepublic.ThecompanyhasofficesinboththeUnitedKingdomandtheUnitedStates.

R&D Functional ity present R&D Functional ity either not appl icable or lacking

Privacy&SecurityConsiderations(Questions1-3)revealthatPreservicaallowsindependentauditsandencryptscontentintransitandatrest.

Privacy&SecurityConsiderations(Questions4-5).PhysicalserversfortheOAIS-compliantsoftwarearelocatedinregionsinboththeUSandUK.However,physicalserversmaybelocatedoutsideofajurisdictionapprovedforyourorganization.

DispositionAuthorities(Questions6-14).Indexingofcustommetadataisavailableonalleditions(CE,SE,EE)fromPreservicav5.6asofFebruary2016.Retentionperiodscanbeappliedtocontent,anddestructioncanbeautomated.Adispositionauthority(retentionanddispositionspecifications)canbeappliedtoaggregationsofrecords.Recordscanbelockeddownforviewingonlyandcanberetainedindefinitely.Recordsnotinanaggregationcanbedestroyedortransferredatafuturedate.Recordscanbedeletedaccordingtoaretention/dispositionschedule.

DispositionAuthorities(Questions15-17).PreservicaCloudEditionstoresmetadatainAmazonRDSanddigitalcontentineitherAmazonS3orlower-costAmazonGlacier.PreservicaStandardandEnterpriseEditionscanstorecontentonacustomer’slocalstoragearrayaswell.Alleditionsincludea“CopyHome”featuretosavecollectionstoanexternalFTPserver.Backupscannotbedeletedaccordingtoaretention/dispositionschedule.Usersarenotalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements.Ifmorethanonedisposalauthorityisassociatedwithanaggregationofrecords,multipleretentionrequirementscannotbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess(ex.,Freezeforlitigationorfreedomofinformationrequest).

DisposalActions&Reports(Questions18-24)aresupported.Thisincludesdocumentingdisposalactionsinprocessmetadataandautomaticallyrecordingandreportingdisposalactionstotheadministrator.Electronicaggregations,theirrecordsmanagementmetadata,anddisposalauthorityarepresentedforreview.Recordscanbemarkedfordestruction,transfer,andfurtherreview.Alldecisionsarestoredinmetadata,andthesystemcangenerateareportonthedispositionprocess.Workflowfacilityispresenttosupportscheduling,review,andexporttransferprocesses.

Integration(Question25).PreservicasupportsCMISinterfaceforinteroperability.Preservicaisalsoschemaagnosticmakingiteasytointeroperatewithothersystems,suchasSharePoint,Outlook,ContentDM,PastPerfect,LotusNotes,Gmail.

Assessment:Designed for long-termdigitalpreservationbasedontheOAIS referencemodel,Preservica recognizesthat long-termmaybeasbriefa10yearsdueto technologyrefreshcycleacceleration.Thisdemandstheabilitytosetretentionschedules,arecentlyaddedfeature inPreservica. PreservicaCloudEditionsupportsalmostallofthefunctionality identifiedforretentionanddisposition inacloudenvironmentwithinalong-termtrusteddigitalrepository.

Preservica – ( Long-Term Digital Preservation) - Verified

28

Introduction:CollabwareCLMisdesignedspecificallytoextendtheRecordsManagementfunctionalityofMicrosoft’sSharePoint.CollabwareCLMallowsfullrecordsmanagementcapability,includingauto-declarationandauto-classification.Unfortunately,SharePointOnlineisnotsupportedwiththisproduct.However,thisproductisincludedhereforSharePointOnlineuserssotheycanmonitorthefurtherdevelopmentofanewoffering,Collabspace,whichatthetimeofthiswriting,can integratewithSharePointonpremiseandSharePointOnline.Currently itenables real-timechat, collaborationand file sharingwith internalandexternalteammemberswithoutleavingMicrosoftOutlook.Accordingtothevendor,their“targetisto have complete feature parity between Collabware CLM for SharePoint 2010/2013/2016 andCollabspaceforSharePointOnlinebytheendofthe2016calendaryear”(Sibley,email2016,February23).ViewtheassessmentbelowtheCollabwareCLMFunctionalityTable,whichshouldbemirrored inCollabspacewhenitisreleased.

R&D Functional ity present R&D Functional ity lacking

DispositionAuthorities(Questions6-15and17)aresupportedinCollabware.Thisincludesindexingcapabilities,applicationofretentionperiods,automationofdestruction,applicationofdispositionauthoritytoaggregationsofrecords,lockdownforviewing,retainingrecordsindefinitely,anddestroyingandtransferringrecordsinanaggregationatafuturedate.Recordsandbackupscanbedeletedaccordingtotheretention/dispositionschedule.Inaddition,iforethanonedisposalauthorityisassociatedwithanaggregationofrecords,multipleretentionrequirementscanbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess.

DispositionAuthorities(Question16).Usersarenotalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements.(Note:ThiswillbepossibleinCollabspace)

DisposalActions&Reports(Questions18-19and21-24)aresupported.Thisincludesdocumentingdisposalactionsinprocessmetadata;recordingandreportingdisposalactionstotheadministrator;markingrecordsfordestruction,transfer,andfurtherreview;storingalldecisionsinmetadata;generationreportsonthedispositionprocess;andinterfacingwithworkflowfacilitiestosupportscheduling,review,andexporttransferprocesses.

DisposalActions&Reports(Question20).Electronicaggregationsarenotpresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed.(Note:ThiswillbepossibleinCollabspace)

Integration(Question25).Metadataschemaiscompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystems.

Assessment:Organizationsthatseektodemonstratecompliancewiththeirownorganization’srecordsmanagementpolicy should consider an extension such as Collabware CLM to add functionality not present inSharePoint.Privacyandsecurityissuesarenotaddressedforthisproduct,sincethedecisionsrelatedtoencryption, jurisdiction of primary and backup servers, and auditing of the system—in this caseSharePoint—are related to the implementation of the ECM and not the Collabware third-partyextension.Since thestartof thisprojectand the initial reviewofCollabwareCLM,anewproducthasemerged,Collabspace.

Collabware CLM (RM Extender) – Verified

29

Introduction:TheGimmal Compliance Suite forMicrosoft SharePoint. This suite is Department of Defense 5015.2Certified for SharePoint 2010 and 2013 to ensure compliancewith regulations or best practices. TheFunctionality listed below relates to the functions that can be added to On-premise SharePointinstallations. A second product, Gimmal Records-as-a-Services for Microsoft® Office 365, providessimilarfunctionalityforMicrosoftOffice365(thecloudversionofMSOffice).

R&D Functional ity present R&D Functional ity lacking

DispositionAuthorities(Questions6-15and17)aresupportedinCollabware.Thisincludesindexingcapabilities,applicationofretentionperiods,automationofdestruction,applicationofdispositionauthoritytoaggregationsofrecords,lockdownforviewing,retainingrecordsindefinitely,anddestroyingandtransferringrecordsinanaggregationatafuturedate.Recordsandbackupscanbedeletedaccordingtotheretention/dispositionschedule.Inaddition,iforethanonedisposalauthorityisassociatedwithanaggregationofrecords,multipleretentionrequirementscanbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess.

DispositionAuthorities(Question16).Usersarenotalertedtoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements.

DisposalActions&Reports(Questions18-19and21-24)aresupported.Thisincludesdocumentingdisposalactionsinprocessmetadata;recordingandreportingdisposalactionstotheadministrator;markingrecordsfordestruction,transfer,andfurtherreview;storingalldecisionsinmetadata;generationreportsonthedispositionprocess;andinterfacingwithworkflowfacilitiestosupportscheduling,review,andexporttransferprocesses.

DisposalActions&Reports(Question20).Electronicaggregationsarenotpresentedforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed.

Integration(Question25).Metadataschemaiscompatiblewithothersystems,suchasEnterpriseContentManagementorRecordsManagementsystems.

Assessment:Encryption, jurisdictionofprimaryandbackupservers,andauditingof thesystem—inthiscaseOffice365/SharePoint—are related to the implementation of the ECM and not the third-party extension.GimmalAdvancedContentRetentionRulesalloworganizationstoimplementamanage-in-placerecordsstrategywithcentralized,robust,andhighlygranularretentionpoliciesforO365content.Theproductprovides search,discovery, and legalholds toenable litigationpreparedness andenforce compliance.Gimmal enhances the records management features of SharePoint on premise and Office365/SharePointOnline.

Gimmal Compliance Suite for Microsoft SharePoint (RM Extender) – Verified

30

6.2Phase2:UserFeedbackTo understand the records retention and disposition challenges for the organization, it isnecessarytoviewtheissueofcloudcomputingfromtheperspectiveoftheuser.Theresearchteam conducted an online survey of records and information management professionals todeterminetheirinvolvementwithrecordsinthecloudandtheirunderstandingofretentionanddisposition functionalityavailableor lackingwithin thecloudservicesandproductsemployedbytheenterprise.6.2.1ParticipantinformationandexperiencewithcloudservicesMembersofARMAInternationalwereinvitedtoparticipateinanonlinesurveythroughemailannouncementssenttomembersaswellaspostsinsocialmediaaccounts.ThefirstinvitationtoparticipatewassenttoallARMAmembersonFebruary5,2015.ThesurveywasclosedonMarch 15, and a total of 168useable responseswere received. Themajority of respondents(60.84%) were identified as records managers, followed by information governanceprofessionals (10.24%). The majority of respondents worked in the government sector(37.13%), those who work in professional and technical services and finance and industryfollowed at 8.98% and 8.38%. Organizations with less than 1,000 employees made wererepresented by 49.09% of the respondents. Organizations with more than 5,000 employeesmadeup26.67%followedcloselybythosewith1,000to5,000at24.24%.Of the 168 respondents, ninety-seven (57.74%) indicated their organization employed cloudservices,forty(23.81%)indicatedtheirorganizationsdidnot,andtwelve(7.14%)didnotknowifcloudserviceswereinusebytheirorganization.Theuseofcloudcomputingwasarelativelynewphenomenonasreportedbyrespondents.Oftheninety-seventhatansweredyes,only25percenthaduseditformorethanthreeyears;56.82percentstatedtheyuseditbetweenoneand three years, and 13.64 percent used it less than one year. The remaining respondentsindicatedtheydidnotknowtheanswertothisquestionordidnotrespond.6.2.2RetentionanddispositionpoliciesandpracticesAnumberofquestionswereaskedrelatedtoretentionanddispositionpoliciesandpractices,as summarized in Figure 1. Although ninety-seven respondents indicated their organizationemployed cloud services, not all felt theywere in aposition to respond toquestionson thistopic. The three “decline to respond” selections were included with the “no response”selections.

31

Figure 1: Retention and Disposition responses to survey of records and information management professionals.

The findings indicated that although an overwhelming majority of respondents stated theirorganizations have retention and disposition policies in place, and almost half have contentconsideredasevidenceofactivitiesortransactionsstoredinthecloud,onlyapproximatelyone-quarterbelievethevendortermsandconditionsareconsistentwiththeirorganization’sgoalsandobjectivesforretentionanddisposition.Underone-quarterof survey respondents indicated retentionanddispositions considerationswereincludedwhenselectingcloudservices.Inaddition,onlyapproximately14percentoftherespondents indicated that their organizationperformeddispositionof content stored in thecloud,withsomeremarkingthattheretentionperiodforcontentresidinginthecloudhadnotyetbeenmet.6.2.3BasiccloudsecurityrequirementsAlthough not an indicator of retention and disposition functionality, organizations mustconsiderbasiccloudsecurityrequirementsbeforeenteringintoagreementswithcloudserviceproviders. Users were asked five questions related to data encryption, auditing of vendorsystemsandservices,andjurisdictionwithinwhichcontentisstored(seeFigure2).

32

Figure 2: Basic Cloud Security Requirements Met by Cloud Vendors.

Theresponsesrevealedthatmorephysicalserversarelocatedwithinanorganization-approvedjurisdiction thanarebackupservers. Inaddition,morerespondents indicatedthatcontent isencryptedwhileintransittothecloudthanwhenatrestinthecloud.Only32%ofrespondentsstated that their cloud vendor allows the company to conduct audits, and a much smallerpercentage,3%,indicatedtheywerenotallowedtoconductaudits.Notably,alargenumberofresponsestoquestionsaboutbasiccloudsecurityrequirementswere“don’tknow.” Becausecloudcomputinghasbecomepartofanorganization’sstrategicplanningfairlyrecently,recordsandinformationmanagersmustbecomebetterinformedaboutandmoreinvolvedintheclouddecisionsinthefuture.6.2.4RetentionanddispositionfunctionalityofferedbyservicesinuseA number of questionswere directly related to retention and disposition functionality. Theresponses for each question can be found in the Executive Summary prepared for ARMAInternationalandposted to the InterPARESTrustwebsite. Responses toselectquestionsareprovided here as an indicator of the functional requirements necessary for retention anddispositionandtheperceptionsoftherespondentsrelatedtotheavailabilityofthosefeatures.Figure3illustratestheresponsestofourquestionsrelatedtodeletionfromthesystem.Inthissurvey,theterms“disposition”and“destruction”aresynonymous.

0 20 40 60 80 100 120

Doesthevendorallowyourorganizaqontoconductaudits?

Doesthevendorprovideencrypqonofcontentwhileintransittothecloud?

Doesthevendorprovideencrypqonofcontentatrestinthecloud?

Arethevendor'sphysicalserverslocatedwithinajurisdicqonapprovedforyour

organizaqon?

Arethevendor'sbackupserverslocatedwithinajurisdicqonapprovedforyour

organizaqon?

BasicCloudSecurityRequirements

Yes No Don'tKnow DeclinetoAnswer NoResponse

33

Figure 3: Responses to questions related to disposition of records.

Anumberof respondentsdidnotanswer the technicalquestions related todisposal actions,and most of those that did respond, did so by indicating “don’t know.” The question thatresulted in the largest number of “yes” responseswas a basic one, “Can records be deletedaccordingtotheretention/dispositionschedule?” Fewerrespondentsrepliedyestoasimilarquestion about copies of records on backup servers. Even fewer indicated that destructioncould be automated. The lowest number of yes responses was to the question about thesystem recognizing relationships between aggregates of records when applying dispositionactions.Defensible disposition requires that records of decisions made and actions taken aredocumented. Severalquestionswereposedrelatedtodocumentationofthosedecisionsandactions,includingthepossibilityofsuspendingdispositioninthecaseofaneDiscoveryrequest.Figure4provides a summaryof the responses to several questions related tooverriding thedispositionactionandprovidingreportsoftheactionstaken.

0 20 40 60 80 100 120

Recordsdeletedaccordingtotheretenqon/disposiqonschedule

Backupsdeletedaccordingtotheretenqon/disposiqonschedule

Destrucqonbeautomated?

Systemrecognizesrelaqonshipsbetweenaggregatesofrecordswhenapplying

disposiqonacqons?

DisposalAcTons

Yes No Don'tKnow DeclinetoAnswer NoResponse

34

Figure 4: Administrative Actions & Reports

Again,most of the respondentswho stated their organization employs cloud services eitherindicate they don’t know the answer to these questions or refrain from responding to thequestion.Ofthosethatdidrespond,thelargestnumberstatealockorfreezecanbeimposedonthedispositionprocess.ThefunctionalrequirementsevaluatedthroughthesequestionsarenecessarytocomplyingwitheDiscoveryrequests. Whentheorganization learnsthatrecordsare likely tobe requested for litigationorFreedomof Information requests, theremustbeaprocess in place to freeze the disposition process. And if records have been destroyedaccording to the organization’s polices and normal practices, proof of that processmust beproduced.The questions summarized in this section are only a selection from the full survey. Foradditionalquestionsandresponses,thereaderisdirectedtothe“RetentionandDispositionintheCloud,ExecutiveSummaryofSurveyDistributedtoMembersofARMAInternational.”7. DiscussionGartner’shype-cyclemodeloftheevolutionofcloudcomputingcharacterizestheprogressionof the technology from user and media enthusiasm through disappointment and eventualunderstanding and acceptance into productive use. After reaching the peak of inflatedexpectationsin2009onGartner’sHypeCurveforCloudComputing,cloudcomputingbeganalongdescent into theTroughofDisillusionment.This studywasconducted in2014andearly2015,whenCloudComputingwasatthelowestpointsonthehypecurve(showninFigure5).

0 20 40 60 80 100 120

Manualorautomaqclockorfreezecanbeimposedonthedisposiqonprocess.

Administratorcanchange/overridethedisposiqonacqon.

Reviewofcontentandrecordsmanagementmetadatacanbereviewedpriorto

disposiqon.

Reportgeneratedbysystemonthedisposiqonprocessarerithasbeen

performed.

AdministraTveAcTons&Reports

Yes No Don'tKnow DeclinetoAnswer NoResponse

35

Figure 5: Gartner Hype Curve for Cloud Computing compiled from annual hype cycle reports.

In addition to tracking the term “cloud computing,” specific cloud deployment models andservicemodelsarealsocharted,andGartner’s2015reportplacedbothSoftwareasaServiceand Infrastructure as a Service on an upward trajectory on the Slopeof Enlightenment.OneSaaSoffering,SalesForceAutomation,hasalreadyenteredthePlateauofProductivity.Expertspredictthatexamplesofsuccesswithcloudinitiativesbyearlyadopterswillencouragethelatemajorityandlaggardstoenterthecloudcomputingmarket(McCoy,2015).7.1Retentionanddispositionfeaturesincludedacross20originalservicesFurtheranalysiscanbeconductedbyreviewingthetwochartsinAppendixB.Aquickreviewofthe data reveals that least 70 percent of the cloud services offer the following six features.Records can be locked down for viewing only in 85 percent; records could be retainedindefinitelyin80percentoftheservices;indefiniteretentionispossiblewith80percentoftheservices:75percentoftheservicesallowrecordstobedeletedaccordingtoarecordsretentionanddispositionschedule;seventy-fivepercentprovideencryptionwhiledata is intransit;andseventypercentallowretentionperiodstobeapplied.Twenty-fivepercentorfewerofthecloudservicesinvestigatedpossessthefollowingfeatures:storing recordsmanagementdecisions inmetadata (25%),presentingelectronicaggregationsforreviewalongwiththeirrecordsmanagementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed(20%),andalertinguserstoconflictsrelatedtolinksfromrecordstobedeletedtootherrecordsaggregationsthathavedifferentrecordsdispositionrequirements(10%).

36

Thesefindingsdonotimplyafailingonthepartofthevendorsbutadifferenceinpurposethatusersmustunderstand.Archivematica,forexample,isadigitalpreservationsystemthatstoresrecordsindefinitely,sorecordsretentionschedulesarenotconsiderednecessary;however,thisfunctionalitycanbeaddedbytheuserthroughthird-partysoftware.7.2Similaritiesanddifferencesamong8categoriesofcloudservicesIt isalsoimportanttounderstandthesimilaritiesanddifferencesamongcloudservicesbasedoncategoryofserviceprovided.Forexample,twoofthethreefilesharingandstorageservices(Dropbox for Business andOneDrive for Business) allow independent audits of systems andprocesses;Egnytedoesnot.GimmalandCollabware, two recordsmanagementextendersdonotallowvendorauditsofsystems,butthatisbecausetheyextendtherecordsmanagementfeaturesinMicrosoftOffice365/SharePointOnline,whichdoesallowsuchaudits.Twoservices intheLitigationSupportandeDiscoverycategoryrankedthe lowest,withCloudNine satisfying only three of the requirements (encryption of data in transit and at rest andlockingdownrecordsforviewing)andNextPointsatisfyingthesamethreeandoneadditionalrequirement(supportofcustomer’staxonomyforindexing).These examples indicate a need to examine each cloud service in depth. There can be vastdifferencesbetweenwhatseemlikesimilarofferings.8. ResearchLimitationsDatagatheringfromvendorswaschallengingduetolackofdirectresponsesfromthemajoritycontacted and the fact that retention and disposition information was lacking from thematerialsmadepubliclyavailable.Itisclearthatmoredetailedinformationonaspectsofcloud-basedrecordsdispositionanditsdocumentationbycloudservicevendorsisneeded.Thismayalso reflect the general role of recordsmanagementwithin organizations,where complianceand eDiscovery are driving the need for cloud services. Records management features tosupport general accountability, overall workflow efficiency, and organizational memory as acomponent of an archival program framework are considered a part of a niche market.However,movement inthecloudspacetowardintegrationofproductsandservices—suchasthrough ‘connectors’ and Integration Platform as a Service cloud models—makes theimplementationofretentionanddispositionstrategiesincreasinglypossible.The user survey was disseminated to members of a records and information managementprofessional association with approximately 10,000 members, but a disappointingly lowresponse rate (1.68%) resulted. The study reveals user knowledge of cloud-based servicesemployedwithintheirorganization,butamajorityofresponsetoquestionswere“don’tknow.”Itcouldbethatrecordsandinformationmanagementprofessionalsarebehindtheircolleaguesinunderstandingtheimplicationsofcloudcomputingontheirwork.Alongitudinalstudywouldbeneededtodetermineifthisisthecase.

37

9. ConclusionsThe lack of participation by potential survey respondentsmay reflect skepticism around thepromises made for cloud computing and the inability to understand the ramifications forrecordsmanagementprograms.Thelackofinvolvementbythemajorityofsurveyrespondentsincloudcomputinginitiativesmayalsobereflectedinthefailurebycloudvendorstoaddressrecordsretentionanddispositionfunctionalitywhendescribingtheirproducts.Abetterunderstandingtheretentionanddispositionfunctionalityneededforcomplianceandpresented in cloud services on the part of both records and information managementprofessionalsandvendorswillfacilitatediscussionsthatcanhelpbothparties.Vendorswillbeable to explain clearly the retention and disposition functionality present in their cloudofferings,andorganizationswillbeabletoidentifygapsbetweenwhatisneededandwhatisofferedinordertocreatedefensibleretentionanddispositionprogramsforcontentresidinginthecloud.9.1BestPracticesforRetentionandDispositioninacloudenvironmentAdefensibleretentionanddispositionpolicymustincluderecordsandinformationstoredinacloudenvironment.Gapsbetweenfunctionalityavailableinthecloudandtherequirementsforcompliancemustbeunderstood.Stepsmustbetakentomitigaterisksrelatedtothosegaps.Achecklist such as the one used in this study can assist in the evaluation process. Thoseretention and disposition features offered will vary depending on the type of cloud servicemodelemployed.The decision to move to employ a cloud service should include communication among thepotential service provider, upper level management with decision-making authority, IT, andRIM professionals. Planning and preparation is an essential but sometimes ignored step inmovingtothecloud.OrganizationsneedtobalanceneedsforRIMfunctions, ITcapacity,andcostindecidingonacloudprovider.9.2RecommendationsforVendorsVendors should bemore open and transparent about the exact offerings of their products.Most include terms suchas “security”or “flexibility” todescribe functionality,withoutgivingmore specific capabilities. Descriptions of functionality are particularly lacking for recordsmanagement features.Vendorsshouldbemoreawareof recordsmanagement requirementsandpromoteinformedclientelebymakingexistingfunctionsmoreapparent.Websitedesignisan importantpartofthisaswell; it isnotalwaysclearwhereonecanfind informationaboutspecific functionalities, and itmaymean that a downloadable pdf that resides behindmanynestedlinksistheonlywaytofindthatinformation.Vendor awareness of records management concerns is essential when providing recordsservices. Providing information to clientsabout featuresavailable toaddress theseconcernscangiveusers confidence invendor servicesandavoidpossible legal fallout if complianceorprivacy protection requirements are neglected. If vendors make records management

38

functionalitiesmore obvious, then itwill also bemore obvious to organizations that recordsmanagersshouldbeconsultedaboutclouddecisions.Vendors should consider how they can provide a degree of control over retention anddispositiontotheirclients.Theformwhichthistakesmayvarybetweenvendors;however,allinformation stored in the cloud should be connected in a clear and substantial way to theclient’stoolssuchasclassificationschemesandretentionschedules,anddispositionshouldbecomplete,guaranteed,anddocumented.Most of the vendors gave generalized descriptions of their overall capability and little detailconcerningretentionanddisposition.Lackofdetailmayreflectinformationcreatedforatargetaudience that is comprised of executive managers as opposed to records managers andarchivists.Inaddition,whetherretentionanddispositionfunctionalityIsintegratedintoacloudservicedependsupontheservicemodelselected.Usersshouldnotexpectallcloudservicestomeetall retentionanddispositionneeds,but theyshouldexpectcloudvendorstobeabletoengagerecordsmanagersinadiscussionofretentionanddispositioncapabilitiesavailable. Aclear,concisestatementofhowretentionanddispositionconcernsareorarenotmetbytheserviceisessentialforuserstoidentifygapsbetweenwhatisprovideandwhatisneededanddevelopaplantobridgethegaps.9.3RecommendationsforRIMProfessionalsRecordsmanagers shouldbemore confident regarding cloud computing.Building knowledgeandskillsaroundthecloudcanensurethatupper-levelmanagementandITwillconsultrecordsprofessionals about cloud storage decisions, which can then guarantee that recordsmanagementfunctionalitiesareconsidered.Ifrecordsmanagersaskrecords-relatedquestionsofcloudvendors, thenthoseprovidersmaybemore likelyto incorporatethosefeatures intotheirproductsand,ataminimum,theterminologyintotheirproductdescriptions.The lack of retention and disposition functionality does not imply the service should not beused, but it does indicate that the organization will have to develop a plan to govern therecords in accordance with retention and disposition requirements regardless. Recordsmanagers need to bemore aware of theways inwhich the cloud affects theirwork. If RIMprofessionals consistently donot know thedifferencebetweendifferent storagemodels andthefunctionalityofservicescurrentlyusedbytheirorganization,thenitisunlikelythattheywillbeinvolvedinfuturedecisionsregardingcloudservices.Corporate culture should be challenged if records managers are consistently left out ofdecisionswhichaffecttheirabilitytodotheirjob.Atthesametime,therecordsmanagermustmakeaconcertedefforttokeepabreastofemergingtechnology,understandthegoalsoftheirorganization and how cloud technology can contribute to reaching those goals, and takeproactivemeasurestobecomeinvolvedininformationgovernanceprograms.9.3.1Corporateculture:RIMinvolvementinclouddecisionsThe ARMA survey results demonstrate that RIM professionals aremostly excluded from the

39

selectionofcloudservices.ThisisanalogousingeneraltoRIMbeingexcludedfrom non-cloudbasedenterprisesystemselection,andwhilenotsurprising,isequallyunfortunate.When asked, “Were you involved in the selection of a cloud provider?” only 18 of the 86respondents said yes. There were 54 comments, 20 indicating the respondent was excludedfromthedecision-makingprocess,11weresubstantially involved in theprocess,and9 joinedthefirmafterthedecisionhadbeenmade.In addition,thesurveyaskedifretentionanddispositionconsiderationswere included in theinitialdecisiontousespecificcloudservices.Theminorityof respondents(24of79answeringthisquestion) indicated yes; this indicates that someorganizations allowed indirect inputonrecordsmanagementissues,eveniftherespondentswerenotdirectlyinvolved.If RIM professionals are not given the opportunity to be engaged in the process and R&Dfunctionalities are not included as requirements,we cannot expect thatmore CloudServiceProviderswilladdthosefeaturestotheirofferings.9.3.2BetterunderstandingofcloudCloud services, likemany enterprise systems, do not tend to have retention and dispositionfunctionalitybuilt in.We have amassed a set of data on the state of the industry/cloud services in 2014-15; theindustry is still in its early years andprovides awide varietyof servicesareavailable. Unlessthe vendor specifically targets recordsmanagement needs, it is likely their services will notprovide the level of retention and disposition functionality needed to ensure adefensibleretentionanddispositionprogram.10. RelatedResearchDocumentsandPublications10.1WorkProductsSeveral related documents were referred to in this report, such as the complete LiteratureReviewandtheExecutiveSummaryoftheRetentionandDispositionsurvey.A complete list of the documents and articles published related to this research project areprovided here in chronological order. All but the annotated bibliographies are available athttps://interparestrust.org/trust/research_dissemination

§ RetentionandDispositioninaCloudEnvironment–AnnotatedBibliography,ver.1.May22,2014.

§ RetentionandDisposition inaCloudEnvironment–LiteratureReview,ver.1. July20,2014.

§ Retention and Disposition in a Cloud Environment – Functional Requirements.March2015.

§ RetentionandDispositioninaCloudEnvironment–AnnotatedBibliography,ver.2.May7,2015.

40

§ RetentionandDisposition inaCloudEnvironment– LiteratureReview, ver. 2. June2,2015.

§ RetentionandDispositioninaCloudEnvironment–ExecutiveSummaryofUserSurvey.July18,2015.

10.2 DisseminationThe following is a complete list to date of articles published and presentations made todisseminateinformation(inreversechronologicalorder):

§ Franks, P. C. Perceived & Actual Cloud Records Retention & Disposition ChallengesFacing Organizations Today, ICCSM 2015, Tacoma, Washington, October 22-23, 2015(paper&presentation)

§ Franks, P. C. Digital Preservation in the Cloud, CNYARMA October Training Event,October15,2015(presentation)

§ Franks,P.C.EvaluatingCloudServicesUsingRetentionandDispositionRequirements,ARMA LIVE! 2015 Conference & Expo in Washington, D.C, October 5-7, 2015(presentation)

§ Franks,P.C.GovernmentUseofCloud-basedLongTermDigitalPreservationasa:AnExploratoryStudy,DigitalHeritage(Conference),GranadaSpain,September28-October2,2015(paper&presentation)

§ Franks,P.C. (panelist).Recordkeeping in theCloudandtheAdventofBig/OpenData:MissionCritical,orMission Impossible?ARCHIVES2015(SAA),August22,2015(I-trustpanelpresentation)

§ Franks,P.C.NewTechnologies,NewChallenges:RecordsRetentionandDispositioninaCloud Environment, Canadian Journal of Information and Library Science, June 2015.(paper)

§ Doyle,A.andFranks,P.C.“RetentionandDispositionintheCloud—DoYouReallyHaveControl?” Included in the Conference Proceedings of ICCSM 2014 InternationalConferenceonCloudSecurityManagement,Reading,UK,23-24October2014.(paper&presentation)

§ Franks, P. C. Records Retention and Disposition in a Cloud Environment: Are You inControl?InvitedspeakeratInfoGovCon2014,Hartford,CT.(paper&presentation)

§ Franks,P.C.RetentionandDisposition inaCloudEnvironment: IssuesandChallenges.Paper presented at theNIRMA - Nuclear InformationManagement Conference 2014,Summerlin,NV.(presentation)

Disseminationwillcontinue.Twopresentationsarescheduled(seebelow);othersintheplanningstages.

§ Franks, P. C.Capitalizing on the Cloud (Invited Speaker), 2016 NYALGRO School, VillaRomaResort,Callicoon,NY,June7,2016.

§ Franks,P.C.We'vefiguredoutourSIPsandAIPsandnowit'stimetodealwithourDIPs(Panelpresentation),SAA’sArchives*Records2016,Atlanta,GA,July31-Aug.6,2016.

41

10.3RelatedResearchAlmost 100 individual projects have been launched under the larger research agenda ofInterPARES Trust. Several related directly to cloud computing are in progress or have beencompleted.Finalreportsareavailablethroughthe InterPARESTrustwebsiteforthefollowingrelatedresearch:

§ ChecklistforCloudServiceContracts§ ContractTermswithCloudServiceProviders§ HistoricalStudyofCloud-basedServices

11. FurtherResearchThis project team has completed its work. These recommendations are provided forconsiderationbyfutureresearchers.Further research on trends in cloud functionality could reveal directions of service providersand their offerings, such as whether or not records management needs are addressed inpubliclyavailableinformation.ResearchonorganizationalcultureandtheroleofrecordsmanagersindecisionmakingcouldbeeffectiveinshowinghowRIMprofessionalscouldbecomemoreinvolvedinevaluatingcloudcomputingtechnology.Thiscouldbearguedtobeaprofessionaldutyofrecordsmanagers.Case studies describing how recordsmanagers conduct their tasks in the cloud environmentmayassistusesinunderstandinghowtheworkisaffectedbythenewenvironment.Furtherresearchintospecificsub-technologiesofcloudcomputing—suchasDisasterRecoveryasaService(DRaaS),BusinessProcessasaService(BPaaS),HybridCloudComputing,andDataWarehousing and Advanced Analytics—could assist records and information managers tobetter understand the retention and disposition functionalities present, to identify the gapsbetweenthosethatareofferedandthosenecessary,andtodevelopastrategyforadefensibleretentionanddispositionpolicythatwillincludecontentresidinginthosecloudofferings.

42

ReferencesBurda,D.&Teuteberg,F.“TheRoleofTrustandRiskPerceptionsinCloudArchiving–Results

fromanEmpiricalStudy.”TheJournalofHighTechnology ManagementResearch,25,no.2(2014):172-187.DOI: 10.1016/j.hitech.2014.07.008.

Dutta,A.,G.Peng,andA.Choudhary.“Risksinenterprisecloudcomputing:Theperspectiveof

itexperts.”TheJournalofComputerInformationSystems53,no.4(2013):39-48.GartnerResearch.[Online}.Available:http://www.gartner.com/technology/research.jspGoh,E.“Clearskiesorcloudyforecast?:Legalchallengesinthemanagementandacquisitionof

audiovisualmaterialsinthecloud.”RecordsManagementJournal,24,no.1(2014):56-73.DOI:10.1108/RMJ-01-2014-0001.

Gold,J.“Protectioninthecloud:Riskmanagementandinsuranceforcloudcomputing.”Journal

ofInternetLaw15,no.12(2012):1-28.Grounds,AlisonandBenCheesbro.“CloudControl:eDiscoveryandLitigationConcernswith

CloudComputing.”TheComputerandInternetLawyer30,no.9(2013):23-31.Pearson,Siani.“TowardsAccountabilityintheCloud.”IEEEInternetComputing15,no.4(2011):

64-69.InterPARESTrust.(2016,February26).ChecklistforCloudServiceContracts.[Online].Available:

https://interparestrust.org/assets/public/dissemination/NA14_20160226_CloudServiceProviderContracts_Checklist_Final.pdf

InterPARESTrust.(2016,January30).ContractTermswithCloudServiceProviders.[Online].

Availablehttps://interparestrust.org/assets/public/dissemination/NA10_20160130_ContractTerms_InternationalPlenary3_FinalReport_Final.pdf

InterPARESTrust.(2015,January8).HistoricalStudyofCloud-basedServices.[Online].

Available:https://interparestrust.org/assets/public/dissemination/NA11_20150109_HistoricalStudyCloudServices_InternationalPlenary2_Report_Final.pdf

InterPARESTrust.(2014,July20).LiteratureReviewforRetention&DispositioninaCloud

Environment.[Online].Available: https://interparestrust.org/assets/public/dissemination/NA06_20150602_RetentionDispositionClouds_LiteratureReview_v1.pdf

43

InterPARESTrust.(2015,June2).LiteratureReviewforRetention&DispositioninaCloudEnvironment,Version2.[Online].Available:https://interparestrust.org/assets/public/dissemination/NA06_20150602_RetentionDispositionClouds_LiteratureReview_v2.pdf

InterPARESTrust.(2015).RetentionandDispositionintheCloud:ExecutiveSummaryofSurveyDistributedtoMembersofARMAInternational.[Online].Available:https://interparestrust.org/assets/public/dissemination/NA06_20150331_RetentionDispositionClouds_ExecutiveSummary_Report_Final.pdf

McCoy,Mary.(2015,December21).Top2016CloudComputingPredictionsStraightfromIT

Experts.MSPBlog[Online].Available:https://blog.continuum.net/top-2016-cloud-computing-predictions-straight-from-it-experts

Weins,Kim.(2016,February9).CloudComputingTrends:2016StateoftheCloudSurvey.

[Online].Available:http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2016-state-cloud-survey#hybridcloudadoption

44

AppendixA

Retention & Disposition Functional Requirements Questionnaire for use when evaluating specific cloud products/services

No.

Questions

Yes No Don’tKnow

PrivacyandSecurityConsiderations 1 Doesthevendorallowindependentauditsofsystemsandprocesses? 2 Isthecontentencryptedwhenintransittothecloud? 3 Isthecontentencryptedwhenatrestinthecloud? 4 Arethephysicalserverslocatedwithinajurisdictionapprovedforyourorganization? 5 Arethebackupserverslocatedwithinajurisdictionapprovedforyourorganization? Establishingdispositionauthorities 6 Whatindexingcapabilityissupported(canitaccommodatecustomers'taxonomyfor

indexing)?

7 Canretentionperiodsbeapplied? 8 Candestructionbeautomated? Applyingdispositionauthorities 9 Canadispositionauthority(retentionanddispositionspecifications)beappliedto

aggregationsofrecords?

10 Canrecordsbelockeddownforviewingonly? 11 Canrecordsberetainedindefinitely? 12 Canrecordsnotinanaggregationbedestroyedatafuturedate? 13 Canrecordsnotinanaggregationbetransferredatafuturedate? Executingdispositionauthorities 14 Canrecordsbedeletedaccordingtotheretention/dispositionschedule? 15 Canbackupsbedeletedaccordingtotheretention/dispositionschedule? 16 Areusersalertedtoconflictsrelatedtolinksfromrecordstobedeletedtoother

recordsaggregationsthathavedifferentrecordsdispositionrequirements?

17 Ifmorethanonedisposalauthorityisassociatedwithanaggregationofrecords,canthesemultipleretentionrequirementsbetrackedtoallowthemanualorautomaticlockorfreezeontheprocess(ex.Freezeforlitigationorfreedomofinformationrequest)?

Documentingdisposalactions 18 Aredisposalactionsdocumentedinprocessmetadata? 19 Canalldisposalactionsbeautomaticallyrecordedandreportedtotheadministrator? Reviewingdisposition 20 Areelectronicaggregationspresentedforreviewalongwiththeirrecords

managementmetadataanddisposalauthorityinformationsobothcontentandrecordsmanagementmetadatacanbereviewed?

21 Canrecordsbemarkedfordestruction,transfer,furtherreview? 22 Arealldecisionsmadeduringreviewstoredinmetadata? 23 Canthesystemgeneratereportsonthedispositionprocess? 24 Istheabilitytointerfacewithworkflowfacilitytosupportscheduling,review,and

exporttransferprocessesprovidedorsupported?

Integration 25 Isthemetadataschemacompatiblewithothersystems,suchasEnterpriseContent

ManagementorRecordsManagementSystems?

AppendixBGapAnalysis–page1

AppendixBGapAnalysis–page2