This session is an introductory session geared towards IT Pro's and Business Users who are interested in how Office 365 can facilitate their Records Management and Security Compliance needs. Microsoft Office 365 has been built from the ground up with concepts of security and data usage compliance in order to meet your organization's legal, regulatory, and technical requirements. Setting up policies and enabling services to meet your Records Management needs throughout the various capabilities of Office 365 (SharePoint Online, Exchange Online, etc...) will be covered in this session.
10. The disturbing trend….. On WHEN RM systems are created
Litigation, Audit or Mandate
Hire Records & Compliance Managers
File Plan/Retention Schedule
Go do it SharePoint Admins!
11. File Plan & Retention Schedule
Record
Code
Record Type Responsible
Department
Event Retention Period Official
Version
FIN01 Accounts Payable
May contain:
Employee Expense Reports
Invoices
Purchase Orders
Receipts
Requisitions
Vendor and Supplier Invoices
Vendor Setup
Vouchers for Payments
FINANCE AND
ACCOUNTING
Declared Date + 3
(Delete Versions)
Declared Date + 5
(Delete Permanently)
16. In Place Records versus Records Centers
source: http://technet.microsoft.com/en-us/library/ee424394.aspx
Records Center In Place
Organizing Records Automatically routes to site or library via new content organizer Loosely and flexibly organized
Securing Records Full control on who can view, edit & delete Permissions can’t change but can restrict editing
and deleting
Locating Records All in one location Spread across your farm
Versioning Records Each version must be explicitly sent Automatically assumes all versions
Finding Records without leaving
your collaboration site
Not automatic, as requires a query but there is the new option of
leaving a short-cut to the record
Automatic
Untidiness with Records vs. non
Records
Not a problem, only records here Mix of both here but can create views
Auditing Enabled Depends on parent site
eDiscovery Records only Records and non-Records
Admin Security Records Manager Site Admins
Number of Sites Extra Records Center sites to manage Fewer Sites to manage
Scalability Reduces size of team sites and can expand Records Center site
collections into separate databases
Greater database and site collection size
Management Separate site or farm needed No additional site needed
Storage and Backup Can be stored and backed up in separate databases Same database as other documents
Document Sets Allowed Not supported
19. In SharePoint 2013 … And still in Office 365
More Info: http://www.khamis.net/Blog/Post/273/SharePoint-2013-
Server-–-What’s-new-and-different-–Part-1
24. Office 365 – Focus on all of your compliance requirements
Records
Management
(RM)
Information
Management
policies
(Retention)
Data Loss
Prevention
(DLP)
Electronic
Discovery
(eDiscovery)
Information
Rights
Management
(IRM)
Audit
Logging /
Archiving
Encryption
(Transport
rules)
37. SharePoint’s interpretation of the File Plan
Content Type Parent Content Type Columns Workflows Information Management
Policies
Security
physical record item add new record expiration
destroy record auditing
barcode
legal record physical record date signed Legal only
signed NDA legal record second party
NDA type
model physical record project
model stage
creator
creation date
Questions that are not directly related will be discussed offline
Turn cellphones off
Q+A will be at the end
88% of Records functionality as defined by the ICA standard (ISO 16175) is now available “out of the box” using Sharepoint 2010
Records Management consists of identifying, classifying, archiving, preserving, and destroying records according to a set of pre-defined standards
Increasing pressure to manage risk more effectively through improved compliance with regulatory and corporate policies
Government and industry regulations
U.S. Sarbanes-Oxley Act (SOX)
SEC 17-a/b
DOD 5015.2, MoReq, ISO, and HIPAA
Legal eDiscovery
U.S. Federal Rules of Civil Procedure
Records Management consists of identifying, classifying, archiving, preserving, and destroying records according to a set of pre-defined standards
Increasing pressure to manage risk more effectively through improved compliance with regulatory and corporate policies
Government and industry regulations
U.S. Sarbanes-Oxley Act (SOX)
SEC 17-a/b
DOD 5015.2, MoReq, ISO, and HIPAA
Legal eDiscovery
U.S. Federal Rules of Civil Procedure
If you look closely at the sample file plan it has descriptions of a lot of the info that is needed:
File Codes (Document id’s in SharePoint)
What record types that this category of the file plan should consist of
Retention and disposition information
Primary and Secondary categories
Usually done by Records & Compliance Managers
Gave a bad name to SharePoint for Records Management
Extensibility - Only allows copying of records to Records Center
Scalability - One Records Center per farm
Flexibility - No distributed content types or metadata
Inflexible Routing rules
20 MINUTE MARK
30 MIN MARK
Policy Tips in OWA, Outlook, SharePoint and OneDrive and Office Clients (Word, Powerpoint, Excel)
.
EDRM XML supported formats
Can export to legal or review partners
30 MIN MARK
Hopefully BA or maybe even yourself does analysis on the File Plan and gives you something like this.
Usually in spreadsheet form
Interp
Benefits
More consistent use of terminology
Better search results
Dynamic
Entering terms
Entering enterprise keywords
Consistent meta-data across the organization is a foundation for the application of records management practices and policies!
Globally used content types that are controlled in one location.
Removes duplicate tagged documents and ensures consistent meta-data
Company has two web applications that have a set of content types that are the same (could be employee profile, real estate listing etc).
Company would like to have a central location where the content types can be created and pushed out to the above two site collections seamlessly and without having to make any modifications to separate site collection content types.
In 2007, content organization was largely a matter of individual upload decisions.
Administrators could help guide, but ultimately, was up to contributors to decide where the content ended up.
Takes decisions out of hands of users and ensures that items are well organized.
Routing rules from 2007 replaced by content organizer,
Automatic routing of documents to right place in SharePoint enabling you to automatically enforce rules on content submitted
End users don’t have to be aware of which document library document should go into
Allow a drop off library where all documents should be placed
- SharePoint moves documents that were submitted by users to appropriate place, based on:
Rules for content rerouting
Metadata
Content Types
Property based conditions
Can apply multiple rules
Use the priority option to give one rule more importance over another
- Has the ability to automatically create subfolders based upon metadata (i.e. folder for each year)
Why do this?
Heavy audits are required on items that have been declared a record, for legal reasons (i.e. decisions, invoices, bids, etc…)
A document has been deleted or changed and the administrator would like to figure out who deleted or changed document in question.
Site collection auditing features that allow document auditing can be used to figure out who opened, edited, checked out, moved, deleted or even searched for list items or documents.
Sarbanes–Oxley Act of 2002 requiring records to be kept for a certain amount of time
You can now set rules for documents that need to be reviewed
For example, records can have review periods in between the time they are declared and when they are destroyed
Retention policies can be created in Site Settings Site Collection policies or Content Type Settings/List Settings Information management policy settings
OOTB Actions: Recycle Bin, Delete, Transfer, workflow, skip, declare record, delete drafts, delete version
Allows Recurrence
Why is Document ID important?
Didn’t exist in previous version of SharePoint and documents were hard to find
People are still spending up to 9.5hrs/ user/week searching for information (hasn’t changed much in several years) and 6hrs/user/week reproducing information.
Document was sent to Records Repository and you can’t find it, now you can reference and find it by Document Id
Document is being constantly moved around in Records Center by meta-data management rules or workflows, now you can always find it
Other Document ID features:
Assignment of Document IDs with certain character prefixes
Resetting Document IDs (via timer job)
Allows user to use to select a scope to be able to input a specific Document ID in and have it pull up the document directly (haven’t been able to verify this)
Find by Document ID Web Part enables user to enter a document ID, then constructs a "static URL" and looks up the item.
Document URL looks like this:
http://<sitecollectionurl>/_layouts/DocIdRedir.aspx?ID=34RZ5NUVTCP7-1-4
New ASPX page that sits in layouts directory called DocIdRedir.aspx that takes a Document ID as query string parameter.
Ability to consistently reference documents as links don’t change or break, even if the document moves between sites!
Following are some typical file codes that could be found in any office:
ADMI 459 Conferences, Seminars, Associations, and Societies Files
CONT 202 Contract Management Records
DIRE 108 EPA Agency-wide Directives
REGS 149 Regulations, Standards, and Guidelines
SURV 005 Special Studies