570 likes | 758 Vues
Chris Caplinger RecordLion , Inc. SharePoint Records (Information) Management. What works, what doesn’t?. Who am I?. And why am I talking about Records Management and SharePoint? Founder and President of Vice President of the St. Louis Chapter of ARMA Former CTO and co-founder of
E N D
Chris Caplinger RecordLion, Inc. SharePoint Records (Information) Management What works, what doesn’t?
Who am I? And why am I talking about Records Management and SharePoint? Founder and President of Vice President of the St. Louis Chapter of ARMA Former CTO and co-founder of Co-author of “SharePoint 2010 ECM”
Session Overview What we are going to discuss: • RIM Components • (Mostly) SharePoint 2013 On Premise and Online • What RIM features work and what are the issues • The RecordLion Solution What we will briefly discuss: • Microsoft Exchange What we are not going to discuss: • Rights Management • Technical details on SharePoint • Something else that’s likely important to you
The Cost of Obsolete Information Data Growth Moore’s Law • Organizations double amount of data they store each year Information Breach • The more data you keep, the greater the risk of information breach Noise Data is useless if it can’t be analyzed • More data you keep - the harder it is to find • The more data you keep - the harder it becomes to analyze Legal Costs Local company fined for old accounting data • Opponents discovering information that could have been destroyed can cost millions of dollars. • Error in obsolete data are prone to penalties
9 Big RIM Rocks • File Plan Management • Classification • Event based retention • Disposition • Auditing • Email Handling • Physical File Handling • Legal Holds • eDiscovery
File Plan Managementand taxonomy “By failing to prepare, you are preparing to fail.” - Benjamin Franklin
File Plan Overview A document or a way to document the retention schedules for all your information. • Your Records Manager should create and maintain your File Plan • You must publish your File Plan • File Plans should include a cutoff event, retention period and disposition information
File Plan, what works? Record Managers need File Plan Management • Use Excel Spreadsheet • Use SharePoint List(s) • Use a third party product Taxonomy Structure • Location Based for Homogenous environments • Content Type Based for Heterogeneous environments
One site (or site collection) for each business unit Human Resources Accounting Corporate Location Based Taxonomy ! ! Only possible if similar information is stored together Find informationby browsing Libraries for high level record types Employee Records Hiring Records Employee Benefits Folders for different cases Employees Candidates Benefit Year
Content Type Based ! Use Content Type Publishing • Central location for document types and policies • Helps ensure governance Crucial in heterogeneous environments Find information by searching
File Plan Issues ! Taxonomy is not generated from File Plan ! Changing File Plan does not change taxonomy ! No help in understanding regulations and laws
Classification Overview Classification assigns information to a specific class of content which should be related to policies. • Creates defensiblepolicy assignment • Simplifies searching • Reduces cost of eDiscovery
Classification, what works? Drop Off Libraries • Route content based on Metadata • Metadata foldering (great for handling case type files) Employee Records John Doe Jane Doe Fred Smith
Classification, what works? Location based classification • Upload from library • Drag and drop on browser • Drag and drop using Synced Libraries (also OneDrive Business) ! Potential Governance Risk
Classification Issues ! No Meta Data Classification • Forces too many Content Types ! No Automatic Document Classification • Meta Data Extraction • Classification for Content Types ! No Email Classification • Move to SharePoint? • Leave in Exchange?
Retention Overview Retention is a component of a file plan. Specifically it specifies how long after an event before disposition takes place. What drives retention periods? • Industry regulations • FINRA, SOx • Corporate policies • Local, state and federal laws • IRS, DOL File Plans should include a cutoffevent, retention period and disposition information Barclays fined $3.75M
Retention, what works? Assigning policies per Content Type or Location Temptation Site Retention Recommended • Close and Delete Sites based on rules
Retention Issues ! No Case Based Retention • Need to dispose all related document(ex. Employee Files, Tax Records, Loan Files) ! No Event Based Retention • Required for cases • Date column retention is not enough • Custom policies require experienced developer
Disposition Overview Disposition refers to the formal disposal of content from your organization. For disposition to work you need a… • File Plan • Review and Approval capabilities • Destruction and/or Transfer process Not all content needs this process, but your important records should be reviewed before being destroyed!
Disposition, what works? Deletion of content • Recycle Bin • Permanent (but not forensic) Deletion of entire sites • Also Exchange Mailboxes Transfer to other SharePoint locations
Disposition Issues ! No Review and Approval features • Custom workflow required ! Forensic destruction • SQL data? • OneDrive for Business Documents? • Is this important to your organization? • Forensic Discovery Unlikely • Potentially more secure!?!
Auditing Overview • Needed for defensible RIM and eDiscovery • Needed to see if Records Management is working • Aids in reporting
Auditing, what works? Content Auditing ! This WILL slow your system down
Auditing Issues ! No way to determine accuracy • Classification accuracy • Records declaration accuracy • Disposal accuracy ! Difficult to impossible to analyze • Excel Export • No cubes or custom reporting ! Performance
SharePoint Email records only • Not for active or non-record Emails Moving records to SharePoint • Automatic (Third Party) • Drag and Drop (Limited) • Move in Outlook (Third Party)
Exchange Retention for all messages on a mailbox • 2010 and newer Custom retention for specific locations • 2010 and newer Message classification (2013 and Online) In-Place Legal Holds • 2010 used deleted or modified dates • 2013 can use receive date In-Place Archiving • Eliminates PST (Good for compliance)
Exchange or SharePoint It will be difficult (or maybe impossible) to create the policies for your File Plan in Exchange • Determine how to identify records in Exchange • Move identified records to SharePoint • Create policies for non-records in Exchange Call to action…
A safe dry place. Are they secure? (Who’s viewing and copying?) Do they have retention schedules? How is it being destroyed. Physical Files Overview Do you need paper? • Quick ROI with scanning • Electronic creation is even better When you store paper consider…
Physical Files, what works? Organization • Libraries and folders can match physical locations • By Record Type • By Date (typically year) • Organizational/Departmental Content Types • Rarely homogeneous • Use when possible
Physical File Issues ! No integration into commercial records centers • Iron Mountain • Recall • The File Room ! No tracking • No auditing • Check In/Out not a solution ! No file requests/fulfillment ! Barcodes and Labels • Built for electronic documents ! Not in sync with similar electronic records
Legal Holds Overview Suspending the normal disposition of information when it is reasonably expected. • Legal holds can protect you from spoliation fines or in some cases, incarceration • Legal holds should suspend the information management policies • Legal holds should lock information from further editing • Identifying the correct information is key to successful legal holds • Legal holds are required for present and future information
Legal holds aren’t the problem… finding the right information is Legal Holds, what works? Classification is key eDiscovery Center • In-Place Holds (Records Center not necessary) Record Centers
eDiscovery, what works? eDiscovery Center • Site Collection • Single place to collect information • Automatically places Legal Holds • Ability to export data • Integration with Microsoft Exchange • Enterprise wide searching Record Centers • Site Template • Basic search and hold
eDiscovery Issues ! What about your other information? ! Unstructured Data can be difficult to search ! Conversion to usable formats
Introducing RecordLion Information Lifecycle
RecordLion Difference • File Plan (Retention Schedule) • Import/Create/Modify • “All” your content • Classification • Folders AND/OR Content Type AND/OR Meta Data • Disposition • Defensible Disposition • Audit Trail • “All” your audit information • Advanced Reporting • Content • Not just SharePoint