IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines
Auerbach Publications

IT Performance Improvement

Management

Security

Networking and Telecommunications

Software Engineering

Project Management

Database


Share This Article



Free Subscription to IT Today





Powered by VerticalResponse

 
Implementing Electronic Document and Record Management Systems by Azad Adam; ISBN 978-0-8493-8059-4
Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval by David R. Matthews; ISBN 978-1-4398-7726-5
Unit and Ubiquitous Internet of Things by Huansheng Ning; ISBN 978-1-4665-6166-3
Android Security: Attacks and Defenses by Anmol Misra and Abhishek Dubey; ISBN 978-1-4398-9646-4
Big Data and Business Analytics by Jay Liebowitz: ISBN 978-1-4665-6578-4
Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks by Mohssen Mohammed and Al-Sakib Khan Pathan; ISBN 978-1-4665-5727-7
Investigating Computer-Related Crime, Second Edition by Peter Stephenson and Keith Gilbert: ISBN 978-0-8493-1973-0

Records Management in Microsoft SharePoint

By Antonio Maio, Microsoft SharePoint Server MVP and Senior Product Manager, TITUS

According to a 2011 AIIM survey, organizations are experiencing a 23% yearly growth in electronic records. This rapid growth presents a challenge to organizations that must comply with records management regulations while ensuring that the right people are accessing the right information.

To address this challenge, many organizations are looking to Microsoft SharePoint. With its powerful record-keeping capabilities, organizations can now manage their records using the same platform as they use for everyday collaboration and document management.

Records Management is one of the most popular drivers for using Microsoft SharePoint. Despite how much has been written on this, Records Management is sometimes confused with Document or Content Management, but it is in fact quite a unique discipline with its own best practices and processes. Microsoft SharePoint provides some great features to enable these processes, and it provides enterprises with the appropriate controls for the data and documents that they declare to be corporate records.

A record refers to a document or some other piece of data in an enterprise (electronic or physical) that provides evidence of a transaction or activity taking place, or some corporate decision that was made. A record requires that it be retained by the organization for some period of time. This is often a legal or regulatory compliance requirement. As well, a record by definition must be immutable, which means that once a document or piece of data is declared to be a record, it must remain unchanged.

The period for which records are retained, along with the process followed once that time period has expired, is a critical requirement for records management. There are legal and business implications to consider when content is kept too long. The business policy could be that after X years, a record is archived and then after Y years from that point it is disposed (which could include deletion or moving it to offline long-term storage). Again, establishing this policy requires planning and getting agreement from stakeholders, especially around any legal, regulatory compliance, revenue or tax implications.

The requirements for records immediately suggest certain processes that must be in place to ensure that records are managed appropriately from several perspectives: business, auditing/legal, tax, revenue, and even business continuity. As we often find, for business processes to be applied consistently across all SharePoint content or records, automation is a key requirement, as well as making appropriate use of metadata.

The first step in implementing records management in SharePoint is to define a file plan, which typically includes:

  • A description of the types of documents that the organization considers to be records
  • A taxonomy for categorizing the records
  • Retention policies that define how long a record will be kept and how to handle disposition
  • Information about who owns the record throughout its information lifecycle, and who should have access to the record

It is important to determine what type of content should be considered a record. For example, if I am working on a new HR policy for next year, my initial draft and its various iterations should likely not be considered records because they are still changing; they are not yet approved or final, nor can I make any decisions based on those preliminary versions. But once my HR plan is ‘approved’ or considered ‘final’ then it can be declared a record because I can now base corporate decisions on it. Establishing a policy around what type of data is a record requires planning, meeting with appropriate stakeholders and agreeing on policy that’s communicated to everyone that may be declaring content as a record.

Once the organization has defined what information it wants to preserve as records, SharePoint 2010 provides several methods to declare a record and implement record retention policies. These include the Records Center site, which is a SharePoint site dedicated to centrally storing and managing records. It provides many features that are critical to implementing a records management system, including a dashboard view at the site level for Records Managers with searching capabilities and integration with the Content Organizer for routing records within the site. Depending on the business need, it may make sense to centralize records management and storage in the Records Center. This is particularly true if the business demands that a small number of users be considered Record Managers and it is their role alone to declare content as records.

A second method involves declaring records in-place. This feature allows individual users to declare content as records in their current SharePoint location. Records do not need to be moved or added to a central Records Center site, nor do they need to be routed within the Records Center. This is a trend in the records management space, because it allows users to continue to find content where it resides, based on its business nature, topic or properties. One drawback of this approach is that end users, who are typically not records managers, may be apprehensive about declaring records, due to the official and legal nature of a record.

The powerful recordkeeping capabilities in SharePoint give organizations an effective enterprise records management system. SharePoint contains valuable features that can be used to define the appropriate records and retention policies for the business.


Related Reading

Sharepoint for Email Management

So You Think SharePoint is Secure? Think Again

Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval

Implementing Electronic Document and Record Management Systems\


About the Author

TITUS is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held on 23rd to 25th April 2013 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk.


© Copyright 2013 Auerbach Publications