1. Today's agenda covers records management solutions for SharePoint, Office 365, hybrid environments, and other content sources.
2. Labels and retention policies in Office 365 can classify, retain, and dispose of content according to compliance policies across various content sources without requiring action from end users.
3. Records management capabilities are available in some content management systems and file sharing services, but not all, and they may not meet all compliance needs.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
The SharePoint Records Management Story
1.
2. Today’s Agenda
• The Scenario
• SharePoint Records Management
• Office 365 Records Management
• Hybrid
• Other Content Sources
• Solutions for Records
Managementhttps://erica.news/SPFEST18
5. Requirement Plain English
Compliance policies need to be followed
for all data sources
In order to ensure compliance policies are followed on data, you need to
know the data exists.
Retain some content for a specific period
of time
You need to be able to categorize content to apply the correct retention
period. Retention = how long you keep it.
Dispose of content according to policy Once the retention period is over, you need to get rid of the content. This
sometimes involves an approval process.
Prove the content was deleted according
to policy
You need a stub, certificate of destruction, or some indication that the
content existed and followed all policies, for the auditor.
And Many More…
Don’t require the end users to do
anything!
They are not records management experts, and don’t fill out metadata. If
they do, it is often incorrect.
6. Term Plain English
File Plan The list of categories of data that you need to keep.
Retention Schedule How long you need to keep data in each category.
Disposition or Destruction Deleting the content.
Finalize a Record Locking the document so it can’t be edited.
7.
8.
9. Factor Records Center In-place records
Managing record retention The content organizer automatically puts new records
in the correct folder in the archive's file plan, based
on metadata.
There may be different policies for records and active
documents based on the current content type or
location.
Restrict which users can view
records
Yes. The archive specifies the permissions for the
record.
No. Permissions do not change when a document
becomes a record. However, you can restrict which
users can edit and delete records.
Ease of locating records (for
records managers)
Easier. All records are in one location. Harder. Records are spread across multiple
collaboration sites.
Maintain all document
versions as records
The user must explicitly send each version of a
document to the archive.
Automatic, assuming versioning is turned on.
Ease of locating information
(for team collaborators)
Harder, although a link to the document can be
added to the collaboration site when the document
becomes a record.
Easier.
Ability to audit records Yes. Dependent on audit policy of the collaboration site.
Administrative security A records manager can manage the records archive. Collaboration site administrators have permission to
manage records and active documents.
Ease of administration Separate site or farm for records. No additional site provisioning work beyond what is
already needed for the sites that have active
documents.
Source
10. Requirement Yes No
Compliance policies need to be followed for all data sources X
Retain some content for a specific period of time X
Dispose of content according to policy X
Prove the content was deleted according to policy X
Requires end users to do stuff X
11. PROS CONS
Meets the most basic records requirements Requires a lot of set up and configuration
Relies HEAVILY on end user actions
Can only manage SharePoint content
12.
13. Labeling
Classify data across
your organization for
governance, and then
enforcing retention
rules based on that
classification.
Retention
Ensures that you retain
content as long as
required but no longer
than that.
14. Labels Retention Policies
Apply Retention X X
Event Based Retention X
Manage SharePoint, OneDrive, Groups, Exchange Email Content X X
Manage Microsoft Teams, Skype for Business, Exchange Public
Folders Content X
Manage Content as a Record (finalize) X
Apply Based on Sensitive Information X X
Apply Based on Specific Words and Phrases X X
15.
16. Labels classify documents and can apply
retention. They can do the following:
• Delete content automatically.
• Retain content for a specific time period.
• Delete content once the retention period has passed.
• Trigger a disposition review
• Do nothing.
• Start the retention period from when content was
created, last modified, when the label was applied, or
when an event occurred.
17. Can be deployed to specific locations or the entire organization.
Entire
Locations
Include
or
Exclude
All Locations
SharePoint OneDrive for Business Groups Exchange Email
Sites
(up to 100 sites)
Accounts
(up to 1000)
Groups
(up to 100)
Recipients
(up to 1000)
18. Auto-applied based on sensitive information types
Auto-applied based on a search query
Auto-applied based on a document library location
19. If the label is… Then the label policy can be applied to…
Exchange SharePoint OneDrive Groups
Published to end users X X X X
Auto-applied based on sensitive
information types
X X
Auto-applied based on a query X X X X
20. When you create
auto-apply labels for
sensitive information,
you see the same list
of policy templates as
when you create a
data loss prevention
(DLP) policy.
21. Query-based labels use the Content
Search feature in the Office 365
Security & Compliance Center to
identify content.
You can search for a word or phrase
and use operators such as AND, OR,
and NOT.
22. Can only apply a default label to a
document library
Items inside a document or folder
set do inherit the default label
If you move an item with a default
label from one library to another
library with no default label, the
old default label is removed
23. A label that classifies
content as a record
needs to be applied
manually; it cannot
be auto-applied
For SharePoint
content, any user in
the default
Members group (the
Contribute
permission level)
can apply a record
label to content
Only the site
collection
administrator can
remove or change
that label after it's
been applied
If a label is a record
it locks the item so it
cannot be edited
24. For SharePoint
content, any user in
the default Members
group (the Contribute
permission level) can
apply a label
to content
25. If there are multiple rules that assign an auto-applied label and
the content meets the conditions of multiple rules, the label for
the oldest rule is assigned.
PERIOD. NO OTHER OPTION.
26. A Retention Policy is separate from a label.
It can do the following:
• Delete content automatically.
• Retain content for a specific time period.
• Delete content once the retention period has
passed.
• Do nothing.
• Start the retention period from when content
was created or last modified.
27. Entire
Locations
Include
or
Exclude
Exchange Email and Public Folders, SharePoint, OneDrive, and Office 365 Groups
SharePoint
OneDrive
for
Business
Groups
Exchange
Email
Sites
(up to 100
sites)
Accounts
(up to
1000)
Groups
(up to 100)
Recipients
(up to
1000)
Skype for
Business
Teams
Channel
Messages
Exchange
Public
Folders
Teams
Chats
28. Retention wins over deletion
Longest retention period wins
Explicit inclusion wins over implicit inclusion
Shortest deletion period wins
29. 1. If the content is modified or deleted during the retention period
2. If the content is not modified or deleted during the retention period
2
1
Preservation
Hold Library
Document
Library
First-Stage
Recycle Bin
Second-Stage
Recycle Bin
Cleanup
Retention Period
User Purge Cleanup
Permanent
Deletion
Permanent
Deletion
93 Days
7 Days
30. PROS CONS
Simple content clean-up for non-records content Keeps documents for 93 days after disposition approval
Covers Skype for Business, Microsoft Teams, Exchange,
SharePoint, OneDrive, Groups
No certification of destruction
Great for companies that aren’t highly regulated or
government
No hierarchy of labels
Use to identify and action sensitive content Generic functionality that doesn’t meet local standards
Use for high-level classifications
Need to have an E3 or above or ADG SKU license for
automatic labelling
No automatic labelling for records
Have to apply document library labels to each location
Can only manage some Office 365 content
31. Requirement Yes No
Compliance policies need to be followed for all data sources
Retain some content for a specific period of time X
Dispose of content according to policy
Prove the content was deleted according to policy X
Requires end users to do stuff
32.
33. On Premises Online
Content Types
Metadata
Search
DLP
OneDrive
Records Center Records Center
Flow
Other Workflow Other Workflow
34. PROS CONS
One set of content types and managed metadata
Need two records centers: one for on-premise and one for
cloud
One search index
Depending on how records management is set up, maybe a
lot of duplicate work
If using flow to move documents, can use on-premises or in
cloud
38. Requirement Yes No
Compliance policies need to be followed for all data sources
Retain some content for a specific period of time X
Dispose of content according to policy
Prove the content was deleted according to policy X
Requires end users to do stuff
39.
40.
41.
42.
43. Requirement Yes No
Compliance policies need to be followed for all data sources X
Retain some content for a specific period of time X
Dispose of content according to policy X
Prove the content was deleted according to policy X
Does not require end users to do stuff X