10 things you'll need to succeed with information governance and sharepoint
TRANSCRIPT
10 Things You’ll Need to Succeed with
Information Governance and SharePoint
Chris Caplinger | RecordLion
Gary VanBuhler | Total Solutions
Chris Caplinger | President RecordLion
President
SharePoint Experience – 12 years
Co Author – SharePoint Server 2010 Enterprise Content
Management
Previous CTO & Co-Founder of KnowledgeLake
Twitter: @chrislcap
Who does RecordLion Serve?Records Managers who need to follow a formal declaration and disposition processIG professionals who need one set of policies to apply enterprise wideOrganizations in need of better records management than SharePoint offers out of the box IT departments with too much unorganized and unstructured data on their network file shares
Information GovernanceMaturity Model
• Sets standard of conduct and how to judge your organizations IG maturity
• Independent of Laws and Regulations• Based on ARMA Generally Accepted Record Keeping Principles• http://www.arma.org/docs/bookstore/theprinciplesmaturitymodel.pdf
The Principles• Senior Executive oversightAccountability• Documented program and available to everyoneTransparency•Reasonable assurance that data is authentic and reliableIntegrity•Records protected according to sensitivity and privacyProtection•Comply with laws, regulations and organization policiesCompliance•Timely and efficient retrievalAvailability•Keep records according to legal, regulatory, fiscal, operational and historical requirementsRetention
•Dispose of data that has expired according to retentionDisposition
10 Things You’ll Need…to apply the model in SharePoint
#1 - Access Control
Protection
Integrity
Compliance
Web Application• Scope for Anonymous Access
Site Collection• Highest Permission Level
SharePoint / SharePoint Online
• Each can have separate administrator
• Give users broad level access at this level
Site• By default sites take on site
collection permissions• Beware of letting site owners
control permissions• Micro management leads to
data breaches
Library / List• By default libraries take on
site permissions
Item• 5,000 limit default and
recommended by Microsoft• 50,000 maximum per list
(hard limit)• Performance implications as
you go past the 5K recommendation
Meta Data• Using Meta Data to control
security requires customizations
• Securing Meta Data columns also requires customizations
Roadmap
#2 - Taxonomy Plan
Protection
Availability
Too many SharePoint Implementations fail due to poor or no taxonomy!
What is a Taxonomy?
• In short, a systematic way to organize content
SharePoint taxonomy entities
• Site Collections• Sites• Libraries• Folders• Content Types• Terms (Managed Meta Data)
Taxonomy Types
Location Based• Sites/Libraries/
Folders• Folders can drive
Meta Data
• Simplifies Security• Users Browse for
Items• Discourages Search
Content Type Based• Put Content
Anywhere
• Encourages Search• Complicates
Security• Complicates Admin• Beware of Content
Type Creep
Content Type + Meta Data Based
• Put Content Anywhere
• Terms = Types of Information
• Encourages Search• Simplifies Taxonomy
Creation
Consider New Content Types for:Search/Meta Data/Retention/WorkflowDON’T
Create just because of document types
Taxonomy Examples
Meta Data/Term Store
What is a Retention Schedule (or File Plan)?A set of instructions allocated to a class or file to determine thelength of time for which its records should be retained by theorganization for business purposes
Transparency
Retention
#3 – File Plan / Retention Schedule
Compliance
DispositionConsider• Legal help for Development and Compliance
Retention Schedules in SharePoint
The above term is misleading
Alternatives
• Create Content Type Policy Templates• Retention Stages• Advanced Auditing (Edit/Check Out/Check In/Move/Copy/Delete/Restore)
• Create Lifecycles on Library/Folder• Retention Stages Only
What are the issues with the SharePoint way?
• No Event Based Retention (without custom code)• No Case Files• Bloated taxonomy
Retention Schedule in RecordLion
#4 - Content Onboarding / Meta Data Governance
3 Options1. Upload & Edit (out of the box)2. Office Backstage / Document Panel3. RecordLion
Integrity
Availability
Retention
It’s easy to upload content into SharePoint, but tagging with the right Meta Data is the difficult part
Content Onboarding – Upload & Edit
Drag and Drop (Browser)
• Stay checked out if required columns• Edit Properties for Meta Data
Upload to Library
• Edit form allows entering Meta Data
OneDrive for Business/SharePoint Sync
• No way to add Meta Data
Content Onboarding – Microsoft Office Apps
Document Panel Backstage
Content Onboarding with RecordLion
Coming SoonMeta Data Governance• Database Lookups• Cascading Lookups• Advanced Validations• Server Side Processing
Classification in SharePoint Location Based: Sites/Libraries/Folders Content Types Managed Meta Data
#5 - Classification
Integrity
Availability
Retention
Without classification, content in SharePoint is too dependent on relevancy searches
Challenge:Getting users to put things in the
right place
#5 - Classification
Integrity
Availability
Retention
Without Classification
• Search is too dependent on relevancy and not refiners• Retention rules can’t be applied
SharePoint
• Use Managed Meta Data (NOT SUPPORTED BY SP LIFECYCLES)
RecordLion
• Allows freedom in taxonomy development• Use any SharePoint elements
Classification with RecordLion
How does RecordLion do this?1) Move Records to SharePoint
Best to store similar records in the same location if possible
2) Apply Uniform Policies in Exchange Big Buckets (Mailboxes/Folders)
http://blog.recordlion.com/email-retention-exchange-sharepoint-online/
#6 - Email Management
Integrity
Availability
Retention
RecordLion Email Add-In
Outlook for Windows, for Mac and OWA
#7 - Unstructured Content Search
Availability
Transparency
• Office 365 (On Premise 2016)
• SharePoint/OneDrive/Exchange
• Advanced Customizations
• Web Parts / Display Templates
• SharePoint Customizations and Configuration
Lifetime cost of a managed data - $17,000/TBLegal professional (eDiscovery) review - $18,750/GB
Can you really afford not to dispose of information?
#8 - Disposition
Protection
Disposition
The action taken when a record reaches the end of its retention period
Information Value Declines Over Time
Business Need Regulator Need (TAX) No Need
InformationValue
Office Documents
Product Research
Sales/Customer
HR
Financials
Messaging/Social
IT Cost
Risk
Risk-to-Value Gap
Cost-to-Value Gap
Disposition and SharePoint
Move to Recycle Bin Not Recommended for Official RecordsPermanently Delete Delete and skip recycle binTransfer to Another Location Good if deleting in another stageStart a Workflow Could build custom approval processes
Possible Disposition Actions
Disposition Issues
Forensic Destruction Consider RBS SolutionDisposition Requires Approval
Consider RecordLion
No Proof Consider RecordLion
Disposition and RecordLion
Dispose and Delete Delete from SharePoint, skip recycle bin
Dispose and Recycle Delete from SharePoint, use recycle bin
Dispose and Transfer Delete from SharePoint, move data external
Permanent Lock and keep in current location
Disposition Actions
Defensible Disposition
• Approval process using Inbox• Audit Entry is added during destruction• Content is deleted• Content is moved to another location (if Transfer option is used)• Most audit entries are destroyed, destruction records is left behind
#9 - Audit, Reporting, and BIAccountabilit
yTransparen
cyIntegrity
Compliance
An Information Governance implementation is only as good as what you can prove in court and in the board room
Most important reports show:
• You're keeping information according to policies• You're destroying expired information• Users are only seeing what they should• That information is authentic and reliable• Policies are up to date and published
SharePoint ReportingSharePoint reports are just Excel Files
• You will need a way to format and present
Content Activity Reports• Must be turned on• Beware of performance implications• Item View/Modify/Delete• Structure Modifications
Information Management Policy Reports• Policy Modifications• Expiration and Disposition
Security and Site Settings Reports• Auditing Settings• Security Settings
RecordLion Reporting
#10 - Legal Holds and eDiscovery
Retention
Disposition
ComplianceIt’s not a matter of if you have to produce information, it’s a matter of when… be prepared
How to prepare:
• Know where your information is• Create a File Plan
• Disposing of ROT data• Destroy data that is has no value
• Copying and/or Locking records when expecting litigation• User eDiscovery Center, RecordLion or both
SharePoint eDiscovery Center
RecordLion Legal Holds
Rules capture current and future items Manually add content to Legal Case
RecordLion Demonstration
10 Things You’ll Need to Succeed withInformation Governance and SharePoint
1) Access Control2) Taxonomy Plan3) Retention Schedule4) Content Onboarding / Meta Data Governance5) Classification6) Email Management7) Unstructured Content Search8) Disposition9) Audit, Reporting, and BI10) Legal Holds and eDiscovery
Q & Awww.recordlion.com
Chris Caplinger | President [email protected]@chrislcap
TOTAL SOLUTIONS• SharePoint Consulting and Development Organization Since 2000•Design•Development•Administration•Management Consulting•Solution Provider• Based in Metro Detroit, MI• International Reach• Clients•Range from international government agencies to major universities and Fortune 100 organizations
TOTAL SOLUTIONS Services Content Management Customer Enterprise Applications Reporting & Dashboard Governance & Security Frameworks Custom Branding Portals & Collaboration Business Process Management System Migration & Integration
Total Solutions is a SharePoint Solution provider, committed to delivering our customers’ time-critical informationwhenever they want it, wherever they want it, in whatever format they want it….and protecting it!
CONTACT INFORMATIONGary VanBuhlerVP of Business DevelopmentTotal Solutions
[email protected] x8703
www.totalsol.com