Welcome to Office 365

Key takeouts

Online, ‘anywhere, anytime, any device’ is here and now

Organisations are implementing Office 365 as part of new licencing agreements

SharePoint Online is no longer standalone but a core part of Office 365

You can manage records in SharePoint Online in line with ISO 16175 Part 2

You may need to learn more about SharePoint Online in the context of Office 365

What is Office 365?

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Licensing will determine what software and options you can access.

The (sad) digital reality

Records everywhere

Outlook (multiple ‘personal’ folders)

Office (installed)

Network and home drives (duplication, out of control folders), USBs, and cloud-based DM systems

Personal messaging apps

Personal social media

Maybe an EDRMS

Printed copies

Paper files

EDRM systems

Database and file server

Database contains metadata about the documents, ‘files’, boxes

The documents are stored in a linked file share

Does ‘destruction’ actually destroy digital records stored in the file share?

Office 365

One interface for everything

Outlook Online

Office apps (Word, Excel, PowerPoint, OneNote)

SharePoint - replaces network file shares, USBs, and cloud systems

OneDrive - replaces home drives, USBs and cloud systems

MS Teams - replaces Skype (and personal messaging apps)

Yammer replaces other social media

Plus a lot more (Office 365 Groups, Flow, Forms, Stream, Sway), accessible on any device

Why?

For IT:

• Reduced storage costs (data centres or licensing)

• Reduced overhead costs (server support and maintenance)

• Provides true anywhere access

For staff:

• Latest features

• Office, Mobile or home access

• More features

Records management in Office 365

Rules centralized in Office 365 Admin

Records stored mostly in Outlook and SharePoint

Need to think differently

May want to consider a third-party product

More to come …

Starting point

IT has acquired (or now has access to) Office 365

It’s being implemented with or without 3rd parties

You may have (and/or manage) an EDRMS

SharePoint is the replacement for your EDRMS

Records people often don’t have IT skills

IT people rarely have RM skills

What you need to know

Microsoft own and manage the platform

IT will configure certain settings, ideally with your input

Records managers need to know:

• about Office 365

• about Office 365 Groups

• about SharePoint Online

• how to manage records in Office 365/SharePoint Online/Exchange, including what role you need to have

• why you need to be a site collection administrator

• how collaboration works in Office 365

• where to get more information

Office 365 Administration

Office 365 Admin - Home page

Office 365 Admin – Customised administrator

Office 365 Admin – User licences

Any of these can be disabled so they don’t appear in the Office 365 menu

Office 365 Admin - Groups

Office 365 Admin - Office 365 Groups

Office 365 Admin - Services and add-ins

Office 365 Admin – Admin portals

Office 365 Admin – Security and Compliance

Permissions > roles

Classifications > labels (retention and disposal, information security)

Data loss prevention (DLP)

Data governance > File plan, Archive, Retention, Events

Search > Content search, Audit log search

eDiscovery

Welcome to SharePoint Online

The duality of SharePoint

Team sites (classic vs modern, with O365 Groups) (plus OneDrive)

• These are the functional replacement for network file shares (and home drives)

Communication sites

• These are the functional replacement for intranet and publishing sites

The governance

‘balance’

SharePoint governance -

roles

Who is responsible for what

• Who? Promotion and adoption

• Office 365 Global Administrators (and other roles)

• SharePoint Administrator (O365 Service Account role) – managing SP

• Site Collection Administrator (Records manager/s) –managing site collections > why records managers?

• Site Owners – managing sites

Essential to consider – who can create Office 365 Groups?

SharePoint architecture

All SharePoint Online sites have one of two paths under the tenant name (https://tenantname.sharepoint.com/):

• /teams/ >> logical organizational elements

• /sites/ >> cross organizational information

You need to have naming conventions (especially for Office 365 Groups)

Configuration settings should be documented, any changes should be approved

https://docs.microsoft.com/en-au/sharepoint/sharepoint-online

Office 365 Groups -

avoiding feral SharePoint

sites

If the options are not controlled:

• Office 365 Groups created via the ‘Create Group’ in Outlook will create the group with an associated SharePoint sites, can be linked to MS Teams.

• A new SharePoint site created via the ‘Create Site’ option in the user’s SharePoint portal will create an Office 365 Group (that can be linked with MS Teams).

• A new Team created via the ‘Create Team’ in MS Teams creates an Office 365 Group with an associated SharePoint site.

• A new Yammer group creates an Office 365 Group with an associated SharePoint site (and can be linked to MS Teams).

Implementing SharePoint as a

recordkeeping system in line with ISO 16175 Part

2

ISO 16175 part 2

Create

• Capture

• Metadata

• Aggregations

• Identifiers

• Classification

Maintain

• Authentic and reliable

• Access and security

• Hybrid records

• Retention and disposition

Disseminate

• Search, retrieve

• Render

Administer

What is a record?

Evidence of business activities, often (but not exclusively) in the form of a document or object, in any form. A record will usually have some form of metadata. (ISO 15489, Archives Act 1983 (Cwlth))

The essential attributes of any record, according to ISO 15489, are its:

• Authenticity

• Reliability

• Integrity

• Usability

An effective recordkeeping system should ensure that these attributes are maintained, in the relevant business context, in order preserve the evidence of business activities for as long as the record must be kept.

Create: Capture

(5.1.2, 5.1.8)

Office-based records (Word, Excel, PowerPoint) can be created directly in SharePoint, or from the relevant application and then saved directly to SharePoint (no need to use NFS).

Both the Save and Save as dialogues show OneDrive and SharePoint first, then the other options.

Drag and drop to sync’d library.

Emails: drag and drop email, attachment, or both to sync’d library, use Flow, or leave in place.

Emails remain unchanged.

Create: Versions(5.1.2-7)

SharePoint document libraries have versioning enabled by default.

Versions are specific to a library or list item.

Any previous version can be viewed or restored, subject to permissions.

To view a previous version, click the date/time.

To restore a version, click the down arrow to the right of the date/time.

Create:Metadata

(5.1.3)

Almost unlimited metadata is possible.

Site columns or local columns.

Managed metadata service.

All document libraries include:

• System generated and unalterable metadata (File Type, Created by, Created (date), Modified by, Modified (date) etc.

• Dublin Core metadata(Title, Subject, etc)

• New metadata (via site columns or local library columns)

Metadata can be mandatory or optional and can also be exported at any time using the ‘Export to Excel’ option on every library menu.

Create:Metadata:

Content types

Kind of similar to TRIM/CM ‘record types’

Site and library content types

When to use them

Linked with document templates

Why to avoid them

Deprecated functionality - retention and disposal connectivity

Records Center – copy to capability loses document integrity

Create:Metadata:List views(5.1.3-14)

All metadata columns can be displayed in the list view.

When a record has been selected, the properties pane displays the metadata properties for each record.

Every Office document (Word, Excel, PowerPoint) retains the library metadata in the document properties, including when it is ‘saved as’ somewhere else.

Metadata properties (such as document ID) can also be displayed in the document body.

Create:Identifiers(5.1.3-20)

Document ID feature:

• Site acronym

• Library Unique ID

• Document ID

E.g., FinanceAP-1233212-1232

Document IDs and any other metadata remain embedded in Office documents (‘metadata payloads’)

Create: Aggregations

(5.1.4)

Folder: function or series level

File: activity level

The ‘folder’ level in SharePoint is the Site collection.

The ‘file’ level in SharePoint is a document library.

It is important to have document library naming conventions.

Create:Links

(5.1.4-24/25)

All SharePoint libraries include the ability to add a link to another document instead of a document. This reduces duplication of content.

Create:Bulk Importing

(5.1.5)

Bulk importing can be achieved in multiple ways.

Simplest is via File Explorer, set up columns as required and import or set the metadata.

Can use products like ShareGate.

Identification(5.2)

Unique identifiers are mostly GUIDs, except for document IDs.

Classification:Functions

(5.3)

Functions

• SharePoint sites can broadly map to business functions (which may sometimes be the same as the actual business unit name).

• This provides a way to aggregate ‘like’ content under the function. Multiple sites in the same function may cross-linked, including by using the hub/spoke capability.

• Functions can also be applied via retention policies (as seen in the Security and Compliance Portal)

Classification:Activities

(5.3)

Activities

• Document libraries

• These should be named after the activity to which they relate, and ideally include a year –for example ‘XYZ Committee Meetings 2018’, rather than have a single library called ‘Meetings’ then use folders to break up the content.

Function and activity combined:

• https://tenant.sharepoint.com/teams/financeAP/invoices2019

Maintain: Controls and

security(5.4.1-5.4.7)

Access to records in any site is restricted by default to the members of three permission groups: Site Owners, Site Members (add/edit), and Site Visitors (read only).

These groups can be modified as required by Site Owners only, and new permission groups can be created. Records can be restricted to an individual person if required.

The ability to delete a record is enabled by default. It can be disabled per site or library.

Data Loss Prevention (DLP) policies can be used to monitor or prevent the unauthorised exfiltration of records.

Information security classifications (e.g., Confidential, Secret) can be applied as labels.

Maintain:Audit trails(5.4.8-131-

133)

Audit logs record all activity undertaken on a SharePoint site.

Site audit logs are retained for 7 days but can be exported.

Audit logs for the entire system are retained for 90 days. These are accessed from the Office 365 Security and Compliance Admin Centre under the ‘Search and Investigation’ section, accessible only to Global Admins and Security Admins.

Maintain: Import, export

of records(5.4.7-125

Records in SharePoint, along with their metadata, can be migrated in multiple ways.

Commonly this would be by using File Explorer but other export tools can be used as well.

Maintain: Hybrid:

Managing paper records

(5.5)

Paper records can be managed in SharePoint lists, with as much metadata as required.

Maintain:Retention and

disposal(5.6)

Records retention classes are set in the Office 365 Security and Compliance Admin Centre under the ‘Classifications’ section.

When published, these become available in document libraries and lists in SharePoint as well as in Outlook. Classification policies are more likely to be applied in team site libraries as each library may have different type of content. Question – who applies them?

If applied, content cannot be deleted.

A retention policy may also be applied to the entire site as a Site Policy. This is more likely to be used where the entire site can be subject to a single retention policy, for example, project sites.

Exchange records management

SharePoint records management

Teams records management

Disposal management - 1

How it works (including metadata retention) and the role of records managers

Disposal management - 2

Disposal management - 3

Retention and Disposal

additional points

Multiple retention policies vs grouped (e.g., 7 years)

Retention policies appear as labels

Implementation model is important

‘There are several other features that have previously been used to retain or delete content in Office 365. These features will continue to work side by side with retention policies and retention labels. But moving forward, for data governance, we recommend that you use a retention policy or labels instead of all of these features. A retention policy is the only feature that can both retain and delete content across Office 365.’ (Source in notes)

Maintain:Legal holds

and eDiscovery(5.6.1-162)

Office 365 includes an eDiscovery option in the Security and Compliance Centre. This option allows records to be placed on hold (not destroyed), pending the outcome of the legal hold.

Once the legal hold is lifted, the records resume whatever retention policy was applied.

Disseminate: Search

(5.7.199-225, 5.7.232))

Users can find anything they have access to (new – Microsoft Search)

Search is customized to the individual

Search can also find text in images

Delve (E3 etc)

OneDrive Discovery

Disseminate:Render and

Redact(5.7.1, 5.7.3)

SharePoint supports the display of over 300 document types.

SharePoint includes check out/in capability, where required. It also supports co-authoring.

Redaction would require additional add ons)

Administration(5.8)

SharePoint includes a range of administration functions, including for reporting purposes.

Back-up and recovery is provided through the Recycle Bin and versioning options.

As a hosted system, organisations have no ability to restore the system to a previous point after updating.

Final points

End user experiences

Mobile and home PC access

Save as (SharePoint or OneDrive)

Sync to File Explorer

Share (instead of attach), with restrictions

Collaboration, including co-authoring and MS Teams

External access

The Office Graph

What is it?

Discovery in OneDrive

Delve (E3 and above)

Search results

Change is constant

Office 365 is updated constantly

Re-thinking documents (Fluid)

What is a record?

https://techcrunch.com/2019/05/06/microsoft-wants-to-reinvent-documents-with-its-new-fluid-framework/

https://www.microsoft.com/en-us/microsoft-365/blog/2019/05/06/build-2019-people-centered-experiences-microsoft-365-productivity-cloud/

https://www.microsoft.com/en-us/microsoft-365/roadmap

https://techcommunity.microsoft.com/

Final thoughtsRecords managers and IT need to work together

You need to learn about SharePoint Online as part of Office 365 – it really is not hard

You need to be part of this

Learning and training

resources

https://support.office.com/en-us/article/sharepoint-online-video-training-cb8ef501-84db-4427-ac77-ec2009fb8e23?ui=en-US&rs=en-US&ad=US

https://docs.microsoft.com/en-us/sharepoint/sharepoint-online

https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Office-365-Retention-Disposal-amp-Archiving-Frequently-Asked/ba-p/504158

https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies

https://docs.microsoft.com/en-us/office365/

https://www.microsoft.com/en-us/microsoft-365/blog/2019/05/06/build-2019-people-centered-experiences-microsoft-365-productivity-cloud/

https://office365itpros.com/