SharePoint Records (Information) Management What works, what doesn’t? Chris Caplinger RecordLion, Inc.

Who am I? And why am I talking about Records Management and SharePoint? Founder and President of Vice President of the St. Louis Chapter of ARMA Former CTO and co-founder of Co-author of “SharePoint 2010 ECM”

Session Overview What we are going to discuss: RIM Components (Mostly) SharePoint 2013 On Premise and Online What RIM features work and what are the issues The RecordLion Solution What we will briefly discuss: Microsoft Exchange What we are not going to discuss: Rights Management Technical details on SharePoint Something else that’s likely important to you

The Cost of Obsolete Information Data Growth Organizations double amount of data they store each year Moore’s Law Information Breach The more data you keep, the greater the risk of information breach Noise More data you keep - the harder it is to find The more data you keep - the harder it becomes to analyze Data is useless if it can’t be analyzed Legal Costs Opponents discovering information that could have been destroyed can cost millions of dollars. Error in obsolete data are prone to penalties Local company fined for old accounting data

http://www.polleverywhere.com/multiple_choice_polls/4gcInJ5BGO7PcF3

http://www.polleverywhere.com/multiple_choice_polls/43ExXQGYBeroICK

9 Big RIM Rocks File Plan Management Classification Event based retention Disposition Auditing Email Handling Physical File Handling Legal Holds eDiscovery

File Plan Management and taxonomy “By failing to prepare, you are preparing to fail.”  - Benjamin Franklin

File Plan Overview A document or a way to document the retention schedules for all your information. Your Records Manager should create and maintain your File Plan You must publish your File Plan File Plans should include a cutoff event, retention period and disposition information

http://www.polleverywhere.com/multiple_choice_polls/4VhWbo098Ajwejn

File Plan, what works? Record Managers need File Plan Management Use Excel Spreadsheet Use SharePoint List(s) Use a third party product Taxonomy Structure Show example of Excel Spreadsheet Location Based for Homogenous environments Content Type Based for Heterogeneous environments

Location Based Taxonomy Only possible if similar information is stored together ! One site (or site collection) for each business unit Human Resources Accounting Corporate Libraries for high level record types Employee Records Hiring Records Employee Benefits Folders for different cases Employees Candidates Benefit Year Find information by browsing !

Find information by searching Content Type Based Crucial in heterogeneous environments ! Use Content Type Publishing Central location for document types and policies Helps ensure governance Find information by searching

Record Centers vs. In-Place Records Center In Place Record Status Good for archive and in- active records Good for active and collaborative information Security Records are kept separate and secure Information is secured while active Accessibility Good when only Records Managers access Good when teams still need access Versions Final version is a record All versions are records Policies are driven by Usually by location Usually by Content Types Administration Harder Easier

! ! ! File Plan Issues Taxonomy is not generated from File Plan Changing File Plan does not change taxonomy ! No help in understanding regulations and laws

Classification

Classification Overview Classification assigns information to a specific class of content which should be related to policies. Creates defensible policy assignment Simplifies searching Reduces cost of eDiscovery

Classification, what works? Drop Off Libraries Route content based on Metadata Metadata foldering (great for handling case type files) Available in SharePoint 2010, 2013 and Online Employee Records John Doe Jane Doe Fred Smith

Classification, what works? Location based classification Upload from library Drag and drop on browser Drag and drop using Synced Libraries (also OneDrive Business) ! Potential Governance Risk

Classification Issues ! No Meta Data Classification Forces too many Content Types ! No Automatic Document Classification Meta Data Extraction Classification for Content Types ! No Email Classification Move to SharePoint? Leave in Exchange?

Retention

Retention Overview Retention is a component of a file plan. Specifically it specifies how long after an event before disposition takes place. What drives retention periods? Industry regulations FINRA, SOx Corporate policies Local, state and federal laws IRS, DOL File Plans should include a cutoff event, retention period and disposition information Barclays fined $3.75M

Retention, what works? Assigning policies per Content Type or Location Temptation Recommended Site Retention Close and Delete Sites based on rules

! ! Retention Issues No Case Based Retention No Event Based Retention Need to dispose all related document (ex. Employee Files, Tax Records, Loan Files) ! No Event Based Retention Required for cases Date column retention is not enough Custom policies require experienced developer

Disposition

Disposition Overview Disposition refers to the formal disposal of content from your organization. For disposition to work you need a… File Plan Review and Approval capabilities Destruction and/or Transfer process Not all content needs this process, but your important records should be reviewed before being destroyed!

Disposition, what works? Deletion of content Recycle Bin Permanent (but not forensic) Deletion of entire sites Also Exchange Mailboxes Transfer to other SharePoint locations

! ! Disposition Issues No Review and Approval features Custom workflow required ! Forensic destruction SQL data? OneDrive for Business Documents? Is this important to your organization? Forensic Discovery Unlikely Potentially more secure!?!

Auditing

Auditing Overview Needed for defensible RIM and eDiscovery Needed to see if Records Management is working Aids in reporting

! Auditing, what works? Content Auditing This WILL slow your system down

! ! ! Auditing Issues No way to determine accuracy Classification accuracy Records declaration accuracy Disposal accuracy ! Difficult to impossible to analyze Excel Export No cubes or custom reporting ! Performance

Email

http://www.polleverywhere.com/multiple_choice_polls/mxNj6Xrq3lbvPvI

SharePoint Email records only Moving records to SharePoint Not for active or non-record Emails Moving records to SharePoint Automatic (Third Party) Drag and Drop (Limited) Move in Outlook (Third Party)

Exchange Retention for all messages on a mailbox 2010 and newer Custom retention for specific locations 2010 and newer Message classification (2013 and Online) In-Place Legal Holds Custom policy tags for Calendar and Tasks are only available in Exchange 2013 2010 used deleted or modified dates 2013 can use receive date In-Place Archiving Eliminates PST (Good for compliance)

Exchange or SharePoint It will be difficult (or maybe impossible) to create the policies for your File Plan in Exchange Determine how to identify records in Exchange Move identified records to SharePoint Create policies for non-records in Exchange Call to action… RecordLion eliminates the need to move records to SharePoint, since it can use the same file plan for both SharePoint and Exchange.

Physical Files

Physical Files Overview Do you need paper? Quick ROI with scanning Electronic creation is even better When you store paper consider… A safe dry place. Are they secure? (Who’s viewing and copying?) Do they have retention schedules? How is it being destroyed.

Physical Files, what works? Organization Libraries and folders can match physical locations By Record Type By Date (typically year) Organizational/Departmental Content Types Rarely homogeneous Use when possible

Physical File Issues ! No integration into commercial records centers Iron Mountain Recall The File Room ! No tracking No auditing Check In/Out not a solution ! No file requests/fulfillment ! Barcodes and Labels Built for electronic documents ! Not in sync with similar electronic records

Legal Holds

Legal Holds Overview Suspending the normal disposition of information when it is reasonably expected. Legal holds can protect you from spoliation fines or in some cases, incarceration Legal holds should suspend the information management policies Legal holds should lock information from further editing Identifying the correct information is key to successful legal holds Legal holds are required for present and future information Amendments to the Federal Rules of Civil Procedure (FRCP) from December 1, 2006 require organizations to hold electronic records (in addition to physical records) until the legal matter was settled. Just as important to find the information that should be held is the ability to eliminate information that is not relevant.

Legal Holds, what works? Legal holds aren’t the problem… finding the right information is Classification is key eDiscovery Center In-Place Holds (Records Center not necessary) Record Centers

eDiscovery

eDiscovery, what works? eDiscovery Center Site Collection Single place to collect information Automatically places Legal Holds Ability to export data Integration with Microsoft Exchange Enterprise wide searching Legal Holds are typically done before eDiscovery Exported data includes complete list of exported data Export and Hold can include documents, list items, pages, blogs and Exchange objects Record Centers Site Template Basic search and hold

! ! ! eDiscovery Issues What about your other information? Unstructured Data can be difficult to search ! Conversion to usable formats

SharePoint RIM Q&A

Introducing RecordLion Information Lifecycle

RecordLion Difference File Plan (Retention Schedule) Import/Create/Modify “All” your content Classification Folders AND/OR Content Type AND/OR Meta Data Disposition Defensible Disposition Audit Trail “All” your audit information Advanced Reporting Content Not just SharePoint

RecordLion Demonstration

Implementation

Steps to Success in SharePoint #1 - Build File Plan Where information is stored Where information comes from What is a record and when to declare them Handle non-records #2 - Implement File Plan Create taxonomy (the flatter the better) Publish File Plan #3 - Start collecting and classifying information #4 - Monitor your success

Sensible Records Management #1 - Make sure you can find what you’re looking for Classify information Create an easy interface for searching Without this your business will not be efficient Email 1st, Physical 2nd, SharePoint 3rd #2 - Make sure you keep records long enough Lock records (declare) Create a file plan/retention schedule Without this you are risking spoliation fines (ignorance won’t fly in court) #3 - Destroy records when legally possible Approve and destroy records when it’s legally possible #4 – Start considering your other information Networks Shares, IM, Social Networks, Mobile Devices

Chris Caplinger chris@recordlion.com @chrislcap Thank You! Q&A Chris Caplinger chris@recordlion.com @chrislcap