Records Management & Compliance Solutions
SharePoint as your ubiquitous intelligence and storage solution for all records across the organisation
Jon Barrett
Solutions Specialist, Microsoft
Anthony WoodwardHead of Compliance and Governance, Unique
World
• Session Abstract:
This session presents the Document and Records Management
features, as well as the Policy/Compliance capabilities related to
Records Management in Microsoft Office SharePoint Server 2007,
Exchange 2007 and the 2007 Microsoft Office system client
applications.
The session also presents four implementation approaches for
Records Management:
– Records Management using out-of-box SharePoint features
– Records Management using SharePoint with Customization
– 3rd party RM solutions with SharePoint integration
– Records Management ISV add-ons to SharePoint
Agenda
• ECM Overview
• SharePoint Server - Key Records Mgt Features
• Meeting High-end Records Management Requirements
– Three Implementation Models
• High-end Records Management on the SharePoint platform
– Deep dive and demonstration
• Exchange Server 2007 - Key Records Mgt Features
• Q&A
Organizations are reviewing their Organizations are reviewing their
business processes and how they business processes and how they
manage the information assets (content) manage the information assets (content)
ComplianceCompliance ConsolidationConsolidation
1 2
••“1 Version of the Truth”“1 Version of the Truth”
•• Aust. Corporations ActAust. Corporations Act
•• Basel II AccordBasel II Accord
•• SOXSOX
•• File ServersFile Servers
•• Niche Content SystemsNiche Content Systems
•• Legacy SystemsLegacy Systems
manage the information assets (content) manage the information assets (content)
that support these processesthat support these processes
OperationalOperational
EfficiencyEfficiencyContent ExplosionContent Explosion
3 4
•• Central StorageCentral Storage
•• Policy EnforcementPolicy Enforcement
•• Legal RequirementsLegal Requirements
•• LifecycleLifecycle
•• Personal StoragePersonal Storage
•• VersionsVersions
•• Cheap StorageCheap Storage
•• Digital ExplosionDigital Explosion
a1
Slide 4
a1 CLERP is not an Actanthonyw, 2/05/2008
BusinessProcess &
Forms
Platform
Services
CollaborationBusiness
Intelligence
People & Personalization
Integrated
* Document Management* Records Management* Web Content Management with Policies and Workflow
Forms
Search
EnterpriseContent
Management
Services
Workspaces, Mgmt,Security, Storage,
Topology,Site Model
PartnerSolutions
Portal
ECM ComponentsECM Components
User InterfaceUser Interface
Microsoft OfficeMicrosoft Office Web browsersWeb browsers 33rdrd party appsparty apps
Unified Storage ArchitectureUnified Storage Architecture
Unified ServicesUnified Services
ECM ComponentsECM Components
Records Records
ManagementManagementWeb Content Web Content
ManagementManagementForms Forms
ManagementManagementDocument Document
ManagementManagement
WorkflowWorkflow MetadataMetadata PoliciesPolicies
SearchSearch SecuritySecurity IRMIRM CollaborationCollaboration
Library SvcsLibrary Svcs..
Ready to publish,
sign off and approveCreate
Edit /
ReviewArchivePublish
SharePoint 2007 Records Management
Key Features
• Records Center – Controlled Repository• Content Types
• User Interface - Office Integration• Send To ... Records Centre• Send To ... Records Centre
• Information Policies - Expiration
• E-mail Integration – SharePoint as an E-mail Repository• Record Holds
• Rights Management
No limit to the type of electronic records content
Records Centre
• Built-in features
• Properties/metadata requirements
• Document template
• Available workflows
• Policy settings
• Extensible features
• Customizable edit/display forms
Events anchored by type• Events anchored by type
• XML storage to define custom behaviors
• Core infrastructure improvements• Heterogeneous metadata
• Reusable types across places
• Management via hierarchy
• Applicable across items, documents and folders
Send To Records Centre
• Out-of-the-box features and extensibility
– Expiration: Allows custom time periods and actions. An expiration action can kick off a workflow.
– Auditing: Our audit log is designed to be extended. Our reporting features treat “add-on audits” as first-class citizens.
– Labels/Barcodes: You can create your own schema, numbers, text, or pictures to be attached to any item in our repository. These are typical SharePoint fields and are indexed for search.These are typical SharePoint fields and are indexed for search.
• You can build your own or replace any of these
– Examples of new policy features you can build:• De-duplication
• Digital signature-based document integrity
• Document “Hygiene”
• Convert to Fixed Format
• Trigger:N [Years | Months | Days ] after item [Created | Modified]; orSet programmatically (example: by a workflow)
• Action:
Delete; or
Delete including Metadata; orDelete including Metadata; orExecute named workflow
Record Holds
SharePoint 2007 Records Management
Key “Challenges” with Baseline RM Features
• No Business Classification Scheme / File Plan
• Documents are copied to the Records Center• Disposal based on Content Type not BCS• Not certified to Local or International Standards• Not certified to Local or International Standards
except DOD 5015.2
• No Physical Records Management• No Scanning User Interface• Scalability of the Records Center ?• References – who’s using MOSS for RM ?
• Microsoft Received DOD 5015.2 Cert in May 2007
• NOT a product release pack
• Add-on functions released as a Developer Toolkiton MS Connect
• Targeted at developers and not customers
http://www.microsoft.com/presspass/press/2007/may07/05-29SharePointDoDPR.mspx
• FunctionalityFile Plan Builder
Supplemental Markings
Vital Review
Multiple Locations
Folder holds
Close Folders
Referencing & Linking
Metadata Propagation
Cutoff
Unique ID
Disposition
Expunge
Part 2:
Records Management Strategiesfor compliance withfor compliance withHigh-end Requirements and Australian Standards
SharePoint and High-end RM
• Australian Standards / Methodologies– VERS
– AS 4390 (ISO 15489)
– DIRKS
– Federal, State & Local Govt. regulations– Federal, State & Local Govt. regulations
• MOSS 2007 off-the-shelf features do not
meet these requirements
• Microsoft partners fill the gap
Three Implementation Approaches
COTS Side by SideThird-party RM Application with
SharePoint Integration
Custom on TopCustom on Top
Custom code on top of the SharePoint platform
COTS on Top
Commercial-off-the-shelf ISV software add-on to
the SharePoint platform
Model 1: COTS Side by SideWhat SharePoint used as Collaboration & DM platform.
Official Records are sent/published to 3rd-party Records
Repository.
Why • Proven / mature RM platform
• Existing license / deployment investment
• Emphasis on Physical Records Management
Why Not • License Costs – 3rd party application, integration software
• Multiple Security Models
• Usability – multiple user interfaces• Usability – multiple user interfaces
• Usability – users confused as to when to ‘send to Records’
• Usability – Office applications have competing ‘Save’ behaviour
• IT – Multiple platforms to maintain
Great
Example
• Tower Software TRIM TCSI - City of Greater Shepparton
• EMC Documentum
COTS = Commercial Off The Shelf
Access and
Collaborate on
TRIM records within
SharePoint Bookmark TRIM
records in
SharePoint
TRIM Context SharePoint Integration
Key Features
Create TRIM
records
within
SharePoint
Solutions
on Top
SharePoint
Model 2: Custom on Top
What SharePoint used as total ECM platform – Collab, DM & RM.
Custom code developed to meet your requirements that are
not met by SharePoint baseline features.
Why • Meets specific customer requirements –
no functional compromises
• Lower license costs
• Usability – single user experience
• IT - Single platform• IT - Single platform
Why Not • Cost of custom development
• Custom solution may be costly to maintain
Great
Example
• OBS – SA Water
• Productiv – Queensland DTRDI
COTS = Commercial Off The Shelf
Model 3: COTS on TopWhat SharePoint used as total ECM platform – Collab, DM & RM.
ISV COTS solution is an add-on to the SharePoint platform.
Why • Meets broad industry requirements
• Lower license costs compared to Model #1
• Usability – single user experience
• IT - Single platform
Why Not • Relatively new offering – conservative customers see as risk
• Maturing feature set• Maturing feature set
Great
Example
• Unique World RecordPoint - Austrade
COTS = Commercial Off The Shelf
Part 3:
A detailed look at
Australian CompliantAustralian CompliantRecords Management
The Story so far…..
90’s
00’s Failed adoptions
80’s Physicalrecords
90’s Electronic Records Explosion
adoptions
• Usability
• Traditional RM software - ‘User unfriendly’ - Has its own custom User Interface
• Business Process
• Business processes encumbered by RM solution
• RM Processes didn’t adopt to the new electronic era
• Unfamiliar Terminology/Language
Why have RM solutions failed ?
• Unfamiliar Terminology/Language
• Technology Platform
• Another technology platform/silo
• User Buy-in
• RM not perceived by users to be core to their role
• No WIIFM for end user
What Federal Government is saying ...
“Official records should be created as close as possible to the
event, action or decision they relate to. Equally, the more
important the matter, the more comprehensive the record should
be.”
“Lifting the burden of recordkeeping for general APS employees -
good systems designs that introduce common, simple and good systems designs that introduce common, simple and
automated processes for creating and managing records - will
result in higher quality recordkeeping.”
Note for File (2006) – MAC report
http://www.apsc.gov.au/mac/noteforfilesummary.pdf
Why SharePoint based Solutionsare different.
�Usability
• Familiar User Interface – Web Browser, Office and Outlook
• Interprets User Inputs into RM Outputs
�Business Process
• Seamlessly integrate RM into core business systems
• Familiar Business Language not RM Language• Familiar Business Language not RM Language
• Maps users activities back to RM (not the other way around)
�Technology Platform
• Leverages industry leading Microsoft SharePoint platform
�User Buy-in
• Makes RM consideration easy for the user
Access Control
Audit
Version Mgmt
SharePoint
Platform Additional Functionality
required for
Australian Compliance
Classification
Records Control
Schedule
Mapping of Features
+Search
Workflow
Content Mgmt
Classification
Records Mgmt
Processes
Disposal
+
Key FeaturesLimited examples required for High-end Compliance
• Records Classification Schedule
• Disposal driven by Records Classification Schedule
– SharePoint disposes by Record Type only
• Handle Complex Disposal Workflow/Rules
• Capture of Web 2.0 Objects
– Wikis, Blogs, Web Pages, etc.
• Physical (paper) Records Management
• Compliant with Australian Standards
• ISO 15489, VERS (VIC), IS40 (QLD), NSW State Records Act
RecordPoint
Co
lla
bo
rati
on
site
s
Ru
les
En
gin
e
RecordPoint
Permanent
Archive 10 yrs
Review 15 yrs
Co
lla
bo
rati
on
Ru
les
• Content Type Rule
• Location/ Site Rule
• Controlled Vocabulary Rule
Demonstration Scenario: Collaborating
• End User
• Registers a budget document and finalises the document to RecordPoint
• Registers an e-mail from Outlook
• Registers an announcement
• Records Administrator
• Defines new rules
• Inspects retention schedules of content
Demonstration
What Happened in the Demo ?
1. Documents, Announcement, E-mails added to
SharePoint Site
2. Rules engine configured to process them
3. Record classified and sentenced in accordance 3. Record classified and sentenced in accordance
with Rules and organisational needs
4. Record Finalised on Active Site
5. Link created in SharePoint site to record
Case Study - Austrade
• Needed to maximise SharePoint investment
• Limited budget • Limited budget
• Users wanted simplicity
• Needed to comply with National Archives Legislation
Part 4:
E-mail Records ManagementE-mail Records Management
Exchange Server 2007
Better Control of E-mail Traffic &
Content
New Exchange 2007 features …
Create ethical walls that
isolate an individual or groups
Filter emails based on content
Initiate journaling to send a
Enable Business Solutions
Comply with regulations that restrict communication between brokers and analysts (Fin) or Conflict of Interest (Legal)
Scan for Identity Numbers (credit card#, medicare#) to ensure that they are not accidentally sent outside the organization
41
Initiate journaling to send a copy of specified email types to a secondary location
Add specific policies to emails
Flag messages for specialhandling
Many government regulations require that organizations journal e-mail for some, or all, users, and store in a Records Repository
Require encrypted delivery of any message containing specific confidential information
Easily add headers such as “company confidential” and “attorney/client privileged”
Messaging Records Management (MRM)Building Blocks
• Exchange Server ‘Hub Transport’ Role– New role for Exchange Server 2007
– All traffic – internal, incoming and outgoing –goes through the Hub Transport.
Managed Folders• Managed Folders– Special folders setup by Exchange Administrators
– Exposed to Selected Users – available via Outlook
– E-mail handling policies for Records Managementand Classifications
Messaging Records Management (MRM)
User MailboxUser Mailbox
Automated via
Exchange
Transport Server
Rules
Manual via
User Drag/Drop
Automated via
Outlook Client
Rules
Advanced Records Mgt
(DOD 5015.2 in CY07)
Managed FoldersManaged Folders
Basic Records Management –
Simple Retention/Disposal
43
Rules
Automated Archiving to Records Repository (any SMTP address)
via Exchange Transport Server Rules
Hub Transport Server - Conditions
44
Hub Transport Server - Actions
• Log an Event with Message
• Prepend the Subject with string
• Apply message Classification
• Append disclaimer text
• Set the Spam-Confidence-LevelSet the Spam-Confidence-Level
• Remove Header
• Add a Recipient in the To field
• BCC the message to {addresses}
• Redirect the message to {addresses}
• Send Bounce-message to the sender
• Silently drop the message
45
Records Management for E-mail
Folder Policy Folder Policy
StatementStatement
46
Emails placed Emails placed inin
Managed FoldersManaged Folders
are are automatically automatically copied to acopied to a
SharePoint Records RepositorySharePoint Records Repository
based on based on configured configured policies policies
� Exchange Server:
Administrator configures
Transport Hub Rules� Client:
User manually sets
Classification with Outlook or
Outlook Web AccessOutlook Web Access
Setting a Message Classification manually
Found on the
Office / Permission
menu
Message Classification – Info Banner
Help your regulated
users stay compliant
In Summary ...• The overall Records Management strategy is to allow organisations
and users to be Productive and Compliant.• Usability and User Acceptance is Key to successful Records
Management.
• SharePoint is a broad ECM Platform with Baseline Records
Management capabilities with tight integration to Office as well as having a native Browser interface.
• Microsoft partners can “fill the gap” to meet your unique needs • Microsoft partners can “fill the gap” to meet your unique needs based on existing investments, regulatory requirements and business processes. There are three main approaches– COTS Side-by-Side with SharePoint– Custom on Top of SharePoint– COTS on Top of SharePoint
• Exchange Server 2007 has some advanced Records Management features for Messages, and has Integration to SharePoint.
Further Information
THANK YOU
Question & Answer Session
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.