Information Governance in office 365 records management and retention

Part III: Records and Information Management&

Information GovernanceJohn P. Collins, JD, Director-Information Governance SolutionsJohn Holliday, JD, Principal, Holliday & Associates

Office 365 for the Information Governance and eDiscovery

Practitioner

Part I: The Fundamentals of Office

365• When: Tuesday, October 6

at 1:00 PM Eastern TimeWhat is Office 365 (it’s not just email in the cloud!) but rather an entire ecosystem of applications, tools, and content. This webinar breaks it all down.

• The Office 365 plans available—and why this is important

• The primary system components (Exchange, SharePoint, and Skype for Business)

• Types of data and ESI likely to reside in Office 365

• Overview of the Information Governance and eDiscovery features built into the platform

Three-Part Webinar Series: Office 365 for the Information Governance and eDiscovery Practitioner

Part II: eDiscovery Deep Dive

• When: Tuesday, October 27 at 1:00 PM Eastern Time

Can you address some, all, or none of your eDiscovery requirements and needs using the built-in eDiscovery features of Office 365? This webinar will help organizations answer this question.

• Review of type of ESI available for discovery from Office 365

• eDiscovery Center explained: where much of the eDiscovery activity takes place

• Exchange (email) only eDiscovery

• Office 365 Compliance Center

• Pros and cons of built-in eDiscovery features

• Guest Speaker: Craig Ball

Part III: Information Governance and RIM

• When: Tuesday, December 1

at 1:00 PM Eastern TimeOffice 365 provides several different approaches to the retention and disposition of data—including full records management capabilities via SharePoint. This webinar will provide an overview of the various options and approaches to managing data residing in Office 365.

• Options for records management in SharePoint and Exchange

• Security and compliance features– Data loss prevention (DLP)

– Mobile device management (MDM)

– Information Rights Management (IRM)

– Encryption

– Auditing

• Guest Speaker: John Holliday

http://dtiglobal.com/news-events/events

Recordings

Available!

Housekeeping

• Today’s webinar is being recorded and will be available for download within 1-2 days

• If you experience technical problems please call 888-447-1119 and press “2”

• To make comments or ask questions-enter using your keyboard via the “Chat” function

4

Guest Speaker

• John F. Holliday, JD– Principal, Holliday & Associates– Information Risk Management Consulting

John F. Holliday, J.D. is a 5-year veteran of the Microsoft Most Valued

Professional (MVP) program for the Office SharePoint Server product line.

John has a broad range of professional software development and consulting

experience spanning more than 30 years, most of it focused on content

analytics, document automation, enterprise content management and related

systems.

John is a regular speaker at SharePoint conferences, has authored or co-

authored several popular SharePoint development books, and is the founder

of the SharePoint Developer Network (www.spdevnet.com), an international

network of professional SharePoint developers with over 5000 members

worldwide.

In addition to his professional career, John is actively engaged in

humanitarian activities through Works of Wonder International

(www.worksofwonder.org), a non-profit he founded in 2002, and the

International Association for Human Values (www.iahv.org), an international

service organization devoted to uplifting human values throughout the world.

5

Contact Information

• John P. Collins, JD– Director, Information Governance Solutions John Collins, J.D., DTI’s Director of Information Governance

Solutions, has extensive experience in assisting clients with a full range of information governance services, including data mapping, litigation and electronic discovery readiness, and the development of records and e-mail management and retention policies. As a technology manager for Thomson West (now Thomson Reuters), John managed a team of technology consultants providing technology solutions and installation and integration services to law firm and corporate legal departments throughout the Midwest. As Vice President for Consulting at The Ingersoll Firm, John worked with IT staff at a number of Fortune 1000 companies on data mapping and eDiscovery readiness engagements. He has also published a number of articles and conducted numerous seminars, webinars and CLE programs on information governance and litigation readiness topics. John is a graduate of Nazareth College and the Concord Law School.

6

Agenda

• Fundamental components of Office 365 from a RIM/IG perspective• RIM & IG features in Office 365: retention and disposition

–Exchange specific–SharePoint specific

• SharePoint Records Center

• RIM & IG features in Office 365: information security–Data Loss Prevention (DLP)–Encryption–Information Rights Management (RIM)

• Additional RIM & IG features in Office 365–Mobile Device Management–Auditing

• The Compliance Center

7

Fundamental components of Office 365

•Collaboration (Team Site)•Intranet/Portal

•Blog, Wiki•File Storage (OneDrive for Business, Video Portal, etc.)

•Application development•Enterprise Content Management (ECM)

•Public web site

•E-mail•Unified Messaging (voice mail)

•Contacts• Shared Calendar

•Tasks•Notes

•Journal•Exchange Public Folders

•Instant Messaging•“Presence”

•Skype to Skype (VoIP) calls (audio and/or video)•Online meetings

Microsoft Office Professional

•Word•Excel•PowerPoint•Outlook•OneNote•Access•Publisher

Four Fundamental Components

8

Information Governance features in Office 365

• Retention & Disposition– In-Place Archive (Exchange)– Document deletion policies (SharePoint)– Information Management Policies (SharePoint)– Messaging Records Management (MRM) (Exchange)– Records Management (SharePoint Records Center) (SharePoint)– Site Closure Policies (SharePoint)

• Information Security– Data Loss Prevention (Exchange)– Encryption (Exchange)– Information Rights Management (IRM) (Exchange, SharePoint)

• Auditing (All Office 365 components)• Mobile Device Management (MDM) (Exchange)• Transport Rules (Exchange)• eDiscovery (not covered in today’s webinar)

NOTE: terminology used by Microsoft for IG and E-Discovery related features is “Security and Compliance”

Delete

Discover

Encrypt

ArchiveDLP

Preserve

Audit

IG features in Office 365: Retention & Disposition

10

IG features in Office 365: In-Place Archive (Exchange)

• NOT type of archiving available from dedicated archiving tools such as Enterprise Vault, SourceOne, Proofpoint, etc.

• Essential purpose is additional storage capacity for email—to replace PST (personal archives)

• Emails can be moved into the archive via several methods:– Move or copy manually by user (from mailbox or a PST file)– Inbox rules– Retention policy (NOTE: there is a default policy applied to each mailbox which makes use of the

archive mailbox)

• Archive mailbox currently not accessible via mobile device clients

• Is encompassed in legal hold and eDiscovery functions of Office 365

• Default setting is OFF

The user’s primary mailbox

The user’s archive mailbox

11

IG features in Office 365: Messaging Records Management (MRM) (Exchange)

• Email management framework• Employs a “tagging” paradigm• Tags get applied to:

– Entire mailbox OR a folder OR an individual message/item

• Multiple tags can be created, for example: – 1 year (delete all items after one year)– 5 year (retain item or items in folder for 5 years)– Archive (move Inbox items to archive mailbox after 6

months)

• Policies:– Each user is automatically assigned to the “Default MRM

Policy”– Can aggregate tags into distinct policies (Executive Policy,

VP Policy, Legal Dept. Policy, etc.)

• Legal hold suspends deletion https://technet.microsoft.com/EN-US/library/dd297955(v=exchg.150).aspx

12

Setting up MRM: 1) Create tags

•Actions by tags:–Delete and allow recovery–Permanently delete–Move to archive

•After ______ # of days•Tags for:

–Entire mailbox–Default folders–Customer folders– Individual items

13

Setting up MRM: 2) Create policies

Policie

s cre

ated

Tags

inclu

ded

in po

licy

14

Setting up MRM: 3) Assign policies to users

• An organization can create as many policies as are needed to achieve requirements

• Policies can be assigned to one or more mailboxes

15

Example email retention policy

Folder or Tag Retention Policy

Inbox, Sent Items, Drafts, Conversation History

Deleted after 180 days

Deleted Items Deleted after 30 daysWorking Docs Working Docs-2 year retentionRecord Tag E-mail records-10 year

retentionContacts, To Do, Notes IndefiniteVoice Mails Deleted after 14 days

16

Default MRM Policy

https://technet.microsoft.com/EN-US/library/dn775046(v=exchg.150).aspx

17

IG features in Office 365: Site Closure Policies (SharePoint)

• Close and/or delete SharePoint sites automatically– Trigger can be site creation or close date

• Can make closed sites read-only • Can create a notification

workflow for closure and deletion –Permits postponement of closure/deletion

• Especially important to consider using in environments with self-service site creation

18

IG features in Office 365: Document Deletion Policies (SharePoint)

• A policy framework for SharePoint– Applies to site collection templates, site collections, sites, OneDrive for Business

• Broad policies—not a records management oriented approach– Keep for X number of years then delete

• Use of policy can be configured as mandatory or optional

• Multiple policies depending on need:– One policy for OneDrive for Business

– Different policy for internal team sites

– Different policy for extranets

• Overrides other policy mechanisms (content types, information management policies, etc.)

• Only applies to document libraries (NOT lists)• Legal hold suspends deletion

19

IG features in Office 365: Information Management Policies (SharePoint)

• Framework for:– Retaining, deleting, archiving, dispositioning content– Initiating workflows, approvals, and other processes relating

to content– “Labeling” content– Auditing actions taken on content

• Can be applied at multiple levels– Site collection– Content type– List– Library– Folder

• Implementation requires planning, training, careful thought

SharePoint Records Center

21

IG features in Office 365: SharePoint Records Management (SharePoint)

• Records Center:– Available via Enterprise template gallery

• Built-in features– “Record Library”

• Pre-configured to protect records

– “Drop Off Library”• Receives incoming documents

– Content Organizer• Pre/Post Classification

• Advanced Document Routing

22


• Records Center:– Available via Enterprise template gallery

• Built-in features– “Record Library”

• Pre-configured to protect records

– “Drop Off Library”• Receives incoming documents

– Content Organizer• Pre/Post Classification

• Advanced Document Routing

23


• Content Organizer:– Available on ANY site (not just Records Center)

• Useful for…– Moving documents according to…

• Content Type

• Metadata Values

• Configuration Steps– 1) Identify Content Types– 2) Create Record Libraries

• Add content types

• Create folder structure

– 3) Define Rules

24


• Content Organizer:– Available on ANY site (not just Records Center)

• Useful for…– Moving documents according to…

• Content Type

• Metadata Values

25


• Drop Off Library:– Receives incoming documents

• Useful for…– Deferring record classification

• “Pipelining”

– Identifying incorrect routing rules– Delegating RM responsibilities

26


• 3 main areas of concern:– Classification Strategy– Retention Mechanism– Disposition Rules

• Classify by…– Content Type– Document Metadata– Managed Metadata– Document Location

• Keep or retain using…– Site Closure Policy– Content Type Policy– Library/Folder Policy

• Interpret ‘disposition’ as…– Archive and store offline– Delete permanently– Execute a workflow– Transfer to external system

Classification

• Content Type / Tag / MMS• Library / Folder

Retention

• Site Closure Policy• Information Policy

Disposition

• Delete / Keep• Transfer / Workflow

27


• Classification:– Consider third party application support

• Manual classification

• Automatic classification

• Content lifecycle management

Tools: ConceptSearching, Collabware CLM

• Classification requires 3rd party support– Proper classification is key to success– Manual declaration is unrealistic in practice

• Classification rules may change– Classification/Retention rules may change– File Plan development is a collaborative exercise– Rules may apply to multiple SharePoint farms

• Documents may need reclassification– Complex workflows involving the same document– Multiple groups accessing the same set of documents

• Documents may be classified in groups– Projects involving many documents of different types

Disposition

Tag

Metadata Type

Location

Site Closure

Retention by Type

Retention by Location

Archive

Delete

Transfer

Workflow

Retention

Classification

28


• Managed Metadata:– Key to making RM work in SharePoint

• Decouples Documents from Tags– Proper classification is key to success– Manual declaration is unrealistic in practice– ConceptSearching is a popular choice

• Enables Add-On Tools to…– Generate tags from document content– Examine tags to configure SharePoint– Associate tags with business/compliance rules

• Enables SharePoint to…– Centralize management of tag hierarchies– Associate tags with many documents

29


• Retention:– Mechanism follows classification strategy

• Content Type Information Policy (Retention)

• Library/Folder Information Policy (Retention)

TIP: Proper configuration is the key

• Supports 2 Document States– Records (Explicitly Declared)– Non-Records

• Retention Policy Configuration– Rules are defined in “stages”– Stages must be managed carefully

• Watch for conflicting “events”

• Test and re-test when modified

• Limitations in Office 365– No “custom” retention formulas– No “custom” disposition actions

30


• Disposition:– Extends the meaning of “retention”

• Supports Multiple Actions– Move to Recycle Bin– Permanently Delete– Transfer to different site (or externally)– Start a Workflow– Skip to Next Stage– Declare Record– Delete Drafts– Delete Previous Versions

• Limitations– Can’t start workflow at Site Collection level

Confidential—Not For Distribution

IG features in Office 365: Information Security

32

IG features in Office 365: Data Loss Prevention (DLP)

• DLP policies contain sets of conditions which filter messages and attachments

• DLP policies employ:– Rules: for example, if a sequence of numbers such as 123-12-1234 appear

– Actions: if 123-12-1234 appears, do not send the message

– Exceptions: its ok to send the message if the sender is John Doe

• Target PII, PHI, credit card numbers, social security numbers, drivers license numbers, etc.

• Use out of the box templates, create custom rules, or import rules created by 3rd parties

33

IG features in Office 365: Encryption

• Multiple options available to implement a program to encrypt sensitive information in email

• Office Message Encryption (OME)– Works with internal and external recipients– No special software required by recipients (don’t have to be on Office 365)

• Secure/Multipurpose Internet Mail Extensions (S/MIME)– Uses certificates in a private-public key framework– Includes digital signature

34

IG features in Office 365: Information Rights Management (IRM)

• Encrypts files and limits programs and users who are allowed to decrypt

• Limits what users can do:– Email: who can access, forward, print, or copy sensitive data– SharePoint: limit actions users can take on files such as read-

only (can’t edit), copying and printing

• Can be configured to be in effect for set period of time (expiration)

• Email rules:– Can configure rules to apply IRM to certain messages (for

example, messages containing word “confidential”)


Additional IG features in Office 365

36

IG features in Office 365: Mobile Device Management


• More robust option than Exchange Active Sync (EAS) and if EAS is enabled it is superseded by MDM

• Manage iPhones, iPads, Androids, and Windows Phones (NOTE: Blackberry has a specific service offering through Microsoft)– Requires Office 365 license

• Users can still access SharePoint and Outlook Web App via browser (MDM does not control)

• Allows for selective wipe!

37

IG features in Office 365: Auditing

• Tracks changes made by BOTH Microsoft and subscriber

• Audit reports can be viewed and downloaded• Audit data available for 90 days (longer in some

instances—this is a moving target)• Reports include:

– Litigation holds & E-Discovery searches – Mailbox access by non-owners (delegates)• Admin activity (admin audit logging) in Exchange Online• Access to mailboxes (mailbox audit logging) in Exchange Online• User activity in SharePoint Online and OneDrive for Business• Admin activity in SharePoint Online and OneDrive for Business• Admin activity in Azure Active Directory (the directory service for Office 365)• User sign-in activity in Azure Active Directory

• 3rd party audit tools more robust (API available)• Compliance Center reporting in deployment (provides

additional reports)


The Compliance Center

39

Compliance Center

• Introduced January 2015• Future primary location of Office 365 E-Discovery

features• Objective is to bring together compliance related

features in a single console (E-Discovery, MDM, retention, auditing, etc.)

• Currently has a mix of unique and duplicate features– Unique:

• Can search across ALL mailboxes and SharePoint sites in a single search

– Duplicate• E-Discovery link redirects to the SharePoint E-Discovery Center

• Limitations: some features are not fully baked– Example: search does not have an export or legal hold function (executing these

functions requires use of PowerShell)

https://technet.microsoft.com/EN-US/library/dn876574.aspx

DTI Information Governance Services

40

Consulting• Records and Information

Management (RIM)– Assessments

– Policies and schedules

– Program implementation

• eDiscovery and Litigation Readiness– Assessments

– ESI data mapping

– Process design and implementation

Technology Services• Defensible disposition and

deletion– Categorization

– Repository/application retirement

– Content audit

– File share and SharePoint cleanup

• Email and archive migration– Archive retirement

– Migrate email to cloud

– PST consolidation

– Legal hold repository

• Sensitive Data Retrieval/Remediation– Targeted identification of PHI, HIPAA, PCI, IP,

and other sensitive and critical data types• Delete

• Copy/Move

• Audit

Office 365 Consulting, Training, and

Implementation• Office 365 Readiness and Strategy

– eDiscovery best practices and workflows

• Office 365 eDiscovery Outsourcing– DTI operates eDiscovery features and functions

• Office 365 Email Management and OneDrive for Business Planning

• Legal Hold Process and Planning• Training

– ½ Day and Full Day Workshops for law firms and corporations

41

Contact Information

• John F. Holliday, JD– Principal, Holliday & Associates– Information Risk Management Consulting– Phone: 404-542-4637– Email: [email protected]– Web: www.holliday.associates

John F. Holliday, J.D. is a 5-year veteran of the Microsoft Most Valued

Professional (MVP) program for the Office SharePoint Server product line.

John has a broad range of professional software development and consulting

experience spanning more than 30 years, most of it focused on content

analytics, document automation, enterprise content management and related

systems.

John is a regular speaker at SharePoint conferences, has authored or co-

authored several popular SharePoint development books, and is the founder

of the SharePoint Developer Network (www.spdevnet.com), an international

network of professional SharePoint developers with over 5000 members

worldwide.

In addition to his professional career, John is actively engaged in

humanitarian activities through Works of Wonder International

(www.worksofwonder.org), a non-profit he founded in 2002, and the

International Association for Human Values (www.iahv.org), an international

service organization devoted to uplifting human values throughout the world.

mailto:[email protected]

42

Contact Information

• John P. Collins, JD– Director, Information Governance Solutions– Phone: 815-529-9851– Email: [email protected]

John Collins, J.D., DTI’s Director of Information Governance Solutions, has extensive experience in assisting clients with a full range of information governance services, including data mapping, litigation and electronic discovery readiness, and the development of records and e-mail management and retention policies. As a technology manager for Thomson West (now Thomson Reuters), John managed a team of technology consultants providing technology solutions and installation and integration services to law firm and corporate legal departments throughout the Midwest. As Vice President for Consulting at The Ingersoll Firm, John worked with IT staff at a number of Fortune 1000 companies on data mapping and eDiscovery readiness engagements. He has also published a number of articles and conducted numerous seminars, webinars and CLE programs on information governance and litigation readiness topics. John is a graduate of Nazareth College and the Concord Law School.