Information Management Policies and Records Retention

March, 2007

The questions of information management policies and records retention are ones that executives and senior managers constantly face. The combination of company policies, legal regulations, and general business practices are the sources that typically drive these questions.

How can documents be preserved for long periods of time? How do you guarantee compliance with federal regulations for document retention? How do you ensure employees have read official company policies and other required reading materials? How do you track when documents have been edited, deleted, or copied? Do documents expire after a certain period of time? If so, do they need to be deleted, or should they be reviewed and updated? How do you track when documents are set to expire, and how do you remember to complete the necessary actions?

What is the role of technology in answering these questions?

Microsoft Office SharePoint Server (MOSS) 2007 introduces new tool sets for defining and implementing a strategy for addressing the needs that are generated by the above questions. These questions can be answered by understanding the capabilities and properly applying the functionality provided by Information Management Policy settings and Records Center sites.

The various types of information and content that are stored in MOSS 2007 – lists and libraries – all contain the built-in capabilities to apply a variety of Information Management Policy settings. There are 4 categories of Information Management Policies that can be applied to items stored in SharePoint – labels, auditing, expiration, and barcodes.

The Labeling and Barcode features contain options to prompt users to insert a label before saving or printing a document; to prevent changes to labels after they’ve been added; and to define the format of the label based on the characteristics of the item. The barcode feature can be configured to prompt users to insert a barcode before saving or printing items from the library.

The Auditing feature allows administrators to monitor activity in a list or library. Auditable functions include viewing, editing, checking out/in, moving, copying, and deleting documents and list items. Among other times, this feature could be used to allow the HR department to track who has read various company policy documents.

Content disposition – the automatic removal of documents when they reach their expiration date – can be established using the Expiration features of Information Management Policies . An expiration date can be established based on either a property of the document or item, or on a date determined via a custom workflow. Furthermore, upon expiration, items can either be deleted, or a workflow can be launched. The first approach will guarantee that items are disposed of once they no longer need to be maintained. The latter approach could be used to call for a periodic review and update of various documents. MOSS 2007 also comes with a pre-defined site template for long-term records management. The Records Center site template comes equipped with several specialized features and capabilities. A programmable interface allows documents to be sent, along with their metadata and audit history, to the Records Center site. The Records Routing feature allows documents sent to the Records Center site to be automatically categorized in the correct document library based on its type. Finally, a Hold feature provides a way of suspending a document's disposition policy, in the event that documents need to be retained for audit or litigation reasons. The questions posed above are ones faced by the majority of companies and organizations. Understanding the organization's legal and business requirements is the first step in enforcing a sound policy. With that understanding in place, proper enforcement can be achieved using a combination of the information management and records retention technologies provided by MOSS 2007.