records management & compliance...

Post on 16-Mar-2018

214 Views

Category:

Documents

2 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Records Management & Compliance Solutions

SharePoint as your ubiquitous intelligence and storage solution for all records across the organisation

Jon Barrett

Solutions Specialist, Microsoft

Anthony WoodwardHead of Compliance and Governance, Unique

World

• Session Abstract:

This session presents the Document and Records Management

features, as well as the Policy/Compliance capabilities related to

Records Management in Microsoft Office SharePoint Server 2007,

Exchange 2007 and the 2007 Microsoft Office system client

applications.

The session also presents four implementation approaches for

Records Management:

– Records Management using out-of-box SharePoint features

– Records Management using SharePoint with Customization

– 3rd party RM solutions with SharePoint integration

– Records Management ISV add-ons to SharePoint

Agenda

• ECM Overview

• SharePoint Server - Key Records Mgt Features

• Meeting High-end Records Management Requirements

– Three Implementation Models

• High-end Records Management on the SharePoint platform

– Deep dive and demonstration

• Exchange Server 2007 - Key Records Mgt Features

• Q&A

Organizations are reviewing their Organizations are reviewing their

business processes and how they business processes and how they

manage the information assets (content) manage the information assets (content)

ComplianceCompliance ConsolidationConsolidation

1 2

••“1 Version of the Truth”“1 Version of the Truth”

•• Aust. Corporations ActAust. Corporations Act

•• Basel II AccordBasel II Accord

•• SOXSOX

•• File ServersFile Servers

•• Niche Content SystemsNiche Content Systems

•• Legacy SystemsLegacy Systems

manage the information assets (content) manage the information assets (content)

that support these processesthat support these processes

OperationalOperational

EfficiencyEfficiencyContent ExplosionContent Explosion

3 4

•• Central StorageCentral Storage

•• Policy EnforcementPolicy Enforcement

•• Legal RequirementsLegal Requirements

•• LifecycleLifecycle

•• Personal StoragePersonal Storage

•• VersionsVersions

•• Cheap StorageCheap Storage

•• Digital ExplosionDigital Explosion

a1

Slide 4

a1 CLERP is not an Actanthonyw, 2/05/2008

BusinessProcess &

Forms

Platform

Services

CollaborationBusiness

Intelligence

People & Personalization

Integrated

* Document Management* Records Management* Web Content Management with Policies and Workflow

Forms

Search

EnterpriseContent

Management

Services

Workspaces, Mgmt,Security, Storage,

Topology,Site Model

PartnerSolutions

Portal

ECM ComponentsECM Components

User InterfaceUser Interface

Microsoft OfficeMicrosoft Office Web browsersWeb browsers 33rdrd party appsparty apps

Unified Storage ArchitectureUnified Storage Architecture

Unified ServicesUnified Services

ECM ComponentsECM Components

Records Records

ManagementManagementWeb Content Web Content

ManagementManagementForms Forms

ManagementManagementDocument Document

ManagementManagement

WorkflowWorkflow MetadataMetadata PoliciesPolicies

SearchSearch SecuritySecurity IRMIRM CollaborationCollaboration

Library SvcsLibrary Svcs..

Ready to publish,

sign off and approveCreate

Edit /

ReviewArchivePublish

SharePoint 2007 Records Management

Key Features

• Records Center – Controlled Repository• Content Types

• User Interface - Office Integration• Send To ... Records Centre• Send To ... Records Centre

• Information Policies - Expiration

• E-mail Integration – SharePoint as an E-mail Repository• Record Holds

• Rights Management

No limit to the type of electronic records content

Records Centre

• Built-in features

• Properties/metadata requirements

• Document template

• Available workflows

• Policy settings

• Extensible features

• Customizable edit/display forms

Events anchored by type• Events anchored by type

• XML storage to define custom behaviors

• Core infrastructure improvements• Heterogeneous metadata

• Reusable types across places

• Management via hierarchy

• Applicable across items, documents and folders

Send To Records Centre

• Out-of-the-box features and extensibility

– Expiration: Allows custom time periods and actions. An expiration action can kick off a workflow.

– Auditing: Our audit log is designed to be extended. Our reporting features treat “add-on audits” as first-class citizens.

– Labels/Barcodes: You can create your own schema, numbers, text, or pictures to be attached to any item in our repository. These are typical SharePoint fields and are indexed for search.These are typical SharePoint fields and are indexed for search.

• You can build your own or replace any of these

– Examples of new policy features you can build:• De-duplication

• Digital signature-based document integrity

• Document “Hygiene”

• Convert to Fixed Format

• Trigger:N [Years | Months | Days ] after item [Created | Modified]; orSet programmatically (example: by a workflow)

• Action:

Delete; or

Delete including Metadata; orDelete including Metadata; orExecute named workflow

Record Holds

SharePoint 2007 Records Management

Key “Challenges” with Baseline RM Features

• No Business Classification Scheme / File Plan

• Documents are copied to the Records Center• Disposal based on Content Type not BCS• Not certified to Local or International Standards• Not certified to Local or International Standards

except DOD 5015.2

• No Physical Records Management• No Scanning User Interface• Scalability of the Records Center ?• References – who’s using MOSS for RM ?

• Microsoft Received DOD 5015.2 Cert in May 2007

• NOT a product release pack

• Add-on functions released as a Developer Toolkiton MS Connect

• Targeted at developers and not customers

http://www.microsoft.com/presspass/press/2007/may07/05-29SharePointDoDPR.mspx

• FunctionalityFile Plan Builder

Supplemental Markings

Vital Review

Multiple Locations

Folder holds

Close Folders

Referencing & Linking

Metadata Propagation

Cutoff

Unique ID

Disposition

Email

Expunge

Part 2:

Records Management Strategiesfor compliance withfor compliance withHigh-end Requirements and Australian Standards

SharePoint and High-end RM

• Australian Standards / Methodologies– VERS

– AS 4390 (ISO 15489)

– DIRKS

– Federal, State & Local Govt. regulations– Federal, State & Local Govt. regulations

• MOSS 2007 off-the-shelf features do not

meet these requirements

• Microsoft partners fill the gap

Three Implementation Approaches

COTS Side by SideThird-party RM Application with

SharePoint Integration

Custom on TopCustom on Top

Custom code on top of the SharePoint platform

COTS on Top

Commercial-off-the-shelf ISV software add-on to

the SharePoint platform

Model 1: COTS Side by SideWhat SharePoint used as Collaboration & DM platform.

Official Records are sent/published to 3rd-party Records

Repository.

Why • Proven / mature RM platform

• Existing license / deployment investment

• Emphasis on Physical Records Management

Why Not • License Costs – 3rd party application, integration software

• Multiple Security Models

• Usability – multiple user interfaces• Usability – multiple user interfaces

• Usability – users confused as to when to ‘send to Records’

• Usability – Office applications have competing ‘Save’ behaviour

• IT – Multiple platforms to maintain

Great

Example

• Tower Software TRIM TCSI - City of Greater Shepparton

• EMC Documentum

COTS = Commercial Off The Shelf

Access and

Collaborate on

TRIM records within

SharePoint Bookmark TRIM

records in

SharePoint

TRIM Context SharePoint Integration

Key Features

Create TRIM

records

within

SharePoint

Solutions

on Top

SharePoint

Model 2: Custom on Top

What SharePoint used as total ECM platform – Collab, DM & RM.

Custom code developed to meet your requirements that are

not met by SharePoint baseline features.

Why • Meets specific customer requirements –

no functional compromises

• Lower license costs

• Usability – single user experience

• IT - Single platform• IT - Single platform

Why Not • Cost of custom development

• Custom solution may be costly to maintain

Great

Example

• OBS – SA Water

• Productiv – Queensland DTRDI

COTS = Commercial Off The Shelf

Model 3: COTS on TopWhat SharePoint used as total ECM platform – Collab, DM & RM.

ISV COTS solution is an add-on to the SharePoint platform.

Why • Meets broad industry requirements

• Lower license costs compared to Model #1

• Usability – single user experience

• IT - Single platform

Why Not • Relatively new offering – conservative customers see as risk

• Maturing feature set• Maturing feature set

Great

Example

• Unique World RecordPoint - Austrade

COTS = Commercial Off The Shelf

Part 3:

A detailed look at

Australian CompliantAustralian CompliantRecords Management

The Story so far…..

90’s

00’s Failed adoptions

80’s Physicalrecords

90’s Electronic Records Explosion

adoptions

• Usability

• Traditional RM software - ‘User unfriendly’ - Has its own custom User Interface

• Business Process

• Business processes encumbered by RM solution

• RM Processes didn’t adopt to the new electronic era

• Unfamiliar Terminology/Language

Why have RM solutions failed ?

• Unfamiliar Terminology/Language

• Technology Platform

• Another technology platform/silo

• User Buy-in

• RM not perceived by users to be core to their role

• No WIIFM for end user

What Federal Government is saying ...

“Official records should be created as close as possible to the

event, action or decision they relate to. Equally, the more

important the matter, the more comprehensive the record should

be.”

“Lifting the burden of recordkeeping for general APS employees -

good systems designs that introduce common, simple and good systems designs that introduce common, simple and

automated processes for creating and managing records - will

result in higher quality recordkeeping.”

Note for File (2006) – MAC report

http://www.apsc.gov.au/mac/noteforfilesummary.pdf

Why SharePoint based Solutionsare different.

�Usability

• Familiar User Interface – Web Browser, Office and Outlook

• Interprets User Inputs into RM Outputs

�Business Process

• Seamlessly integrate RM into core business systems

• Familiar Business Language not RM Language• Familiar Business Language not RM Language

• Maps users activities back to RM (not the other way around)

�Technology Platform

• Leverages industry leading Microsoft SharePoint platform

�User Buy-in

• Makes RM consideration easy for the user

Access Control

Audit

Version Mgmt

SharePoint

Platform Additional Functionality

required for

Australian Compliance

Classification

Records Control

Schedule

Mapping of Features

+Search

Workflow

Content Mgmt

Classification

Records Mgmt

Processes

Disposal

+

Key FeaturesLimited examples required for High-end Compliance

• Records Classification Schedule

• Disposal driven by Records Classification Schedule

– SharePoint disposes by Record Type only

• Handle Complex Disposal Workflow/Rules

• Capture of Web 2.0 Objects

– Wikis, Blogs, Web Pages, etc.

• Physical (paper) Records Management

• Compliant with Australian Standards

• ISO 15489, VERS (VIC), IS40 (QLD), NSW State Records Act

RecordPoint

Co

lla

bo

rati

on

site

s

Ru

les

En

gin

e

RecordPoint

Permanent

Archive 10 yrs

Review 15 yrs

Co

lla

bo

rati

on

Ru

les

• Content Type Rule

• Location/ Site Rule

• Controlled Vocabulary Rule

Demonstration Scenario: Collaborating

• End User

• Registers a budget document and finalises the document to RecordPoint

• Registers an e-mail from Outlook

• Registers an announcement

• Records Administrator

• Defines new rules

• Inspects retention schedules of content

Demonstration

What Happened in the Demo ?

1. Documents, Announcement, E-mails added to

SharePoint Site

2. Rules engine configured to process them

3. Record classified and sentenced in accordance 3. Record classified and sentenced in accordance

with Rules and organisational needs

4. Record Finalised on Active Site

5. Link created in SharePoint site to record

Case Study - Austrade

• Needed to maximise SharePoint investment

• Limited budget • Limited budget

• Users wanted simplicity

• Needed to comply with National Archives Legislation

Part 4:

E-mail Records ManagementE-mail Records Management

Exchange Server 2007

Better Control of E-mail Traffic &

Content

New Exchange 2007 features …

Create ethical walls that

isolate an individual or groups

Filter emails based on content

Initiate journaling to send a

Enable Business Solutions

Comply with regulations that restrict communication between brokers and analysts (Fin) or Conflict of Interest (Legal)

Scan for Identity Numbers (credit card#, medicare#) to ensure that they are not accidentally sent outside the organization

41

Initiate journaling to send a copy of specified email types to a secondary location

Add specific policies to emails

Flag messages for specialhandling

Many government regulations require that organizations journal e-mail for some, or all, users, and store in a Records Repository

Require encrypted delivery of any message containing specific confidential information

Easily add headers such as “company confidential” and “attorney/client privileged”

Messaging Records Management (MRM)Building Blocks

• Exchange Server ‘Hub Transport’ Role– New role for Exchange Server 2007

– All traffic – internal, incoming and outgoing –goes through the Hub Transport.

Managed Folders• Managed Folders– Special folders setup by Exchange Administrators

– Exposed to Selected Users – available via Outlook

– E-mail handling policies for Records Managementand Classifications

Messaging Records Management (MRM)

User MailboxUser Mailbox

Automated via

Exchange

Transport Server

Rules

Manual via

User Drag/Drop

Automated via

Outlook Client

Rules

Advanced Records Mgt

(DOD 5015.2 in CY07)

Managed FoldersManaged Folders

Basic Records Management –

Simple Retention/Disposal

43

Rules

Automated Archiving to Records Repository (any SMTP address)

via Exchange Transport Server Rules

Hub Transport Server - Conditions

44

Hub Transport Server - Actions

• Log an Event with Message

• Prepend the Subject with string

• Apply message Classification

• Append disclaimer text

• Set the Spam-Confidence-LevelSet the Spam-Confidence-Level

• Remove Header

• Add a Recipient in the To field

• BCC the message to {addresses}

• Redirect the message to {addresses}

• Send Bounce-message to the sender

• Silently drop the message

45

Records Management for E-mail

Folder Policy Folder Policy

StatementStatement

46

Emails placed Emails placed inin

Managed FoldersManaged Folders

are are automatically automatically copied to acopied to a

SharePoint Records RepositorySharePoint Records Repository

based on based on configured configured policies policies

� Exchange Server:

Administrator configures

Transport Hub Rules� Client:

User manually sets

Classification with Outlook or

Outlook Web AccessOutlook Web Access

Setting a Message Classification manually

Found on the

Office / Permission

menu

Message Classification – Info Banner

Help your regulated

users stay compliant

In Summary ...• The overall Records Management strategy is to allow organisations

and users to be Productive and Compliant.• Usability and User Acceptance is Key to successful Records

Management.

• SharePoint is a broad ECM Platform with Baseline Records

Management capabilities with tight integration to Office as well as having a native Browser interface.

• Microsoft partners can “fill the gap” to meet your unique needs • Microsoft partners can “fill the gap” to meet your unique needs based on existing investments, regulatory requirements and business processes. There are three main approaches– COTS Side-by-Side with SharePoint– Custom on Top of SharePoint– COTS on Top of SharePoint

• Exchange Server 2007 has some advanced Records Management features for Messages, and has Integration to SharePoint.

Further Information

THANK YOU

Question & Answer Session

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

top related