Governance, Retention Policies, Records Management - how are you doing it?

Deleted
Not applicable

Hi,

I'm interested to hear how your organisation has approached implementing information governance policies around lifecycle, retention and records management:

- How do you define what information needs to be kept for x, y or z number of years?

- Are you using the Security & Compliance Center labelling & policies?

- What do you do about site closure and deletion?

- Is it possible to "archive" an entire site and store it somewhere for a defined retention period? 

- If you were at the beginning of your sharepoint journey what would you have done differently and what would you have ensure you had in place from the start?

- Do you rely on your users marking an item as a record?

- Do they send to the record center for a records manager to sort out?

- Do you apply a blanket default policy to all?

 

...interested to hear all your thoughts.

 

cheers.

4 Replies

I can answer some of this.

 

  1. My org doesn't have a process for this yet.
  2. No
  3. For site closure and deletion, we convert everything into a document form (even calendars or task lists via Export to Excel) and pack it up into a folder to go to a designated archive document library.
  4. You could archive an entire site, but I wouldn't personally recommend it--you'd have to redeploy it to dig through it, and I feel it's just better to convert everything to a document form so anyone can get to it at any time. Keeping in mind that everything has to end up a document helps us keep our site sprawl from getting too out of hand, particularly for project sites.
  5. Implement structure and processes for when to use site collections or sites, who can make them, and what each one should do. Train some people to be power users ASAP or you'll be alone on your SharePoint journey.
  6. N/A
  7. No
  8. No

Some answers from us

Q1. How do you define what information needs to be kept for x, y or z number of years?
- We have a (very) detailed Records Retention Schedule that applies to all records in any format in any system.

Q2. Are you using the Security & Compliance Center labelling & policies?
- We have just started on that but it will take a little while to add all the retention policies. We may also use eDiscovery holds.

Q3. What do you do about site closure and deletion?
- Currently we make closed or inactive sites read-only and apply a site information policy.

Q4. Is it possible to "archive" an entire site and store it somewhere for a defined retention period?
- Yes, see previous answer. We leave them in place. With the move to SPO, all archived sites may be re-activated temporarily to allow them to be migrated, then re-archived online.

Q5. If you were at the beginning of your Sharepoint journey what would you have done differently and what would you have ensure you had in place from the start?
- Nothing really, we implemented a good architecture model in early 2012 and have stuck to it.

Q6. Do you rely on your users marking an item as a record?
- No. For us, anything is a record if it is evidence of business activities. (We're in Australia but see the definition in ISO 15487).

Q7. Do they send to the record center for a records manager to sort out?
- No, we abandoned using the records center early on as a 'send to' location because it only copied the most recent version of a document as a new record in the RC. Version history, Doc IDs and metadata were lost unless you used a global Content Type. Instead, we use RCs as repositories (yes, more than one) for specific purpose records.

Q8. Do you apply a blanket default policy to all?
- No

Regarding whole site policies, when you enable Site Policies as a Site Collection Feature, you get a new option 'Site Policy' which has these options. You can set a period of time for the site to be retained.

SitePolicy.PNG

Some of the questions were answered by others, so I'll just add a few comments.

 

The answers really depend on the industry, retail is a lot different than finance which is much different than engineering/construction.

 

1. this is typically defined by my clients legal department

 

Do not apply a blanket policy, this is a bad idea for many reasons.

 

A good training resources for Records Management is provided by AIIM, see http://www.aiim.org/enterprise-records-management.