Coding Compliance ComponentsWriting Custom Policies for Auditing, Expiration and More
Jason Morrill
Program Manager
Windows SharePoint Services
Agenda
• Information Management Policies• Records Management and the
Records Center• Additional records and compliance features
– Reporting– Email
Information Management Policies
• Standard definition and enforcement of business rules for content– Target both regulations and business needs– Automated for the information worker
• Examples of policies– Expiration– Content format– Document identifiers
• Differentiated along– Types of content– Places where content lives
“Enabling an enterprise to define, instrument, and managepolicies for how they use and retain information”
Retention and Expiration
• Specify how long to keep content– Based on time period (Last modified+ 5 years)– Set programmatically
• Specify an action to take when the event occurs– Delete– Run custom code– Start a workflow
Labels and Barcodes
• Enforce a particular string in a document– Base the string on a document property– “Confidential – Managed By: {ProjectManager}”
• Add a barcode to the document– Pluggable interface for defining the format– Search for document using barcode
• Enforced in the Office Clients
Auditing
• Events audited out of the box
– Insert, Edit, View of an item– Workflow actions– Content Type or list schema
change– Change audit settings– Check In/Out– Copy/Move– Delete/Restore deleted item– Event log deletion– Search queries– Security group changes– ACL changes
• Plug in 3rd party events– New event definitions– Special class for workflows
Custom Information Management Policies
• Examples of new policy features you can build– Digital signature-based document integrity– Document “Hygiene”– Convert to Fixed Format
• Tied to a content type and centrally managed• Parts of a custom policy
– Feature definition– Custom user experience for management (ASCX)– Implement Ipolicy interface
• Policy timer job– Long running job manages updating items when policy changes
• Client OM– Access and act on policies in the client applications
Policy Framework
The Goals Of Records Management
Reduce costs of retrieving information for legal discovery
Reduce risk of non-compliance and legal liability
Retain vital records for business continuity
The Process of Records Management
Records Warehouse
Organize,Maintain, &Dispose
Records Manager
Search,Hold, &Triage
Lawyers &ParalegalsKnowledge Worker /
Records Custodian
Collect
Our Records Center
Search,Hold, &Triage
Lawyers &Paralegals
Knowledge Worker /Records Custodian
Collect RecordsCenter
Policy Enforcement
“Vault” Behaviors
SM
TP
& S
OA
P O
FI
Windows SharePointServices
Hold
Organize,Maintain, &Dispose
Records Manager
Our Records Center
Organize,Maintain, &Dispose
Search,Hold, &Triage
Lawyers &Paralegals
Exchange
Send To
SharePointDocuments
KnowledgeWorker
DesktopItems
“Ship” To
Nondigitalrecords
RecordsCustodian
3rd-partyimaging
Official FileRecordsCenter
Policy Enforcement
“Vault” Behaviors
SM
TP
& S
OA
P O
FI
Windows SharePointServices
Hold
Records Manager
Management in place vs. Records Center
• Policy features work in all SharePoint document repositories– Use permissions and workflows for in place records
management
• Retention requirements frequently outlive business value– Original document container no longer useful– Reduce amount of content exposed to end users
• Legal hold special to Records Center– Suspension of policy is possible outside record center– Difficult to sufficiently enforce administration outside a
records repository
Records Center
Legal Hold
Records Center Extensibility
• Custom Router– Process content on ingestion
• Conversions• De-duplication
– Route to 3rd party repositories
• Submit new record types with SOAP API– Preserve existing categorization of content– Include audit events
• Hold– OM for adding/removing items to a hold– Programmatic queries for items on a particular hold– Extend Hold use of “Search & Process”
• New actions on search results
• Custom Disposition Actions– Code to set an expiration event– Code to handle an expiration event
Audit Reports
Org. Health And Compliance Reports
E-mail Integration
• Managed Folders– Administrator defined expiration and quotas– Helps users organize their e-mail in a company compliant
way – Helps get rid of the excess in a timely manner
• Direct links to the Record Center from within Outlook– Helps users archive mail and attachments that are
“corporate records” and apply the appropriate metadata as they become records
Managed E-mail Folders
Extensibility throughout
• SDK Code available: Enterprise Content Management Starter Kit
• Solution Builders– Vertical solutions– File plans, reports– Custom litigation hold UI– Custom record center
submission– Workflows for expiration, vital
records review, etc
• Application Builders– New policy features– Add-ins to our OOB policy
features– Record repository integration
• Integration w/external storage• De-duplication
Top Related