BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
In prior releases, SharePoint records management was functional but nothing to write home about. But with SharePoint 2013, it's time to get excited.
The trends of mobile computing, social media in the enterprise, the cloud, and global search have converged and touched just about every business process that depends on IT. Records management is no exception.
You would think that records management would require a relatively effortless adaptation to all this change. Aren't records neat and tidy compared with most enterprise content? The rules for handling them have always been unambiguous. Access and retrieval have been single-channel and simple.
All that simplicity works against records management in a modern context, as Microsoft found out the hard way. Earlier versions of SharePoint records management functions were shallow and limited, ill-suited for the messy, multichannel world of the modern enterprise.
Beyond SQL Server's scope
Since SharePoint is mostly SQL Server under the hood, and traditional records in the enterprise are tabled data, the typical issues of retention, compliance and rights management have historically relied on manipulating SQL security features from within the site surfacing the records, sometimes through a third-party interface.
But that's no longer adequate in the contemporary enterprise. To begin with, the days of a single endpoint for record retrieval are drawing to a close. Increasingly, records are objects in the enterprise content mix, alongside objects of other types that muddy the waters further in terms of security and context. And that's before we consider multiple device channels.
On the SQL Server side, a record's point of origin is agnostic; it isn't built to accommodate these complexities. The work in defining the new types of records has to be done client-side.
Adding to the new complexity is the fragmentation of rights management. It is often the case that bodies of records may have variable compliance requirements, depending on content. It is also increasingly common that retention policies are conditional within individual groups of records.
Now, when we factor in access rights, global enterprise search and multiple mobile targets, an answer emerges -- one that SharePoint 2013 is built to accommodate.
SharePoint's project management capabilities have matured, particularly in the management of site-specific, team-specific content for overall platform efficiency. Retention and access policy implementation and management at the site level are flexible and robust.
One solution to the rights management problem is to marry site content management features to records management, which is how records management works in SharePoint 2013.
Use new features to help define new policies
Site-based retention and rights management address all the problems mentioned above. Within a specific site or group of sites, a "record" can mean a number of different things, which aids global search. Team members may be invited to join and be conferred appropriate access rights. Where appropriate, social media channels can exploit surfacing through enterprise search. Additionally, retention of records for project-specific tasks or processing may be configured according to the project's context, with the records returning to their original locked-down status once the project expires.
That's a great deal of utility right there, and on top of it all, we get Exchange Server content for free. But managing all these capabilities requires a dedicated compliance agent, someone whose job it is to establish and enforce site policy.
SharePoint records management in the cloud
Rights management for site-based records within a SharePoint 2013 context becomes more complicated if the sites hosting records are available through SharePoint Online -- particularly with Exchange content in the mix.SharePoint Online can and often does mean SharePoint in the field, and that, in turn, may mean SharePoint on a tablet. This adds a new layer to the problem of who can see what, which things can be updated or deleted, and for how long.
The Microsoft Rights Management connector (RMS in the TechNet literature) isn't out of the box, but can be added to a SharePoint deployment as a mechanism for implementing this added layer of management. With the RMS connector in place, services are available to select records for specific users in limited contexts, restricting some content to view-only and so on. Not only is SharePoint records management now deep enough to meet the requirements of the modern IT environment, but it can be fine-tuned to an unprecedented level.
For more on SharePoint 2013
Migrating to SharePoint 2013 migration
Improvements in SharePoint 2013
Decision making with SharePoint collaboration features
If the records management challenges outlined here sound familiar, here are some things you can do:
- Leverage site-based retention for compliance.
- Assign compliance agents as needed.
- Base retention and access upon a project schedule.
- Deploy the RMS connector if you're using SharePoint Online.
As always with SharePoint, up-front planning and design pays off. Consider that not all projects and teams will use records management the same way, so establish policy guidelines that accommodate the full range of anticipated uses.