SharePoint Server 2007 and Records Management: Part 2 of 4
This is the second post in a blog series on Records Management in SharePoint:
2.Records Management using Standard SharePoint Features (this post)
Part 2: Records Management Using Standard SharePoint Features
In the previous post in this series, I provided an introduction to Records Management (RM) and specifically Electronic RM (ERM). I also provided an overview of the forces for implementing ERM within an organization and the basic definitions of terms in ERM.
This, second post, covers the feature set and implementation that is provided by an Out-Of-The-Box (OOB) implementation of Microsoft Office SharePoint Server 2007 (MOSS) with regards to records management.
Much of the technical functionality that records management solutions rely on is already present within the MOSS toolbox, so it comes as no surprise that the standard MOSS functionality for records management utilizes these features. Although requiring a little bit of configuration to set up, the basic records management functionality that you get out of the box with MOSS is a good place to start in implementing records management.
MOSS provides a dedicated area for storing records - a separate site collection based on a special site definition, called the Record Center. This consists of a specialized site, based on a standard SharePoint site but with some extra functionality added to allow for the processes and ways of working that Records Management introduces. However, much of the functionality that the Record Center uses is present under the hood within MOSS.
Let’s take a look at how records management utilizes both
standard SharePoint-features that are common to all SharePoint sites; plus a set of the specialized features that are unique to the Records Center site.
Standard SharePoint features:
· Document Libraries
· Content Types
· Information Management Policies
Specialized Records Center features:
· Official File Web Service
· Record Center Connection
· Routing and iRouter functionality
Standard SharePoint functionality
The records management functionality of a standard SharePoint Records Center exploits a lot of the built-in SharePoint components and technology. At a high-level, the following standard SharePoint components and technologies are used in a specialized way in the Records Center:
Document libraries serve as record repositories in the Records Center. This means that records inherit all the standard functionality of SharePoint document libraries – permissions, folders, content types, auditing, etc. The libraries can be configured in much the same way as standard SharePoint document libraries. However, note that some of the special functionality such as the records router is not folder-aware, and as such, manually adding folders should be performed only with caution and appropriate testing.
A common requirement for records is that additional metadata is captured with the record – for example, the identity of the record manager that declared the record, the media type, etc. Because records are based on standard document functionality within SharePoint, the full range of content type functionality such as workflows, information management policies, etc can be applied to records.
The Records Center can use and implement all the standard (and any custom) workflows that are used within normal SharePoint document management. In particular, the Disposition Approval workflow is particularly useful in ensuring that items are disposed of (deleted) correctly once their retention period has been exceeded. The Disposition Approval workflow allows a reviewer to review those records that have reached or exceeded their retention periods, and then dispose of or keep the records. The workflow adds a new task for each expired record to the Tasks list, which can then be processed individually or in bulk according to the current view on the tasks list. The provided workflows are limited to deleting records, so export and other disposition instructions are not present unless specifically added in via custom development; but this still provides good functionality for basic disposition of records
Information Management Policies
Information Management Policies are key to providing a lot of the functionality for a records management site.
Information Management Policies exist at either a farm, site collection or content-type level. They allow for the control and administration of content at each of these levels, and provide control over the following aspects of the data:
· Metadata Retention
a) Labels are not usually applicable within a records management scenario, but can of course be used if required. Labels allow for information about a document (or record) to be included when the item is printed, and are useful for legislative purposes. For example, if legislature requires that the classification level of a document is printed along with the document, then the use of Labels will help in achieving this.
b) Auditing is often required for standards or legal compliance purposes, and is often requested in a records management capacity. Although auditing can be defined on the site level, configuring an auditing policy for a Content Type allows for different auditing requirements to be met on different types of content. For example, it may be necessary to audit both views and modifications to financial documents ;but perhaps only to audit modifications to project documents.
Configuring auditing instructs the SharePoint subsystem to add entries to the Audit database whenever actions are performed on items. This is often critical for compliance purposes.
c) Expiration. Vital to being able to define the retention periods and dispositions for records is the Expiration control with Information Management Policies. The expiration policy can be used to cause content to expire after a certain time period, based on information about the item – for example, records can be set to expire 5 years after their creation date. This allows for fine control over the content within a record repository (where an Information Management Policy is applied to a document library) or content of a specific type (where the policy is applied to a content type).
When an item expires, it can be deleted immediately, or a workflow or custom action can be kicked off. Typically, the Deletion Approval workflow is kicked off so that items can be reviewed before being deleted.
Allowing for custom actions to be executed when an item expires allows for customization and extension of the framework
d) Barcodes can be useful if a records management solution encompasses the management of both electronic and physical (paper) documents. The barcode functionality allows for the generation, storage and display of a unique barcode, conforming to international standards, for items within SharePoint. When a document becomes a record, a barcode can be automatically associated with the digital copy. By printing the barcode and attaching it to the paper copy of the record, records managers can easily locate and associate the two copies of the record together, ensuring that they are managed correctly and disposed of together.
e) Metadata Retention is key to records management, often for compliance purposes. Metadata Retention refers to the process whereby all the metadata for an item is retained when the item itself is deleted through an expiration policy. This is important because it is often necessary for legal reasons to be able to prove that an item existed and was deleted according to standard retention policies. Enabling a Metadata Retention policy ensures that this occurs within the Records Center.
Specialized Records Management Functionality
The Records Center exposes some specific functionality that was built in to MOSS specifically for records management. Some of these features are product-wide, and some just exist within a Records Center. They all assist in providing records management functionality
Official File Web Service
Records management in MOSS uses a second storage model, where copies of documents that are declared as records are sent to a separate Records Center site. This is in contrast to a manage-in-place model discussed later.
The Records Center must have a means of receiving records – both manually and electronically. Manual submissions are added to the Records Center in the same way that documents are added to document collaboration areas – by visiting the site in a browser and uploading the document. Electronic submissions are sent to a web service that Microsoft created specifically for this purpose, the Official File Web Service. The service is incredibly simple and allows for submission of a document, along with its metadata and audit information and a classifier which determines the type of record being sent. Documents sent to the Official File Web Service are then processed by a component called the iRouter, which determines which document library within the Records Center the document should be routed to.
“Send To” functionality
When a SharePoint farm has a Record Center link configured through Central Administration, an extra option is added to the “Send To” section of the drop-down menu on each document, with the name of the Record Center that has been configured. Clicking on this link for any particular document takes a copy of the document and its metadata and audit information and submits it to the Official File web service on the Records Center site.
Routing Records using iRouters
By default, a Records Center site includes a Routing list – a list that defines a mapping between the type of content (based on Content Types) that is sent to the Records Center, and the document library or records repository that the document will be routed to. It should be noted that records can only be routed to a document library - not to a sub-folder within that library. This makes for a very flat file plan, but does allow for the division of things such as retentions and security per content type. The routing can also be extended (more on this later) to allow for custom routing handlers.
The default router looks at the Content Type of the source document and compares this to the entries in the routing table to determine where the document should go. If no match is found, the default library, usually called “Unclassified Records”, is used and the record is placed there awaiting review and manual intervention.Custom iRouters can be developed and inserted into this process, so that custom code can be executed when documents of a certain type arrive at the Records Center. This allows for considerable flexibility in routing documents that arrive at the Records Center.
The SharePoint Records Center allows holds to be placed on records, which prevents the record from being disposed of, even if the expiration date is reached. This is useful when real-world circumstances override the default expiration policy; for example, in cases where a document is relevant to an ongoing court case or a project is being reviewed. Putting those records on hold prevents them from being destroyed along with other records with a similar retention.
Holds in the SharePoint Records Center are enforced through the use of the Holds list, which contains an entry for each record that has a hold on it.
Standard SharePoint functionality provides an excellent platform to get started with records management. It provides many of the basic features required - and by leveraging SharePoint as a development platform, these standard features can be extended to build additional functionality, tailoring the solution to a particular organisation’s ways of working.
In Part 3, we will examine one such way of doing this – including a brief discussion of the DOD 5015.2 Records Management Add-on pack.
Microsoft Consulting Services UK
Click here to see my bio