I am meeting with Microsoft this week to discuss some of my concerns about enforcing compliance with content in Sharepoint repositories and to also talk through some of the potential solutions. It seems to me that there are a few different approaches to managing records that reside in Sharepoint Document Libraries.
Firstly, let's recap the issue caused by the success of Sharepoint here. Some companies are letting Sharepoint instances be created with little control whatsoever. I got a lot of comments from my last Microsoft entry saying that companies don't have to do this but my point still stands - they are. I'll refer you once again to a customer I spoke to that expects to create 12,000 new document libraries, (aka Silos), a year and they have no way of being able to search, discover, hold, de-duplicate etc. across all of these repositories.
Secondly, let's recap the consequences of this. If you are dumping content in to these silos without any regard for how to apply compliance controls to the content then you are stepping back 10 years in compliance technology. Each one of these silos could contain a copy of a record - if it is the only copy then you have a legal obligation to retain it - if it is not the only copy then you have a liability because when you dispose of the record you may have left a copy of it behind and that's then discoverable to produce in court.
It seems to me that in general there are a number of different ways of addressing records management across these silos. I'm writing this before I meet with Microsoft for two reasons - one to get your feedback, (be quick though, I'm meeting them on Tuesday) and secondly to dump down my thoughts in preparation for the meeting. The methods that I can think of can be expressed in three general groups, manage in place, move out of Sharepoint or both, (keep a copy in Sharepoint and move a copy out too.)
Here's a very brief synopsis of each option and all of my questions, I'll expand on them over time and I'll give you the feedback from Microsoft later this week. Do you have any other options that spring to mind?
Option 1a - Manage in place in Sharepoint Document Library using Native Functionality
You are relying on Sharepoint's native capabilities to protect the content. Where will cross-library/cross-site functionality come from? What about de-duplication? How will you control true disposition across all libraries? What about storage management?
Option 1b - Manage in place in Sharepoint Document Library using Federated Model
In this model you will still rely on Sharepoint's native capabilities to secure the content which is a risk. However, you'll also have a central repository that is tracking all records from a single place. This might supplement 1a with some enterprise wide functionality like search, track, de-duplicate. It would facilitate true disposition of all copies and would be a boon for discovery.
Option 2a - Move from Document Library to Secure Records Repository
This gives the best records management capabilities - you are taking the content out of the Sharepoint library and putting it in to a system specifically designed for records management. There's no doubt in my mind that this gives you the ultimate records management control but it is very invasive. If someone happened to be using the file they will be less that delighted when it simply disappears just because it was deemed to be a record one day.
Option 2b - Move from Document Library to Secure Records Repository, (leave link behind)
On paper, theoretically, in principal this rocks. Unfortunately, in reality it is less that optimal. I'm going to say more about the pros and cons of this one later but for now just consider that you are at the mercy of the capabilities of the link. Let me give you just one nasty example of what you might want to do:
The link that you leave behind needs to act like the original document for the benefit of anyone working in the document library. However, the link represents a record now so what do you do if someone goes to edit the link?
- Don't let them edit the file.
- Let them open the file read-only and then save it manually as a new object.
- Let them open the file for editing and save it over the old version but in the background maintain the 'record copy' in the secure repository as the copy of record, (maybe at least informing the user that you did it?)
Which one works best? I like the last one because it is non-invasive and cool but it is probably confusing to the end user and the records team might not like it. Oh, and the link probably needs to work bi-directionally so if someone deletes the record from the secure repository should you delete the link even it is in use or should you put a copy of the file back on the local system for convenience, (which is far from records management disposition by anyone's standard).
Option 3 - Copy from Document Library to Secure Records Repository
Oh heavens to Betsy. Copy a record...please. I was with a customer last week who has 600 terabytes of data on their network fileshares - assume that 5% of those files are records...that's...well it is a lot of duplicated data that's what and don't even talk to me about disposition...
...anything else?
Got any questions or other options for me to think about? I'll start to focus on some of the details behind some of the more realistic options soon. Watch this space.
You got big problem. good luck hope you can fix it soon :)
Posted by: PPC Management | 09/17/2008 at 03:00 AM
Learn Sharepoint
This is a great link on the topic of connected web parts using the standard Sharepoint connected web part interfaces.
Posted by: Learn Sharepoint | 10/31/2008 at 03:00 AM