Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding Records Management in Office 365

The world of SharePoint compliance and records management became more complicated as we moved to Office 365. Instead of records centers, we have labels, and it can be difficult to understand how exactly to stay in compliance. In this session, we will review the compliance features in Office 365, including Advanced Data Governance, Labels, and Retention Policies. We will then compare these features against common records management and compliance business requirements to see how they stack up.

Related Books

Free with a 30 day trial from Scribd

See all

Understanding Records Management in Office 365

  1. 1. Business Technical Ease of Use, Invasiveness Silo’d Content Stores, Data Management Compliance, Content Relevance, Risk Reduction This isn’t new – it was just never solved The cloud has made this harder…
  2. 2. Key standards ISO 16175 IS40 21 CFR Part 11 MoReq 2010 ISO 15489 SOX HIPAA FIPS 140-2 ANSI VERS NARA DOD 5015.2
  3. 3. Labeling Classify data across your organization for governance, and then enforcing retention rules based on that classification. Retention Ensures that you retain content as long as required but no longer than that. Supervision Define policies that capture email and 3rd- party communications in your organization so they can be examined by internal or external reviewers.
  4. 4. Labels classify documents and can apply retention. They can do the following: • Delete content automatically. • Retain content for a specific time period. • Delete content once the retention period has passed. • Trigger a disposition review • Do nothing. • Start the retention period from when content was created, last modified, when the label was applied, or when an event occurred.
  5. 5. Can be deployed to specific locations or the entire organization. Entire Locations Include or Exclude All Locations SharePoint OneDrive for Business Groups Exchange Email Sites (up to 100 sites) Accounts (up to 1000) Groups (up to 100) Recipients (up to 1000)
  6. 6. Auto-applied based on sensitive information types Auto-applied based on a search query Auto-applied based on a document library location
  7. 7. When you create auto-apply labels for sensitive information, you see the same list of policy templates as when you create a data loss prevention (DLP) policy.
  8. 8. Query-based labels use the Content Search feature in the Office 365 Security & Compliance Center to identify content. You can search for a word or phrase and use operators such as AND, OR, and NOT.
  9. 9. Can only apply a default label to a document library Items inside a document or folder set do inherit the default label If you move an item with a default label from one library to another library with no default label, the old default label is removed
  10. 10. A label that classifies content as a record needs to be applied manually; it cannot be auto-applied For SharePoint content, any user in the default Members group (the Contribute permission level) can apply a record label to content Only the site collection administrator can remove or change that label after it's been applied If a label is a record it locks the item so it cannot be edited
  11. 11. For SharePoint content, any user in the default Members group (the Contribute permission level) can apply a label to content
  12. 12. If there are multiple rules that assign an auto-applied label and the content meets the conditions of multiple rules, the label for the oldest rule is assigned. PERIOD. NO OTHER OPTION.
  13. 13. Create label and choose event type Publish label and add event ID to content Create and trigger the event
  14. 14. Labels are auto-applied Label policy is synced to locations Status = Success (On) Labels applied automatically to content within 7 days
  15. 15. If the label is… Then the label policy can be applied to… Exchange SharePoint OneDrive Groups Published to end users X X X X Auto-applied based on sensitive information types X X Auto-applied based on a query X X X X
  16. 16. PROS CONS Use to identify and action sensitive content Application of Label can be 1-7 days Provides real time classification of content Use for high-level classifications No hierarchy of labels Can prioritize labels A label can be used by RecordPoint to refine a classification Generic functionality that doesn’t meet local standards Has localized certifications Need to have an E5 license for automatic labelling Can use an Office 365 label as input No automatic labelling for records Works with any Office 365 license Have to apply document library labels to each location Automatic labelling of records and content across multiple sources Can only manage Office 365 content Can apply classifications from a central location
  17. 17. A Retention Policy is separate from a label. It can do the following: • Delete content automatically. • Retain content for a specific time period. • Delete content once the retention period has passed. • Do nothing. • Start the retention period from when content was created or last modified.
  18. 18. Entire Locations Include or Exclude Exchange Email and Public Folders, SharePoint, OneDrive, and Office 365 Groups SharePoint OneDrive for Business Groups Exchange Email Sites (up to 100 sites) Accounts (up to 1000) Groups (up to 100) Recipients (up to 1000) Skype for Business Teams Channel Messages Exchange Public Folders Teams Chats
  19. 19. Retention wins over deletion Longest retention period wins Explicit inclusion wins over implicit inclusion Shortest deletion period wins
  20. 20. 1. If the content is modified or deleted during the retention period 2. If the content is not modified or deleted during the retention period 2 1 Preservation Hold Library Document Library First-Stage Recycle Bin Second-Stage Recycle Bin Cleanup Retention Period User Purge Cleanup Permanent Deletion Permanent Deletion 93 Days 7 Days
  21. 21. 1. If the content is modified or permanently deleted by the user during the retention period 2. If the content is not modified or deleted during the retention period 2 1 Recoverable Items Folder Email or Public Folder Cleanup Retention Period Permanent Deletion Permanent Deletion 14-30 Days 14-30 Days Cleanup
  22. 22. PROS CONS Simple content clean-up for non-records content Keeps documents for 93 days after disposition approval Dispose of document immediately on approval Covers Skype for Business, Teams Conversations, and Exchange Content No certification of destruction Provides a fully auditable certification of destruction Can’t manage SharePoint on- premises Can manage multiple on-premises and cloud content sources Legal hold integrates with Office 365
  23. 23. Labels Retentioning Complex Labelling Complex Retentioning Manage Multiple Content Sources Records Management Physical Records High Certifications (DoD)

×