Addressing risk, compliance, document control, retention, e-Discovery, disaster preparation and recovery.
Records Mise en Place
SharePoint 2010 offers a brilliant records management upgrade from MOSS 2007. In addition to offering the traditional records flow from document to records repository, SharePoint 2010 may create a record from a document that continues to reside in its home page.
I affectionately call the second option Records mise en place (after the literal French, putting in place) because the metadata wrapper is applied to each object without the cold (antiquated?) end user-driven experience of transferring it to the Records Center. At last, the record may stay in place. A functional improvement, Microsoft has provided a capability that should be appreciated by us Record and Information Managers as much as the end users to whom we consult.
SharePoint programmers are confounded by our enthusiasm -- but they are puzzled because the user community lacks the theoretical Records framework to fully vet the implementation of either Records Management options. (Note that Microsoft's TechNet is full of step-by-step configuration instructions. Even its governance plans are literal.)
This strikes at the very heart of the cognitive dissonance between Information Technology and Records programs -- IT is not in the business of being the enforcer, and while Records is capable of taking on that role, it can't because, traditionally, it is a customer of IT. Records is just another client. It is a hellish limbo.
The Path to Improvement
One path to improving communication between Records and the Information Technology department is to create a corporate-wide SharePoint 2010 Records governance plan. This is a figurative, fifty-thousand-foot document that incorporates the best of records and information management practices, while honoring the general architecture of SharePoint 2010. Mull over the essential elements -- information policies, content types, audit trails, legal holds, file plans, barcodes and labeling -- and consider the following list of questions:
- What records and information management problem are we trying to solve?
- How sure are we of the scope of this implementation? How can we verify it to the company?
- Where are the origins of these information sources?
- Has this situation occurred before? How did we deal with it (or similar situations) in the past?
- Can we quantify what we are hearing? What are the measurable aspects?
- What is the maximum tolerable project impact of this governance plan?
- What is the overall business case for what is being proposed?
- What are the risks associated with the plan?
- Is the plan consistent with our overall priorities?
- What are this plan's benefits? How can we verify their value?
- Are there possible unintended consequences of the plan that could affect others?
- How will we evaluate success? Who will be responsible for verifying successful closure?
- Does our culture support the connection among information warehouses?
- What data from legacy records and information management implementations should we migrate to our new platform?
- Will our SharePoint 2010 environment provide structure for currently unstructured data?
- What kind of file formats will we permit and exclude here?
- What stipulations can we use to curtail massive, overnight growth?
- What other policies will we reference or incorporate into this plan? What might we have overlooked?
None of the above questions are minor. The Records and Information Manager should take custody of the draft responses as an opportunity to educate members of the Records Steering Committee on best practices and to understand their organization better. In return, the Committee may express their cultural preferences clearly in the document to implement a platform correctly from the beginning, as opposed to the popular but much-maligned approach of "clean it up later, let's just get it in production."
The "what is a record" question seems like a luxurious remnant from better economic times, but in truth, SharePoint 2010 offers the perfect opportunity to take the organization’s records retention schedule, internal auditing, e-Discovery and disaster recovery policies for a spin.
Stipulate the pros and cons. Ensure each participant signs off, which will help to bear the weight. The good news? The availability of Records mise en place begs for a more complicated, intensive “what is a record?” question-and-answer period with end users, if the training is designed correctly. The bad news? CIOs have complicated questions to think about already -- they don't need more added to their plate. This approach is up to the individual Records project manager.
Certainly, the danger is IT could simplify a records implementation to the application of a period per object and the role of the Records person could be potentially minimized after the basic suite of Records documentation is completed. The Records governance plan should be a vehicle to avoid that and to promote a great Records program.