When it comes to enterprise compliance and records management (GRC), collaboration isn’t usually the first word that comes to mind. In fact, "collaborative records management" sounds like a compliance nightmare. This is precisely why you need a good records management foundation, before moving into social business.
SharePoint, on the other hand, is all about collaboration. One of the best descriptions of SharePoint I’ve heard is that it’s like “a network drive on crack.”
SharePoint’s workspaces and other collaboration tools make it easy to work on multi-author documents, but -- as on a network drive -- once an organization accumulates a certain number of documents, it becomes difficult to control this proliferation of content -- even if (and this is a big “if”) the information is easy enough to find.
Editor's note: See our article titled What is SharePoint 2010? Vision and Reality.
It’s only natural, then, that SharePoint would make records managers, who are concerned with the rules that the organization must adhere to in order to comply with a variety of industry regulations, a bit nervous.
When You Need DoD 5015.2 Certification
For many organizations, whether or not to use SharePoint for enterprise records management isn’t even a question. By itself, SharePoint isn’t DoD 5015.2 certified, which means that it does not meet the core functionality requirements for records management products used by the Department of Defense and its components.
This rules out SharePoint’s use as a records management solution by any DoD-managed organization, along with many other government entities and corporations that use the DoD 5015.2 standard as a benchmark.
But many of these organizations actually already have SharePoint intranets in place to enable collaboration and communication across the enterprise. In terms of information governance, it makes sense for them to centralize access to records using SharePoint -- an interface that employees already know well. In order to do this, these organizations need to implement a robust records management back-end through which they can archive and manage SharePoint documents once the creation/collaboration phase is complete.
For example, Spindletop Mental Health Mental Retardation Services was leveraging SharePoint for its corporate intranet and soon realized that it needed to implement a records management solution on the back-end.
The CIO recounts that, as Spindletop employees stored more and more documents in SharePoint, the system got sluggish and slow. He also notes that, because many of Spindletop’s documents are medical records, compliance with HIPAA regulations was a major concern -- and one that SharePoint alone couldn’t satisfy.
By implementing a DoD 5015.2-certified records management integration, Spindletop gained:
- Instant search and retrieval. From any internet access point, staff can instantly locate scanned records by using the “Electronic Imaging” tab on its SharePoint intranet site. Offsite employees have access to the records management repository through a password-protected Citrix site.
- Simplified HIPAA compliance. Because Spindletop’s SharePoint intranet uses the records management application’s security enforcement, employees are granted access to records by department. Employees can view the records for their own clients, but restricted patient, employee and financial information remains confidential.
- Easy and efficient scanning. Templates enable employees to scan ten times more content than they could before the records management back-end was implemented.
- Time-saving automation. When new content is scanned into the system, the records management application automatically populates template fields and generates and organizes new folders and subfolders. Because each patient record has between six and eight subfolders with a total of 25-52 documents to be scanned, this eliminates redundancy and extra work.
What to Look for in a Records Management Back-End
Aside from DoD 5015.2 certification, organizations that are looking to extend their use of SharePoint by implementing a records management back-end will want to ask the following questions:
- Does the integration seamlessly add capture functionality to SharePoint with minimal requirements for installation, support and maintenance?
- Does it significantly expand the amount of content that can be stored online while also improving record security?
- Does it provide federated search across content stored in both SharePoint and the records management repository?
- Does it enable transparent records management that satisfies records management requirements while insulating general users from file plan complexities by dynamically building customized views of the repository for individual business units?
In a perfect world, it wouldn’t be necessary to integrate SharePoint with a records management back-end. But given the risks associated with compliance infractions, wouldn’t your organization rather be safe than sorry?
Editor's Note You may also be interested in:
- Developing an Information Management Strategy for SharePoint
- Your SharePoint Records Governance Plan & ISO 15489: Disaster Preparation & Recovery
- New Standards Activity for Enterprise Content and Records Management