Records Management Feature: Information Management Policies (Part I)

Over the last two weeks, we’ve given you an introduction to some of the concepts of Enterprise Content Management that are critical for the success of a records management program: content types (which provide a flexible way of classifying documents and records in your organization in addition to folders), and the Document Information Panel (which helps ensure that content will be tagged with appropriate metadata even before being declared as records.)


Now we can look at one of the core questions for records management: how do I define the “policies” to control how each type of document and record in my organization is managed? (Policies that can include the appropriate disposition schedule, what information needs to be audited about that content’s lifecycle, etc.)


The answer is a new feature in the 2007 release of the Microsoft Office system called “Information Management Policy”.  This post will be the first of several to introduce you to this important area.


Information Management Policies provide a few key capabilities:

  1. They allow records managers and administrators to specify a “policy” that defines how the system should handle content so that it is compliant with a records management program.

  2. They allow records managers and administrators to apply these policies to content types, document libraries & lists in collaborative and records spaces so that,  once the policies are applied, all content classified within that content type or place will automatically be managed in accordance with that policy, without any active end-user participation.

Now that we’ve talked through the key concepts behind policies, let’s dive into how it all works.


What can I define in an Information Management Policy?


While each of these policy capabilities is going to be the subject of its own post in the next few weeks, here’s a quick summary of the different policy features that can be configured in the 2007 release of the Microsoft Office system.

  • Expiration: The expiration policy feature controls when content will be scheduled for disposition, and how to handle its disposition. Both the “schedule” and the “disposition” are configurable. The schedule can be a formula based on metadata (we said that metadata was important J ); and the “disposition” can be an automatic action such as deleting the item (which may be appropriate for non-record information) or a person-centric workflow process to approve a record’s disposition.

  • Auditing: The auditing policy feature controls which information about content will automatically be audited by the server over the course of its lifecycle. Audited events can include when content is viewed, updated, versioned, deleted, expired, and more.

  • Labeling/barcoding: Label and barcode policy features automatically assign identifying tags to content to make them easier to retrieve later – including embedding those tags in printouts of Office documents, so that even paper copies of content can be managed in accordance with corporate requirements.

  • User communication statement: An important component of a records management program is communicating with users to inform them what they need to know when working with various types of content (for example, informing users not to discuss the content of sensitive documents with certain parties, or telling them that their actions are being audited). A policy can include an informational “statement” that will be prominently displayed to users when working with documents subject to that policy.

What does it means to “define” a policy for a place or content type?


Managing/defining policies on a place or content type isn’t a task that requires an Information Technology specialist -- it’s something intended for every records manager or compliance officer to be able to do.


Every list, document library, and content type in an Office SharePoint Server site can have an Information Management Policy configured for it. Here’s a screenshot of the “Settings” page for a document library showing the link (it’s located in the “Permissions and Policies” section) :



Defining a policy is done on a Web page where a records manager can specify what the appropriate policies are for their library or content type, by enabling the policy features that are appropriate and then configuring each one appropriately.


Here’s another screenshot showing the configuration options for the “Expiration” policy feature:




Hopefully these images show that configuring/administering policies isn’t a very complicated thing to do, and illustrates some of the concepts mentioned above.


That’s pretty much all you need to know to get started defining policies on content types, lists & document libraries in Microsoft Office SharePoint Server 2007. Although there’s more richness available for defining and managing those policies in a more centralized fashion, and more to discuss about each of the different “policy features” themselves, we’ll save those for the next few posts.


What is the end-user experience when working with content to which a policy has been applied?


In general, working with content subject to a policy does not impact the user experience in any way, unless the policy explicitly requires it. For example, if a user communication “statement” is included in the policy, then this will be displayed when users work with content in the Microsoft Office applications, as shown in the image below:



Additionally, specific policies can modify the user experience as appropriate (for example, a labeling/barcoding policy will include the appropriate label or barcode in the printable area of documents), but otherwise users don’t need to change their behavior or do any additional work to conform to the policy.



And that’s a brief introduction to Information Management Policies in the 2007 release of the Microsoft Office system. In our next few postings, we’ll focus on how to manage and administer policies on both collaborative and records spaces (from both an IT planning and a records management perspective) and examine the functionality of each of the different types of policies in more detail.


Thanks for reading!

Ethan Gur-esh, Program Manager

Comments (20)
  1. Alan Andolsen says:

    The image of the Expiration policy page is much too small. Since this is a key element in a good ecords management program application, you might include a clickable full size image so your audience can read the text on the page.

  2. Mantvydas says:

    Very interesting.

    I haven’t delved deep into what’s possible to do with that, but the very first thing that came to my mind is a policy enabling to protect content on the intranet. An ability for internal documents to be only possible to view to get acquaintant with, but not download, copy from or print.

  3. @Alan Andolsen:

    Thanks for pointing out that the image in the posting was hard to read.

    Here’s a link to a larger image of the expiration policy feature:

    Ethan Gur-esh, Program Manager

  4. @Mantvydas:

    Thanks for the comment!  Microsoft Office SharePoint Server 2007 has a feature intended to address exactly the scenario you’re describing. Take a look at this post on Microsoft’s "Enterprise Content Management” blog about Information Rights Management in Microsoft Office SharePoint Server 2007:


    Adam Harmetz

    Program Manager

  5. Mantvydas says:

    Thanks. I will definitely use that information in my plans for IRM.

    As far as I see, that’s only gonna be possible with MOSS 2007, and not the next version of WSS.

  6. Here is an assortment of various 2007 Microsoft Office SharePoint Server Documentation / Reference Materials…

  7. Here are answers to a few questions about this post that we received via e-mail:

    Question 1:

    Can the RM policies be set at the document or folder level? Or are they only set at the Document Library, List, and Content level?


    RM policies are set at the Document Library, List, and Content Type level, but can take into account document-specific information. (For example, an expiration policy of "last modified date + 3 years" can be specified on a content type, but the actual enforcement of that policy on each document is affected by the date each item was modified.

    Also because an individual document library or list can utilize multiple Content Types, users can implicitly choose the appropriate policy for each document within a library or list by choosing the appropriate Content Type for the document.

    Question 2:

    I am not quite sure what is meant by the term "Content". Is Content a descriptor for documents in a document library? Or is Content a reference to items like web parts? Or is it simply a new document storage area?


    In general we’ve been using the word "Content" on this blog to generically refer to "documents or list items". (For example, when we mean that policies can be applied to document or list items, we sometimes just say that policies can be applied to "content".)

    Thanks to everyone who has been submitting questions to us via comments or the e-mail contact form. Please keep them coming!

    – Ethan Gur-esh, Program Manager

  8. Thanks to everyone who posted questions about the Records Center or sent them in via the “contact” form….

  9. So far in this blog, we’ve talked directly about electronic records – the files created in document authoring

  10. In my previous post , I described how organizations can define a set of e-mail classifications (i.e.

  11. mpang says:

    Is there a way to apply a global content retention policy template to all site collections in a farm?  Can it be done with stsadm?

  12. I passed the MOSS technical exam today, entitled "Microsoft Office SharePoint Server 2007 – Application

  13. Document and Records Management Definition Document Management According to Wikipedia : "A document

  14. 2007 MOSS Resource Links (Microsoft Office SharePoint Server) Here is an assortment of various 2007 Microsoft

  15. ranyn1 says:


    We have moss 2007 sp1. We have been trying to use the expiration policy on the list items as well as the discussion forums. The policy does not return any errors and at the same time it does not work at all. It does not clear any content.

  16. Arno Nel 2.0 says:

    Document and Records Management Definition Document Management According to Wikipedia : "A document

  17. sujata says:

    In my case, the Start this workflow: is disable. How I can enable it so that I can attach a workflow in Expiration policy .

  18. umangshah55 says:

    also in my case its disabled.

    i know "This feature is only available if you are defining a policy for a content type that already has a workflow associated with it.


    but where should i enable workflow.. i dont know..

    sujata if you find any solution please let me know. in my case it works if i go to list and then add policy

Comments are closed.

Skip to main content