Records Management Feature: Information Management Policies (Part I)

Over the last two weeks, we’ve given you an introduction to some of the concepts of Enterprise Content Management that are critical for the success of a records management program: content types (which provide a flexible way of classifying documents and records in your organization in addition to folders), and the Document Information Panel (which helps ensure that content will be tagged with appropriate metadata even before being declared as records.)

Now we can look at one of the core questions for records management: how do I define the “policies” to control how each type of document and record in my organization is managed? (Policies that can include the appropriate disposition schedule, what information needs to be audited about that content’s lifecycle, etc.)

The answer is a new feature in the 2007 release of the Microsoft Office system called “Information Management Policy”. This post will be the first of several to introduce you to this important area.

Information Management Policies provide a few key capabilities:

  1. They allow records managers and administrators to specify a “policy” that defines how the system should handle content so that it is compliant with a records management program.
  2. They allow records managers and administrators to apply these policies to content types, document libraries & lists in collaborative and records spaces so that, once the policies are applied, all content classified within that content type or place will automatically be managed in accordance with that policy, without any active end-user participation.

Now that we’ve talked through the key concepts behind policies, let’s dive into how it all works.

What can I define in an Information Management Policy?

While each of these policy capabilities is going to be the subject of its own post in the next few weeks, here’s a quick summary of the different policy features that can be configured in the 2007 release of the Microsoft Office system.

  • Expiration: The expiration policy feature controls when content will be scheduled for disposition, and how to handle its disposition. Both the “schedule” and the “disposition” are configurable. The schedule can be a formula based on metadata (we said that metadata was important J ); and the “disposition” can be an automatic action such as deleting the item (which may be appropriate for non-record information) or a person-centric workflow process to approve a record’s disposition.
  • Auditing: The auditing policy feature controls which information about content will automatically be audited by the server over the course of its lifecycle. Audited events can include when content is viewed, updated, versioned, deleted, expired, and more.
  • Labeling/barcoding: Label and barcode policy features automatically assign identifying tags to content to make them easier to retrieve later – including embedding those tags in printouts of Office documents, so that even paper copies of content can be managed in accordance with corporate requirements.
  • User communication statement: An important component of a records management program is communicating with users to inform them what they need to know when working with various types of content (for example, informing users not to discuss the content of sensitive documents with certain parties, or telling them that their actions are being audited). A policy can include an informational “statement” that will be prominently displayed to users when working with documents subject to that policy.

What does it means to “define” a policy for a place or content type?

Managing/defining policies on a place or content type isn’t a task that requires an Information Technology specialist -- it’s something intended for every records manager or compliance officer to be able to do.

Every list, document library, and content type in an Office SharePoint Server site can have an Information Management Policy configured for it. Here’s a screenshot of the “Settings” page for a document library showing the link (it’s located in the “Permissions and Policies” section) :

 

Defining a policy is done on a Web page where a records manager can specify what the appropriate policies are for their library or content type, by enabling the policy features that are appropriate and then configuring each one appropriately.

Here’s another screenshot showing the configuration options for the “Expiration” policy feature:

 

Hopefully these images show that configuring/administering policies isn’t a very complicated thing to do, and illustrates some of the concepts mentioned above.

That’s pretty much all you need to know to get started defining policies on content types, lists & document libraries in Microsoft Office SharePoint Server 2007. Although there’s more richness available for defining and managing those policies in a more centralized fashion, and more to discuss about each of the different “policy features” themselves, we’ll save those for the next few posts.

 

What is the end-user experience when working with content to which a policy has been applied?

In general, working with content subject to a policy does not impact the user experience in any way, unless the policy explicitly requires it. For example, if a user communication “statement” is included in the policy, then this will be displayed when users work with content in the Microsoft Office applications, as shown in the image below:

 

Additionally, specific policies can modify the user experience as appropriate (for example, a labeling/barcoding policy will include the appropriate label or barcode in the printable area of documents), but otherwise users don’t need to change their behavior or do any additional work to conform to the policy.

And that’s a brief introduction to Information Management Policies in the 2007 release of the Microsoft Office system. In our next few postings, we’ll focus on how to manage and administer policies on both collaborative and records spaces (from both an IT planning and a records management perspective) and examine the functionality of each of the different types of policies in more detail.

Thanks for reading!

Ethan Gur-esh, Program Manager