Compliance Features in the 2007 Microsoft Office System


Hi everyone,


 


I wanted to point you to an excellent whitepaper that discusses compliance across the entire 2007 Microsoft Office System.  Rather than talk about specific certifications Microsoft is pursuing (like DoD 5015.2), the paper explains the other side of compliance.  It provides an overview of the compliance space and showcases the tools that Microsoft provides to help customers comply with regulations like Sarbanes-Oxley.  Certainly many of the features on this blog are mentioned in the paper, but there are plenty of other products and features in there as well (Excel Services, Microsoft Office Forms Server 2007, Microsoft Exchange Server 2007, and a lot more)


 


Here’s a summary of the paper:


Compliance Features in the 2007 Microsoft Office System” showcases compliance-related features and extensibility opportunities within the 2007 Microsoft Office system, and demonstrates how the Office system can help you meet the demands of regulatory compliance. Out-of-the-box, the 2007 Office system provides many of the fundamental components required to support compliance regulations, such as auditing, records management, and data security. However, some degree of development and customization is necessary to tailor regulation-compliant solutions for particular organizations and environments. This paper provides examples of extending the platform to build custom compliance solutions for the financial services, healthcare, and accounting fields. The target audience includes developers, technical architects, and technical decision makers interested in delivering business solutions that leverage and extend the compliance-related feature set of the 2007 Microsoft Office system.


 


Joanna Bichsel, the author of the paper, also has a blog post about it.


 


Happy Reading!


Adam Harmetz


Program Manager


Comments (8)

  1. ernzddy@msn.com says:

    Does the MOSS RM use standard records management terminology?

    Does the MOSS RM use a simple graphical interface?

    Can the MOSS RM be opened from within the Microsoft Office 2000 (newer or older) MOSS RMs, including e-mail?

    Can the MOSS RM login be integrated with the network login?

    Does the MOSS RM manage records regardless of storage media or other characteristics?  

    Does the MOSS RM have a comprehensive on-line help system that is context-sensitive?

    Does the MOSS RM have the capability for authorized individuals to make global changes to the record categories, record category codes, disposition instructions, disposition instruction codes, and originating organizations?

    Does the MOSS RM have the capability to reorganize the file plan and automatically propagate the changes resulting from the reorganization to the affected records and record folders?

    Does the MOSS RM accommodate the use of bar code technology?

    Does the MOSS RM track historical information?

    Does the MOSS RM have a copy function for ease of creating new record profiles?

    Does the MOSS RM allow the user to interface through a web browser or other platform independent means?

    Does the MOSS RM interface with desktop or server based fax products to capture fax records in their electronic format?

    Does the MOSS RM provide the capability for only authorized individuals to create, add, edit, and delete record categories, files and their codes? Can each file or category code be linked to its associated file or category and to its higher-level category code(s)?

    Does the MOSS RM provide the capability for only authorized individuals to create, add, edit, and delete disposition instructions and their associated codes? Can each disposition code be linked to its associated disposition instruction?

    Does the MOSS RM provide the capability for only authorized individuals to assign a disposition instruction code to a file or record category?

    Does the MOSS RM allow for the rescheduling of records already in the system when disposition instructions change from the original designations?

    Does the MOSS RM provide the capability to output for viewing, saving and printing record categories and files and their associated codes?

    Does the MOSS RM provide authorized individuals with the capability to assign the following data when generating the file plan:

    •  Record Category Name

    •  Record Category Code

    •  Record Category Description

    •  Disposition Authority

    •  Vital Record Indicator

    •  Personal Information Indicator

    •  Disposition Instruction Name

    •  Disposition Instruction Code

    •  Disposition Instruction Type

    •  User definable fields

    Does the MOSS RM provide the capability of handling multiple file plans?

    Does the MOSS RM provide the capability of handling multi-level description? If so, how many levels are allowed?

    Does the MOSS RM provide users with the capability to select and assign a file code to a record?

    Does the MOSS RM assign a unique computer-generated record identifier to each record it manages regardless of where the record is stored?

    Does the MOSS RM prevent modification of the record identifier, once assigned?

    Does the MOSS RM support the import of current file classification system from an existing database format?

    Does the MOSS RM support a distributed file classification system maintained across a network of electronic record repositories?

    Does the MOSS RM allow all electronic records, paper folder and file metadata to be searchable?

    Does the MOSS RM allow the text contents of records to be searchable by keywords or part of keywords using wildcards?

    Does the MOSS RM allow the user to set up a single search request with combinations of metadata and/or record content?

    Does the MOSS RM provide searching tools that cover the following techniques:

    • Free text searching of both record content and metadata elements; and

    • Boolean searching.

    Does the MOSS RM provide concept searching by the use of a thesaurus?

    Does the MOSS RM provide word proximity searching that can specify that a word has to appear within a given distance of another word in the record to qualify as a hit?

    Does the MOSS RM display the total number of hits from a search on the user’s screen and must allow the user to then display the search results (the “hit list”), or refine their search criteria and issue another request?

    Does the MOSS RM allow records, files etc. listed in a hit list to be selected then opened (subject to access controls) by a single click or keystroke?

    Does the MOSS RM allow users to save and re-use queries?

    Does the MOSS RM allow users to refine (i.e. narrow) searches?

    Does the MOSS RM allow users to retrieve files and records directly by a unique identifier?

    Does the MOSS RM provide display formats configurable by users or Administrators for search results, including such features and functions as:

    • Select the order in which the search results are presented;

    • Set the maximum number of hits for a search;

    • Choose which metadata fields are displayed in search result lists.

    Does the MOSS RM provide relevance ranking of the search results?

    Does the MOSS RM render records that the search request has retrieved in their native format?

    Does the MOSS RM render records that the search request has retrieved without loading the associated MOSS RM software?

    Does the MOSS RM allow the printing of metadata for a file?

    Does the MOSS RM allow the user to be able to print out a summary list of selected records (e.g. the contents of a file), consisting of a user-specified subset of metadata elements (e.g. Title, Author, Creation date) for each record?

    Does the MOSS RM allow users to print search result hit lists?

    Does the MOSS RM allow searching for files, document or folders from the Standard Microsoft Office Suite or Microsoft Outlook?

    Does the MOSS RM record capture process provide the controls and functionality to:

    • Register and manage all forms of electronic records;

    • Ensure that the records are associated with a taxonomy and associated with one or more files;

    • Integrate with MOSS RM software that generates the records;

    • Validate and control the entry of metadata into the MOSS RM

    • Interface with document imaging software and hardware

    • Interface with full text Optical Character Recognition (OCR) software to extract data form scanned documents  

    Is the MOSS RM able to capture:

    • The content of the electronic record, including information defining its form and rendition and information defining the structure and behavior of the electronic record, retaining its structural integrity (for example, all the components of an e-mail message with attachment(s);

    • The date of creation and other document metadata about the elements of the record;

    • Information about the context in which the electronic record was originated, created and declared, for example its business process and, originator(s), author(s);

    • Information about the MOSS RM program that generated the record, including its version.

    Does the MOSS RM ensure that metadata of the electronic record can only be changed by authorized users and Administrators?

    Does the MOSS RM support automated assistance in the registration of electronic documents, by automatically extracting metadata, for at least the following types of document:

    • Microsoft Office Suite;

    • Microsoft Outlook with attachments, both incoming and outgoing;

    Where a document has more than one version, does the MOSS RM allow users to register all versions of the document?

    Does the MOSS RM provide automated support for decisions on the classification of electronic records to electronic files by means of all of the following:

    • Making only a subset of the file classification system accessible to a user or role;

    • Storing for each user or role a list of that user’s most recently used files;

    • Suggesting the most recently used files by that user;

    Does the MOSS RM prevent subsequent changes to documents that have been designated as records?

    Does the MOSS RM prevent modification of the record identifier, once assigned?

    Does the MOSS RM allow a record to be assigned to more than one file category?

    Does the MOSS RM provide the capability for only authorized individuals to change a file code assigned to a filed record?

    Does the MOSS RM treat e-mail message the same as other documents, subjecting them to all other requirements

    Does the user have the option to file e-mail and all its attachments as a single record?  

    Does the user have the option to file email and its attachments separately?  

    Does the user have the option to file e-mail and its attachments both separately and as a single record?

    Does the MOSS RM capture and automatically store the transmission and receipt data (sender, addressees, date and time sent or received, subject of the message) if available from the e-mail system?

    Does the MOSS RM provide the capability for filed e-mail records to be retrieved back into a compatible e-mail MOSS RM for viewing, forwarding, or replying?

    How does you system capture, retrieve and view encrypted documents?

    Does your MOSS RM structure permit different encryption technologies to be introduced easily?

    What is the process for sending a document to an external source encrypted?

    Does the MOSS RM support the MOSS RM of the same retention schedule to both the physical and electronic records?

    Does the MOSS RM export and transfer metadata of physical records and files?

    Can the MOSS RM restrict the creation and change of retention schedules to the Administrator?

    Is the MOSS RM capable of associating a retention schedule with any record, paper folder or any part of the file classification system?

    Does each retention schedule include a disposition decision, retention period, reason, and source for the decision?

    Does the MOSS RM enable a retention schedule to be assigned to a paper folder or record that can take precedence over the retention schedule assigned to a specific level of the file classification system?

    Does the MOSS RM allow the Administrator to amend any retention schedule allocated to any file at any point in the life of the file?

    Does the MOSS RM allow the Administrator to change which schedule is associated with a file at any point in the life of the file?

    Does the MOSS RM support the review process by presenting paper folders and electronic documents to be reviewed, with their metadata and retention schedule information (the reason), in a manner which allows the reviewer to browse (i.e. navigate and study) the file contents and/or metadata efficiently?

    Does the MOSS RM allow the reviewer to take at least any of the following actions for each paper folders and electronic documents during review:

    • Mark the file for deletion;

    • Mark the file for transfer;

    • Prevent the deletion or transfer (freeze) of the item.

    Does the MOSS RM produce a report detailing any failure during a transfer, export or deletion? The report must identify any records destined for transfer that have generated processing errors, and any files or records that are not successfully transferred, exported or deleted.

    Does the MOSS RM retain all electronic files that have been transferred, at least until confirmation of a successful transfer process?

    Does the MOSS RM provide the ability to add user-defined metadata elements required for archival management purposes to electronic files selected for transfer?

    Does the MOSS RM provide the ability to sort electronic files selected for transfer into ordered lists according to user-selected metadata elements?

    Does the MOSS RM provide the ability to generate user-defined forms to describe electronic files that are being exported or transferred?

    Does the MOSS RM have the ability to retain metadata for files and records that have been destroyed or transferred?

    Does the MOSS RM support automated notification of pending disposition items?

    Does the MOSS RM support notification to all critical user items which will be disposed soon?

    Does the MOSS RM allow the Administrator to limit access to records, files, paper folders and metadata to specified users or user groups?

    Is the MOSS RM able to provide the same control functions for roles as for users?

    Is the MOSS RM able to set up groups of users that are associated with a set of files or records?

    Does the MOSS RM allow a user to be a member of more than one group?

    Does the MOSS RM allow only Administrators to set up user profiles and allocate users to groups?

    Does the MOSS RM allow security categories to be assigned to records/paper folders and all parts of the file classification system?

    Does the MOSS RM support a hierarchy of at least ten (10) levels, from unrestricted access at the lowest level to highly restricted access at the highest level?

    Does the MOSS RM allow security clearances to be assigned to users?

    Does the MOSS RM support the automated MOSS RM of a default value to a file, paper folder or document?

    Does the MOSS RM require a valid user ID and password for access?

    Does the MOSS RM provide the capability to designate a record as a vital record?

    Does the MOSS RM provide the capability to update and cycle vital records?

    Does the MOSS RM provide only authorized individuals with the capability to reverse the designation of a vital record once the designation has become obsolete?

    Does the MOSS RM allow both electronic documents and paper folders to be managed in an integrated manner?

    Does the MOSS RM allow a paper folder to use the same file title and numerical reference code used by an electronic record, but with an added indication that it is a paper folder?

    Does the MOSS RM support tracking of paper folders by the provision of checkout, check-in and bring forward (also referred to as bring up) facilities that reflect the current location of the file?

    Does the MOSS RM allow Administrators to add a paper folder to any file below the primary level in the file classification system?

    Does the MOSS RM ensure that a paper folder is allocated a security category?

    Does the MOSS RM include features to control and record access to paper folders?

    Does the MOSS RM support the printing and recognition of bar codes, or other tracking systems to automate the data entry for tracking paper folder movements?

    Please explain the import process in your MOSS RM. How an imported file is mapped to your MOSS RMs data? What import formats do you support?

    Please explain the export process in your MOSS RM. How an exported file is mapped from your MOSS RMs data? What export formats do you support?

    Does the MOSS RM have the capability for authorized individuals to bulk load (i.e. disposition instructions and codes)?

    Does the MOSS RM interface to any 3rd party products? If so, please give a brief description of the interface and the version of the 3rd party product. Is the 3rd party interface included in the annual maintenance fee?

    Does the MOSS RM come bundled with any 3rd party products? If so, please explain in detail both functionality

    Does the MOSS RM support transfer of critical data points from a document to other systems? (Such as contract expiration to Accounts Payable)  

    Does the MOSS RM support direct linkage to Accounts Payable or Purchasing systems regarding payment arrangements?  

    Does the MOSS RM support direct linkage to Human Resources regarding contract employees and signature authority matrix data?  

    Does the MOSS RM allow for audit utilities that provide an account of records capture, retrieval, and preservation activities to assure the reliability and authenticity of a record?

    Does the MOSS RM allow for audit utilities that provide a record of transfer and destruction activities to facilitate reconstruction, review, and examination of the events surrounding or leading to mishandling of records, possible compromise of sensitive information, or denial of service?

    Does the MOSS RM have the capability to store audit data as a record?

    Does the MOSS RM allow only authorized individuals to enable/disable the audit functions and to backup and remove audit files from the system?

    Does the MOSS RM track changes to a document such as audit tracking in Microsoft Word?

    Does the MOSS RM audit the signature authority matrix on contractual documents?

    Does the MOSS RM track the development of contract or document? With that, does it track that all the related parties are participating in the contract and approving all changes?

    Does the MOSS RM provide a report-writing tool that can be used effectively by non-IT staff to satisfy unique reporting requirements?

    Does the MOSS RM have a date verification or time stamp to show when changes have been made to a report form and by whom?

    Does the MOSS RM provide the capability to generate reports on the information held within the repository based upon user developed report templates or user query?

    Does the MOSS RM have the capability to produce hard copy codes or identifiers in the form of labels or other products as required?

    Does the MOSS RM provide a report-writing tool that can be used effectively by non-IT staff to satisfy unique reporting requirements?

    Does the MOSS RM have a date verification or time stamp to show when changes have been made to a report form and by whom?

    Does the MOSS RM provide the capability to generate reports on the information held within the repository based upon user developed report templates or user query?

    Does the MOSS RM have the capability to produce hard copy codes or identifiers in the form of labels or other products as required?

    Does the MOSS RM automatically notify when a contract is set to expire?

    Does the MOSS RM store contract templates

  2. RMCrazy says:

    Hey Dude,

    Is this a RFP request.  I can’t wait to see Microsoft’s answer to all these questions.  

    RM Crazy

  3. ernzddy@msn.com says:

    Hey Crazy,

    It’s a mix of questions I’ve compiled over the last year-year 1/2 from various sources, some DoD questions as well.  I’ve been waiting eagerly to see SharePoint have the "authentic" RM features.  I’m tired of getting beat up by FileNet, Documentum and Hummingbird over the lack of "genuine" ECM and RM features.

    Tired of being beat on like the "Red-headed Step Child"…

    J

  4. mic.dan says:

    Great jborghoff the 1st!

    (You deserve a honorary title for the questionnaire…)

    As far as I could read (10th line or so…), MOSS answer most of the demands.

    But seriously, I’ve posted here two questions and did’nt recieve an answer yet –

    1) DRM complementary products for MOSS 2007 (http://blogs.msdn.com/recman/archive/2006/08/24/715883.aspx#1160134) – Nobody really needs Documentum and the other "monsters", but MOSS does have severe lacks which Meridio (for example) could fulfill – did the DRM team checked those products?

    2) The Record Routing feature (http://blogs.msdn.com/recman/archive/2006/11/18/the-2007-office-system-ships.aspx#1204250) – It simply dosen’t work! (Anyway not in my MOSS version – downloaded from MSDN) – You can only send documents to a doc.library, not to a Records Center site.

    SharePoint DRM team – wake up!…

  5. mic.dan –

    We’ve posted comments on both your questions.  Just follow the above links that you posted – and sorry for the delay.

    Briefly, though – we’ll have more posts in the future on our partner solutions.  And there is some additional configuration steps needed to enable the “Send to Records Center” functionality, but it absolutely does work with the bits available on MSDN and elsewhere.

    jborghoff –

    Thanks for your interest in the product – that’s quite a list of questions.  When we created this blog, we didn’t envision it as a forum for such detailed Q&A.    However, answering these types of questions is exactly what our local sales field and partner liaisons are there to do.  If you have a local contact, please go ahead and contact them directly.  If not, we’ll make sure someone gets in contact with you.

    Thanks to both of you!

  6. ernzddy@msn.com says:

    Recman,

    Thanks for your response.  However, please understand that we are here on this blog with the expectation that you are the definitive source for SharePoint RM, "Microsoft Records Management Team".  I’ve queried other Microsoft contacts and they too have deferred me to you and your team.

    So without sounding curt, for you to defer us elsewhere for RM questions strikes me as odd.

    Please look at my list as questions as an opportunity for you to create a FAQ that would prove to us that you know your products capabilities and are willing to be frank and honest about them.

    To me, it’s ok for you to admit your product may not have or more of these features listed in this questionnaire, but please take the time to address them and supply us with a 3rd party SharePoint add-in solutions that would add the feature.

    Sincerely…

  7. Попалась ссылка на отличную белую бумагу (whitepaper :-), обсуждающую поддержку требований регулирующих

  8. mic.dan says:

    If anyone is still watching this post…

    Two very interesting (and frustrating) questions were aroused in the SPS Community Discussion Group – 12 posts were registered, none of them managed to solve those problems:

    1) There seems to be no way to prevent users from watching other authors’ documents in a docs. library – unlike un a list!

    2) It seems that only an Admin. can change the item-level security – i.e. the permission of a document – but the author of the doc. cannot change it!

    There’s the link – pick the glove…

    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.sharepoint.general&tid=0946e733-9129-4434-812f-bd91db30424b

Skip to main content