Get documents about "Coding Compliance Components - Download Center
Document Sample
Coding Compliance
Components
Writing Custom Policies for
Auditing, Expiration and More
Jason Morrill
Program Manager
Windows SharePoint Services
Agenda
• Information Management Policies
• Records Management and the
Records Center
• Additional records and compliance features
– Reporting
– Email
Information Management Policies
“Enabling an enterprise to define, instrument, and manage
policies for how they use and retain information”
• Standard definition and enforcement of business rules for content
– Target both regulations and business needs
– Automated for the information worker
• Examples of policies
– Expiration
– Content format
– Document identifiers
• Differentiated along
– Types of content
– Places where content lives
Retention and Expiration
• Specify how long to keep content
– Based on time period (Last modified+ 5 years)
– Set programmatically
• Specify an action to take when the event occurs
– Delete
– Run custom code
– Start a workflow
Labels and Barcodes
• Enforce a particular string in a document
– Base the string on a document property
– “Confidential – Managed By: {ProjectManager}”
• Add a barcode to the document
– Pluggable interface for defining the format
– Search for document using barcode
• Enforced in the Office Clients
Auditing
• Events audited out of the box • Plug in 3rd party events
– Insert, Edit, View of an item – New event definitions
– Workflow actions – Special class for workflows
– Content Type or list schema
change
– Change audit settings
– Check In/Out
– Copy/Move
– Delete/Restore deleted item
– Event log deletion
– Search queries
– Security group changes
– ACL changes
Custom Information Management Policies
• Examples of new policy features you can build
– Digital signature-based document integrity
– Document “Hygiene”
– Convert to Fixed Format
• Tied to a content type and centrally managed
• Parts of a custom policy
– Feature definition
– Custom user experience for management (ASCX)
– Implement Ipolicy interface
• Policy timer job
– Long running job manages updating items when policy changes
• Client OM
– Access and act on policies in the client applications
Policy Framework
The Goals Of
Records Management
Reduce risk of non-compliance and
legal liability
Retain vital records for
business continuity
Reduce costs of retrieving information for
legal discovery
The Process of Records Management
Records Manager
Organize,
Maintain, &
Dispose
Search,
Collect
Hold, &
Triage
Lawyers &
Knowledge Worker / Paralegals
Records Custodian
Records Warehouse
Our Records Center
Records Manager
Organize,
Maintain, &
SMTP & SOAP OFI
Dispose
Hold
Collect Records
Center Search,
Hold, &
Triage
Policy “Vault”
Knowledge Worker / Enforcement Behaviors
Records Custodian Lawyers &
Paralegals
Windows SharePoint
Services
Our Records Center
“Ship” To
Records Nondigital
Custodian records
Records Manager
Organize,
3rd-party
imaging Maintain, &
SMTP & SOAP OFI
Dispose
Hold
Knowledge Desktop
Worker Items Official File
Records Search,
Send To
Center Hold, &
Triage
SharePoint
Lawyers &
Documents Policy “Vault”
Enforcement Behaviors
Paralegals
Windows SharePoint
Exchange Services
Mail
Management in place vs. Records Center
• Policy features work in all SharePoint document repositories
– Use permissions and workflows for in place records management
• Retention requirements frequently outlive business value
– Original document container no longer useful
– Reduce amount of content exposed to end users
• Legal hold special to Records Center
– Suspension of policy is possible outside record center
– Difficult to sufficiently enforce administration outside a records
repository
Records Center
Legal Hold
Records Center Extensibility
• Custom Router
– Process content on ingestion
• Conversions
• De-duplication
– Route to 3rd party repositories
• Submit new record types with SOAP API
– Preserve existing categorization of content
– Include audit events
• Hold
– OM for adding/removing items to a hold
– Programmatic queries for items on a particular hold
– Extend Hold use of “Search & Process”
• New actions on search results
• Custom Disposition Actions
– Code to set an expiration event
– Code to handle an expiration event
Audit Reports
Org. Health And Compliance Reports
E-mail Integration
• Managed Folders
– Administrator defined expiration and quotas
– Helps users organize their e-mail in a company compliant way
– Helps get rid of the excess in a timely manner
• Direct links to the Record Center from within Outlook
– Helps users archive mail and attachments that are “corporate
records” and apply the appropriate metadata as they become
records
Managed E-mail Folders
Extensibility throughout
• SDK Code available: • Application Builders
Enterprise Content – New policy features
Management Starter Kit – Add-ins to our OOB policy
features
– Record repository integration
• Solution Builders • Integration w/external storage
– Vertical solutions • De-duplication
– File plans, reports
– Custom litigation hold UI
– Custom record center submission
– Workflows for expiration, vital
records review, etc
