Coding Compliance Components - Download Center by malj


									Coding Compliance
Writing Custom Policies for
Auditing, Expiration and More

Jason Morrill
Program Manager
Windows SharePoint Services

• Information Management Policies
• Records Management and the
  Records Center
• Additional records and compliance features
   – Reporting
   – Email
Information Management Policies
         “Enabling an enterprise to define, instrument, and manage
             policies for how they use and retain information”

• Standard definition and enforcement of business rules for content
   – Target both regulations and business needs
   – Automated for the information worker
• Examples of policies
   – Expiration
   – Content format
   – Document identifiers
• Differentiated along
   – Types of content
   – Places where content lives
Retention and Expiration

• Specify how long to keep content
   – Based on time period (Last modified+ 5 years)
   – Set programmatically
• Specify an action to take when the event occurs
   – Delete
   – Run custom code
   – Start a workflow
Labels and Barcodes

• Enforce a particular string in a document
   – Base the string on a document property
   – “Confidential – Managed By: {ProjectManager}”
• Add a barcode to the document
   – Pluggable interface for defining the format
   – Search for document using barcode
• Enforced in the Office Clients

• Events audited out of the box      • Plug in 3rd party events
   – Insert, Edit, View of an item      – New event definitions
   – Workflow actions                   – Special class for workflows
   – Content Type or list schema
   – Change audit settings
   – Check In/Out
   – Copy/Move
   – Delete/Restore deleted item
   – Event log deletion
   – Search queries
   – Security group changes
   – ACL changes
Custom Information Management Policies

• Examples of new policy features you can build
   – Digital signature-based document integrity
   – Document “Hygiene”
   – Convert to Fixed Format
• Tied to a content type and centrally managed
• Parts of a custom policy
   – Feature definition
   – Custom user experience for management (ASCX)
   – Implement Ipolicy interface
• Policy timer job
   – Long running job manages updating items when policy changes
• Client OM
   – Access and act on policies in the client applications
Policy Framework
The Goals Of
Records Management
        Reduce risk of non-compliance and
        legal liability

        Retain vital records for
        business continuity

        Reduce costs of retrieving information for
        legal discovery
The Process of Records Management

                                    Records Manager

                                                Maintain, &

                                                              Hold, &
                                                                        Lawyers &
   Knowledge Worker /                                                   Paralegals
   Records Custodian

                                  Records Warehouse
Our Records Center

                                                      Records Manager

                                                                      Maintain, &
                                    SMTP & SOAP OFI

                          Collect   Records
                                    Center                                            Search,
                                                                                      Hold, &
                                                       Policy      “Vault”
     Knowledge Worker /                                Enforcement Behaviors
     Records Custodian                                                                          Lawyers &
                                    Windows SharePoint
Our Records Center

                              “Ship” To

   Records     Nondigital
   Custodian   records
                                                               Records Manager

                                      imaging                                  Maintain, &
                                             SMTP & SOAP OFI

   Knowledge    Desktop
   Worker       Items                        Official File
                                             Records                                           Search,
                            Send To
                                             Center                                            Hold, &
                                                                                                         Lawyers &
               Documents                                        Policy      “Vault”
                                                                Enforcement Behaviors

                                            Windows SharePoint
 Exchange                                   Services
Management in place vs. Records Center

• Policy features work in all SharePoint document repositories
   – Use permissions and workflows for in place records management
• Retention requirements frequently outlive business value
   – Original document container no longer useful
   – Reduce amount of content exposed to end users
• Legal hold special to Records Center
   – Suspension of policy is possible outside record center
   – Difficult to sufficiently enforce administration outside a records
Records Center
Legal Hold
Records Center Extensibility

• Custom Router
   – Process content on ingestion
       • Conversions
       • De-duplication
   – Route to 3rd party repositories
• Submit new record types with SOAP API
   – Preserve existing categorization of content
   – Include audit events
• Hold
   – OM for adding/removing items to a hold
   – Programmatic queries for items on a particular hold
   – Extend Hold use of “Search & Process”
       • New actions on search results
• Custom Disposition Actions
   – Code to set an expiration event
   – Code to handle an expiration event
Audit Reports
Org. Health And Compliance Reports
E-mail Integration

• Managed Folders
   – Administrator defined expiration and quotas
   – Helps users organize their e-mail in a company compliant way
   – Helps get rid of the excess in a timely manner
• Direct links to the Record Center from within Outlook
   – Helps users archive mail and attachments that are “corporate
     records” and apply the appropriate metadata as they become
Managed E-mail Folders
Extensibility throughout

• SDK Code available:                    • Application Builders
  Enterprise Content                        – New policy features
  Management Starter Kit                    – Add-ins to our OOB policy
                                            – Record repository integration
• Solution Builders                             • Integration w/external storage
   –   Vertical solutions                       • De-duplication

   –   File plans, reports
   –   Custom litigation hold UI
   –   Custom record center submission
   –   Workflows for expiration, vital
       records review, etc

To top