Greetings everyone! The following post is the first in a series giving a bird’s-eye view of Records Management in SharePoint 2010. If you have any questions or any topic requests, please feel free to contact me at email@example.com.
So why are we here? Better yet, why are YOU here? Maybe you are someone who is curious about RM as one of SharePoint’s key offerings. Maybe you are a consultant being staffed on a Records Management project for the first time and want to know your way around better.
In a nutshell, Records Management is an initiative that determines how long important documents should be kept and when they should be gotten rid of. (Now if you’re an actual records manager, or someone who is heavily involved in the RM process, you probably winced at that a little, because the term encompasses so much more than that.)
When I first wanted to start this series, I thought the most obvious first post would be something along the lines of “Intro to Records Management in SharePoint” or “What is Records Management?” And while I fully intend to get into the details soon, I thought it would actually be more important to discuss WHY we are doing it in the first place.
After all, no IT project manager or executive sponsor ever just says, “You know what would be totally sweet? A records center in SharePoint! YES!! Here’s $100k, go make it happen.”
There are, in fact, business drivers involved in these decisions that almost every organization faces, but most day-to-day employees are never aware of any of them. So the following are some of the top reasons why a company may opt to enact a Records Management program.
Reason #1: They have to.
Once upon a time there was a company (we’ll call them “Schmenron”). And one day Schmenron got into a lot of trouble by the federal government for destroying a bunch of documents that were pertinent to an ongoing investigation into their business practices. As a result, the government enacted a law called the Sarbanes-Oxley Act (SOX) which mandated (among other things) that publicly-held companies must be very explicit in how and when financial records are destroyed. Because of SOX, many companies have either developed or decided to focus on Records Management initiatives in order to ensure compliance.
There are several other examples of regulations in other industries that may factor into Records Management decisions, including HIPAA, the Department of Defense directive 5015.2, and MoReq (in the U.K.)
Reason #2: To reduce legal liability.
Sometimes companies get investigated by the SEC or some other regulatory body. Sometimes they get sued by one another or by an individual. Hey, it happens. And when it does, it is the responsibility of that company to produce all of the documents related to the case, and in many cases, that means hiring a team of lawyers at several thousand dollars an hour to sift through the documents one-by-one in order to find them all.
Now consider for a moment how many documents sit on the computer you are readings this blog right now. Add in anything else you or your team keeps stored on a shared drive, in SharePoint, or any other document repository. Now multiply that by the number of people in a large organization, and you can see how quickly these lawyer fees can add up if you had to pay them by the hour. With a Records Management process in place, a company can keep the sheer volume of records in their system down to a fraction of what it was originally, which can save hundreds of thousands of dollars during an investigation or lawsuit just on this discovery process alone.
Furthermore, suppose you have a document sitting on SharePoint that has already outlived its business value but is still just sitting there. For as long as that document is sitting there, it is fair game to be included in any sort of investigation or lawsuit with the organization, even if it doesn’t seem to be related to the case at all, and can potentially swing a ruling one way or the other or significantly affect the fine or settlement. Even worse would be if the company’s record retention policies dictated that that document should have been deleted or destroyed already, but it was never enforced. If only there was a way where SharePoint could manage all of this for us. If only!!
(Kidding, of course. SharePoint has many features that facilitate these processes, as we will soon see.)
Reason #3: To reduce IT overhead.
Going back to the previous example, many organizations basically allow their employees to keep and store as many documents as they want. Even with records retention policies in place, many companies’ SharePoint environments are run like the wild west, where every man, woman, and child looks after themselves. Again, think about every document you on your company’s SharePoint site. How many are truly business critical and still need to remain on the system? How many are there just because you needed to share it with your team mates one day and were too lazy to go back and delete it?
Multiply that by the number of users in a large organization, and you can get a picture of how much of an IT department’s personnel and server resources are being utilized to support content that is redundant, obsolete, or trivial (otherwise known as ROT), but no one has taken the time to sit through and define what should be kept and what should be deleted.
By applying records retention policies in SharePoint, organizations can save significantly on the amount of IT resources used to support SharePoint, and save the IT administrators loads of unnecessary headaches.
Well there you have it, the three primary reasons for a records management engagement in SharePoint. If it seems to you that that last reason doesn’t seem as big of a deal as the other two, I assure you it might be the most important.
In any records management engagement, there are three primary stakeholders involved: the RM/legal/compliance group, the business group, and IT. Obviously the RM/legal/compliance group is most concerned with compliance and mandates, which is Reason #1. The business group is likely most interested in financial costs, which is Reason #2. But often overlooked is getting the buy-in from IT, which is Reason #3. A happy IT group, combined with a supportive business group, and a vested RM/compliance/legal department equals a happy(er) RM engagement.
Next up (as promised): “What is Records Management?”