In an ever increasing litigious world, it is more important than ever for organizations to have clear policies for managing information. It’s no longer an option in your information management system to avoid having clear policies and procedures for how information is regulated. Policies that govern who can access your information, what they can do with the information, the retention periods of records, and the auditability of information must be in place. Regulators and examiners have very specific guidelines about how retention and auditing must be implemented.
SharePoint 2013 provides very useful tools for regulating the creation, interaction, and disposition of content using Information Management Policies. These Information Management Policies are a set of rules that are assigned to content within SharePoint. These rules will define the retention schedule, auditability, and barcodes (Labels were deprecated in 2013). These policies can be defined for multiple content types within a site collection, a list, a library, or folder (location-based retention policy). Policies can be created at the Site Collection and used within Content Types as well to enforce consistency. Policies can be deployed across Site Collections for enterprise-wide policy deployment.
These policies provide a structured way for content owners and administrators to define the relevant retention policies and apply them consistently across all relevant information. These policies help keep users from having to think about when to apply policies as they are applied automatically once defined. Management of these policies is not complicated. The configuration is GUI driven and is included in the SharePoint interface. The policies configuration is accessed in Permissions and Policies under Information Management Policies in a List or Library.
The following are the types of settings available when defining policy:
- Retention The Retention policy feature lets you define retention stages, with an action that happens at the end of each stage. For example, you could define a two-stage retention policy on all documents in a specific library that deletes all previous versions of the document one year after the document is created, and declares the document to be a record five years after the document is created.
The actions that can occur at the end of a stage include the following:
- Moving the item to the Recycle Bin
- Permanently deleting the item
- Transferring the item to another location
- Starting a workflow
- Skipping to the next stage
- Declaring the item to be a record
- Deleting all previous drafts of the item
- Deleting all previous versions of the item
- Auditing The Auditing policy feature logs events and operations that are performed on documents and list items. You can configure Auditing to log events such as the following:
- Editing a document or item
- Viewing a document or item
- Checking a document in or out
- Changing the permissions for a document or item
- Deleting a document or item
- Labeling The label policy feature has been deprecated and should not be used in SharePoint Server 2013.
- Barcode The Barcode policy feature enables you to track physical copies of a document by creating a unique identifier value for a document and inserting a bar code image of that value in the document. By default, bar codes are compliant with the common Code 39 standard (ANSI/AIM BC1-1995, Code 39), and you can plug in other bar code providers by using the policies object model.
Defining policies at the Site Collection level which can then be used as published policies within the Site Collection.
An organization will first determine what policies need to be defined, and then scope of those policies. In this example, we will define a retention policy which can be used within the Site Collection.
- From the top-level site in a Site Collection, Open Settings > Site Settings
- Under Site Collection Administration, select Content Type Policy Templates
- Click Create
- Give your policy a name, administrative description, and policy statement. It’s important to define the policy statement as this is displayed to your users.
- For a retention policy template, click the check box beside Enable Retention
- Select Add a retention stage
- Select This stage is based off a date property on the item
- Set to Created Date + 1 years
- Select Move to recycle bin
- Click OK
This policy can now be used when creating Content Types to define a retention policy on those content types.
In the next blog post, we will define a content type using this “Employee Information Policy”.