SharePoint Information Lifecycle Governance

By Mike Alsup posted 01-31-2011 17:49


This is the third part of an extended post on getting started with SharePoint 2010 for ECM and RM.  Part one dealt with understanding the problem from a Microsoft infrastructure and planning perspective.  Part two covered the SharePoint partner ecosystem for ECM and RM.  This third part discusses key elements in a successful approach to planning, design and implementation of SharePoint 2010 for ECM and RM using both Microsoft products and products from the SharePoint partner ecosystem.  My next post will discuss the functional requirements for components in an enterprise SharePoint ECM and RM solution.  These prior posts describe these concepts in more detail:

SharePoint is already considered a key technology infrastructure component.  We have observed that most organizations, large and small, are eager to consolidate and simplify their IT environments with SharePoint.  SharePoint 2010 provides much of the compelling platform needed for compliance and enterprise records management that these organizations have been waiting for.  However, the popularity of SharePoint has created “Wild West” environments where thousands of SharePoint sites are implemented that are not consistently managed.  Several issues in the enterprise deployment of SharePoint for content and records need to be well understood and addressed:

  • SharePoint is a systems development and integration platform, and requires technology skills beyond many organization’s capabilities to implement and govern content and records consistently. 
  • Microsoft did not include the information lifecycle or governance capabilities needed to establish consistent and compliant ECM and RM solutions at an enterprise level, especially in large organizations.  These capabilities can be implemented, but they are not “out of the box” as most organizations understand the phrase.
  • Microsoft included features that enable records management in SharePoint 2010, but it did not complete the features that specifically address the requirements for records management certification that were established in the U.S. (DoD 5015.2) and in other countries (e.g., MoReq 2010 in the European Union, VERS in Australia, etc.).  Managing content without a platform that supports these standards is antithetical to the approach of records managers in many large organizations. 
  • A very small portion of the electronic content in most large organizations is currently managed in ECM Suite repositories.  Most of it is in share drives and email repositories and Microsoft is establishing SharePoint as part of a compelling path to enable these repositories to be consistently governed according to enterprise retention policies.  The migration of this content into SharePoint takes careful planning, tools, and change management to ensure that widespread user acceptance is achieved. 
  • The ECM repository business will not yield to SharePoint dominance overnight.  There will be a run-off over many years for the migration of legacy ECM platforms based on the budget appetite of the organizations that are buying and implementing the solutions. 
  • Enterprise ECM and RM have important people and process dimensions that go well beyond the technology dimensions.  Records Management is a discipline and profession that can be enabled with technology but technology alone cannot provide an enterprise ECM and RM solution. 

Many organizations are looking for the way to consolidate their content and records management to SharePoint as soon as they believe it is practical to move forward.  They understand this is a significant journey, not a simple migration.  They understand that this is a program, composed of a family of projects that includes people, process, technology, and risk mitigation dimensions.  A significant journey needs a roadmap.

Why a SharePoint Roadmap for Content and Records Management?

Organizations historically have struggled to make their enterprise content and records management programs successful due to the cost of implementation and low user adoption. The complexity of the traditional ECM Suites for Records Management and the training required to use them have served as the barrier to the enterprise adoption of these packages. Recent surveys have shown average adoption in the 12-15% range and lower. These percentages are neither “enterprise” nor particularly “compliant” due to the isolation of their user communities.  With its ease of use and growing maturity, SharePoint adoption is widespread, offering organizations something they have not had before, an opportunity to leverage an ECM and RM platform their users already want to use. 

Most organizations considering SharePoint for content and records management aren’t really focused on replacing their current investments in specialized ECM Suite-based applications.  Even in the largest and most aggressive of these organizations, only 10-20% of the content is in the ECM Suites.  80-90% of the content is in Share Drives, Email repositories (especially Microsoft Exchange-based) and in legacy SharePoint sites.  Furthermore, it is in these repositories where most of the Legal and eDiscovery risk resides.  Our clients tell us they are trying to combine Email, collaboration, and eDiscovery with Records Management in a streamlined manner.  Consolidating content out of legacy ECM Suite applications and repositories into SharePoint has a variety of costs and advantages, but our clients want to address Share Drives, the “Wild West” of SharePoint, and Email within a records management program first. 

SharePoint Information Lifecycle Governance

SharePoint is driving the establishment of a new category of enterprise solutions.  When an organization accepts that multiple content repositories are required, and content governance across those repositories is also required, this defines requirements for an enterprise information lifecycle for content governance.  The reason a standard enterprise information lifecycle is so important is that it enables the content to be classified and managed according to a retention schedule regardless of whether the content is electronic or physical or whether the decisions are made by humans or automated processes.  The information lifecycle defines processes, rules, and repositories that are globally applied across the enterprise to all information and are separate from most business processes and applications.  The lifecycle can be defined to support the existence of all information across multiple types of repositories and can support the infrastructure requirements of the largest organizations.  The result is consistent content governance combined with consistent user expectations for how they should participate in the management and retention of enterprise information. 

As the name implies, SharePoint Information Lifecycle Governance is about building an information management infrastructure upon the success of SharePoint as a collaboration platform.  SharePoint Information Lifecycle Governance is about improving an information worker’s ability to find and manage content while enforcing content policies in a new and active way: 

  • All organizations define important policies across a wide variety of disciplines (e.g., regulatory compliance, financial control, customer management, document / knowledge management, etc.) but few of these policies are adhered to.  Organizations live with the paradox of “of course we have policies, of course they are important, and of course no one pays attention to them.”  Organizations are desperately in need of automated policy enforcement for their unstructured content, and SharePoint provides the platform to achieve this enterprise compliance. 
  • The moment of truth for any policy – the point at which the policy will be adhered to or violated – is at the point of interaction (whether that interaction is communication with another person or transacting with an external system).  With most office content, this point of interaction occurs when content is saved in a repository and an Information Lifecycle state is applied to the content. 
  • The old way of policy management, documenting and publishing policies with the instruction that people are required to adhere to them, is completely ineffective and subjects an organization to steep legal costs and a variety of potential punishments.  The only way to effectively enable and enforce policy is to use technology to manifest the policy at the moment of truth and apply the appropriate governance.  This governance needs to be consistently applied across multiple repositories, but especially in share drives, Email and SharePoint. 

The alternative is the “Wild West” of inconsistent and ungoverned SharePoint sites, which are no better managed than many of the share drives and departmental ECM silo solutions that they replace.  We get a consistent message from our big customers: They have 1000 content types in their Content Hub, 1000-2000 nodes in their file plan, and 10,000 SharePoint sites, and SharePoint 2010 provides insufficient tools govern content on this scale.

If SharePoint ECM and RM aren’t “out of the box”, what do you need? 

SharePoint components from the SharePoint ECM and RM partner ecosystem provide capabilities that extend SharePoint 2010 with the content governance and records management capabilities are needed and raise SharePoint 2010 to the level of the traditional ECM Suites for ECM and RM in many of the areas that our clients have said are important.  With the addition of SharePoint components, SharePoint becomes a repository for both work in progress collaborative documents and enterprise records that is more easily embraced.  SharePoint components built using Microsoft technologies and development best practices are able to leverage the power and versatility of the SharePoint platform.  SharePoint components build on the ease of use and end user adoption of SharePoint and help organizations leverage their investments by extend the SharePoint platform as an enterprise solution for content and records management. 

While it is possible for large organizations to build SharePoint ECM and RM components on their own, many of our clients have found that their requirements are so similar to their peers that acquiring components from SharePoint ecosystem ECM and RM providers their most effective approach.  The components have been designed by experts, they are supported, and they have been proven in other environments.  They may be included as features in the next version of SharePoint, but that is unpredictable.  Benefits are achievable in the near term. 

Does this mean SharePoint-pure only?

Not necessarily.  Some of the most effective enterprise deployments of SharePoint we have seen have used ECM Suites like EMC|Documentum or Open Text Livelink as the repository of record.  However, the user experience and the information lifecycle was enforced through SharePoint and not through portals or federated in by enterprise search tools.  There is a significant amount of work required to integrate an external repository of record with a SharePoint Information Lifecycle Governance model.  The key to the success of this integration is to establish the consistent enforcement of metadata and content type governance within SharePoint and extending this governance consistently to all SharePoint sites.

Where to from here?

In my next post, I will describe the requirements for SharePoint components, either from providers in the SharePoint ECM and RM ecosystem or based on internal configuration and customization, that are needed to extend SharePoint 2010 to enable enterprise content and records management.