DoD 5015.2 Certification and SharePoint 2010

By Michael Alsup posted 09-24-2011 16:05


We recently completed the records management certification of native SharePoint 2010 add-ons based on the DoD 5015.2 standard.  Here is the JITC page where all of the certified solutions are identified.  We believe that this is the only native SharePoint add-on that is certified by the DoD 5015.2 standard, although several other organizations, such as Open Text, Laserfiche, and Autonomy have certified their ECM solutions in an integrated configuration with SharePoint.  Here is what we learned on this journey:

SharePoint is a natural platform for information governance and retention management.  It just wasn’t built with all of the features you need for full records management as defined in the DoD 5015.2 standard.  Bruce Miller of RIMTech has written a pair of very nice white papers that discuss what is features are needed to extend SharePoint for records management, what Fortune 1000 scale organizations need, and what GimmalSoft has achieved with our SharePoint 2010 add-ons.  Bruce was the founder of TrueArc, which became EMC|Documentum RM, Tarian, which became part of IBM RM, and was integrally involved in the creation of the DoD 5015.2 standard.  Everyone who is interested in records management and SharePoint should follow this link, register on his site, and download his white papers. 

Our solution adds many required features to the SharePoint Records Center to enable certification.  However, the primary challenge in enterprise records management with SharePoint is not in a fully capable Records Center or with in place records management in individual SharePoint sites.  It is in the definition and establishment of governance processes that are applied in all the SharePoint sites in an organization.  To achieve this in a large organization, you need the following things at a minimum:

  • An Information Lifecycle.  SharePoint provides a simple mechanism to trigger actions with changes to the lifecycle state of a piece of content, regardless of whether this state change is the result of a user’s input or systems event.  Our clients have demonstrated that this can be consistently implemented across thousands of SharePoint sites. 
  • Site Provisioning Governance.  Without all content being governed, we will never be compliant.  If any user or local SharePoint administrator can override the retention policies of the organization, then the content is not governed.  This requires careful planning and forethought. 
  • Content Types are the SharePoint component that enables documents to be mapped to nodes in the Records Center.  SharePoint 2010 enables the definition of the metadata that is required for records management and is contained in every content type. 
  • Minimized User Data Entry.  Users won’t support solutions that require extensive data entry.  SharePoint provides great capabilities to automatically fill in metadata on content types based on context.  This enables organizations to avoid the need for extensive user data entry.  Our goal is that a user defines a maximum of three things:
    • Document name
    • Content Type
    • When the document is "Final"

Frequently, some or all of these attributes can be automatically defined based on document context.

  • File Plan Administration Tool.  The mapping of Content Types to nodes in the Records Center is fairly laborious without a tool to simplify the administration.  There are several good examples of these tools. 

SharePoint provides the opportunity to leverage the viral adoption of SharePoint to connect with knowledge workers and enable their transparent participation in records management.  This enables the enforcement of a lifecycle and ends the reliance on end users choosing whether or not to follow an organizations policies and compliance rules.   This is a significant opportunity for many organizations. 

#Records-Management #sharepoint #SharePoint #ElectronicRecordsManagement