In my continuing discussion around Information Management Policy in SharePoint 2013 I want to give an example of a real-world use case and then detail how to implement the policy.
This first example is designed to explain how to create Information Management Policy at the Site Collection level to give an organization a way to manage different retention schedules across the information stored within the Site Collection. Specifically, the division whose sites are contained within the “PMO” site collection has 2 distinct information retention processes that they want to implement. First, there is a policy for certain documents that states the document should be retained and after 1 year, all previous draft versions should be deleted. Secondly, after 5 years, the document should be permanently deleted. This is a requirement of IT Policy 14.19B. These two processes can be implemented by creating Information Management Policy at the Site Collection level and then applying the policy across documents within the Site Collection.
The steps to accomplish this are detailed below:
1) At the Site Collection access Site Settings > Site Collection Administration > Content Type Policy Templates
2) Under Policies, select “Create” and specify the policy information as shown below:
3) Create two retention policies by selecting “Add a Retention Stage” as shown below
4) When you have finished creating the two policies, scroll down to the bottom and select “OK”.
Now that you have a site retention policy, you can create a library on any child site and apply that policy.
1) Create or select an existing Library.
2) Under Library settings we will apply this policy to the default content type “Document” in the library.
3) Select “Library Settings” > “Permissions and Management” > “Information Management Policies”
4) By default, policies are applied to content types. If you wanted to apply policy to libraries and folders instead of content types, you must have the feature enabled that allows this change (Library and Folder Based Retention – Site Collection Feature).
5) We will apply the policy to the “Document” Content type which is the default on Document Libraries.
6) To apply the policy, select “Document”
7) Under “Specify the policy:” select your policy “Draft delete (1) -……” and Click “OK”
8) You have now applied the policy to all documents in this library based on the default “Document” content type. To see how this works, select “New Item > Document” from the ribbon toolbar. Word should launch on your client computer if set up to behave that way.
9) Create a sample document and save it back to the library.
10) To verify the policy has been applied, select the document menu using the ellipses “…” beside the document and choose “Compliance Details”. You should see something similar to what is shown below:
11) A piece of library metadata (column) named “Expiration Date” was added. You can add that column to the view if you want to see that the first stage date has been set and SharePoint will execute the first stage of the policy on that date.
This example helps to show how to create Site Collection wide policy and then use it on a library within a child site.
Recap- See below for Use Case 2 Content Types
In an ever increasing litigious world, it is more important than ever for organizations to have clear policies for managing information. It’s no longer an option in your information management system to avoid having clear policies and procedures for how information is regulated. Policies that govern who can access your information, what they can do with the information, the retention periods of records, and the auditability of information must be in place. Regulators and examiners have very specific guidelines about how retention and auditing must be implemented.
SharePoint 2013 provides very useful tools for regulating the creation, interaction, and disposition of content using Information Management Policies. These Information Management Policies are a set of rules that are assigned to content within SharePoint. These rules will define the retention schedule, auditability, and barcodes (Labels were deprecated in 2013). These policies can be defined for multiple content types within a site collection, a list, a library, or folder (location-based retention policy). Policies can be created at the Site Collection and used within Content Types as well to enforce consistency. Policies can be deployed across site collections for enterprise-wide policy deployment.
These policies provide a structured way for content owners and administrators to define the relevant retention policies and apply them consistently across all relevant information. These policies help keep users from having to think about when to apply policies as they are applied automatically once defined. Management of these policies is not complicated. The configuration is GUI driven and is included in the SharePoint interface. The policies configuration is accessed in Permissions and Policies under Information Management Policies in a List or Library.
The following are the types of settings available when defining policy:
- Retention The Retention policy feature lets you define retention stages, with an action that happens at the end of each stage. For example, you could define a two-stage retention policy on all documents in a specific library that deletes all previous versions of the document one year after the document is created, and declares the document to be a record five years after the document is created.
The actions that can occur at the end of a stage include the following:
- Moving the item to the Recycle Bin
- Permanently deleting the item
- Transferring the item to another location
- Starting a workflow
- Skipping to the next stage
- Declaring the item to be a record
- Deleting all previous drafts of the item
- Deleting all previous versions of the item
- Auditing The Auditing policy feature logs events and operations that are performed on documents and list items. You can configure Auditing to log events such as the following:
- Editing a document or item
- Viewing a document or item
- Checking a document in or out
- Changing the permissions for a document or item
- Deleting a document or item
- Labeling The label policy feature has been deprecated and should not be used in SharePoint Server 2013.
- Barcode The Barcode policy feature enables you to track physical copies of a document by creating a unique identifier value for a document and inserting a bar code image of that value in the document. By default, bar codes are compliant with the common Code 39 standard (ANSI/AIM BC1-1995, Code 39), and you can plug in other bar code providers by using the policies object model.
Use Case 2 – Content Types
In Use Case 1, I discussed the creatoin of policies at the Site Collection level that can be reused throughout the top-level and sub sites. In this Use Case, I will show you how to create policies on a document content type which contains a retention policy and a barcode policy!
Use Case 2: A legal department wants all vendor contracts to be retained for 5 years after which time, they may be moved to the recycle bin. Each vendor contract must also have a unique barcode inserted in the document and available in the document library.
In this case, a content type titled “Vendor Contract” has already been created and has associated metadata and an Approval WF. See below:
To create Information Management Policies that match the requirements. Follow the following steps:
1) Open the appropriate content type from the Site Content Types Web Designer Galleries.
2) Select Information Management Policy Settings
3) Select Define a Policy…. And click OK
4) Enter an Administrative Description. Example:
5) Enter a Policy Statement. This is displayed in the Office document when opened. Example:
6) Select Enable Retention then Add a Retention Stage. Configure the retention stage as shown below:
7) Select Enable Barcodes and Prompt Users to insert a barcode before saving or printing.
8) Click OK to save.
Now, when your document content type “Vendor Contract” is associated with any library within the scope of the content type, the policy is attached to the content type. When the user tries to print or save the document, they will receive the following message:
The Barcode metadata can then be exposed in the View settings to use with barcode reader equipment.
Please feel free to follow me at @mstrsharepoint and stay tuned to upcoming ASPE Free Webinars where we will discuss this topic.