An important consideration when using any software to replace existing paper methods is records management. This is especially true in regulated environments, where laws may enforce requirements around record retention, control, and auditing. This post covers records management in SharePoint Online.
Any type of SharePoint content could be considered a record, including documents (MS Word, Excel, PDF, etc.), wiki pages, and lists. A record is any content that you want to control in some way and/or have an “official” version of. Treating content as a record can prevent it from being modified or deleted, track (audit) actions against it, make it easier to retrieve, and apply lifecycle and retention policies to it.
So when is content a record? It depends on your business needs. SharePoint allows records to exist in place (e.g. in Document Library) or in a central location (e.g. Records Center). It is typical that a document is handled in place until it is reaches some stage (e.g. document approval), where it is then made a record. Later down the line (say when a project ends), the document record may be moved to a central location for archiving.
Integral to records management in SharePoint are the Information Management Policies of a content type. To create or modify an information management policy, perform the following steps:
- Navigate to your Content Type and click “Information management policy settings”:
- Enter any Administrative Description and Policy Statement:Note: the Administrative Description shows up in the list of policies, and the Policy Statement is visible to the user when they open the document.
There are four options for the information management policy: Retention, Auditing, Barcodes, and Labels. Retention settings allow action based on a date property of the document. The action may be to delete the document, move it to another location, start a workflow, etc. Retention settings can be applied to record and/or non-records:
Auditing enables the audit log, which is not set by default. Enabling this feature is a key part of 21CFR11 compliance.
This is an example of what an audit log looks like:
Barcodes and/or labeling can be used to ensure paper copies are the latest or approved version, another key component of compliance:
3. Click OK.
Once you have your information management policies in place, you’ll want to enable Records management for the content of interest. In order to do this, follow these steps:
- Enable In-Place Records Management under Site -> Site Settings -> Site Collection Features:
- Enable manual declaration in Site -> Site Settings -> Record Declaration Settings ( or in Library Settings -> Record Declaration Settings for a particular library) and configure settings as desired:
- Verify document in your library can be declared as a record:
Now documents can be declared as a record and will follow the configured rules, taking you one step closer to compliance!