Records Management for Microsoft Office SharePoint Server
Companies of every size, from multinationals to 'Mom and Pop' businesses, need to preserve information in a secure and reliable way, not only as a standard practice within the company but also for official purposes. The Records Management infrastructure of Microsoft Office SharePoint Server (MOSS) is designed to archive information no longer necessary in the daily running of the enterprise. The component is designed to ensure and protect the integrity of the content, register changes and authorization, ensure saved information is only accessible to authorized personal, and most importantly, assure that information cannot be altered or deleted. With Records Management, it is possible to block access at any point, if and when deemed necessary by the administrator.
The Records Center of Microsoft Office SharePoint Server (MOSS) is designed to manage this type of information. For example, many companies generate monthly financial reports for the tax authorities; if a conflict develops between the company and tax office, the company may be required to release reports and financial information with a guarantee that nothing has been altered or changed in any way. In this case, the company's financial department can transfer the reports to the Records Center of MOSS in a special "Holds List" and attach a pre-defined secure 'policy,' for example, a statement that documents are irretrievable or 'frozen' until a determined authorization, date, and time. SharePoint saves the documents in the Records Center, accessible only to authorized personnel. The records are saved together with a special metadata file containing the Audit history records; this information is 'blocked' by the administrator to ensure its safekeeping and inaccessibility. There is an important difference between Audit, which only saves the history of the document, and the Records Center which takes this one step further by 'freezing' the document, making it completely inaccessible and irretrievable unless requested by proper authorization.
Creating and Configuring a Records Center
Internally, the MOSS Records Center is a Site Template, making it possible to create as many Records Centers as necessary, but bearing in mind that only one may be active at any given moment. The site provides the necessary Lists for the Records Center, together with the mechanics for routing the information to the Lists and the authorization systems to ensure unauthorized users cannot view or access the Site except for sending documents to the Center. As the design of the Records Center is critical to its successful performance, it must be created with an eye to detail and function. Microsoft has published extensive information about the design of Records Centers ("Records Management Guide for Microsoft Office SharePoint Server 2007" http://technet2.microsoft.com/Office/logredir.aspx?MODE=CT&CTT=ToExternal&target=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D92720&referrer=http%3A%2F%2Ftechnet2.microsoft.com%2FOffice%2Fen-us%2Flibrary%2F550d5dcb-190e-4504-a8cb-4ea921d2d8e21033.mspx&reldir=en-us%2Flibrary and "Successful records management" http://office.microsoft.com/search/redir.aspx?AssetID=XT102058411033&CTT=5&Origin=HA102058501033)
To create a Records Center:
- Create a new Web Application for the Records Center or use a Web Application different from the Libraries' Web Application. In theory, and according to Microsoft specifications, this is unnecessary, but practical experience indicates that the Records Center works optimally in a separate Web Application.
- In the new Web Application, create a Site Collection using the "Records Center" template (the template can be found in the "Enterprise" tab of the Template Section).
- In the Central Administration, click "Application Management;" under the "External Service Connections" section, use the "Record center" link to configure the created Site Collection. In the new window, select "Connect to a Records Center" and in the URL configure the address of the Records Center using the syntax "http[s]://ServerName/Site/_vti_bin/officialfile.asmx"; for example, http://Moss/_vti_bin/officialfile.asmx if the Records Center has been created under the root of the Site Collection. Note that the fragment "../_vti_bin/officialfile.asmx" is obligatory. Finally, select a "Display name" to identify the Records Center for users.
- Create a Directive un the Site where the Library containing the Records Center will be located (or Libraries; it is also possible to use the Records Center for Lists), go to "Site Actions" "Site Settings" "Site Collection policies", and create a new policy. For the example, a "Notary Policy" policy was created, where "Enable Expiration" was activated with a retention period based on the Last Modified date plus one year, and with the condition that the Element will be deleted after the retention period expires. This policy indicates to the Records Center that each Element will be eliminated, without using the recycle bin, precisely one year after the last modification.
- Create a new Content Type. From "Site Actions" "Site Configuration" "Site content types" "Create", construct a new Content Type. For the example, a new "Notary Documents" Content Type was created, from the parent Content Type "Document Content Types" "Document".
Figure 1: Records Center Configuration in Central Administration
Figure 2: Creation of a Content Type
Page 1 of 4