The popularity of Microsoft SharePoint in the enterprise poses a growing information governance challenge. On one side, your users adopt SharePoint for its flexible, simple-to- use functionality that supports information collaboration. On the other, those responsible for managing information governance—compliance and records—often view it as a tool that can lead to information in the wild: duplicate, outdated, and often unknown information that can’t be easily searched, classified, managed, secured, or controlled.

Uncontrolled SharePoint environments too often lead to conflicts between users wanting to  maintain  their  freedom  and unvetted  access  to  their  favourite  collaboration  tool.  Your information governance professionals then struggle to gain control over this information to ensure the secure and compliant management of business documents and records generated as part of the collaborative process. What’s needed is a new approach that delivers full SharePoint functionality and flexibility for your users while facilitating effective but discreet compliance and information governance controls at all levels. Only, then can you meet the needs of information governance and collaboration.

Balancing compliance needs with collaboration wants

When it comes to information management in an organization, there are two key business roles that need to be considered: those responsible for IT infrastructure and those responsible for records management and compliance. Both of these roles have a similar mission which can be broadly described as: to capture and structure information in the organization. Despite the similarity of these objectives, the manner used to achieve these objectives differs vastly. Add to this your end users’ desire for a flexible collaborative system, and you can appreciate the challenge of bridging the gap between compliance needs and collaboration wants.

While SharePoint is a strong and well-liked collaboration system popular with both users and IT, its governance shortfalls are not trivial. For example, SharePoint stores new, active content and old, seldom-accessed content in the same way, leading to unnecessarily high storage costs. SharePoint also offers only limited categorization and records declaration capabilities, and allows duplicate records to be created.  Given  these  characteristics,  it’s  no  wonder  industry analysts  report  that  over  60%  of  organizations  have  yet  to  bring  their  SharePoint  deployments in line with existing corporate and regulatory compliance policies. Recognizing  the  value  of  SharePoint  as  a  collaboration  tool,  but  also  understanding  the governance  shortfalls  for  the  enterprise,  HP  Autonomy  has  developed  an  integration  with  HP Records Manager (HPRM) that allows you to maximize the value of your SharePoint investment while supporting effective compliance and governance. The HPRM integration allows users to leverage complete SharePoint functionality without compromise and does not need them to engage in, or undertake, records management tasks. Removing the records management burden from users reduces barriers to adoption and associated training overheads. 

At the same time HPRM provides powerful records management capabilities for information governance professionals so they can govern and manage the entire SharePoint solution - not just for records compliance, but for cost governance as well. 

Why organizations still need a records management solution

SharePoint offers a range of user benefits, but stops short when it comes to compliance and information governance. The content in the above mentioned workspace (or any workspace for that matter) may be subject to varying legal requirements and differing policy that SharePoint is unable to distil and apply. SharePoint’s records management capabilities are rudimentary with categorization limited to either content type or site/list location—you cannot use both. This makes it difficult to choose the best approach to managing your content and can result in documents of a given type being subject to the same information management policy no matter the business requirement. The ability to manage application and compliance lifecycles in an integrated  manner  to  ensure  the  appropriate  management  of  SharePoint  content  throughout its entire lifecycle is limited and exposes the organization to compliance gaps and risk.

Organizational  approaches:  SharePoint  uses  hierarchical  site  and  list  structures,  while  HP  Records  Manager uses a hierarchical folder structure that may be built on the business classification. These weaknesses may not matter much to users since they don’t interfere with daily work. In fact, SharePoint users may be seen as indifferent to governance. Their reasons for disliking records management tends to arise out of the prescriptive approach to structuring information hierarchies: it forces them to organize information in a way that doesn’t match how they as an individual use the information. It’s unfamiliar to them and requires greater levels of user training.

Records managers, compliance officers, risk managers, and others tasked with addressing cost, compliance, and risk requirements naturally have a more positive outlook on records management practice and tools—they aren’t nearly as enthusiastic about SharePoint as users are for a range of very valid reasons, including:

Difficulty locating information: There is no easy way to find all the information classified in a particular  way,  adding  unnecessary  time  and  work  to  many  information  governance  tasks. HPRM enables records managers and users to navigate the business classification and uncover the information that belongs to each category.

Duplication of information: Nothing prevents the creation of duplicate information. And SharePoint’s mechanism for copying actually makes a new copy of the file, not just a link to the original, making additional duplication inevitable. Since SharePoint does not support de- duplication  within  a  document  library,  the  ongoing  accumulation  of  duplicate  records  strains the  storage  system.  This  ever  growing  information  footprint  and  associated  storage  starts  to impact  the  IT  Managers  budget  and  resources. HPRM enables information to be surfaced in multiple places in SharePoint while maintaining a single authoritative record.

No granular control around retention: It is difficult to apply retention policies based on the type, classification, or location of information, rendering these more efficient approaches unavailable and exposing the organization to risk. HPRM can apply retention policy to information based on its type, location, and classification either automatically or ad-hoc.

Inefficient storage of lower-value information: Studies have shown that, on average, 60% of data stored in SharePoint is never accessed again after three months from its creation   date. Yet SharePoint makes no distinction between the older, rarely accessed items and newer content for more efficient and cost effective storage. HPRM supports tiered storage and configurable caching options to balance the need for search and retrieval speed with storage costs. Old and inactive information can be moved to appropriate storage to meet the needs of the organization.

Lack of control over information: People can easily create sites, lists, and content that information governance personnel have no way of controlling or bringing into compliance. Security and access to this information is governed by the individual and not corporate or regulatory policy.

HPRM delivers much needed control over SharePoint information applying policy, security, and audit to managed content, including policy enforcement at the time of site creation. These SharePoint security and risk considerations can bloat its already considerable cost of ownership.  Taking  into  account  hardware,  software,  deployment,  ongoing  administration, governance, and management labor costs, SharePoint management adds up to an average cost of $49 per user, per month. This cost does not decrease, even as the usage of SharePoint expands within the organization, despite expected improvements in economies of scale that normally  come  from  increased  technology.

This matrix shows the strengths and weaknesses of the information management capabilities of each system. Grey indicates that while the system can do this, the other product does it better.

Why HP Records Manager?

As SharePoint is popular with users, HP Records Manager is popular with records management and information governance professionals. HPRM is recognized as a leading enterprise document and records management solution, established and proven in the market for more than 28 years. The benefits HPRM brings to an organization’s SharePoint deployment are easy to quantify. HPRM is designed to bring records management compliance to organizational information and provides the extensive governance functionality lacking in SharePoint, including:

1. Proven industry solution with global certifications
2. Policy-driven content classification
3. Full legal hold functionality
4. Defined retention schedules
5. Multi-level security and access controls
6. Department of Defense-certified security standards DoD5015.2
7. Support  for  global  standards  such  as  ISO15489  Records  Management  Standard  and  ISO16175 Principles and Functional Requirements for Records in Electronic Office Environments
8. Secure content aggregation
9. The ability to structure records based on their location or content type
10. Extensive and granular audit capabilities for all items

Achieving records management compliance for SharePoint 

The  desire  for  compliance  and  collaboration  results  in  two  opposing  groups  forming  within the organization: on one side, pro-SharePoint IT personnel and users, who view it as an accommodating solution for key user wants and needs and on the other side, pro-HPRM compliance,  IT,  and  records  managers  who  would  rather  live  in  a  world  without  SharePoint which  they  feel  erodes  control  and  compliance.  Each  of  these  groups  plays  an  important  role in the management of corporate information, but the essential conflict between the groups comes  down  to  this:

1. Users want to organize information in alignment with the way they create and consume it today.
2. Records managers want to structure information in a way that best supports long-term access and compliance.

While each of the groups described above tends to see SharePoint and HPRM as mutually exclusive, this is actually false. In reality, these two products are complimentary. Coupling them allows  the  popular  SharePoint  collaboration  platform  to  also  be  compliant.  This is achieved by not interfering with the user’s ability to use SharePoint or requiring them to participate in records management practices, while permitting full use of the compliance capabilities of HPRM. The key is to have integration between the two systems that doesn’t interfere with the capabilities of either one, respects the requirements of both users and records managers, and doesn’t compromise the needs of either side.

The integration of HPRM with SharePoint was designed to meet the following objectives:

1. Allow management of all SharePoint content, not just documents
2. Permit users to use all SharePoint functionality, regardless of whether content is managed or not
3. Permit the use of all HPRM functionality for content originating from SharePoint under management
4. Make management visible or invisible to the user dependent on the organization’s requirements
5. Include configurability to suit all organizations, rather than force a compliance strategy

HP Records Manager for SharePoint available from HP Autonomy delivers a complete solution leveraging the strengths of each individual system. It allows you to significantly improve  information  governance  in  the  organization  without  hindering  collaboration  and  user productivity.

How the SharePoint-HPRM integration works

HPRM enables information governance for SharePoint through the concept of “managing a list item.” This consists of creating a record in HPRM to represent the list item in SharePoint, then maintaining synchronization between the list item in SharePoint and the corresponding record in HPRM. If a managed item is updated in SharePoint, the corresponding record is updated in HPRM. Conversely, if the record is modified through HPRM, the corresponding list item is updated.  In  this  way,  synchronization  between  the  HPRM  record  and  managed  list  item  is maintained.

The integration extends this core concept to enable key tasks such as:

1. Finalize: Manage the content and prevent it from being edited
2. Relocate: Move the content to HPRM
3. Archive: Move the content to HPRM and finalize it

These key tasks can be applied both manually and automatically, and be instigated against individual items, folders, document sets, lists and sites.

This approach offers crucial advantages. The integration makes it possible to manage all SharePoint  content,  not  just  documents,  including  content  such  as  wikis,  blogs,  and  calendars, and even entire sites. All of the functionality of both SharePoint and HPRM can be used with SharePoint-managed content. With the option of rendering management invisible, users don’t even  need  to  be  aware  that  their  content  is  being  managed.

Governance doesn’t have to mean choosing between the needs of users and those of records managers. The integration of HPRM with SharePoint allows you to maximize the utility and value of your SharePoint investment without compromising on the functionality available to users. At the same time, records managers can use HPRM to fully govern SharePoint content or just a subset. By integrating HPRM with SharePoint, you can fully leverage the complementary functionality of each solution to fully empower users, while giving records managers the tools they need to achieve full compliance.

Learn more at: www.autonomy.com/products/hp-records-manager