In the last five years, the world of records management has rapidly shifted. Data protection laws have gotten tighter around the world – and the penalties for poor retention and deletion practices are only growing.
In Europe and the UK, the passage of the GDPR in 2018 began a sea change in the way companies manage sensitive information. The spirit of the law was clear: The days of getting away with sloppy data protection are over. This is particularly the case for public sector organisations, many of whom already had to grapple with stringent compliance standards from regulations like the Public Records Act.
Today, many organisations are looking for a tool that can solve their retention and records management woes once and for all. For that, you need a modern, cloud-based electronic document and records management system (EDRMS).
And you may be surprised to find that solution already waiting at your fingertips…
Microsoft and EDRMS
Microsoft might not be the first name you think of when it comes to records management. And once upon a time, this was probably justified. But in the last few years, that’s quickly changed.
Historically, records management has been a challenge with Microsoft technology, which led companies to rely on third-party tools like Meridio to capture and classify sensitive information. It was a workable alternative a decade or so ago – but increasingly these legacy platforms aren’t fit for purpose.
The last few years have seen a revolution in the way we access sensitive information – and the rules that govern how we use it. Increasingly, tools designed for a pre-cloud, pre-GDPR world aren’t up to the challenge of data protection today.
Recently, Microsoft 365 has upgraded its capabilities, and today it offers some of the most sophisticated EDRMS tools on the market. More on that below. But there’s another benefit to using Microsoft 365: There’s a good chance you already are. That means one less subscription for you to worry about and an EDRMS tool that’s built natively for the tech you’re already using.
So where do you start?
Cloud-native records management
Today, sensitive information can be accessed, shared or saved through any number of apps, formats or files. While that might be good for collaboration, it’s less helpful for compliance.
But as far as the law is concerned, none of that matters: You don’t get a free pass for non-compliance just because your records are stuck in Teams messages rather than Word documents. So how do you get it right?
Microsoft’s approach to records management aims to solve this issue. It’s designed to be both format and app agnostic, so you stay compliant whatever your records are and wherever they’re saved. That includes:
- Documents
- Spreadsheets
- Emails
- Teams messages
Crucially, it works across all standard Microsoft 365 apps, including SharePoint, Teams, OneDrive and Exchange.
Records management in Microsoft 365: How it works
Records management in Microsoft 365 is largely based on the concept of tagging and labelling sensitive information. It might seem like a straightforward solution – but it’s pretty sophisticated when used in practice. Here are some of the capabilities on offer:
Top tips for effective records management in Microsoft 365
Records management with Microsoft 365 is a sophisticated solution to a complex problem. But just using the tools isn’t going to solve everything overnight. It’s important to make sure you’re doing so correctly. Here’s some tips for how to do that:
- Get the right license: If you’re using Microsoft 365 E5, then you already have the full records management suite at your fingertips. If you’re using E3, you’ll have to either upgrade to E5 or purchase the relevant add-on.
- Use a consistent naming convention: This is particularly useful for automation. The more consistent your labelling and naming policies are, the easier it is for Microsoft 365 to identify relevant records and assign the correct actions and protections.
- Employ meta-tagging: Meta information can be used to associate documents with important information like document type, project name, client name, date created, etc. This information makes it easier to identify records and choose the right actions to stay compliant.
- Use role-based access: Microsoft’s retention labels are designed to work seamlessly with role-based access controls. Make sure to establish clear rules about who can view, edit and delete sensitive information, so human error doesn’t land you on the wrong side of compliance.
- Automate where possible: Any policy that relies on humans ‘just remembering’ isn’t going to work – because it creates a single point of failure. Instead, use automated rules to automatically detect records and ensure they’re deleted when the relevant time has passed.
- Extend beyond documents: It’s no longer enough to secure just Word and Excel documents. Make sure your policies cover all places where sensitive information could be stored, including emails, Teams messages and more.
With these tips in the bag, you’ll be well on your way to effective compliance.
Making records management a breeze
If you’ve made it this far, you probably don’t need any more convincing that Microsoft 365 is the right solution for you. But where do you start? How do you make the journey to Microsoft 365 from third-party tools like Meridio?
The issue here is that legacy tools were designed for a very different world of working, which can make the transition to Microsoft 365 a challenge. Often, the prospect of reconfiguring records and designing new compliance processes is so great that organisations stick with legacy solutions long after it’s time to move on.
But it doesn’t have to be like this. That’s where CompanyNet comes in.
We specialise in helping public and private sector organisations build effective and compliant records management capabilities in Microsoft 365. We’re not here to simply set up and let you get on with it – we want to help you at every stage of your EDRMS journey. That includes:
- Migration – Helping configure and migrate records correctly from your legacy system into Microsoft 365 so you can avoid disruption and guarantee a smooth transition.
- Change management – We’ll help you properly train your team on the new technology and ensure high uptake and correct ongoing usage.
- Automation – We can assist you in setting up policies for records management in a way that ensures documents, conversations and files are being held appropriately.
- Technical assurance service – We work with your team to help you make the most of Microsoft 365’s capabilities.
Want to find out more? Get in touch today or read about our records management services here.