Governance and Compliance in M365 and SharePoint

Studies reveal that better governance and compliance are key to preventing content chaos and harm to businesses and its employees. 


“Content chaos really stems from the massive amount of documents that are created every year and how the vast majority of them are stored in a very inefficient manner,” explains Sameer Khan, VP of product development at Helux, in a webinar on the topic. “As a result, no one in your organization has a real understanding of where these documents are being stored or how they’re being shared.”


Content chaos leads to businesses facing major security and legal risks


Khan added that these problems could lead to major security and legal risks. For example, let’s say a document stored in SharePoint was arranged to be disposed of after a set time or a particular event as part of a retention schedule. After either one occurs, there should be no record of the document. But there are times when that’s not the case due to an employee uploading a duplicate to a shared drive for convenience. In these instances, businesses risk having sensitive information being shared internally or externally and being forced to provide the duplicate in a legal case or a Freedom of Information Act request. Studies have found that of all documents created, half of them are duplicates, and others are redundant, obsolete, or trivial (ROT). A pile-up of these documents can lead to extra storage space that needs to be managed and cost businesses upwards of millions of dollars. 


Employee productivity, decision-making, and well-being are bound to be affected


Along with security and legal risks, employee productivity, decision-making, and even well-being are bound to be affected. The rate of information growing is now triple when compared to five years ago. As a result, employees cannot quickly find the information they need to get their work done — which is more concerning than ever now that remote work is the norm. Studies have found that employees spend about 30% of their time searching for information, and that during this process, distractions like emails and phone calls can lower their IQ by 10 points. In addition, the stress of not being able to process all this information as fast as it arrives can leave employees feeling depleted — and short of breath. Researchers have discovered employees now experience email apnea: irregular and sometimes arrested breathing as they search through their inboxes. Like sleep apnea, it can lead to various illnesses, such as a stroke, a heart attack, and diabetes. 


Prevention starts with better governance and compliance


Khan stressed that preventing content chaos and harm to businesses and its employees starts with better governance and compliance. First, businesses must identify the types of content they need and then design a proper information architecture for a records repository, such as SharePoint. “This will provide us with a structure to properly store our content so that it’s easy for employees to find information,” explained Khan. “Architecture covers many important areas, such as navigation, user experience, and giving context to content.”


Designing a proper information architecture


Khan pointed out that tools like THEMIS IA modernizes the process of designing a proper information architecture in SharePoint. Users can create sites, libraries, content types, taxonomies, and fields to organize their content within an easy-to-use platform. Afterward, they can instantly deploy to SharePoint without having to code or hire developers. In the past, businesses would have to rely on Excel spreadsheets to compile their SharePoint requirements and then work back and forth with developers to ensure those requirements were met or make any changes.


“Metadata can be used to further tag information so that it can be sliced and diced in different views to cater to different needs,” added Khan. “That way, your information will be able to work the way your employees want and not the other way around. Metadata can also improve governance and compliance since information that has been correctly identified and tagged can be properly classified and managed.”


Properly securing access to sensitive information


To properly secure access to sensitive information, businesses can set permissions for sites and libraries. “Because the data is properly organized at these levels, it’s very easy to set up, manage, and ensure that people only have access to the information they need,” explained Khan. Businesses can also set up an audit log, create communication compliance policies, and apply sensitivity labels to documents.


Leveraging artificial intelligence (AI) and machine teaching (MT) tools 


Following these steps, businesses must migrate and organize content in SharePoint before implementing an effective records management system. “Some employees do not care about records management as much as businesses would like them to,” Khan warned. “Luckily, AI and MT tools like THEMIS ICE integrate with SharePoint Syntex to sift through content, remove ROT before migrating content, and intelligently tag and organize content in the correct sites and libraries.”


In addition, businesses can use another AI tool, Viva Topics, to make it easier for employees to find the content they need and discover more information. Once the tool is turned on, it will analyze and collect information and then create and populate topic cards. Topics cards summarize topics, provide definitions, list key documents, link to subject matter experts, and more. Employees can easily view topic cards by hovering over a topic in SharePoint, Teams, or Outlook.


Implementing an effective records program


Once businesses have migrated and organized their content in SharePoint, they can implement an effective records management program in Microsoft 365. “Retention schedules are an important part of compliance,” Khan pointed out. “Businesses can apply retention labels to documents to ensure they’re kept for the required amount of time,” adding that THEMIS ICE allows for both intelligent content migration and enrichment of existing data which can both be leveraged by labels for specificity.

Microsoft 365 offers three types of retention labels: standard, record, and regulatory record. Standard labels would be applied to a document that should be deleted after a couple of years but does not need to become a record, such as a reference document. Record labels would be applied to a document that need to become a record and have the option to be unlocked to make changes to the content or metadata. In these cases, SharePoint stores the original record in a different location so that the business remains fully compliant. Regulatory record labels are applied to documents that need to become an immutable record, meaning it cannot be unlocked to make any changes. In addition, retention labels can be managed using a file plan, which provides disposition reports to prove compliance.

Microsoft 365 also allows businesses to do event-driven retention and case-based retention. Event-driven retention allows businesses to base a document’s retention period on when a specific type of event occurs, such as an employee departure or contract termination. Case-based retention involves configuring a label on a SharePoint location or library and setting a compliance asset ID so that all of the documents within adhere to the label and are connected together.

“Using THEMIS and Microsoft 365, businesses can achieve and maintain better governance and compliance,” Khan concluded. “They can also prevent content chaos and the resulting security, legal, and employee risks. Ultimately, businesses can ensure growth and prosperity in the face of even the most difficult challenges.”