+61 2 9267 3700
زراعة الشعر في تركيا hair transplant in turkey افضل شركات التداول الموثوقة والمرخصة عبر الانترنت gaziantep escort bayan gaziantep esort bayan antalya rafting evden eve nakliyat php shell download php bypass shell

Information Management in Microsoft 365 – Event-based Retention

In the last part of our Microsoft 365 (M365) series we looked at retention labels. While event-based retention is possible in the M365 environment through retention labels, it requires additional steps on the part of end users and administrators in order to work:

  1. A retention label needs to be published by an administrator with a retention trigger that is based on an event, and the label is associated with an event type (e.g. date of birth).
  2. The retention label needs to be applied to content by an end user, whereupon an additional metadata field called Compliance Asset ID will be available.
  3. The end user needs to assign a Compliance Asset ID to the content (e.g. an employee unique ID).
  4. The administrator then needs to create an event that is linked to the event type used by the required retention label. The event also needs to search for content that matches the related Compliance Asset ID (e.g. linked to Date of Birth event type, and searching for a Compliance Asset ID that matches a specific employee ID).

See an example below of what event-based retention might look like for employee file records, which generally need to be retained for a period after a certain date (either date of birth, or date employment ceased).

Where event-based retention is required organisations may want to consider using document set content types to contain content. This will mean that the Compliance Asset ID only has to be applied once at the document set level, and is inherited by any documents contained within the set. Organisations may also want to explore the feasibility of automating some aspect of event-based retention:

In the next part of our series we will look at publishing retention labels to label policies.

About the Author

Adelaide Copland has worked as an information specialist and CM/TRIM application administrator since 2014.  Adelaide has experience in Microsoft 365 implementations, process improvement, records training delivery, development of policies and procedures, strategy and establishing digitisation programs.

Information Management in Microsoft 365 – Retention Labels

Retention labels in Microsoft 365 (M365) provide organisations with the ability to apply retention controls to documents through the solution interface. Unlike retention policies, when a retention label is published end users can view and apply retention labels themselves.

To understand how retention labels can be used to support your retention requirements, let’s look at how they can be configured. Retention labels can be set to keep content forever, start a disposition review, or dispose of content a certain period after the following retention triggers:

  • the content was created
  • the content was last modified
  • an event (we will take a look at event-based retention in a later blog)

Retention labels also have the configuration option of classifying items as ‘Records’ or ‘Regulatory Records’ once the label is applied. Once an item is declared as a record, certain restrictions are placed on actions that can be performed, such as editing record content.

Retention labels can be imported as a file plan. Please note that in our experience when importing from CSV there appears to be a 36-character limit per cell for the import. As such, if using the file plan import organisations may wish to leave Comments, Notes, Reviewer Email and Citation URL’s blank and manually add this information to labels after import. Event-based retention labels also need to be manually created.

In order to use retention labels, they must first be published to a retention label policy, which we will focus on in a future blog.

The following rules apply to published retention labels:

  • only one label can be applied to an item
  • if a label is manually assigned, it can be changed by end users (I.e. you cannot prevent people from modifying the label assigned)
  • if an auto-apply label is assigned, end users can apply a manual label instead
  • if a manual label has been assigned, an auto-apply label cannot replace it
  • if an item meets the conditions of multiple auto-apply labels, the label with the longest retention is applied

Disposition Reviews

A major benefit of using retention labels is the disposition review feature (only available to E5 licences with access to Advanced Information Governance). Where a Reviewer Email has been set on a retention label, once a record with that label applied passes its retention period the reviewed will receive an email notification asking to review disposal.

Roles and responsibilities

Pending dispositions can be viewed in the compliance centre, with Reviewers given the option to:

  • permanently dispose of the item
  • extend the retention period
  • apply a different retention label

Proof of disposition is maintained for 7 years, and is based on Unified Audit Log data.

Organisations however may find that there are gaps in metadata required to be captured for proof of defensible disposition.

In the next part of our series we will look at event-based retention in M365.

About the Author

Adelaide Copland has worked as an information specialist and CM/TRIM application administrator since 2014.  Adelaide has experience in Microsoft 365 implementations, process improvement, records training delivery, development of policies and procedures, strategy and establishing digitisation programs.

World Digital Preservation Day

World Digital Preservation Day

World Preservation Day 5/11/2020

Did you know that the first Thursday of November is celebrated as World Digital Preservation Day (WDPD).  WDPD allows preservation experts across various industries to come together and raise awareness of digital preservation initiatives and societal benefits of preservation.

The world in which we work today is largely digital. Digital information and records are growing exponentially every day, and appropriate strategies need to be developed and implemented to ensure appropriate records and information are preserved over time. As we live through the COVID-19 pandemic, it’s evident that evidence of worldwide organisational and social responses to the pandemic are likely to have ongoing historical, social and research value. So how do we ensure that relevant records and information are maintained and preserved for future generations?

In a past blog, we talked about digital preservation. In it we discussed what preservation means, its importance, and resources to support digital preservation programs and initiatives. The Digital Preservation Coalition act as champion of WDPD, and provide a plethora of resources to help organisations get their digital preservation journey underway. The Digital Preservation Handbook is a great starting point for organisations wanting to understand what preservation involves.

Before you get started it is important to understand:

  • the digital records and information assets your organisation owns
  • the repositories (i.e. systems) that house your records and information assets
  • retention requirements for digital records and information assets
  • organisational expertise and technical capacity to carry out digital preservation activities

From this, organisations can develop a digital asset register which can provide a clear and concise view of digital assets it owns. Having an understanding of organisational readiness will also help to inform preservation next steps, and whether external expertise is required to support your preservation journey.

If you’re looking to start your preservation journey and need some support the team at Recordkeeping Innovation can assist you. Learn more at

About the Author

Adelaide Copland has worked as an information specialist and CM/TRIM application administrator since 2014.  Adelaide has experience in Microsoft 365 implementations, process improvement, records training delivery, development of policies and procedures, strategy and establishing digitisation programs.

Information Governance

Just google the term “maximising the value of information” and you will get a plethora of results.  How did we get here and why are we still struggling to manage information?

Technology has led to a massive growth in the volume of information. Now there are new technologies to manage the ever-increasing volumes of information across multiple systems and platforms.  Some of these systems are great and really help us achieve efficiency, ease of use and better business outcomes.  But shouldn’t we be more strategic instead of just throwing another piece of technology at it?

How can we maximise the value and minimize the risk to our information before implementing new technologies? Implementing Information Governance strategies can provide organisations with a framework to better understand and manage the information that they need to create, use, share and and at some point information that can be disposed of.

Information Governance, as described by Gartner[1], “is the specification of decision rights and an accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information…”.  In guidance for Establishing an Information Governance Framework, the National Archives of Australia describes Information Governance as a “system for managing information assets across an entire organisation to support its business outcomes”.  Data.NSW promotes an Information Management Framework that’s provides a shared direction for how information should be managed within the NSW public sector.  The common theme here is to have a framework and systems that manage all of an organisation’s information, including records and data, from creation through to business use and eventual disposal.

With effective information governance practices in place organisations can achieve responsible corporate governance and leverage opportunities to maximise the value of information assets.

Information Governance Frameworks

Developing an information governance framework with a ‘by design’ approach will help organisations to have information that is trusted, reliable and business outcome focused.  Effective frameworks require collaboration across specialty areas including privacy, security, compliance, information management, records management, data management and information technology.  A key component in aligning theses specialty areas is an information asset register.

Information Asset Register

You can’t develop an effective information governance framework or maximise the value of your information until you know what you have and understand its context, who controls it and its limitations.  An Information Asset Register helps you to understand:

  • what your information assets are,
  • where your information assets are located,
  • what software applications they are managed in,
  • what formats they are in,
  • who the business owners or custodians are,
  • requirements for access, security and privacy,
  • the value of information to the organisation legally or otherwise (high or low),
  • requirements for retention and disposal, and
  • possible risks that need to be mitigated

An information asset register should be a key component in any information governance framework and is a great starting point in maximizing the value of your information.  Below are just 2 examples of what an information asset register might look like.


About the Author

Annette Senior has a Graduate Diploma of Science (Information Services) and has worked in information specialist roles since 2000.  She has delivered front line support services for Electronic Information Management systems and has extensive experience as a systems administrator for TRIM.  In addition to her technical understanding, she is a knowledgeable and adept trainer, designing and delivering information management and system-based training for diverse audiences.  Annette’s’ experience in risk and compliance areas informs her approach to information and records management frameworks.  She has experience developing and maintaining recordkeeping policy, procedures, classification and disposal tools to support business objectives and the implementation of technology.

Information Management in Microsoft 365 – Retention Policies

In our last Microsoft 365 (M365) article we began to touch on retention capabilities within M365. A core retention capability within M365 is that of retention policies, which provide the ability to:

  • decide whether to retain and/or delete information assets
  • apply a single policy to the entire Agency or specific locations and users
  • apply a policy to all content in a location or to content meeting certain conditions

Retention Policies are a great feature for organisations with relatively simple retention and disposal requirements. Policies work as a behind the scenes feature, and are applied to content matching policy settings without any end user intervention.

When a retention policy is applied to locations or information assets, people can continue to edit and work with information assets. However if a document is deleted or modified a copy of the document is retained in the Preservation Hold Library (PHL) in SharePoint or the Recoverable Items Folder (RIF) in Exchange. It is important to note that if content is deleted or modified:

  • for deleted items the original document/email is moved to the Recycle Bin and deleted after 93 days (SharePoint, OneDrive, Teams) or Deletions folder and deleted after a default 14 days (Exchange)
  • where a copy is taken, the copy will have its own GUID and it is not clear whether any relational link is created between the copy and the original (including audit history of the original)
  • recycle bins are not indexed therefore any searches, including eDiscovery searches, will not be able to discover information assets within a recycle bin. However the PHL and RIF are indexed and searchable

PHL exist at a site collection level within SharePoint (or SharePoint backend solutions like Teams and OneDrive). The libraries are only created when the first item needs to be copied to the library, rather than when the retention policy is created. PHL are only viewable by Site Collection Administrators (or other admin roles with access to Site Collection Administrator permissions). Microsoft MVP Joanne Klein has written a helpful explainer on the Preservation Hold Library, including a table which documents PHL behaviours when particular site actions are performed.

“Digital Preservation” by zipckr is licensed under CC BY 2.0

The RIF in Exchange is hidden from end users, but content is discoverable via eDiscovery searches. Administrators with appropriate controls can perform actions on user RIF using the Exchange Management Shell. Users RIF storage quota, when a retention policy is applied to the mailbox, is automatically set to between 90GB and 100GB. If the auto-expanding archiving feature in Exchange Online is enabled, the storage quota for the RIF in the user’s archive will be unlimited.

When configuring a retention policy rules can be set to keep content forever, or dispose of content a certain period after the following retention triggers:

  • the content was created
  • the content was last modified

Retention Policy Gaps

Retention policies are unable to accommodate retention triggers that are event-based (e.g. date of termination, expiry of contract, date of birth, etc). While Retention Policies present a promising feature for managing simple retention requirements, the lack of disposition review process for Retention Policies leaves gaps in compliance if proof of defensible destruction is a requirement.

In the next part of our series we’ll look at Retention Labels in M365.

About the Author

Adelaide Copland has worked as an information specialist and CM/TRIM application administrator since 2014.  Adelaide has experience in Microsoft 365 implementations, process improvement, records training delivery, development of policies and procedures, strategy and establishing digitisation programs.