The role of metadata for greater compliance and security

What is metadata, and why is it important?

Metadata is an integral component of modern enterprise content. In this four-part series we will explore why metadata is important and the benefit it can bring the organization and the end-user:

1. Metadata is integral to a modern Enterprise Content Management system 
2. How email plays an important role in the Enterprise Content Management system
3. Leveraging Metadata for intelligent SharePoint solutions
4. The role of metadata for greater compliance and security (Azure Information Protection - AIP) [This blog post]

As we have explored metadata has an important role in improving the end-user experience of SharePoint. Through the use of metadata, we can classify content so that it makes more sense when we are working with it, and also enhance the search experience for the end-user, which is an efficient option to find relevant content.

Metadata can be user-driven or it can be system driven - and I am sure we can all agree that system driven capturing of metadata is essential for any business. By taking advantage of the automated capturing of metadata organizations can have better compliance, business workflows, processes, and security and remove any additional onus on the end-user and also help create greater consistency.

This blog will explore the role of metadata for greater compliance and security and how auto-classification can help with workflows.

With the move to Modern SharePoint experience and a flat Information Architecture, compliance is now configured at the tenant level in the Security and Compliance Center (as opposed to the classic SharePoint experience, where it was configured at the site collection level). These policies can then be applied to specific sites (or site collections) and also be extended to other areas of Office 365 such as OneDrive and Outlook.

Sensitivity & Retention labels - Unified labels

Different documents across any organization have different requirements, regulations and internal policies associated with them. Some areas of the business such as finance may need to keep records for a defined amount of time while other documents such as in marketing might have different requirements.

Using unified labels the management of these policies can be simplified. As with AIP labels, the application for both sensitivity and retention labels can be user-driven or manually applied or they can be applied automatically if specific conditions are met.

Together, these are unified labels that are available in the Security & Compliance Centre, providing a central place to manage both sensitivity and retention labels.

Sensitivity labels: are used to apply encryption and protect content from being shared. For example, you can label a document as 'Confidential'.

Retention labels: allow you to apply rules around when content should be preserved for, or when content should be deleted.

Applying labels automatically can be beneficial as you do not need to train users on specific requirements, it can reduce administrative errors and removes the onus on individuals who may not be entirely familiar with governance policies.

SharePoint also allows you to set the policy at the document library, folder or document set level. This means that any document that is saved to these locations will inherit the retention label policy - truly removing the need for the end-user to apply this label.

For all items stored in SharePoint, whether they be emails or documents you can use retention labels to classify that piece of content as a record. Once an item is classified as a record it cannot be edited or deleted, giving the business confidence that this record will be maintained. Office 365 retention labels can be utilized to implement a records management strategy and in SharePoint, the record center can be applied.

Azure Information Protection

Azure Information Protection (AIP) is a cloud-based solution that assists with the classification and protection of documents and emails by applying labels to these items. Labels can be system driven - that is, applied by rules and conditions defined by administrators or applied manually by users.

Rules can be created based on types of information that reside within a document. For instance, a rule can be defined to detect credit card numbers.  When a document contains a credit card number and is saved AIP recommends that the document is saved with an appropriate classification so that it is protected.

This classification is useful and at times essential for other processes within the business to operate efficiently. These values can also be applied to emails and here, OnePlaceMail can extend this to automatically capture the classification and promote this value to a column in SharePoint - surfacing this for end-users so they can immediately see the classification of all emails stored in SharePoint and removing the need for the end-user to manually classify each email that is being stored.

If you took the opportunity to create AIP labels these can now also be migrated to the unified labeling in the Security and Compliance Center.

Workflows

Workflows streamline and automate business processes that might be a routine procedure reducing administrative tasks for end-users. This is particularly useful for repetitive tasks such as approval processes, document reviews or document retention processes.

Workflows can be generated based on the metadata captured in SharePoint at the time of saving. For end-users, they have confidence that the work they are capturing and classifying into SharePoint will be made available to those who need to see it.

A simple workflow is to be alerted when a document is added to a specific library, in this instance the end-user does not have to repeatedly check to see if the document is ready for them.

Other workflows can be designed to ensure tasks or the status of a project is reviewed by the appropriate manager before proceeding or ensuring the payment of a customer is approved before being completed.

Compliance

Classifying data at the time of saving to a central collaboration space can help not only in business processes and workflows but also with compliance. The tagging of a document helps the document to be discovered by end-users for day to day tasks but also assists with tracking important content, for wider business compliance. For example, by capturing documents associated with a customer - surfacing this later for audit purposes is a much simpler task. For purposes such as GDPR compliance, the requirement to be compliant with local and international guidelines means capturing true and accurate records has never been more important.

How OnePlace Solutions can help?

Products such as OnePlaceMail can help streamline these processes by capturing these important pieces of metadata not only on the user-driven side but also when system-driven or automated processes and workflows have been applied.

Capture and classify emails to SharePoint, directly from Outlook

When an email is saved to SharePoint using OnePlaceMail - email attributes are automatically captured - this is an efficient technique for record management to ensure true and accurate records are available for all team members in a central location, including the capturing the original email date, recipient, subject and sender.

This is also applicable for attachments from emails as well as any working documents which can be captured and classified - for example, if a project document has been saved to SharePoint, one team member can associate a document with a colleague through the people/group column where a workflow can immediately be triggered, simplifying business processes and removing the hassle for workers to manually track through a document.

By providing users access to SharePoint in applications they spend their time working in we can ensure that this important metadata is captured, and data is retained and secure in a central location.

I hope this article highlights how metadata plays an integral role in greater compliance and security.

If you would like to learn more about how OnePlace Solutions can help you capture, classify and access metadata contact us.