We recommend organizations to automate information governance and records management instead of relying on staff to manually identify and classify important information, e.g. manually apply a M365 record label. By automating M365 Information Governance and Records Management, the burden is then moved from users to the IT/IM/Compliance department for setting up a framework and solution that automate the classification of information.
Microsoft 365 (M365) has a range of features and functions available to automate the identification and classification of important and sensitive information.
Let me give you an example of how this can be set up for HR files in M365 to ensure GDPR compliance:
HR files are stored in dedicated HR sites with a folder per employee
The folders have default metadata such as HR record type and employee ID that stored files automatically inherent
M365 auto-apply record labels to HR files based on the metadata
When people leave the organization, we automate the retention and disposition by automatically getting the end-date from your HR system
If staff store HR files in other sites, mailboxes, or OneDrive for Business, we use Sensitive Information Types and Trainable Classifiers to automate the identification and deletion of this, e.g, auto-delete after 3 months.
The IT/IM/Compliance staff use the M365 Compliance Centre to monitor this and take corrective actions when required.
This blog post provides you with more information about the available features and functions.
How to automate M365 Information Governance and Records Management?
The key to automating M365 Information Governance and Records Management is to set up an information architecture as foundation for automation. This process usually includes the following steps.
This results in a design blueprint that is verified with proof-of-concepts and business pilots.
Please feel free to contact us if you need help establishing an M365 information architecture as foundation for automation. Below are some blog posts that may be of interest.