The best way to do this is to add records managers to a Security Group and then add that Group to the SCA group of every site. This access could be deferred for sites that contain very sensitive information, although typically records managers would have access to all records, including if they had an EDRMS. And, access is always recorded in audit logs or the local site ‘viewers’ (where enabled) and ‘last modified by’ information.
- The chat content in 1:1 chats.
- The chat content in the various Teams.
- SharePoint sites linked with Teams.
- Exchange mailboxes.
- OneDrive for Business accounts. An additional consideration is how long the content of inactive ODfB acccounts should be retained via the ‘Storage’ policy (default is 30 days then permanent deletion).
- SharePoint sites not linked with MS Teams. This includes whole sites as well as library-based retention policies.
- Office 365 Groups (mailbox/SharePoint site). If linked with a Team, a second retention policy is required for the Team chat content retention (second dot point above). For example, one policy ‘GroupABC’ and a second policy ‘GroupABCTeamChat’.
Records managers will also need to advise on the appropriate retention policy or policies that need to be created and then applied to:
As many of the above retention policies replace the need for backups, records managers need to discuss the options with their IT colleagues.
In this new world, the role of records managers will change from being the curators of records copied to and stored in a separate ‘records and document management’ system, to being records compliance analysts or perhaps, corporate knowledge and information managers and content analysts.