Keeping documents physically keeps filing cabinets full. Digitizing the data can save space and paper. But is audit-proof archiving also possible if the actual documents, eg contract documents, are physically destroyed and are only available in electronic form?
For an audit-proof archiving of data, it must be ensured that they are stored completely, unchanged and loss-free and at the same time are accessible at all times. There are several options for storing the data on Microsoft Office365 in the SharePoint Online component. The data can be found and reproduced at any time. However, a filing process must also be mapped in terms of organization and authorization and then approved by an auditor in order to ensure audit security.
From an organizational point of view, the following points must be taken into account:
- Access to the data must be restricted, for example through appropriate authorizations.
- Access to the data must be documented to prevent manipulation.
When it comes to technical implementation, Microsoft offers two basic options with SharePoint Online:
- Record Center/Repository – Data that must be retained is moved to a separate website and declared there as a record with access permissions and expiry periods. By assigning a unique document ID, the data can still be found. Custom record libraries and/or content types can also be created to set policies for the records.
- In-Place Records or Retention Labels – The data is not moved, but remains in the place where it was originally stored. With In-Place Records, permissions and restrictions are set manually for each record. The “modern” way recommended by Microsoft is to use retention labels. This has the following advantages over the use of in-place records:
- Scalability – The solution can be used across the company’s entire Office365 tenant once configured in the Security & Compliance Center by the administrator
- Retention Labels offer a convenient user interface
- Multiple selection of documents and declaration as a data record is possible
- “Immutable record labels” (announced Q4/2018) – Documents can be marked as immutable, ie irreversible, as non-editable and non-erasable.
A hybrid solution with repository and retention labels is also conceivable. We would be happy to advise and support you in the design and implementation of an individual solution!