Skip to content

Setting up Compliance

Document Central can be configured to be a fully compliant document management system. Compliance ensures adherence to internal policies, procedures, and government laws. Implementing compliance procedures protects your company's reputation, enhances its vision and values, and helps prevent and detect violations.

To set up compliance, Document Central utilizes a feature called retention labels.

Retention labels allow you to manage and apply retention policies to documents. Similar to tags, retention labels can be applied to documents to enforce a retention policy. These labels can be applied manually by a user or automatically based on certain conditions.

There are different types of retention labels in Microaoft 365 that differ in their behaviour.

  • Retention Labels:

    • Anyone with permission to update an item can apply, modify, or remove these labels without any restrictions.
    • Once applied, both the content and metadata (site columns) remain editable.

  • Record Labels:

    • These labels can be applied by anyone who can update an item.
    • Only an administrator has the authority to modify or remove them.
    • When applied to a list item, the metadata becomes unchangeable.
    • When applied to a file, the content becomes unchangeable, but metadata can still be edited.

  • Regulatory Record Labels:

    • These labels can be applied by anyone with the ability to update an item.
    • They cannot be changed or removed by anyone.
    • When applied to any item or file, both the content and metadata are locked and become unchangeable.

Regulatory Record Labels are ideal for situations where it's crucial to guarantee that a record remains unaltered. These labels are not to be taken lightly; once applied, they permanently lock the record and its metadata, ensuring that no changes can ever be made.

Here are some key distinctions between Regulatory Record Labels and other label types:

  • Restricted Movement: Users can move regulatory records within the same SharePoint Library, but cannot move them to different Libraries or Sites.
  • No Versioning: Unlike standard Record Labels, which allow for the creation of new versions of a record while keeping the previous versions immutable, Regulatory Record Labels do not permit record versioning. This restriction ensures that once a record is set, it cannot be updated or changed.
  • Fixed Retention Periods: Administrators cannot shorten the retention period set by a Regulatory Record Label when modifying its settings in the Compliance Center.
  • Irreversible Site Deletion: If a SharePoint site containing regulatory records is deleted, it cannot be restored. This underscores the permanence of these records.
  • Opt-In Feature: Regulatory Record Labels are disabled by default in Microsoft 365. To enable them, administrators must use PowerShell, ensuring that only those who understand their implications can access and apply them. This precaution helps prevent the accidental permanent locking of important content.
  • Alert Notifications: Microsoft has implemented additional alerts to inform administrators and users about the irreversible nature of these labels. While these warnings are in place, it remains uncertain how many will actually heed them.
  • Manual Application Only: Due to the serious implications of making content permanently immutable, Microsoft has decided to restrict the application of Regulatory Record Labels to manual processes only. This prevents any automated system from accidentally applying these labels, safeguarding against unintended consequences.

Benefits of Using Regulatory Record Labels

The introduction of Regulatory Record Labels offers enhanced retention options, which are invaluable for organizations aiming to achieve the highest levels of compliance. These labels ensure that critical records and their metadata remain permanently unaltered, providing a robust tool for maintaining strict regulatory standards.

To maximize their benefits, it's important to implement Regulatory Record Labels selectively. They should be applied to specific sites, groups, and inboxes, and managed by a limited number of trained and trusted users. This cautious approach ensures that only those who fully understand their implications can interact with content protected by these labels. As a result, these labels are best suited for locked-down archival areas, where they can securely manage sensitive information.

Overall, Regulatory Record Labels are an excellent asset for a select group of organizations. Their use in controlled environments enhances compliance and ensures the integrity of crucial records.

Important

To use labels in Microsoft 365, including Retention Labels, Record Labels, and Regulatory Record Labels, you generally need one of the following plans that include compliance and data governance features:

  1. Microsoft 365 E5: This plan includes advanced compliance and security features, making it ideal for organizations that require comprehensive data governance, including the use of Regulatory Record Labels.
  2. Microsoft 365 E3 with Compliance Add-on: While Microsoft 365 E3 provides basic compliance features, you can add the Advanced Compliance add-on to access more sophisticated options like Regulatory Record Labels.
  3. Office 365 E5: Similar to Microsoft 365 E5, this plan includes advanced compliance capabilities but does not include Windows 10 and Enterprise Mobility + Security. It's suitable for organizations focused on Office and productivity applications.
  4. Office 365 E3 with Compliance Add-on: Like Microsoft 365 E3, Office 365 E3 includes standard compliance features, with the option to add more advanced capabilities through the Compliance add-on.
  5. Microsoft 365 Compliance Center: You can access various compliance solutions, including information governance and data loss prevention, through the Microsoft 365 Compliance Center. The availability of specific features depends on your subscription plan.

It’s important to check the specific capabilities available in your current plan and consider any add-ons that may be necessary to access the full range of labeling and compliance features. For detailed information and to ensure you have the necessary features, it's advisable to consult with a Microsoft sales representative or visit the official Microsoft website.