The point of SharePoint for sharing (and managing) records

We’re lucky here at QSA – we have an awesome eDRMS for all our records management. It not only handles digital records but physical records too and lets us do all the records management tasks we need to do.

However, not all agencies are able to implement an eDRMS, or even business systems with records functionality, to manage their records. So what other options are there?

We’ve always said SharePoint was an option if it suited your agency and it met all your legal and business requirements. But what is it actually capable of?

Recently some of us here at QSA did training in SharePoint Online (part of Office 365), which we use internally to collaborate and share general information, and there were quite a few lightbulb moments when the trainer mentioned things like records, retention, manage metadata, and checking documents in and out.

Here are some of the things I didn’t know SharePoint could do but just might make it suitable for managing some or all of your records.

Keep in mind, this blog is not an endorsement of SharePoint for records management as QSA does not endorse any products. What we did want to do is provide you with information about it that could potentially help your agency manage its records.

Document library

SharePoint has the ability to keep and manage document libraries. Documents can be uploaded or created in SharePoint. People can find the documents easily regardless of what folder or library it’s in, (depending on permissions – more on that later), you don’t have multiple copies floating around on shared drives or desktops, and you can modify the settings, metadata and various fields so it tracks the information you need and manages the documents the way you need to. You can even set it up so that records have to be checked out before they can be edited or changed.

In other words, it can do the basic records management tasks but also make it a whole lot easier for users to find and access the information they need when they need it.


SharePoint automatically indexes documents, pages and information based on titles, keywords, content and metadata. This means that if you search for something, you’ll most likely find it – if you have permission to see it that is.

You can turn off the automatic indexing for certain documents or libraries (like the super confidential stuff) so it doesn’t come up in search results, but so long as permissions are set, users will only see what they’re allowed to see anyway.

Permissions and access

First of all, you can set and control permission levels. It has pre-set/default permission levels that you can use, or you can create your own.

So, you can set who has permission to delete a document (pretty important) or see a particular set of documents (also important) or move a document to a different folder or category.

With the levels that are pre-set, you just need to say who gets what level of permission.

You can also create your own permission levels, or modify a pre-set one, and assign them to particular groups or people. For example, groups could be set up to mirror your organisational structure, and permission levels could be based on the Queensland Government Information Security Classification Framework (QGISF).

It might also be possible to have your organisation structure in Office 365 (especially if you use Outlook) – SharePoint can then use this information, which makes groups a lot easier to set up.

Metadata and settings

SharePoint automatically creates some metadata for documents, like who created it, when it was created and last modified, what version it is, file size and type etc. It does this even if the document was created in Word on your desktop and uploaded to SharePoint.

Some of these fields are standard and can’t be changed, but others you can adjust – e.g. create major and draft or minor versions (1.0, 1.1, 2.0, 2.1 etc), unique values only, mandatory fields etc.

You can also create fields for other metadata, either using a free text field (like a document title, description etc), or a pre-determined field like a date, category, or drop-down list. One of these pre-determined fields is ‘managed metadata’, which allows you to set managed terms. Business classification scheme? Thesaurus perhaps?

Keep in mind that SharePoint has some basic Excel functionality. One example we used in our training for this was review dates. We had a column for ‘date last reviewed’ and a column for ‘date due for review’. The ‘due for review’ column was set up to calculate a date based on the ‘date last reviewed’ and a review period in dates (e.g. 365 days, 180 days).


Workflows can be set up in SharePoint and they have all sorts of settings and rules you can use.

Here are some examples we looked at. They could be based on:

  • review date (like our example above) – so someone would get an email when a document came up for review
  • requests for approval – if you had a status field, a workflow could be started if the status changed to ‘awaiting approval’.

And my personal favourite…

  • retention periods and disposal triggers – you could set up a workflow to notify you when a document should be up for disposal, say 3 years after last modified, or last reviewed, or last accessed.

Categories vs folders

Like a shared drive, you can create folders and put documents in said folders, but you can also create categories that can help you organise information. Which one you choose is up to you, however categories are recommended over folders for various reasons.

The main one is that categories can actually help people find what they want regardless of what folder they’re in (pretty handy). You can also assign multiple categories to a document and still have just the one document (also handy), but that’s a bit harder to do that with folders. Lastly, categories seem to be an easy way to organise information without limiting searchability or adding extra characters to the URL for a document, whereas folder names do find their way into the URL.

Definitely something to investigate further especially if you have lots of documents you want to store in SharePoint.

Information management and policies

SharePoint has a little function that lets you set rules and policies for information management, which can help you ensure you’re meeting your legal and business responsibilities.

We didn’t look at this much in our training, but I did find some information online about this. It could be a useful feature if you are looking at using SharePoint to manage records.

Deleting documents from SharePoint

SharePoint has a nifty feature when it comes to deleting documents. There’s the recycle bin – pretty standard, we all know how that works – and then there is the second stage recycle bin. It’s like the recycle bin’s recycle bin.

As for all the things you need to do to lawfully dispose of records, this is something you’ll need to look into further to make sure you’re meeting your obligations. Check out the links under more information for more… er… information.

Preservation of documents

Many records need to be kept for years, some very long-term or even permanently. And those records need to be accessible and usable for the entire retention period.

Throughout the training and the various lightbulbs going off about the recordkeeping possibilities of SharePoint, I did wonder what it could do (if anything) in the preservation space.

I know it can export a lot of information into another format (e.g. a table on a SharePoint page to an Excel document) and most documents in a SharePoint library can be downloaded and saved to a local drive (even regularly synced with the version on SharePoint), but can it monitor the ‘health’ of an electronic record (Check if it Is corrupted? Is the format still usable? Can that format be upgraded to a newer format?).

Agencies need to bear this in mind when they’re thinking about using any software, including SharePoint.

More information

It certainly seemed like the more you use Office 365, the more you can do with it and SharePoint, but there are still areas that need further investigation and consideration.

If you’re considering SharePoint to manage documents, or just want to know more, check out the advice, information and training on the Microsoft site.

Lastly, of course, (sorry, mandatory disclaimer), SharePoint is a possible option for managing records if it suits your agency – but that decision is up to you. Make sure you do the research and all the checks you need to before deciding it’s the way to go and suitable for your needs.

Don’t forget, SharePoint Online as part of Office365 is a cloud-based services – so make sure you look at our advice on cloud storage and services to make sure you can meet your legislative and business requirements.

You can find more information about things to consider on our website:

State Records NSW also has a blog post on the recordkeeping capabilities of SharePoint 2013 and SharePoint Online.

Remember, you can contact us via email, telephone, blog, Twitter.

One thought on “The point of SharePoint for sharing (and managing) records

Add yours

  1. Thanks for this article. A few other handy features worth pointing out…

    There are actually a lot of information management/governance options in Office 365 set through the Security and Compliance Centre. For example, default retention policies which can be applied to ALL SharePoint sites at creation.

    Additionally, you can create user-applied retention policy labels which a user can apply to increase the retention period of a library, a document, a list and even a list item if you wish to retain items longer than the default retention which has been set at the Tenancy level.

    With default retention, even if the user “deletes” the document, once it leaves the recycle bin of the site, it is still retained in a preservation hold library and is discoverable through the eDiscovery module in the Security and Compliance Centre.

    If you upgrade your O365 Tenancy to purchase the Advanced Compliance module, your records manager can then also undertake disposition review of items due for disposal, get sign-off from business owner through a workflow etc.

    Within the O365 Security and Compliance Centre there is also the eDiscovery centre where you can manage discovery requests and apply legal hold.

    Additionally, it is also possible to set labels/policies for information security classification, which can be automatically or manually applied depending on the subscription of your O365 Tenancy. These labels will enable you to apply protective markings (Private, Protected etc) to identify the information security classification of your document and if you desire, also enforce certain actions (eg: watermarks, restrict printing, downloading etc) based on that classification

    The Security and Compliance Centre also provides great metrics on the number of retention or classification labels applied, who has applied them, and an indication of your overall information governance posture.

Leave a Reply

Powered by

Up ↑

%d bloggers like this: