Introduction to information management policies
Organizations can define and use information management policies on Microsoft Office SharePoint Server 2007 sites to enforce compliance with corporate business processes or legal or governmental regulations for the management of information. Information management policies enable site administrators or list managers to control how content is managed.
In this article
What is an information management policy?
An information management policy is a set of rules for a type of content. Information management policies enable organizations to control and track things like how long content is retained or what actions users can take with that content. Information management policies can help organizations comply with legal or governmental regulations, or they can simply enforce internal business processes. For example, an organization that must follow government regulations requiring that they demonstrate "adequate controls" of their financial statements might create one or more information management policies that audit specific actions in the authoring and approval process for all documents related to financial filings.
Policy features included in Office SharePoint Server 2007
Each individual rule within an information management policy is a policy feature. Office SharePoint Server 2007 includes several predefined policy features that organizations can use individually or in combination to define information management policies for their sites. The policy features included in Office SharePoint Server 2007 are:
Auditing The Auditing policy feature helps organizations analyze how their content management systems are used by logging events and operations that are performed on documents and list items. Organizations can configure the Auditing policy feature to log events such as when a document or item is edited, viewed, checked in, checked out, deleted, or has its permissions changed. All of the audit information is stored in a single audit log on the server, and site administrators can run reports on it. Organizations can also use the Office SharePoint Server 2007 Object Model to write and add custom events to the audit log.
Expiration The Expiration policy feature helps organizations delete or remove out-of-date content from their sites in a consistent, trackable way. This policy feature helps organizations manage both the cost and risk associated with retaining out-of-date content. Organizations can configure an Expiration policy to specify that certain types of content expire on a particular date or within a calculated amount of time after some document activity (such as creating or editing).
Barcodes The Barcodes policy feature enables organizations to track physical copies of documents or list items that have been printed from a site. The Barcode policy feature creates a unique identifier value for a document. Users can then insert a barcode image of that value into the Microsoft Office documents they create. They can also use a barcode on a physical copy of a document to search for the original copy of that document on the server. By default, barcodes are compliant with the common Code 39 standard (ANSI/AIM BC1-1995, Code 39). Organizations can use the Office SharePoint Server 2007 Object Model to install other barcode providers.
Labels The Labels policy feature also enables organizations to track physical copies of documents or list items that have been printed from a site. The Labels policy feature automatically generates text labels based on document properties and formatting that a site administrator or list manager specifies. When users insert labels into Microsoft Office documents, the labels are updated automatically with the information from the document's properties.
Custom policy features
Organizations can also create and deploy custom policy features to meet specific needs. For example, a manufacturing organization might want to define an information management policy for all draft product design specification documents that prohibits users from printing copies of these documents on nonsecure printers. To define this kind of information management policy, the organization can create and deploy a Printing Restriction policy feature that can be added to the relevant information management policy for the product design specification content type.
Information management policy integration with 2007 Microsoft Office system programs
There are a couple of ways that Office SharePoint Server 2007 information management policies can be exposed to users within the 2007 Office release client programs. When you configure an information management policy on the server for a specific content type, list, or library, you can write a policy statement that is displayed to users who work with the content that is subject to this policy. The policy statement can inform users that the information management policies are enforced for the document, or it can provide detailed information, such as the fact that a document expires after a certain period of time. When users open documents that are subject to information management policies in one of the 2007 Office release client programs, this policy statement is displayed. Additionally, if an information management policy includes the Barcode or Label policy feature, the policy can be configured to require users to insert barcodes or labels into Microsoft Office documents when they try to save or print them from an 2007 Office release client program.
How information management policies can be used on a site
To implement an information management policy, you must add it to a list, library, or content type on a site. The locations where you either create or add an information management policy affect how broadly the policy applies or how broadly it can be used. You can:
Create a site collection policy and then add this policy to a content type, list, or library You can create a site collection policy in the Site Collection Policies list for the top-level site in a site collection. After you create a site collection policy, you can export it so that site administrators of other site collections can import it into their Site Collection Policies list. Creating an exportable site collection policy enables you to standardize the information management policies across the sites in your organization.
When you add a site collection policy to a site content type, and an instance of that site content type is added to a list or library, the owner of that list or library cannot modify the site collection policy for the list or library. Adding a site collection policy to a site content type is a good way to ensure that site collection policies are enforced at each level of your site hierarchy.
For more information, see Create an information management policy for a site collection.
Create an information management policy for a site content type in the top-level site's Site Content Type Gallery, and then add that content type to one or more lists or libraries You can also create an information management policy directly for a site content type and then associate an instance of that site content type with multiple lists or libraries. If you create an information management policy by using this method, every item in the site collection of that content type or a content type that inherits from that content type has the policy. If you create an information management policy directly for a site content type, it is more difficult to reuse this information management policy in other site collections, because policies that are created this way cannot be exported.
Note To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a content type. When this restriction is in effect, users who create content types are limited to selecting policies from the Site Collection Policies list.
For information about creating an information management policy for a site content type, see Change a site content type.
Create an information management policy for a list or library If your organization needs to apply a specific information management policy to a very limited set of content, you can create an information management policy that applies only to an individual list or library. This method of creating an information management policy is the least flexible, because the policy applies only to one location, and it cannot be exported or reused for other locations. However, some organizations may need to create unique information management policies with limited applicability to address specific situations.
You can create an information management policy for a list or library only if that list or library does not support multiple content types. If a list or library supports multiple content types, you need to define an information management policy for each individual list content type that is associated with that list or library. (Instances of a site content type that are associated with a specific list or library are known as list content types.)
To control which policies are used in a site collection, site collection administrators can disable the ability to set policy features directly on a list or library. When this restriction is in effect, users who manage lists or libraries are limited to selecting policies from the Site Collection Policies list.
For information about creating an information management policy for a list or library, see Specify information management policies for a list, library, or list content type.