Colligo NewsUnleashing SharePoint 2010 for Records Management, Governance and Compliance – Questions and Answers

Our recent webinar, “Unleashing SharePoint 2010 for Records Management, Governance and Compliance,” not only set a new record for attendance, but also set a new record for most questions asked during a webinar. The quantity and quality of questions really showed a great level of engagement of the attendees to the material being presented, so thanks to everyone that took the time to ask us a question.

Questions for Trevor Dyck, Director Product Management, Colligo Networks

Does the Colligo Contributor Pro integrate with Microsoft Exchange or only with Outlook?

Colligo Contributor is a desktop installation only and as such, interfaces with Outlook.  However the SharePoint folders are created in such a way that they are visible in Exchange, which allows filing of email via mobile devices (e.g. Smartphones) or Outlook Web Access.

When users access cached SharePoint content offline, how are version conflicts handled? (i.e. what happens when two users modify the same content while offline?)

Colligo Contributor includes a conflict resolution feature that is integrated with Microsoft Word’s  “compare and merge” functionality and notifies the user if conflicting edits have been made by multiple users while offline.

How are libraries of information cached for offline use? Is this similar to OST’s within Outlook?

SharePoint libraries can be selectively cached offline. The user (or IT) selects which libraries will be cached offline, and they are stored in a separate secure cache on the user’s PC.  The content from the SharePoint library will be automatically synchronized in Outlook. Any modifications you make to files will be automatically synchronized if you’re online. If working offline, your changes will be synchronized when you’re back online.

For Colligo Contributor, is FAST search required or does it work with Enterprise search?

Colligo’s search feature works with both FAST search as well as the basic Enterprise search that is part of SharePoint 2010.

Does Colligo Contributor work with SharePoint Online? (i.e. Office 365 or SharePoint Online.)

Colligo Contributor currently supports SharePoint Online (BPOS) and will support Office365 in the 4.3 release which is in Beta now and due to release later in June.

Does Colligo Contributor run on SharePoint Foundation (or WSS) or does it require full Enterprise version?

Colligo Contributor supports all versions of SharePoint.  It will run on SharePoint Foundation, WSS, or on the full Enterprise version.

We have SharePoint 2010 Standard, not Enterprise.  Are there limits to what can be done with Colligo Contributor, if we don’t have SharePoint Enterprise?

Colligo Contributor supports all versions of SharePoint.  It will run on SharePoint Foundation, WSS, or on the full Enterprise version.  There are no limitations that Contributor imposes beyond the limits in SharePoint 2010 Standard, for example Enterprise Managed Metadata is not supported in SharePoint 2010 Standard.

Do emails stored in SharePoint become public, accessible to everyone, or are they only available to the author?

SharePoint has the capability for both – in fact, you can create both public folders and private folders in the same SharePoint library, so that you have locations for both.  Contributor simply reflects the permissions from SharePoint – so if there is a private folder, only you will be able to see that content.

With search time always a factor, how do you optimize the SharePoint/Outlook environment so that the search overhead is acceptable by users?

Colligo’s search capability in Outlook leverages SharePoint’s search engine, whether that’s the native search capability in SharePoint Server or FAST.  Firstly, we recommend using FAST to get an optimal search experience.  Secondly, make sure you setup metadata indexing in SharePoint with all the email properties (To, From, Subject, etc.) so that search queries can quickly find searches based on those fields.

Questions for Art Bellis, VP Sales and Marketing, GimmalSoft

How many organizations actually comply with DoD5015.2?

The only organizations that are required to purchase a certified solution are the US Department of Defense agencies. The standard has gained popularity outside the DoD because many of the requirements have now been recognized as best practices.

Regarding the GimmalSoft Compliance Suite, what type of support and operational support (i.e. resource training) is required and does it need a management pack for SCCM or is it incorporated into the SharePoint management pack?

The product is designed to install into current SharePoint 2010 environment and has an MSI pack that allows clients to do this themselves. We also offer a 10 or 20 day quick start professional services package to assist client installs and configuration and for our subject matter experts to transfer knowledge to your staff so you can assume internal support role moving forward. GimmalSoft also offers ongoing technical support through our maintenance program.

Will the GimmalSoft Suite be DoD 5015.2 certified for CLASSIFIED records?

We are initially seeking certification under Chapter 2, the Baseline Requirements as well as Chapter 5, Transfers. We have entered into discussions with a number of three letter agencies about the requirement for Classified Records certification, but at this time we have not determined if we are going to seek this certification.

What does the GimmalSoft Suite do for Early Classification to ensure that historical versions of documents in SharePoint are looked through? Or is it based on published documents only?

If I understand your question correctly, you want to know if retention is applied to versions of documents, not just records. One of the best practices GimmalSoft recommends implementing is the notion of an information lifecycle, where all information is managed based on its lifecycle state.

Most consider historical version of a document to be non-records and as such would be dealt with as Work in Progress document, to be deleted after a period of time based on company policy.

Does the GimmalSoft Compliance Suite and Information Governance Suite work with Office365?

The answer is “not at this time” although we are working very closely with the team in Redmond to design a solution that works in the cloud, within the parameters of that environment. As you may know, Office 365 is not entirely the same as the on premises versions of SharePoint/Office and therefore we cannot deliver our solution to the 365 cloud without significant changes. Having said that, the SharePoint team provides guidance to us on what they feel would be the proper steps to move the solutions we offer into the cloud to the maximum benefit of our mutual client.

I see that you are applying for DoD5015.2 certification but which Chapter?  If you are not aligning with Chapter 4, do you have any plans to deliver this at a later stage?

We are initially seeking certification under Chapter 2, the Baseline Requirements as well as Chapter 5, Transfers. We have entered into discussions with a number of three letter agencies about the requirement for Classified Records certification, but at this time we have not determined if we are going to seek this certification.

Do you offer consultancy services to the Caribbean, specifically Jamaica?

The answer is yes; we have done engagements throughout the Caribbean, most recently in Trinidad, but would be happy to oblige you with a trip to Jamaica. Gimmal has a long legacy in the Petroleum industry and big terrific experience and best practices with us.

How does pricing work for the DoD Records Mgmt and Email Management solutions?

We use a similar model to Microsoft, it’s a CAL model, and can either be purchased as a perpetual license or as an enterprise agreement on a 2 or 3 year subscription. Colligo is also priced using a CAL perpetual license model and also offers enterprise licensing.

For the GimmalSoft Compliance Suite, is FAST search required or can they work with Enterprise search?

Can GimmalSoft be considered NERC / CIP compliant?

As I understand it, unlike the DoD5015.2 standard, which includes a technology certification, the NERC-CIP is a standard that client show compliance to with policies & technologies, similar to 21CFR11 in the pharmaceutical industry.

Does the GimmalSoft Compliance Suite run on SharePoint Foundation (or WSS) or does it require full Enterprise version?

GimmalSoft requires SharePoint Standard Edition as there are no records management features in the free version. We extend SharePoint’s native RM capabilities so we therefore must have those features in the underlying SharePoint version to function.

Do the solutions being described address the Regulatory requirements in Pharmaceuticals – like 21CFR11?  Do I need the GimmalSoft Compliance Suite or can I address this requirement with native SharePoint 2010?

The 21CFR11 requirements were not part of our initial design requirements, but I am familiar with them, and they more fall into the expertise of our good partners, NextDocs. NextDocs built their solution specifically to address the requirements of 21CFR11, and we work together to address the records management needs to the life sciences community. Although the Life Sciences market does not REQUIRE DoD5015.2 certification, many features have emerged as best practices in commercial organizations.

Questions for Ryan Duguid, Microsoft

I appreciate all that Gimmal is doing, but why is Microsoft not getting DoD 5015.2 out of the box with SharePoint. Clients are not inclined to pay for something extra where other systems have this as part of their core.

The DoD standard was designed specifically to meet the functional needs of the US Department of Defense and adds a level of complexity for end users in the process.  While SharePoint provides many of the capabilities defined in the DoD standard out of the box, we designed SharePoint to be applicable to a broad range of customers, making sure that the focus was on end user adoption through simplification and transparency of process.  For those organizations that are mandated to run an RM deployment that adheres to the DoD standard (noting that this requires more than just using a DoD certified product), we have worked with Gimmalsoft to bring a solution to market.  Likewise, for customers interested in other global standards like ISO15489, TNA, VERS, NZPRA, we have worked with RecordPoint to bring relevant solutions to market.  For those customers who see these standards as a “baseline” for the selection of an RM system, we would recommend reviewing the business requirements against the capabilities that SharePoint provides out of the box while considering the adoption challenges introduced by attempting to force a specific way of working on end users.

What about records being held under Legal Holds?

SharePoint provides the ability to place all content (records and non-records) under legal hold.  SharePoint supports placing holds “in place” as well as moving content to a separate archive where holds can be managed in isolation.

Are the contents stored WORM compliant?

SharePoint content is not stored WORM compliant.

What are the DR capabilities of the SharePoint software?

SharePoint provides extensive support for DR including the ability to manage backup/restore and maintain redundant servers and services.  More details can be found at

What is the process of a record in the case when only an older version of the document in SharePoint satisfies criteria set by the rule? Is that version only processed or all ignored? Please elaborate on how multi-versioned SharePoint list items evaluated.

The rules defined in the Content Organizer are applied to the most recent version in the version history.

How can we move terabytes of information into SharePoint easily and easily into content types?

I’d recommend looking at tools from our migration partners like Metalogix, AvePoint and Tzunami.  These tools provide a wealth of rules for cleaning up content, applying Content Types, setting attributes and routing content to the appropriate sites, libraries and folders.

You seem to be suggesting that SharePoint be the central Document/Records Management engine for the organization.  Are you suggesting that files (documents) no longer be stored in the UNC file system?

SharePoint provides a robust set of document and records management capabilities and was designed to be a primary repository for electronic information.  By moving files from the UNC file system to SharePoint, a wide range of additional capabilities are exposed including metadata enrichment, retention management, version history and workflow.

As far as “Enterprise” content is concerned, what do you do about structured data residing in databases and email content?  At least in California, AB5 has made “electronic” records potential public records subject to CPRA and FOIA.

Email content can be managed as a record within SharePoint in the same way as any other electronic content.  As for structured data, SharePoint is not designed to be a relational database replacement and does not provide the ability to manage database entries as a record.

It seems to me that the paradigm shift away from the UNC nested file folder filing of documents is going to be the major obstacle for a SharePoint-centric document/records management strategy.  Where has this been done and how long did it take?

SharePoint does indeed offer a paradigm shift toward collaborative document management and over 17000 enterprise customers have moved in this direction in order to derive more value from active content.  For customers looking to replicate legacy UNC archive structures, SharePoint provides the Record Center.  The Record Center allows customers to model nested, hierarchical file plans with security, metadata defaults and retention policy defined on a per location basis.

Is instant messaging able to be incorporated into records management? I have a client that considers IM a “documented conversation” that should be preserved.

Instant messages can be stored in SharePoint and managed as a record like any other electronic content.  If you are leverage Microsoft Lync or Microsoft Office Communicator for instant messaging, IM conversation history is stored in Exchange/Outlook and you can then leverage Colligo to move those IM conversations to SharePoint for management.

I can see that electronic records can be managed effectively by the Record Center. But there are a lot of companies and organizations who still have a huge volume of physical records. What capabilities if any does SharePoint have to manage Physical Records?

Physical records management is provided by partners like FileTrail and OmniRIM.

Can record management as you described be done as a hybrid between the Foundation and Standard versions of SharePoint? Or, are you only talking about the Standard version?

Records management capabilities are only available with SharePoint Server.

What’s the difference between a “Records Center” and a “document library”?

The Document Library is the primary storage construct within SharePoint and is used to store files and folders.  The Record Center is a SharePoint site that can contain one or more Document Libraries.

There is a lot of knowledge here about the RIM needs and concerns.  How does a RIM manager use these solutions when they are responsible for both electronic records and millions of physical files and boxes?

By leveraging physical records management partners like FileTrail and OmniRIM, a RIM manager can manage both electronic records and files, boxes or other physical assets.

In terms of performance on large volumes, how far can SharePoint 2010 Records Center go? I’m not only targeting “content” but also volumes of metadata and full-text indexes.

SharePoint 2010 was designed to store 10s of millions of documents with associated metadata in a single document library and 100s of millions of documents in a distributed farm environment.  When planning for this scale of deployment, careful consideration needs to be given to physical and logical architecture (as is true of any enterprise scale content management system) so I would recommend starting reviewing the guidance at

Is there a legal hold connector between exchange and SharePoint?

SharePoint 2010 does not provide a connector with Exchange for managing legal holds.

Using Content Types and still maintaining security is seen by many as mutually exclusive goals.  Does records management smoothly allow security based on column values within a content type?  For example, could one add data for all Business Units but restrict access to only those records pertaining to a person’s business unit?

SharePoint 2010 does not provide metadata driven security though this can be approximated by leveraging the Content Organizer and location based security.

When you allow a document to be edited by others would this feature allow for email notification at each step, allowing for a comprehensive approval process?

SharePoint provides a full range of workflow capabilities including an out of the box approval workflow that would allow email notification and approval at each step of the document editing process.  Approvals can be both serial and parallel, including multiple stages.

When  using in-place records management, are you applying the same file plan and retention policies associated with using the records center (and described in the beginning of your presentation)?

The purpose of in-place records management is to apply retention policies to content in the context of the collaborative environment without having to burden the user with having to understand the file plan.  To map in-place records to the Records Center file plan, our customers typically have a stage in the in place policy that moves the record to the Records Center, using the Content Organizer to evaluate the Content Type and file in the appropriate location in the file plan.

In the event of legal necessity (example: discovery) can you explain the steps to locating pertinent information and extracting it from the SharePoint site in order to provide copies to the involved parties. In our case this may involve 10’s of 1,000’s of pieces of content and extraction of same in a single process is desired. How is this made easier?

You would leverage the legal hold capabilities within SharePoint to extract the relevant content.  The process is as follows:

  1. Use the legal hold capabilities in SharePoint to search for relevant content
  2. All content identified by the search criteria provided is then extracted to a SharePoint site and placed on hold
  3. Content can be extracted from the SharePoint site by connecting to the site as a UNC share (native capability in SharePoint that allows all libraries to be referenced as though it was a traditional file share), using migration tools, or creating a site backup that external council could then import in to their own SharePoint environment.

Is the hybrid records management approach always the right one?

The choice of in place records management, traditional records management or a hybrid approach depends on many factors including individual preference (most records managers will have a preferred approach), collaboration requirements and business processes.  There is no right solution but the hybrid approach does offer a good balance between more effective management of “active content” as well as support for a traditional hierarchical file plan that may provide a business classification structure that has greater consistency over time.


Tagged as: Colligo Contributor, Colligo Networks, compliance, Contributor, DoD 5015.2, Email Management, GimmalSoft, Governance, Microsoft, Office 365, Records Management, Ryan Duguid, SharePoint 2010

Like this post? Share it now!