Future Proof – Protecting our digital future

Across NSW Government, organisations are increasingly saying goodbye to on-premise desktop applications and migrating their email, document storage, project management, collaboration and other business software to software-as-a-service platforms like Microsoft Office 365. Some organisations have jumped right in (and often the recordkeeping professionals in these organisations are amongst the last to find out). Other organisations are taking a more cautious approach and trying to embed some recordkeeping controls before employees move to this new environment.

Last month the Digital Implementers Group met to talk all things Microsoft Office 365. We were fortunate to have members share their experiences from both of these scenarios.

A goal without a plan is just a wish*

One large NSW Government agency is currently in the planning stages of its Office 365 roll out. Its aim is to take a ‘recordkeeping by design’ approach, and focus on ensuring that records associated with transactions are captured and kept in a way that protects their ability to function as evidence. This will likely be via an integration with their existing EDRMS. This organisation is also planning to provide a web client interface to its EDRMS in Office 365.

Representatives from this agency talked about some of the key issues they have identified as part of their design work:

• The structure of Office 365 does not ‘match’ the structure of a traditional EDRMS. In an EDRMS, records relating to the end-to-end processing of a single case or instance of a transaction or process are generally aggregated in a file or container. There is no single equivalent of this type of aggregation in Office 365. It is possible to use various functionality, such as sites, libraries, document sets, workflow cases and folders to replicate ‘files’. This organisation plans to offer different options to different areas of business, depending on how structured their processes are.
• But this structure is where many records in an EDRMS inherit critical metadata from. Without a consistent structure, this organisation has had to consider what metadata it wants to capture and how it will obtain this metadata.
• A lot of contextual information is available for records when they remain within Office 365 – views allow a user to bring different documents together based on various metadata fields. But this contextual information will be lost by moving records from Office 365 to an EDRMS.

These members of the group also talked about the ways in which users can communicate and collaborate in Office 365, and the implications for recordkeeping. Circulating documents as attachments to email messages is frowned upon, and users are instead encouraged to send links to documents stored in libraries. Users can then edit the documents in a single location. While making collaboration easier and removing the risks associated with lots of versions of a document floating around, it does necessitate thinking about how to capture records of this collaboration and how records of different steps in a transaction or process will be captured. The members categorised the different ways of communicating as PUSH versus PULL, and commented that recordkeeping is easier with PUSH communication.

Colleagues from another organisation commented that a recordkeeping professional’s instinct is to control and lock down record creating spaces. The problem with this, as they have learnt by limiting the way in which Office 365 is able to be used within their organisation, is that users lose functionality. By ‘turning off’ features, they have limited the capabilities of other features and applications. This has resulted in few employees using Office 365 within their organisation.

You learn by doing, and by falling over*

Another large local government agency has rolled out Office 365 across its organisation. The main driver for this rollout was the ability to provide remote access to corporate applications and information.

This rollout occurred without any input from the information management team – the rollout was very much driven by IT, and the IM team does not have any administrator views or permissions. They also had no input into which features and functionality were turned on or off.

Representatives from this agency commented that IT was focused on the technical rollout and did not understand that information governance needs to be considered from the beginning. As a result, the IM team has been working hard to start using Office 365, learn what information governance is required, then retroactively apply this where needed.

In this organisation, users are expected to capture high value corporate information to the EDRMS. The IM team is promoting Office 365 as a space for collaboration and sharing, but advises that information should be captured in the EDRMS if it is subject to formal consultation, action or approval, or if a business unit’s own procedures require it. The IM team suggests that users delete information from Office 365 when it has been captured in the EDRMS to minimise version control issues and ensure there is a ‘single source of truth’.

This agency is planning to explore an integration with their current EDRMS.

Better the devil you know than the one you don’t? Or are all devils essentially the same?*

Some of the members of the group acknowledged that while Office 365 could usher in recordkeeping chaos, it was unlikely to be much different from the existing chaos of mushrooming and largely uncontrolled file shares and email accounts. It’s always good to keep things in perspective!

Thank you to the wonderful members of the Digital Implementers Group for sharing their experiences to date with Office 365.

*With thanks and apologies to Antoine de Saint-Exupéry, Richard Branson and Kylie Minogue for using and, in some cases, mangling their words