Records Management Compliance with Microsoft 365

Publish date:

In these days of information explosion, we need a holistic approach, encompassing a wide range of information types and ability to control and protect documents anywhere in our environment where people do their work. Find out how Microsoft ecosystem approach can help you to better govern and protect your information.

You might hear some records managers saying that SharePoint does not meet compliance requirements. Well, there was a time when that was true… There was a time when we had just SharePoint on premises, that did not have good compliance tools….

That was the time when we were using specialised records management systems. But at that time only the documents that were stored in those systems, were managed… while records management legislation in Australasia always required us to manage all documents created as part of our work – no matter their format or where they are being stored…

Today work-related documents are everywhere: in emails, chats, Microsoft Teams, local drives and all the other places outside the controlled specialised records management systems. How are we going to manage them? 

These days we do need a new approach to governing and protecting data. In this time of information explosion, we need a holistic approach, encompassing a wide range of information types and ability to control and protect documents anywhere in our environment, not just in the formal records management system. And that approach must be scalable, utilising sophisticated pattern recognition, machine learning and automations. At the scale we are now creating information, manual classification and metadata application is beyond human capability. 

That’s where Microsoft’s ecosystem approach becomes so valuable. Rather than managing just the documents stored in the controlled records management environment, Microsoft 365 allows us to govern information across the whole ecosystem, including emails, Microsoft Teams, SharePoint and documents stored in OneDrive. 

To enable this ecosystem approach, Microsoft established a separate Microsoft Purview Compliance Portal that provides information governance capabilities across the whole Microsoft 365 environment, including SharePoint. While SharePoint Online alone would not meet all compliance obligations, together with the Microsoft Purview Compliance Portal it provides us with a great opportunity to balance regulatory compliance with the end-user productivity and modern digital workplace. State Records Office of Western Australia recognised that in their 2022 guidance on using Microsoft 365 for records management: “With the addition of M365 Compliance modules, organisations have an opportunity to balance regulatory and productivity goals.”  

Among the key points for senior management State Records Office of Western Australia highlighted the following: 

  • Microsoft 365 provides capability for managing digital information and ‘in-place recordkeeping’ in accordance with the State Records Act 2000.  
  • A thorough understanding of M365 features and limitations is required to ensure an effective implementation that supports regulatory requirements.  
  • An effective information governance function is essential within the organisation.

What are the key hallmarks of the Microsoft 365 approach to compliance? 

Microsoft 365 provides one unified platform for everything including collaboration, document management, work processes automation, information protection and compliance. Microsoft 365 compliance utilises: 

  1. Ecosystem approach with all ecosystem components designed to work as one solution 
  2. Familiar, consistent and unified approach built into the productivity suite 
  3. Intelligence and automation integrated into the information protection and governance 
  4. Data lifecycle process managed by one vendor end-to-end 

Of course, technology alone won’t meet all your information management and compliance challenges. Your organisation’s compliance with recordkeeping regulations requires well-defined policies and procedures as well as robust training framework to ensure people within your organisation know how to use Microsoft 365 compliance tools and follow organisational policies and procedures. 

Contact us to find out how Capgemini New Zealand can help you meet compliance requirements utilising Microsoft 365 capabilities and maximising the value of your investment in the Microsoft 365 ecosystem. 



Irina Winsley

Principal Consultant CIS – Modern Work
Irina is an experienced Microsoft 365 Principal Consultant with around 20 years of information management experience, including establishing and leading Information Management teams, delivering document management systems and award-winning intranet, providing thought leadership and helping organisations to improve work practices and meet information management compliance obligations utilising Microsoft 365 toolset.  

Related Posts