Fresh Content on SharePointJoel.com SharePoint Ads
Subscribe in a reader
Starting from auditing, expiration, (information management policies) content types, to the pivot reports in Excel I'm pretty jazzed about the compliance features in SharePoint Server.
The policies such as auditing are configurable at 2 levels, the site collection and at the list level. The best info I've found on this is on MSDN in "Scoping and Updating Policies, but is very applicable to IT Pros. Note the fact that these are processed via a timer job. Auditing is not turned on across the site collection by default, so be aware that you'll want to turn these on in your site templates.
You can create information management policies at two scope levels:
As a site policy, at the level of the site collection Site policies reside in the policy collection at the site collection level. An administrator can choose to make the site policy available within a given site collection. When you assign a site policy to a specific content type or list, a copy of the policy, named a policy instance, is copied locally into the content type or list.
As part of a specific content type or list A policy created within a content type or list applies only to that content type or list. However, you can later export the policy as an XML document and add it to a policy collection or to another content type or list.
Policy instances (that is, policies that are assigned to a specific content type and copied locally) inherit a relationship to the site policy on which they are based. Changes you make to the site policy in the policy collection are propagated to the various instances of that template.
Programatically a developer could build a feature or solution deployment package by adhereing to the policy schema as referenced in MSDN. "To add a site policy to a site collection's policy collection, pass XML that conforms to the Policy Schema as an argument when calling the Add method of the PolicyCollection class."
New to features? You should read the article on installing/uninstalling features, and for developers the sample on how to create a feature. Beyond working with features, it's even better to package the feature into a deployment package. See these great topics... Solutions Overview, Creating a Solution, Deploying a Solution, Upgrading a Solution, Retracting a Solution, Localizing a Solution, Solution Schema. This is what both devs and IT Pros should get excited about. SharePoint Solutions Deployment Packages rock! As an IT Pro/SharePoint Farm admin I would create an OLA or at least an agreement with my developers that they don't send me anything that isn't a deployment package... that can't be included in one. It's amazing how much you can even put in one. It's a great way to roll up releases even. Imagine Intranet 1.0, 1.1, 1.2, 2.0, etc... Real development life cycle on your intranet rather than a birrage of dlls, features, web.config customizations, changes to templates, custom site defs, xmls, etc... Solutions are THE way to go!
As I was searching I came across this great doc on download center today "2007 Office System Document: Compliance Features in the 2007 Microsoft Office System". The good news is, in this doc you have a very comprehensive all up Office System view of compliance, from the Document Information Panel (meta data capture in the client) to auditing, content types, IRM, and more in Office SharePoint Server among others. This likely *is the doc* you've been looking for. See TOC below. I was impressed with the table "Description of the Products Relevant to Compliance" which nicely lays out the products broken down by feature and how they relate to compliance. Check out the Architecture overview, it may be the first time you've seen the development tools, the client apps, SharePoint Products & Technologies and Exchange 2007 on the same diagram in a somewhat technical way. It breaks down the following features...
• Auditing and logging
• Workflow
• Digital signatures
• Records center
• Classified e-mail
• Document policies
• Spreadsheet management
• Barcodes and labeling
• Information Rights Management
... and includes screenshots of the pages where you can configure auditing, information policies, the reports page, same reports, and what you can get at from what object model (WSS OM vs. WSS Admin OM)! The section on workflows is probably the easiest to read, easiest to consume I've seen. The records management piece really simplifies the template and what it is and used for. There's also a good diagram on portal search extensibility.
In addition I came across some pretty cool sample code for getting at the logs for items... "SharePoint Server 2007 Code Sample: Item-Level Auditing." Self described... "This code sample shows you how to create an item-level auditing view programmatically in three different ways: using a custom SharePoint list, through the Excel client, and by manipulating the open XML file format to display auditing history using Excel Services on an application page." I've been fairly impressed with simply being able to get at the audit logs on a site collection to see who's deleted what item and if someone happens to change my auditing settings I can see who did it. Reading the XML isn't that tough, but I think this sample code shows how reading it can be very useful.
I include the table of contents, because I know the TOC is very convincing and impressive.
Introduction 6
An Overview of Regulatory Compliance 6
Common Compliance Requirements 8
The 2007 Microsoft Office System Products 10
Description of the Products Relevant to Compliance 10
Architecture Overview_ 15
Compliance Capabilities in the 2007 Microsoft Office System_ 16
Auditing_ 16
Configuring Settings for Auditing_ 17
Viewing Reports for Auditing_ 19
Extending Functionality for Auditing_ 20
Workflow_ 21
Workflow in Office SharePoint Server 2007 22
Configuring a Workflow_ 23
Starting a Workflow_ 24
Extending Workflows 24
Creating a New Workflow_ 25
Digital Signatures 26
Signing a Document 27
Signature Criteria 28
Extending Digital Signatures 29
Records Center 29
Extensibility 30
Content Types and Routing_ 31
E-mail Message Record Management 34
Classifying E-mail 35
Extending Classified E-mail 35
Setting Policies 36
37
Extending Policies 37
Holds 38
Spreadsheet Management 39
Excel Services 40
Extending Excel Services 41
Barcodes and Labeling_ 41
Information Rights Management in the 2007 Microsoft Office System_ 43
Document Information Panel 45
Extending the Document Information Panel 45
Document Inspector 46
Extending Document Inspector 47
New Office File Format 48
Manipulating the Office File Format 48
Portal Search 49
Extending Portal Search 49
Compliance Extensibility Opportunities 52
Viewing Item-Level Audit History 52
Adding Instant Messaging History to the Records Center 52
Server-Side Signing of Documents 53
Linking Information Rights Management with Classifications for Advanced E-mail Protection 53
Client-Side Auditing for Granular Tracking of Changes to Document Internals 54
Mapping of Extensibility Opportunities to Major Regulations 55
Requirements for Extensibility Opportunities to Major Regulations 56
Extensibility Scenario: Controlling stock analyst upgrade and downgrade 57
Extensibility Scenario: Spreadsheet integrity 57
Extensibility Scenario: Auditing 3rd-party events on Office documents 58
Extensibility Scenario: Reporting suspicious activity 58
Extensibility Scenario: Removing sensitive metadata from outbound documents 58
Object Models and Interfaces for Extensibility 59
Microsoft Windows SharePoint Services 2007 60
Microsoft Office SharePoint Server 2007 61
InfoPath Forms Services 61
Microsoft Office System 2007 Client 62
Development Tools for Extending Office and Windows SharePoint Services 63
Summary 64
Appendix I: Resources 65
Resources for Compliance 65
Resources for Compliance Regulations 65
Resources for Developers 66
How-To Resources 66
Resources for Microsoft Products 66
Resources for Microsoft Technologies 67
Appendix II: References 67
References 67
Some Additional References from the paper.
Regulatory Compliance Planning Guide
http://www.microsoft.com/technet/security/topics/complianceandpolicies/compliance/rcguide/default.mspx?mfr=true
Regulatory Compliance Demystified: An Introduction to Compliance for Developers
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/regcompliance_demystified.asp
Spreadsheet Compliance in the 2007 Microsoft Office System
http://download.microsoft.com/download/8/d/7/8d7ea200-5370-4f23-bdca-ca1615060ec4/Excel%20Regulatory%20White%20Paper_Final0424.doc&&DI=6066&IG=e443fb69651e4b0b8630adee7ea1655b&POS=1&CM=WPU&CE=1&CS=AWP&SR=1
Microsoft Records Management Team Blog
http://blogs.msdn.com/recman/default.aspx
Live Communications Server 2005—a Robust Solution for Instant Messaging
http://www.microsoft.com/office/livecomm/prodinfo/imcompliance.mspx
Other Resources:
You may be interested in this upcoming WebCast:
MSDN Webcast: MSDN Unwrapped for Financial Services: the 2007 Office System Business Platform (Level 200)
Fri, 06 Apr 2007 20:00:00 GMT
Join this webcast to learn about the 2007 Microsoft Office system as a business architecture platform. We discuss how the 2007 Office system can help you meet the top financial services challenges, such as workflow management, regulatory compliance, and document management (auditing, routing, and approvals). In this session, we review a mortgage loan origination scenario to highlight how organizations can apply these concepts in the financial services industry.Presenter: Mike Walker, Architect,...
PingBack from http://www.decatec.it/blogs/2007/03/20/MOSS+2007+Compliance.aspx
In last weeks session I was asked about governance and OBAs (at least from a server side perspective).
In last weeks session I was asked about governance and OBAs (at least from a server side perspective
Following is the script to add a policy to the feature collection. This script will add a policy to the
Cada vez es mas sabido el potencial de los productos y tecnologías relacionados con Microsoft Office