We recently had an opportunity to speak with Brad Teed, Chief Technology Officer at GimmalSoft, the software product division of the Houston-based ECRM consultancy, Gimmal Group* about his company’s development of a native SharePoint 2010 records management solution that the company plans to submit for DoD 5015.2 certification testing later this year.
SPRM: Brad, thanks for speaking with us today.
Brad: My pleasure.
SPRM: DoD 5015.2 certification of any records management application is extremely difficult. In fact, it’s our experience that most vendors significantly underestimate the amount of effort required for certification. Why did GimmalSoft decide to take on DoD certification for native SharePoint 2010 records management?
Brad: It was an obvious next step in our company evolution. Gimmal Group employs some of the sharpest minds in the Enterprise Content and Records Management industry today. We also have a great foundation of expertise in SharePoint development at GimmalSoft, particularly with SharePoint 2010.
Add to that our unique relationship with the Microsoft SharePoint ECRM development team in Redmond – which goes back several years – and we felt like it was a very easy decision to make.
SPRM: But why attempt DoD certification? Why not just focus on out-of-the-box SharePoint 2010 records management functionality?
Brad: We listened to the market and our customers. They clearly expressed a need for DoD certification to validate the records management capabilities of SharePoint 2010 before they could feel comfortable managing their records repositories in a pure SharePoint environment.
This is not to suggest there isn’t a tremendous amount of excellent records management functionality in out-of-the-box SharePoint 2010, because there is. And we are leveraging most of it as we develop our solution, the GimmalSoft Compliance Suite.
But the DoD 5015.2 has really become the global benchmark for records management applications. In fact, we found that many of our customers are using SharePoint to manage the vast majority of their content, but are still maintaining expensive ECRM applications on the backend simply because those applications are DoD certified. We believe that is a costly and unnecessary burden our customers shouldn’t have to bear.
We also found our customers want the additional records management features required by the DoD Standard that aren’t included in SharePoint 2010.
SPRM: Such as?
Brad: Well, it’s actually a long list, but I’ll give you some examples off the top of my head.
The Standard requires true email records management functionality that allows for the management of emails and their attachments – both together and separately – based on their content. Just like any other record. Our customers desperately want this type of functionality and the GSCS will provide it.
Over half of our typical customer’s retention and disposition schedules are event-based, meaning some event must occur to trigger the start of a record’s retention period. SharePoint 2010 provides some basic capabilities to handle event-based retention, but this functionality needed to be enhanced to meet the stringent requirements of the standard. The DoD Standard has a number of fairly complicated requirements for managing records using event-based retention. Our solution will meet those requirements and, in some cases, exceed them.
Our customers also tell us they want to be able to dispose of records in a manner that they know ensures that the records aren’t recoverable. This is particularly important to our customers in the Public sector, as well as our customers who manage a lot of Personally Identifiable Information. Unfortunately, given that SharePoint stores records in a database, this is not a simple task. The GSCS will allow for the complete, unrecoverable destruction of records at the end of their lifecycle and DoD will verify this as part of the certification testing process.
Then there’s the Vital Records Review component, something that will appeal to any organization interested in continuity of operations.
There’s the Bulk Processing feature which will allow our customers to process multiple tasks, such as records disposition, in bulk, rather than go through the tedious procedure of processing each record separately.
There’s also record transfer functionality, enhanced search features, container-based hold functionality, parallel disposition processing, access constraining columns, supplemental marking security features…I could go on?
SPRM: Ha! No thanks, I think we get the picture.
Brad: The really significant thing about all this functionality is we will wrap most of the these new features up in a single component, the File Plan Builder, that will serve as the primary user interface for the organization’s Records Management staff. Here’s what it looks like:
SPRM: Microsoft released their own DoD certified solution for MOSS 07. How will your solution compare to the MOSS 07 Resource Kit?
Brad: The MOSS 07 Resource Kit was a nice application and it certainly enhanced the records management features that were native to MOSS 07. But we feel like there were a number of areas that made the MOSS 07 Resource Kit challenging to implement because of the design. We’re learning from the design of the MOSS 07 Resource Kit, understanding what worked, what didn’t and taking advantage of SharePoint 2010 capabilities that didn’t exist in MOSS to make the GimmalSoft Compliance Suite a better experience.
SPRM: You’re talking about the MOSS 07 Resource Kit’s all-or-nothing configuration?
Brad: For starters, yes. If your organization implemented the MOSS 07 Resource Kit, you were forced to implement every feature in it. So you would have to deploy features in your records management environment that your organization may not need or ever expect to use. This meant the Resource Kit cost much more in terms of maintenance and overhead than was necessary.
The GSCS is being designed to allow our customers to leverage the new records management features that only apply to their method of records management and leave out other features they don’t care to implement.
Don’t have a records ‘cutoff’ stage in your information lifecycle? Don’t implement it. Don’t need the added security of Supplemental Markings or Access Control Columns? Don’t use it. The GSCS will offer a tremendous amount of flexibility in how it’s implemented.
SPRM: How else will it differ from the MOSS 07 Resource Kit?
Brad: Well, frankly, the overall records management functionality will see significant improvement. And this isn’t just because GimmalSoft has made some fundamental design changes compared to the Resource Kit, it’s also due to the fact that SharePoint 2010 has made huge strides in its native records management functionality with some great new features like the Content Organizer, Managed Metadata and the service oriented architecture. The GSCS will take full advantage of all of this new technology.
The biggest challenge of the MOSS 07 Resource Kit was it lacked a supported set of functionality. Once you implemented it, you were on your own. We believe this prevented adoption in most organizations and agencies. GimmalSoft will provide full support for the GSCS, so our customers can feel complete confidence in deploying it.
SPRM: Terrific. When do you expect to test for DoD certification?
Brad: We are currently on track to complete certification testing during the second quarter of this year.
SPRM: Great, please keep us posted on your progress.
Brad: We will. In the meantime, your readers can see a prerelease demonstration of the GimmalSoft Compliance Suite at the AIIM Info360 Conference and Expo in Washington, DC later this month. Check out the GimmalSoft website for details.
[*Full Disclosure: As I've mentioned a number of times throughout this blog, I work for the Gimmal Group. While I always strive to maintain the independence of this blog, I am convinced that my readers will benefit from the information disclosed here. I will continue to occasionally report on the GimmalSoft Compliance Suite, but I will not provide a review of the product, for obvious reasons. - Don]