Solving the Challenges of Record Security with Record Center

As we look back at the typical challenges of Records Management, be it the ability to implement a non-invasive content ingress and approval processes, ensuring that the entire record lifecycle is properly managed—inclusive of disposition, or ensuring that users are able to find the content they need to do their jobs in as few clicks as possible, there’s one remaining pain point that has the potential to bring your entire records management strategy to its knees… security. The structure of your records management solution drives security, but security also often drives structure, so what comes first? Thankfully, Record Center solves these problems for you and stores your records in a structure designed to support your specific security needs.

Storage vs. Security Models

When first configuring a new Record Center instance, you’re asked to select both a Storage Model and a Security Model. These two options work in concert with one another to tell Record Center at what granularity you want to secure your records, and to ensure that they are stored using a structure that supports and enables that security methodology. These options are also impacted by other configuration settings of Record Center, such as your approval model—since determining who can approve records and at what point in their record lifecycle also contains an element of record security. Fundamentally, Record Center presents these options all in a way that is more intuitive than having to manually design what an overall repository architecture looks like—one of the challenges that B&R’s Managing Director, Mike Oryszak brushed on as part of his previous Keys to Designing and Managing Large Repositories blog post.

RecordApprovals1.png

Options for Record Security

Record Center offers three separate security models that may be configured to meet your organization’s individual needs. These record security models apply after a record has been loaded into the system and processed through any necessary approvals, so it’s important to note that the selection of a specific security model does not require a user to be a consumer of record content in order to participate in the upload/ingress of content, or to perform one or more of the record’s approval stages

Entity

The entity security model provides the least granularity for record security. This is often a good fit for small teams where the number of users consuming record content is low, the organization’s corporate structure is thin, or security doesn’t need to vary between individual record types. Every record added to Record Center is assigned to a legal entity, such as B&R Business Solutions, LLC. For organizations that only have one legal entity, this field will default to a single value, but from a security perspective this effectively means that all of that entity’s records are available to the same audience, be it every employee or a smaller subset such as a compliance team. This model is also particularly useful if an organization contains many different legal entities. This is often the case in the real estate industry where different properties are often separate legal entities. Using this model, records are easily classified and secured by the entity they belong to, simplifying the ability to grant users or owners of each entity access to only that entity’s records.

The entity security model is a good fit for small teams or where security doesn’t need to vary between individual record types

Series

The series security model ensures that each individual record series created within Record Center can be individually secured. This allows you to provide granular access to specific categories of records, including all of the document types that belong to that specific series. As an example, providing a user access to a “Service Contracts” series, would give them access to all service contracts document types, which might include things like equipment leases, maintenance contracts, master service agreements, etc.

Record Center’s Metadata-based security model allows for a more dynamic implementation of record security.

Metadata

Record Center’s Metadata-based security model allows for a more dynamic implementation of record security. When using this model, an organization defines one or more record metadata field(s) that can be used to determine that record’s security. As an example, if a record type has a “Business Unit” field, and the goal is to secure records based on if they were part of the Manufacturing business unit or Corporate business unit, metadata-based security would allow an organization to define users that will have access to any record where Business Unit is set to Manufacturing. This security is applied regardless of legal entity or record series, meaning that multiple metadata-based security fields may exist on any record type. Ultimately, this allows you to define the previous Business Unit based audiences in addition to say “Office Location”, where one or more users would be granted access to all records based on a specific Office Location value.

Record Center’s Metadata-based security model allows for a more dynamic implementation of record security.

Compliance Access

In addition to the previously mentioned security models, Record Center also facilitates simple access for those users that need access to every record, such as a corporate compliance department. These users may be given access to Record Center’s “Global Record Access” group, which is applied to every record that is loaded into the system.

Conclusion

Our goal with Record Center has always been to try and simplify the otherwise daunting and complex task of designing and implementing a robust Records Management solution, be it the initial installation of a solution, designing the overall implementation, identifying an organization’s various record types, defining individual retention plans for each of those types, and ensuring that the right people can find the content they need when they need it. While Record Center’s ability to manage record security in a way that’s easy to understand is just one component of that strategy, it is vital to reducing accidental exposure, and ensuring that sensitive records are locked down to only those users that have been identified as consumers of that content.

About Record Center

Record Center is your turnkey solution for enterprise-class record management. An extension of Microsoft SharePoint, Record Center arms your users and record managers with a feature-packed, intuitive solution to manage the entire life-cycle of your records. Configure, Approve and Search for records faster and easier than ever with Record Center.

calltoaction-recordcenter.jpg

Interested in learning more about Record Center?

How to Get Started with Nintex

As an active Nintex partner, we frequently work with organizations to get started using the Nintex platforms for SharePoint Server, Office 365 and the Nintex Workflow Cloud.  We help these customers through their trial period, or after the sales get started so that they can make the most from their technology investment.  Our interests here are less on selling software and more about evangelizing Workflow & Content Automation concepts and practices so that people can improve their work life. We are regularly asked “How should we get started?” so this post is our standard answer to that question. 

sharepoint_Nintex_bandrsolutions.jpg

Getting Started with Nintex

 

Getting Started with Nintex 101

This section is going to be short and sweet.  The team at Nintex has done a fantastic job building relevant content through their Community site.  If you haven’t registered already and are at all interested in Nintex, please register now. 

Secondly, they provide many great sections to address the specifics such as:

Once the software is installed and configured, you really need to get your hands on it and start working through creating a solution.  There are some step-by-step guides to support you there and it is a good place to start. 

Hands-On Workshops

Depending on the number of people you want to train and what the participants hope to gain we offer a few hands-on workshop options. 

2-3 Day Quick Start Workshop

If there are only a few people that need training and the customer is focused on a specific solution, B&R will typically start with a 2-3 day Quick Start Workshop.  This workshop is used to get the team going with their first solution as we work to rough out the major areas of the form and workflow.  We focus on the foundation of the solution first and then focus on some of the more difficult problems or features so that we can pass along the wisdom of why certain decisions were made, as well as the technical details about how to address the requirements.  This is a hands-on session and upon completion of the workshop, the team should have a good start to the solution with actionable steps to take to complete the project. 

1 Day Workshop

For groups that either have more people to train, or in cases where the organization is looking to enable users outside of IT, we position a 1 Day Workshop that acts as an immersion experience introducing people to both the process concepts as well as the technology.  One of the great things about Nintex is that it really is a tool anyone can use to build solutions.  However, everyone typically needs some orientation before they can create useful solutions.  The 1 Day Workshop will orient participants and enable them to create their first end-to-end Nintex solution!

Our standard agenda for the 1 Day Workshop is below:

  • Nintex Overview:  Forms, Workflow, Mobile, Doc Gen, Hawkeye (45 minutes)
  • Process Mapping Overview (45 minutes)
  • Technical Overview (60 minutes)
    • Form Concepts
    • Workflow Concepts and Key Actions
  • Build a Form (90 minutes)
  • Build a Workflow (2.5 hours)
  • Wrap-up and Next Steps

Alternatively, for users that are either familiar with workflow tools or modern development, we can provide a tailored Workshop that supports more advanced topics such as:

  • Integrating your solution with other content platforms (Salesforce, Dynamics, Box)
  • Xtending the Nintex Platform with REST Services
  • Integrating Hawkeye for deeper insights into your process portfolio
  • Advanced scenarios for external start of workflows

Ad-Hoc Developer Support

B&R can support its customers in a variety of ways, but one way many of our customers take advantage of is through standing support agreements that can cover ad-hoc or as-needed work.  Under this scenario, we can facilitate a design kickoff where B&R consultants will review your form and workflow requirements and discuss approaches for implementing them.  The advantage here is that the overall project decisions should be better informed and the solution will be delivered significantly faster.  Secondly, we can provide as-needed developer support when your developers are stuck on a problem.  While the Nintex Community, also can provide great support options; sometimes what you really need is to get somebody on a screen share session to talk through the hurdle and the possible solutions. 

Ready to Get Started with Nintex?

Can B&R help you get more out of your Nintex investment?  Reach out today to setup a consultation to discuss how these options can help improve your team’s ability to deliver world-class solutions!

calltoaction-nintex.png

B&R can help you get the most from your Nintex investment