P2P

31 I L T A N E T . O R G W ith the ever-increasing use of mobile and collaboration platforms, there's never been a more important time for organizations to implement meaningful information governance. A holistic approach to IG uses people, processes, and technology to ensure that an organization's information is managed in a way that aligns with its compliance and security requirements, as well as its overall business objectives. Retention as Part of a Larger Initiative Successful information governance requires both input and support from numerous stakeholders across many departments. Along with legal, compliance, privacy, risk management, a host of data-related areas, knowledge management, and more, IT and records management play an important role in developing and executing IG policies. Records management is a critical piece of IG. RM involves the methodical handling of information throughout its life cycle – from creation through sharing, storing, and retention to final disposition. Each phase of that life cycle requires attention and actionable policy. Data retention policies are the standard protocols an organization follows for retaining records for specified periods of time based on operational needs and regulatory requirements. Retention policies reflect the overriding IG policies that dictate how data will be managed until it is no longer needed. The Microsoft 365 platform provides several options for retention through the Microsoft Purview compliance portal. Compliance administrators can configure retention policies within Data Lifecycle Management, while retention labels can be created through either Data Lifecycle Management or Records Management. While policies and labels can be used independently, they are best utilized in combination to create a comprehensive and flexible data retention strategy. Retention Policies Retention policies are overarching rules that apply broadly across data locations within Microsoft 365. While a single retention policy can be used to cover Exchange mailboxes, SharePoint sites, OneDrive accounts, Microsoft 365 Groups, and Exchange public folders, separate policies must be created for Teams and Yammer data. Additionally, while Teams chats and public channel messages can be grouped together under a single retention policy, a separate policy is needed to handle Teams private channel messages. Retention policies can be configured to retain items forever, retain for a specified period, retain and delete, or delete only. • Retain items forever: Items that fall under this policy cannot be permanently deleted. Even if those items are deleted by an end user, a copy will be retained indefinitely unless the policy is revoked. • Retain for a specified period: Items that fall under this policy cannot be permanently deleted until the retention period expires. If those items are deleted by an end user, a copy will be retained until the end of the retention period. At the end of the retention period, the original copy will not be automatically deleted. • Retain and delete: Items that fall under this policy cannot be permanently deleted until the retention period expires. If those items are deleted by an end user, a copy will be retained until the end of the retention period. At the end of the retention period,

• Cover