Until recently, an immense bulk (estimated at 15 million) of customer-related documents within the Univé organization were stored via Docubird in on-premise SharePoint environments. Hundreds of employees simultaneously use Docubird on a daily basis to process customer-related documents. Due to the demand for more central management, fewer locally installed systems and fewer licenses required, the desire arose to migrate to Microsoft SharePoint Online.
At that time, there was limited knowledge and experience in the Netherlands with large-scale migrations to the SharePoint Cloud and with storing millions of documents in SharePoint Online. In addition, these were documents containing information about (private) customers and therefore potentially privacy-sensitive data. As an insurer, Univé is supervised by, among others, De Nederlandsche Bank, but also by privacy guardians. This created not only a technical, but also a compliance challenge.
How can sensitive information be protected and how can it be prevented from being unintentionally disclosed?
Sensitive information may include financial data or Personally Identifiable Information (PII), such as credit card numbers, social security numbers or health records. And these documents can be in all sorts of locations. Many companies, including Univé, use Outlook for email traffic and SharePoint and OneDrive for their document management, and Teams is increasingly being used to work in project groups. The documents are then stored in Teams sites.
The most important areas of compliance
For Univé, these are the most important areas of compliance when it comes to content control of all emails and documents:
- Data Retention enables the management of a content's lifecycle. After a certain period, the document can be deleted, created as a record, or moved or archived.
- Records Management is a unique area of Data Retention: Documents are designated as 'records', making them indestructible (they cannot be deleted).
- Data Loss Prevention (DLP): prevents the accidental or malicious sharing of data. DLP scans documents for personally identifiable information and prevents it from being shared externally.
- eDiscovery enables organizations to place a 'legal hold' on data to prevent anyone from deleting or modifying the document. This is important for legal retention obligations.
To achieve compliant document management, it is necessary to establish a classification scheme within the Microsoft 365 tenant. Microsoft's classification scheme includes four categories:
- Highly Confidential: Share the most critical data only with specifically named recipients.
- Confidential: Limited distribution, on a 'need-to-know' basis.
- General: Daily work, internal sharing throughout the organization.
- Public: Unrestricted and suitable for sharing with the outside world.
Privacy labels can be added automatically by scanning all documents; however, with an archive like Univé's (containing over 15 million documents and emails), it can take years for Microsoft to scan all the data.
A faster process is to make the privacy labels available to users. They receive a 'tip' when PII data is found. This works in Outlook, Word, Excel, and PowerPoint and is triggered when creating, saving, editing, and sharing documents. It is also possible to add privacy labels to images and PDFs.
How does Univé properly manage this for its users?
Univé has been using the Docubird application for a long time to store documents in SharePoint. With the arrival of version 2.0, Docubird has become an add-in within the Microsoft 365 environment. Documents can be searched for and saved directly from Outlook, Word, Excel, and PowerPoint into SharePoint libraries.
The Docubird bar is visible on the right side of the screen. This displays the SharePoint libraries that the user has access to. To search for a document, a library can be selected.
The search bar allows for direct searching of existing text (full-text search). Within the Univé environment, this allows for direct searching on items such as Client Number. Through the link with the CRM system, the correct customer can be searched for directly in CRM based on: CRM Number, Client Number, name, etc. A document can be opened or shared directly.
Saving documents
A document that has been received by email is simple. The recipient selects the email to be saved and chooses whether to save it with or without attachments. The user can also choose to save only the attachment in the desired library in SharePoint, Teams, or OneDrive. By selecting the correct library, the metadata fields to be filled in become visible, and the correct customer can be searched for directly in CRM by, for example, entering the Client Name or Number. It is possible to search on the following combinations, for example:
- Client Number
- Policy Number
- Client Postal Code
- Client House Number
- Chamber of Commerce Number (business)
Searching and sending documents
Searching for a document and sending it by email is also easy. Add a name or author, or one of the metadata mentioned above, and Docubird will show all documents that have the specified metadata. If it is not clear in which library a document is stored, or if you need to search for all documents in all libraries (SharePoint, Teams, and OneDrive), you can do so via "Advanced Search." Here, you can search for documents in a targeted or global manner based on general and specific metadata.
Documents can be opened, attached to the email (either as a file or a link), and sent.
Read also: What is Meta Data Management?
Challenging migration
In consultations between Univé, supervisors, and Microsoft, solutions were found for compliance issues, particularly regarding the physical locations where the files would be stored. Subsequently, the actual migration could begin. During this project, the Docubird team found solutions for specific characteristics of SharePoint Online compared to the on-premise versions. By quickly implementing adjustments in Docubird for use in combination with SharePoint Online, progress was ensured.
Because the total size was in the terabytes, the available infrastructure was heavily loaded. By planning smartly and especially migrating outside office hours, Univé's daily operations were hardly burdened. Because employees continued to use the Docubird user interface, the impact on them was negligible. Also, hardly any differences were experienced in performance.
In this way, a large-scale migration to the Cloud was carried out behind the scenes for the users. Minimal impact for the users, who continued to work with the Docubird interface on SharePoint they were familiar with, and major benefits for the organization in terms of costs and manageability.