The Records365 cloud service that RecordPoint operates offers records management capabilities across a variety of content repositories such as SharePoint Online, OneDrive for Business, Box and others.
Through Records365, RecordPoint collects two types of data; metadata and binary content.
What is metadata?
Metadata is information about information. It is the additional information that is captured on-top of the actual documents & files that reside in the content repositories that we manage. Examples of this are things like the title, author, created & last modification dates and times of the content. Often content repositories allow users and administrators to define additional pieces of metadata that should be captured with different types of content. Examples of this are capturing the monetary value of a contract document or capturing the date that an HR file is closed. This enriches the content repository and typically allows users to search and browse using the additional pieces of metadata.
What is binary content?
Binary content is the actual documents and files that live in the content repositories that we manage. Examples of this are Word documents, Excel spreadsheets, images and any other content that you put into your content repositories.
As a result, RecordPoint collects a broad spectrum of data depending on what is kept in the metadata of your content and the actual content itself. Some examples are:
In addition, RecordPoint collects summary information about how you are using our cloud service. This summary information may include:
RecordPoint collects data solely for the purposes of providing our records management service to our clients. This means that the metadata and binary content collected is stored for the sole purpose of ensuring that you are compliant with records keeping standards and regulations that apply to you. As an example, a user deletes content, such as a Word document, out of a content repository that is being managed by Records365. The metadata of that document and the document itself is retained within Records365 according to the retention schedules and policies that apply to your business.
Summary information, such as storage consumption and record counts, are collected for operating and continually improving the service we provide to you. These metrics help us in the following ways:
We do not share your data and information with companies, organizations or individuals outside of RecordPoint, except for the following cases:
RecordPoint’s Records365 cloud service is built and operated with security in mind. RecordPoint has several technical and organizational controls and measures in place to protect and secure the information and data that we collect. We work hard to protect you and RecordPoint from unauthorized access, alteration, disclosure or destruction of information we hold.
Microsoft Azure provides the cloud compute platform on which Records365 operates. It is compliant with several widely accepted security and privacy standards, such as ISO27001 and SOC 2. As a result, Azure provides a secure foundation which RecordPoint leverages to deliver Records365. You can find out more about Microsoft Azure security certifications and compliance by visiting the Azure Trust Center.
RecordPoint also holds a SOC 2 Type 2 attestation report. We are committed to renewing this attestation on an annual basis with an independent auditor. SOC 2 provides a standard set of criteria and trust principles that govern how cloud service providers like RecordPoint should handle your information and data. Specifically, our attestation report covers the following three trust principles:
Here are some of the key things that we do at an organizational & technical level.
All the above controls are audited by a 3rd party as part of our annual SOC 2 Type 2 audit. The results of this audit can be made available upon request by contacting email@example.com.
RecordPoint offers limited capability when it comes to exporting and deleting the metadata and binary content that we have collected from the content repositories that we manage. The following options are available to export and delete metadata and associated binary content.
You can purge binary content in your Records365 service by performing a disposal of records. This purges all binary content associated with the records being disposed. We only allow you to dispose records once they are due for disposal based on the disposition instructions that have been applied.
For example, if an end-user creates a document in a content repository that Records365 manages, then the following occurs:
Once the 7 years have elapsed the record can be disposed, purging the associated binary content from our service.
Please note, the metadata cannot be deleted as it represents the certificate of destruction that RecordPoint keeps for your compliance purposes.
You can export and transfer data that Records365 has collected from your content repositories. This allows you to copy the metadata and binary content captured to a storage location that you control.
If you have any questions or queries regarding exporting and deleting data by Records365, then please contact firstname.lastname@example.org.