I’d like to dig a little deeper into Step 1 of the File Shares Remediation Process: Define Remediation Policies and Rules.
You will remember in my previous post I suggested a methodology organizations can follow in File Shares (Shared Drive) Remediation projects. There is nothing earth shattering about this methodology… what I proposed was a series of logical and commonsense steps.
And yet, it is amazing how many customers struggle with figuring out what to do, where to start, and what tools to use.

The starting point is to establish a common understanding with the organization that their Information Assets fall into a minimum of four general classes: Business Records, Business Content, ROT and ESI. Then, it is important to establish the policies and rules about the characteristics of Information Assets that fall into each of these classes and the Actions to take on these assets.
The following table should help you in your asset definition and action planning:
When does an Information Asset become a Business Record?

Defined by location
Defined by business process
Defined by version number
Identified manually by user

Identify pre-approval requirements
Declare it as a Record in an RM system and classify it against Corporate Records Retention Schedule
Migrate it to Records Management system repository and manage lifecycle there (with immutability)
Ditto but copy to RM system and manage lifecycle of copy there
Leave it in-place and manage its lifecycle within the Records Management System (no immutability)

Usually this is defined by what is left AFTER Business Records, ROT and ESI have been identified
Some organizations may define sub-classes of Business Content

Identify pre-approval requirements
Leave it in-place
Migrate it to new repository: SharePoint, cloud-based EFSS, etc.
Monitor its status… in the future it may become a Business Record or ROT

Redundant: duplicated information located in multiple places
Obsolete: information “no longer in general use” or “discarded” or “replaced” or “outdated”
Trivial: information of very little value… all stuff not meeting the d definition of records, corporate knowledge, business insight, or any other value category
Based on AIIM definitions

Identify pre-approval requirements Delete it
Move to Quarantine space and delete later

Information Assets in any of the above classes but are found to be responsive to active or upcoming litigation (typical eDiscovery process)

Identify pre-approval requirements
Identify, Collect, Preserve (EDRM.net)
Place on hold

Important Note: Dealing with ESI is not necessarily part of the File Shares Remediation process. HOWEVER, dealing with ESI is a step that MUST precede any actual remediation execution work.
In my next post, I will explore Step 2 of the File Shares Remediation methodology… the definition of the remediation execution process. In closing, I would like to re-iterate that File Shares Remediation and the File Analytics tool used, will most likely be integral to organizations efforts to achieve GDPR Compliance (due by May 2018).
Follow the full File Analytics series, including What are you waiting for? Govern Your Information Assets! and 4 Steps for File Share Remediation.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cli_user_preference	1 year	Stores the user's cookies consent status.
cookielawinfo-checkbox-advertisement	1 day	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 day	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	1 day	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 day	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 day	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	1 day	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_103849594_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months 19 days 15 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

Shared Drive Remediation: Define Remediation Policies and Rules