Can SharePoint Online and Office 365 be used as a Records Management System?

*Editor’s Note (2025 Update):
This article describes a legacy SharePoint 2016–era records management approach. Microsoft 365 now handles records retention and compliance through Microsoft Purview, Retention Labels, and Label Policies in the Compliance Center.
This content is retained here for historical and conceptual reference only—please do not implement this workflow in a modern tenant.

Note: This article was updated 1 month after initial publishing to simplify the process. We were able to remove Workflows from the process by adding a second Records Center to stage the Records that are eligible for deletion)

Recently we undertook a project to create a “textbook” Records Management System in SharePoint 2016 for a municipal utility. It was going to be built on premise and they wanted the entire implementation to be without the use of custom code.

Their SharePoint-based Records Management System Requirements:

• The creation of content types with retention rules.

• Major and minor versions of documents for collaboration purposes.

• A two-step approval process when a document reached the end of its retention period.

• An Archive Library for Records that required “permanent retention”.

• An audit report that could “prove” documents had been deleted.

• The ability to put a record on “hold”.

• The ability to put a set of records on hold for “E discovery”.

Seeking a SharePoint Records Management Consensus

Since we were going to initially generate an assessment, a project plan and a site collection blueprint, based on the latest version of SharePoint we reached out to a handful of industry leaders on both the SharePoint side and the Records Management side of the industry. We wanted their opinions and strategies to make sure that we were aware of any new features that might impact the architecture of a straightforward solution.

The results were little surprising… On the SharePoint side, although we spoke to some people that are high-profile and have a wide range of experience, they were not comfortable in outlining an “out-of-the-box” approach. The consensus was that a third-party product would be needed especially when it came to the issue of a two-step approval process and the audit report.

On the Records Management side, the consensus of five individuals that have been in The Records Management industry for quite some time was more basic… They just said SharePoint can’t do it.

Unfortunately, results like these are often the case with SharePoint and especially SharePoint Online. It’s feature set is huge and it seems to be growing exponentially. The good news is that there is almost nothing that can’t be done with SharePoint. The bad news is how long it might take to learn how to do something that’s actually quite simple.

At the end of the day, it turns out that it’s very straightforward to create a simple manageable records management system in SharePoint. Outlined below are the steps required, and then below that is a short list of the issues you need to avoid.

Creating a SharePoint Records Management System:

1. Build a basic intranet with sites for the departments that will own libraries.

2. Create a Content Type Hub.

3. Create 2 Records Centers. (One for Records and one for Exceeds Retention Period Records that are now eligible for deletion)

4. Create an E-Discovery Center. (Optional – The Holds List alone might work if the volume of documents is small)

5. Create a Content Type (in the Content Type Hub) for each of your document categories.

6. Attach Policy Rules to the Content Types for moving documents to the Record Center when they need to become a Record and Policy Rules for moving documents to the Exceeds Retention Period Records Center when they are eligible for deletion.

7. Create a set of Libraries in the Records Center that corresponds to each of the content types.

8. Create a set of Libraries in the Exceeds Retention Period Records Center that corresponds to each of the content types.

9. Create a set of Content Organizer Rules for the Drop Off Library in the Record Center to move the documents to the correct library based on content type.

10. Create a set of Content Organizer Rules for the Drop Off Library in the Exceeds Retention Period Record Center to move the documents to the correct library based on content type.

11. Use library List Views (based on Manager/owner metadata) in the Exceeds Retention Period Record Center to notify the department manager for deletion approval.

12. Use library List Views to notify the records manager for deletion approval.

Making Records Management work in SharePoint.

The short answer is that SharePoint 2016 and SharePoint Online can be used to create a complete records management system using its “off-the-shelf” capabilities. Planning the structure of the record center and the libraries that will be contained within it is a key consideration, but fundamentally the process is, at its core, quite simple:

• Content Types for the documents.

• Policy Rules for moving documents to the Records Center and the Exceeds Retention Records Center.

• Content Organizer Rules for distribution to the correct Library in each Record Center.

• Library List Views for automated approval notifications.

Common SharePoint Issues to Avoid:

You must establish a clear set of Goals and Scope limitations first. Avoid unnecessary complexity. Try to keep the number of Content Types to the bare minimum. Don’t over distribute content types into departmental libraries. Try to avoid In Place Records Management unless staff truly needs access to a declared record. Having declared records in multiple libraries as well as the record center dramatically complicates the business rules required.

The good news is… Yes, SharePoint can do real Records Management.

*Today (2025), SharePoint Online and Microsoft 365 use a more unified compliance model based on Purview retention labels and information governance policies rather than Record Centers or Content Organizer Rules.
These new tools achieve the same goals—automated retention, auditing, and defensible deletion—but through the modern Compliance Center.

Back to the INSIGHTS catalog

About Jack Frost Design
We’re entering an era of astonishing change—where AI isn’t just a tool, it’s a shift in how work gets done. At Jack Frost Design, we help organizations ride that wave with confidence. With five decades of experience guiding clients through digital upheaval, we now focus on preparing Microsoft 365 environments for the Copilot era—where structure, clarity, and training turn potential into momentum.

We don’t tame the future. We help you ride it—with your hands on the reins.

👉 Discover how we make Copilot real-world ready: jackfrostdesign.com/why-safe-zones
👉 Take the 1-minute Strategy Fit Test: jackfrostdesign.com/strategy-fit-test
👉 Join an upcoming webinar: jackfrostdesign.com/webinars

Follow us for insight, clarity, and Copilot strategies that scale:
🔗 LinkedIn | 🐦 Twitter/X | 📺 YouTube

#AISafeZones #StrategicRelationalAI #EnterpriseAI #AIAdoption #CopilotReady #Microsoft365 #GovernanceMatters #JackFrostDesign #DigitalTransformation #LandingZones