Modernising Records: From TRIM to Microsoft 365 in Four Pragmatic Steps

Legacy TRIM (HP Records Manager / Micro Focus Content Manager) systems are reaching end-of-life, while Microsoft 365 now offers mature options for compliant records management—whether you rely on native Microsoft Purview features or a lifecycle engine such as AvePoint Opus. Based on recent client projects and insights from leading government practitioners, here’s a practical pathway you can adopt right away.

1.  Assess the real-world scope

  • Inventory TRIM containers and confirm how many records, versions and metadata fields actually matter—most agencies find fewer than 30 fields drive compliance.
  • Benchmark licensing: E3 + Opus versus full E5 with Purview only.
  • Map business risks (audit findings, Privacy Act penalties) to clear objectives.

2. Design a lean SharePoint blueprint

  • Build a SharePoint Information Architecture around business Functions and Activities
  • Convert core TRIM fields into SharePoint site columns so nothing is lost in translation.
  • Create a progress dashboard (Power BI or Excel) so executives can watch migration counts in real time.

3. Execute a low-impact migration

  • Use a purpose-built accelerator (ours lifted 30 000 objects for Venues NSW and 207 000 for St Vincent de Paul) to preserve Created / Modified dates, permissions and every critical metadata field.Migrate in controlled waves; staff keep working in TRIM until cut-over night.
  • Validate checksums and record counts after each batch-no surprises later.

4. Enable governance from day one

  • Apply either Purview retention labels or Opus lifecycle rules as soon as content lands, so records never drift into “dark data”.
  • Automate disposal freezes with a single label for audits and enquiries.
  • Schedule quarterly health checks to keep the file plan evergreen.

Purview or Opus? Choose the engine that fits

Scenario Purview E5 AvePoint Opus
Single-stage retention, M365 only
Hierarchical file plan & multi-stage rules
Automated disposal certificates CSV manual ✔ PDF auto-filed
Hybrid file shares & Exchange archives Limited

Proven results

  • Venues NSW exited a shared TRIM tenancy in < 6 weeks, migrating 30 000 records with zero downtime.
  • St Vincent de Paul moved 207 000 records, keeping 100 % of the 25 required metadata fields and cutting search time from hours to seconds.

Ready to modernise your records? 

Book a 30-minute discovery call and learn how Total Calibration can migrate your TRIM content into Microsoft 365—fast, compliant and metadata-perfect.

About the Author

Drew Keenan is Founder and CEO at Total Calibration, which specialises in Content Managment and Data Governance Solutions for Microsoft 365. With a passion for helping organisations navigate the complexities of digital collaboration, Drew provides insights and strategies to enhance data protection and regulatory compliance.

Read more

Is Your Organisation Still at Risk? Australian Privacy Act Amendments Are Now Law—And the Penalties Are Huge

Reading Time: 3 minutes

The long-awaited changes to Australia’s Privacy Act came into force in December 2024, significantly reshaping the privacy landscape and placing new obligations on organisations. Yet, nearly six months later, many businesses are still not compliant, unknowingly putting themselves at risk of substantial financial and reputational damage.

Here’s what you need to know—and why you should act immediately.

The Compliance Reality Check: You’re Probably at Risk

Recent analysis of typical records management and privacy policies reveals that many organisations were not fully compliant even before the changes took effect. Common gaps include:

  • Unclear data retention schedules: Generic timelines or outdated procedures for data disposal.
  • Limited awareness of sensitive information: Many businesses lack clarity about exactly what sensitive information they hold or where it is stored across their Microsoft 365 environment, particularly within SharePoint sites.
  • Poor information security measures: Insufficient technical and organisational safeguards against breaches.
  • Inadequate breach response plans: Slow or poorly documented procedures for addressing breaches.
  • Non-transparent data handling: Lack of clarity about how personal data is used, especially in automated decision-making.

If your policy mirrors any of these gaps, you are exposed to the significantly enhanced penalties now in effect.

Key Changes in the Privacy Act—What’s Already in Effect

These critical amendments are now legally binding:

The Cost of Ignoring Compliance: Massive Fines Await

With the amendments now in effect, the cost of non-compliance has never been higher:

  • Serious or repeated breaches: up to $50 million, three times the value gained, or 30% of turnover.
  • Individuals: up to $2.5 million.
  • Mid-tier offences: up to $3.13 million (corporate), $626,000 (individual).
  • Administrative breaches: up to $313,000 (corporate), $62,600 (individual).

Given these stakes, compliance it’s NOT optional—it’s essential.

Practical Steps to Achieve Compliance

To avoid penalties and safeguard your organisation, take these immediate steps:

  • Conduct a comprehensive audit of your privacy and records management practices.
  • Define and implement retention and disposal schedules.
  • Identify and classify sensitive data across your Microsoft 365 environment, especially SharePoint.
  • Enhance technical and organisational security controls.
  • Develop clear breach-response procedures.
  • Ensure transparency in automated data processes.

Understanding Microsoft Purview and Its Role in Microsoft 365

Microsoft Purview is a comprehensive data governance solution integrated within Microsoft 365, designed specifically to manage, protect, and govern data effectively:

  • Automated data discovery and classification across services including SharePoint.
  • Streamlined policy enforcement for retention, disposal, and protection.
  • Real-time monitoring and compliance reporting.

Total Calibration specialises in implementing Microsoft Purview solutions, ensuring seamless integration with SharePoint and your broader Microsoft 365 environment to comprehensively address the compliance requirements of the Australian Privacy Act. Our approach begins with a detailed assessment of your existing data governance practices, enabling you to clearly understand your compliance risks and sensitive information exposure.

Take Action Today

Don’t leave your organisation exposed to unnecessary risk. Book your complimentary compliance check-up today or request a demo of how Microsoft Purview and SharePoint can significantly enhance your data governance capabilities.

Act now—protect your business and avoid costly compliance mistakes.

Contact Total Calibration now to secure your compliance future.

About the Author

Drew Keenan is Founder and CEO at Total Calibration, which specialises in Content Managment and Data Governance Solutions for Microsoft 365. With a passion for helping organisations navigate the complexities of digital collaboration, Drew provides insights and strategies to enhance data protection and regulatory compliance.

Read more

Understanding Information Barriers in Microsoft 365: Enhancing Secure Collaboration

In an era where digital collaboration is the backbone of business operations, ensuring that sensitive information doesn’t end up in the wrong hands is paramount. Whether you’re in healthcare, finance, legal, or any other industry dealing with confidential data, controlling the flow of information within your organisation is crucial. Microsoft 365’s Information Barriers feature is a powerful tool designed to help you do just that.

In this blog post, I’ll delve into what Information Barriers are, why they are essential, and how they can be applied to enhance security and compliance within your organisation.

Employees separated by a Chinese Wall

What Are Information Barriers?

Information Barriers are policies within Microsoft 365 that allow organisations to restrict communication and collaboration between specific groups or individuals. By setting up these policies, you can prevent users from:

  • Communicating via Microsoft Teams and Exchange Online: Blocking chats, calls, meetings, and emails between certain users or groups.
  • Sharing Files via SharePoint Online and OneDrive for Business: Restricting access to documents and files, ensuring sensitive information remains confined to authorised personnel.

This functionality is particularly vital in industries where conflicts of interest or regulatory compliance require strict separation of information and communication channels.

Why Are Information Barriers Important?

1. Regulatory Compliance

Many industries are subject to regulations that mandate the separation of certain functions within an organisation. Failure to comply can result in hefty fines and legal repercussions.

  • Financial Services: Regulations often require that investment bankers and traders do not share insider information.
  • Healthcare: Patient confidentiality laws mandate strict access controls over patient data.

2. Conflict of Interest Prevention

Information Barriers help prevent conflicts of interest by ensuring that sensitive information does not flow between departments or individuals who could misuse it.

  • Legal Firms: Lawyers representing opposing clients need to be walled off to maintain client confidentiality.
  • Consulting Firms: Consultants working with competing clients must not share proprietary information.

3. Data Protection

By controlling who can access and share information, organisations can better protect sensitive data from internal leaks.

  • Mergers and Acquisitions: Confidential information about pending deals must be tightly controlled.
  • Product Development: Proprietary information about new products needs to be secured until public release.

How Do Information Barriers Work?

At a high level, Information Barriers involve three key steps:

1. Define User Segments

Create logical groupings of users based on factors like department, role, or project team.  For example: Segmenting users into “Research Team,” “Sales Team,” and “Trading Desk.”

2. Configure Policies

Set up policies that dictate which segments can or cannot communicate or share information with each other.

  • Block Policies: Prevent all communication and collaboration between specified segments.
  • Allow Policies: Permit communication under certain conditions or between specific segments.

3. Enforcement Across Services

Microsoft 365 enforces these policies across its suite of services:

  • Microsoft Teams: Blocking chats, calls, and meeting invitations.
  • Exchange Online: Preventing email exchanges between restricted users.
  • SharePoint Online and OneDrive for Business: Restricting access to documents and files.

When a user attempts to communicate or share information that violates an Information Barrier policy, the action is automatically blocked, and the user is notified.

Use Cases for Information Barriers

Financial Services and Investment Banking

  • Scenario: A bank needs to prevent its Trading Desk from accessing information from the Research Team to avoid insider trading risks.
  • Solution: Implement Information Barriers to block all communication and file sharing between these two segments, ensuring compliance with financial regulations.

Legal Firms

  • Scenario: A law firm represents two clients on opposing sides of a case.
  • Solution: Use Information Barriers to prevent attorneys and support staff working for one client from communicating or sharing documents with those representing the opposing client.

Healthcare Organisations

  • Scenario: Protect patient data by ensuring only authorised medical staff can access sensitive health records.
  • Solution: Establish policies that restrict access to patient information, preventing administrative staff or non-authorised personnel from accessing or sharing confidential data.

Mergers and Acquisitions

  • Scenario: During an acquisition, confidential information must be limited to a select group until the deal is public.
  • Solution: Create a secure segment for the M&A team and block communication and sharing with the rest of the organisation.

Educational Institutions

  • Scenario: A university wants to prevent students from different departments from accessing each other’s project repositories.
  • Solution: Set up Information Barriers between departments to ensure that resources and communications are contained within the appropriate academic groups.

Implementing Information Barriers: Best Practices

1. Plan Thoroughly

Before setting up Information Barriers, conduct a comprehensive analysis of your organisational structure and communication flows.

  • Identify Sensitive Information: Know what data needs protection.
  • Map User Segments: Determine how to group users logically.

2. Start with Clear Policies

Define clear, enforceable policies that align with regulatory requirements and organisational goals.

  • Compliance Alignment: Ensure policies meet industry-specific regulations.
  • Transparency: Communicate policies to affected users to avoid confusion.

3. Test Before Deployment

Implement policies in a controlled environment to assess their impact.

  • Pilot Programs: Use a small group to test policies.
  • Monitor Activity: Ensure that legitimate business processes are not disrupted.

4. Monitor and Adjust

Regularly review policies and their effectiveness.

  • Audit Logs: Use Microsoft 365’s auditing capabilities to monitor attempts to breach policies.
  • Feedback Mechanisms: Encourage users to report issues or unintended barriers.

Conclusion

Information Barriers in Microsoft 365 provide a robust solution for organisations that need to control the flow of information for compliance, security, or confidentiality reasons. By effectively segmenting users and enforcing policies across communication and collaboration platforms, businesses can mitigate risks associated with data leaks, conflicts of interest, and regulatory non-compliance.

Implementing Information Barriers requires thoughtful planning and ongoing management, but the benefits of enhanced security and compliance make it a worthwhile investment for many organisations.

Take the Next Step Towards Secure Collaboration

Is your organisation ready to enhance its data security and compliance posture? Implementing Information Barriers could be the key to safeguarding your sensitive information, so contact us and book a free consultation today.

About the Author

Drew Keenan is Founder and CEO at Total Calibration, which specialises in Content Managment and Data Governance Solutions for Microsoft 365. With a passion for helping organisations navigate the complexities of digital collaboration, Drew provides insights and strategies to enhance data protection and regulatory compliance.

Other Blogs

Read more
MENU