When talking about information policy, I often ask the question, "What is the difference between a policy and a rule?" This invariably leads the discussion toward notions of corporate governance and regulatory compliance. Somehow the idea of breaking a rule doesn't carry the same weight as violating a policy. There can be a rule that says you shall capitalize all occurrences of the word COMPANY in all legal agreements, failing which a given document might still be valid, but no additional guidance is available to interpret the application of the rule. On the other hand, if we declare a policy that contains the same requirement, we tend to look to the policy itself to determine the appropriate context within which to analyze the appropriate next steps.

Information policy in SharePoint is similar, in that the policy becomes a sort of repository of regulatory information in the form of policy items that implement the collection of rules. At the heart of information policy is the ability to make explicit the rules that govern the creation, disposition, and use of content. At the very least, it gives us a place to record our thoughts about the different scenarios in which a given type of content will be used. The important thing here is that we must maintain a clear separation between a given piece of content and any policies we wish to associate with it.

Separating the actual content from any policy statements that refer to it is important for ...