Quip Governance

What is Quip Governance?

Quip Governance is an add-on product that introduces three new pieces of functionality available to Quip admins:

  • Data Retention - Data retention policies enable an admin to control how long data is retained within a Quip site. Using various settings, admins can either retain content for a set amount of time prior to enabling users to delete it, or they can use data retention rules to automatically remove stale content from their Quip site.
  • Data Hold- Data hold policies enable content to be stored indefinitely based on a per-user basis. Data holds take priority over all data retention rules.
  • Reporting - Reporting on data hold and data retention policies will produce a CSV listing critical metadata such as threadID, policies applied, and if data hold is enabled. Admins can use the admin API to pull relevant content based on this report.

Who is this for?

Companies interested in governance may need to comply with industry regulations and internal policies that require them to retain content for a certain number of months or years. Organizations can also reduce their risk in the event of litigation or a security breach by permanently deleting old content that is no longer necessary to retain. 

Accessing Quip Governance Features

Admins can access all Quip governance features by going to Admin Console > Governance. Please note that admins can only access this feature if they have the Governance permissions in their admin permission set.


Data Retention

Data retention policies enable an admin to control how long data is retained within a Quip site. Using various settings, admins can either retain content for a set amount of time prior to enabling users to delete it, or they can use data retention rules to automatically remove stale content from their Quip site. (All dates are UTC.)

Site vs Custom Data Retention Policies

Admins can enable a site custom retention policy that applies to all threads in their Quip site. They can also create custom retention policies that apply only to a specific set of documents based on creation date or programmatically selected. Both site and custom retention policies can be in place at the same time.

Custom Data Retention Policy Options

Admins can access this page by going to Admin Console > Governance > Data Retention > New Custom Policy. The customization options are listed below:

  • Policy Name: Admin-configured name for a custom retention policy. Used in reporting and for ease in identification if a company has multiple policies.
  • Apply to: Admins can select a date to select which content will be affected by the new policy, based on creation date. If no date is selected, then the policy can be applied via Quip admin APIs.
  • Retention Period: Admins can choose how long the retention period will be in place before an “expiration” action takes effect.
    • Indefinitely: If selected, the policy will prevent end users from deleting all content until the policy is retired. (Only available for custom policies; not available for site-wide policies.)
    • Days after creation: The policy will be active for n days after a document was created. For example, if the time is set to 30 days, the expiration action will take effect 30 days after the file was created.
    • Days after modification: The policy will be active for n days after a document was created. For example, if the time is set to 30 days, the expiration action will take effect 30 days after the file was last modified. Modifications include Quip actions such as editing, commenting, and new users accessing the document.
  • Expiration Action: Admins can select one of three actions when the retention period expires.
    • Enable users to delete content: content cannot be permanently deleted until the retention period has expired. Users can move documents to the trash, but it will remain in the trash until the retention policy has expired. At that point, users can permanently delete content. This use case is primarily intended for internal policies on document retention.
    • Move to trash: Upon the expiration, the content will be moved to trash. After 30 days, all users will be removed and it will no longer be visible to end-users. This content can still be recovered via API as needed. Documents can be permanently deleted by end-users while this retention policy is active, unless "Retain content until expiration" is selected. This use case is primarily for site cleanliness.
    • Delete Immediately: The document is deleted *irrevocably* 30 days following when the retention policy expires. Documents can still be deleted by end-users during the retention period. This use case is primarily to reduce a company’s exposure in terms of documents / material they would need to turn over in a legal action and to reduce risk in case of a security breach. We encourage admins to speak to your CSM or AE prior to implementing this expiration action as it will permanently and irrevocably delete content from a Quip site. We do have a 30 day holding period prior to content wipeout.
  • Retain content until expiration: Admins can choose to toggle this on or off. If it is toggled "on", users cannot delete content until the retention period expired. If it is "off", users can delete content prior to the policy’s expiration action taking effect.
  • Create/Cancel: Once these settings have been selected, admins can click *create* to establish the data retention policy. It will automatically begin propagating to all impacted documents within a site. Clicking *cancel* will delete the policy.

Note: Once created, retention policies _cannot_ be modified.

Data Retention Home Screen Options

On the Data Retention Home Screen, admins can see a list of all retention policies created in a Quip site.

  • ID: ID programmatically assigned after data retention policy creation. This can be used in reporting and with Quip Governance API endpoints.
  • Status: Retention policies can be in three states, which can be seen in the table.
    • Pending - Policy is being deployed. *Note*: depending on the site size and number of files impacted, this can take up to 24 hours to propagate.
    • Active - Policy is actively applied to threads and in effect.
    • Retired - The policy is no longer active and is not taking any action on any files within the Quip site.
  • Download: Once an admin selects “Export Report” in the additional options for each policy, a link will appear here. Clicking on this link will download a CSV with metadata on all threads where the policy is applied. See the “Reporting” section for additional details on reporting functionality within Governance.
  • Additional actions: Represented by a downward triangle as the final column of each policy row, admins can use this menu to export a report or retire a policy.

Note: All other columns are set by the admins during data retention policy creation.


Data Hold

Data holds prevent files opened by designated users from being permanently deleted. This can help an organization ensure that they are retaining content as needed for internal or external requirements. Admins can set additional date requirements to limit the scope of the data hold.

Site vs Custom Data Hold Policies

Admins can enable a site data hold policy that applies to all users and documents in their Quip site. They can also create custom retention data hold policies that apply only to a specific set of users based on when users have accessed content. Both site and custom data hold policies can be in place at the same time, but site policies will take precedence.

Custom Data Hold Options

Admins can access this page by going to Admin Console > Governance > Data Hold > New Data Hold. The customization options are listed below:

  • Name: Admin-configured name for a new data hold policy. Used in reporting and for ease in identification if a company has multiple data holds in place.
  • Apply to: The emails of site members who should be in the new data hold. If a user is in the “Apply to” list, any thread opened by the user cannot be deleted until the data hold is removed.
  • Start Date: If start date is indefinite, content will be retained from site member creation time.
  • End Date: If end date is set to indefinite, content will be retained on an ongoing basis for that site member.
    • If no start date and no end date, retain all content accessed by the individual since site creation
    • If start date and no end date, retain all content from the start date
    • If no start date and end date, retain all content up to and including the end date from site creation
  • Create/Cancel: Once these settings have been selected, admins can click *create* to establish the data hold policy. It will automatically begin propagating to all impacted users and documents within a site. Clicking cancel will delete the data hold.

Note: Once created, users can be added or removed from a data hold, but dates cannot be changed.

Data Hold Home Screen Options

  • ID: ID programmatically assigned after a data hold policy is created. This can be used in reporting and with Quip admin API endpoints.
  • Status: Retention policies can be in three states, which can be seen in the table.
    • Pending - Policy is being deployed. Note: depending on the site size and number of files impacted, this can take up to 24 hours to propagate.
    • Active - Policy is actively applied to threads and users and is in effect.
    • Retired - The policy is no longer active and is not preventing any content from being permanently deleted.
  • Applied to: Click on this link to see additional information on the data hold and the members of the data hold.
  • Download: Once an admin selects “Export Report” in the additional options for each policy, a link will appear here. Clicking on this link will download a CSV with metadata on all threads where the policy is applied. See the “Reporting” section for additional details on reporting functionality within Governance.
  • Additional actions: Represented by a downward triangle as the final column of each policy row, admins can use this menu to export a report or retire a data hold. See the “Reporting” section for additional details on reporting functionality within Governance.

A user is disabled, transferred, or deleted from a site

In the event that a user under data hold is disabled, transferred, or deleted from a site, the content will still be prevented from deletion until the entire hold is retired.

Difference between Legal Hold and Governance Data Hold

For information on Quip Legal Hold, please see the support article here.

Quip Governance Data Holds provides similar functionality as Quip Legal Hold, with additional features such as reporting, per-user data hold, and custom and site-wide retention policies.


Reporting

For both custom data retention policies and user specific data holds, admins can generate a report by clicking on the “Additional information” button for each active policy. The report is a point-in-time snapshot that will generate a CSV with all threads where that policy is applied. Organizations can then use Quip’s audit compliance or admin APIs to pull relevant content from these threads.

The fields in the report are:

  • Thread_id
  • Author_id
  • Active_retention_policy_id
  • Active_retention_policy_name
  • Under_data_hold (TRUE/FALSE)
  • Attached_retention_policy_ids
  • Attached_retention_policy_names

For user-specific data hold options, admins can also export the content of threads under data hold. Documents will be exported as .docx, spreadsheets will be exported as .xlsx, and slides will be exported as .pdf. Each thread will have an accompanying .html file that will include all content in the conversation pane.


Policy Interactions

Policy Prioritization

For more complex governance deployments, multiple data hold and data retentions policies could be in place. In cases where a single document could have multiple policies applied, Quip uses the following prioritization to determine which action will be taken:

  1. Data hold policies
    1. In the event that multiple data holds could be applied to the same thread, files will be retained and deletion will be prevented until the last data hold is retired.
      Data retention policies
  2. If two policies could be applied to the same thread, Quip defaults to the policy with the longer retention period. As an example, if a site has a one year retention policy and a two year retention policy, Quip will prioritize the expiration action for the two year retention policy.
  3. If two or more data retention policies have the same number of days, Quip will prioritize the policies in the following order of expiration action:
    1. Enable users to delete content
    2. Move to trash
    3. Delete Immediately

Policy Retirement

When a data retention policy or data hold policy is retired, the next policy that could be applied to the thread will immediately take effect. Admins should use caution when retiring a policy if they have multiple policies enabled.

Removing Data Hold

When a data hold is removed, the first applicable data retention policy will be applied, _even if the date for that policy expiration has already passed_. As an example, if a file was expected to be deleted immediately 15 days after creation but a data hold kept the file available for 30 days, upon removing that data hold, the file would be immediately deleted (30 days after creation).


Changes to Quip Platform

Quip Governance is introducing additional metadata to select endpoints in the admin APIs, as well as additional endpoints to request additional information about policies and to apply policies. We will also be introducing additional events. For more information, see https://quip.com/dev/admin/documentation.

Was this article helpful?
0 out of 0 found this helpful