Summit 7 Blogs

SharePoint Compliance QuickStart

We are finally ready to launch our Governance, Risk, and Compliance solutions!

We've partnered with AvePoint and are showcasing their Compliance Guardian product. With our QuickStart SharePoint Compliance solution you'll get both the professional expertise around SharePoint and compliance, and also the software from AvePoint. If you haven't looked at Compliance Guardian, it's a powerful rule-based software that allows us to detect, decide, and act on SharePoint content that isn't correctly tagged and secured. We can quarantine, move, delete, and more automatically.

We start these engagements with a unique discovery method that will assess and compare your current state with your compliance and governance strategy. At the heart of this engagement we'll help you identify and measure the risk within your SharePoint environment. I think a lot of people make risk management too complicated - few clients are actually under GLBA, FDA, etc compliance.

Don’t make the essence of risk management difficult, because it’s not. Simply define what’s important to your organization. Try ranking them in numerical order. Next, take the high priority risks and address those in Phase 1 of your new compliance strategy. Last, take the others and insert them into later phases as your resources allow. If you make ball caps, the exact dimensions of the bill probably aren’t very valuable intellectual property. But, if you make zero-gravity ball caps that help someone levitate, then that module should be protected in phase 1. Risk is a balance of the cost of loss vs. the cost of not losing it. This could be a Web site that be within ADA compliance, an extranet with patients’ social security numbers, or levitating ball cap board schematics.

During your compliance strategy and design, be sure you understand and define change control. Simple, Eh? Not really. So many times people focus only on the software application hosting the data and, occasionally, processes. But, we’re talking about SharePoint. What about the servers in the farm? What about SQL Server? What about your data backups? Contractors that aren’t loyal? Unhappy employees that about to go rogue and leave? How will you mitigate those risks? The good news is YOU CAN.

As part of our Compliance QuickStart, you’ll get the following:

Plan and Discover - Begin by identifying any known and candidate compliance regulations and identify determine their applicability to the organization. Elicit high-level customer needs and concerns.

Analyze - Using a combination of manual discovery and automated analysis to deliver a compliance assessment documenting the current state of your SharePoint environment against compliance regulations and site quality guidelines. The compliance assessment report will identify security issues and policy violations within project scope.

Compliance Requirements Review - Identification of business requirements and technological drivers for the project. This is an important step because it’s where stakeholders and change leaders agree.

Compliance Platform Preliminary Design Review - The design phase culminates with an approved design requirements specification, which records the agreement between the project team, the customer, change leaders, and key project stakeholders.. This milestone offers an opportunity to establish priorities and set expectations.

Compliance Platform Critical Design Review - The success of the build is dependent on a clear set of expectations and a properly designed architecture. The work in this phase should be relatively straightforward as a result of the completeness of work completed in preceding phases.

Software, Policy, and Rules Testing - Testing is the verification that the approved design has been met and is the validation that the customer’s requirements have been successfully met.

Compliance Platform Operational Readiness Review - Deployment occurs as the responsibility for maintenance and support officially transition from the project team to the client’s operations and support team.

Deployment of Process and Tools

Monitoring Plan - Compliance management is an on-going process that does not stop with a one-time assessment. We can work with our clients to ensure compliance concerns are addressed on an on-going basis through quarterly monitoring and analysis. As the business environment changes, additional analysis can be tailored to ensure system and data integrity.