1
October 2010 S15 appropriate security models. It can also be leveraged to support approval workflows for site creation, which addresses one of the more difficult areas to manage within SharePoint. 3. Enable digital signatures. Many industries have been leveraging the value of electronic signatures for years, e.g. for sign- ing an email or entering an ID and password to authenticate an approval, but a digital sig- nature is the only legally binding method in the electronic world. It not only provides the ability to sign the document, but also securely seals it against changes. ARX CoSign adds digital signature capabilities that can be embedded within a SharePoint/Nintex workflow. The combina- tion of SharePoint, Nintex and ARX expands collaborative possibilities well beyond tradi- tional content management solutions. Exter- nal parties can be sent documents to digitally sign through workflows that automatically provision the credentials without the need for IT support. 4. Institute auditing capabilities to deliver the evidence required by govern- ment agencies. Answering the question of “Who’s been doing what to my SharePoint content?” is managed through the configu- ration of audit settings. These settings allow SharePoint to track user activity in a secure repository that includes not only behaviors such as check-in and check-out, but also activities such as viewing or down- loading content. Additionally, the use of tools such as Axceler’s ControlPoint software provides the ability to audit your SharePoint site to analyze user permissions at any point in the SharePoint farm, even down to the docu- ment level. 5. Develop a proper governance structure. Since SharePoint is typically not locked down and the structure can be changed by many users, a governance structure is necessary to ensure that the compliant processes you implement with workflows and digital signatures remain that way. In more traditional content management systems, the deployment and use of the sys- tem was controlled by the system architec- ture. Content was organized in folders and the cabinet/folder hierarchy was typically controlled by IT, thus providing a virtual vaccine against the viral spread of an uncontrolled taxonomy. Since SharePoint is designed to reduce the need for IT involvement and put more control in the hands of end-users, proce- dural controls must be established to ensure that the proliferation of sites, libraries and folders does not reach pandemic propor- tions. This is managed through an effective, multi-tiered governance structure that pro- vides guidelines and scope at each level to provide boundaries on end-user creativity. These levels often are segmented at the farm, site-collection and site tiers, with each level building details on the decisions made in the tier above. Prove it Through Validation By defining a robust information archi- tecture that defines what and how content is stored and the ways in which it can be found, users are more likely to follow procedures and use the system as intended. By leverag- ing powerful workflow tools and digital sig- natures that actually improve the business process, activities are controlled and stream- lined in a manner that offers value to the business community, rather than constrain- ing it. By configuring SharePoint to capture these activities in the audit log and establish appropriate layers of governance to review and monitor usage, the necessary controls and safeguards are put in place. A question that Microsoft is constantly addressing is: “Can SharePoint be vali- dated?” While the answer to this question is clearly “yes,” many still question how it is achieved. By utilizing a risk-based approach and following the steps above, one can clearly show that major risks have been mitigated and addressed. HighPoint Solutions is a premier provider of specialized IT and consulting services for the life sciences and healthcare industries. Additional information is available at www.highpoint-solutions.com. Five Steps to Embed Compliance in SharePoint I n highly regulated industries, organizations often turn to enterprise content management systems like Documentum that are built to cope with stringent controls, audits and regulations, despite costs and maintenance requirements which exceed those of SharePoint. Most firms assume compliance cannot be embedded into SharePoint since the platform allows for con- stant changes and evolutions from end users without involving IT. However, new tools and processes being leveraged in the life sciences industry point to ways companies can constrain SharePoint to achieve compliance. 1. Establish a comprehensive informa- tion architecture. Information architecture is a conceptual model that illustrates how infor- mation is labeled, organized and made avail- able. It is as critical to the deployment and use of SharePoint as it is to traditional content management solutions. Since SharePoint is designed to be a viral platform that is not com- pletely within the IT group’s control, standards must be established and enforced to achieve business goals. This important requirement is often overlooked. Traditional system designs focused on document taxonomy and metadata, which define how documents will be classified and tagged. A more complete SharePoint model includes: Site hierarchy; Navigation; Look and feel; Content lifecycle management; Personalized content; and Content types and metadata. 2. Embed repeatable, secure processes with stringent workflows. Business processes that ensure compliance can be built into Share- Point through several mechanisms. One exam- ple is Nintex Workflow, which provides a drag-and-drop graphical tool for creating workflow steps. Not only does the graphical model encourage broader use, but select com- ponents or entire workflows can be reused, allowing firms to establish consistent methods for managing the content lifecycle and con- trolling approval processes. Furthermore, Nintex Workflow offers the capability to extend the platform to external partners by automating the addition of users to the Active Directory and establishing KMWorld David Gwyn is vice president of R&D and collaboration for HighPoint Solutions. With more than 20 years of experience in the life sciences industry, Gwyn is a seasoned executive with extensive skill in delivering Documentum and SharePoint. He is a member of the Project Management Institute, International Institute of Business Analysis and the Drug Information Association. David Gwyn By David Gwyn, Vice President R&D and Collaboration, HighPoint Solutions

Five Steps to Embed Compliance in SharePoint

Embed Size (px)

DESCRIPTION

Most firms assume compliance cannot be embedded into SharePoint since the platform allows for constant changes and evolutions from end users without involving IT. However, new tools and processes being leveraged in the life sciences industry point to ways companies can constrain SharePoint to achieve compliance.

Citation preview

Page 1: Five Steps to Embed Compliance in SharePoint

October 2010 S15

appropriate security models. It can also beleveraged to support approval workflows for site creation, which addresses one of the more difficult areas to manage withinSharePoint.

3. Enable digital signatures. Manyindustries have been leveraging the value ofelectronic signatures for years, e.g. for sign-ing an email or entering an ID and passwordto authenticate an approval, but a digital sig-nature is the only legally binding method in the electronic world. It not only providesthe ability to sign the document, but alsosecurely seals it against changes.

ARX CoSign adds digital signature capabilities that can be embedded within aSharePoint/Nintex workflow. The combina-tion of SharePoint, Nintex and ARX expands collaborative possibilities well beyond tradi-tional content management solutions. Exter-nal parties can be sent documents to digitallysign through workflows that automaticallyprovision the credentials without the need forIT support.

4. Institute auditing capabilities todeliver the evidence required by govern-ment agencies. Answering the question of“Who’s been doing what to my SharePointcontent?” is managed through the configu-ration of audit settings. These settingsallow SharePoint to track user activity in asecure repository that includes not onlybehaviors such as check-in and check-out,but also activities such as viewing or down-loading content.

Additionally, the use of tools such asAxceler’s ControlPoint software providesthe ability to audit your SharePoint site toanalyze user permissions at any point in theSharePoint farm, even down to the docu-ment level.

5. Develop a proper governance structure.Since SharePoint is typically not lockeddown and the structure can be changed by many users, a governance structure isnecessary to ensure that the compliantprocesses you implement with workflowsand digital signatures remain that way. In more traditional content management systems, the deployment and use of the sys-tem was controlled by the system architec-ture. Content was organized in folders andthe cabinet/folder hierarchy was typically

controlled by IT, thus providing a virtualvaccine against the viral spread of anuncontrolled taxonomy.

Since SharePoint is designed to reducethe need for IT involvement and put morecontrol in the hands of end-users, proce-dural controls must be established to ensurethat the proliferation of sites, libraries andfolders does not reach pandemic propor-tions. This is managed through an effective,multi-tiered governance structure that pro-vides guidelines and scope at each level toprovide boundaries on end-user creativity.These levels often are segmented at thefarm, site-collection and site tiers, with eachlevel building details on the decisions madein the tier above.

Prove it Through ValidationBy defining a robust information archi-

tecture that defines what and how content isstored and the ways in which it can be found,users are more likely to follow proceduresand use the system as intended. By leverag-ing powerful workflow tools and digital sig-natures that actually improve the businessprocess, activities are controlled and stream-lined in a manner that offers value to thebusiness community, rather than constrain-ing it. By configuring SharePoint to capturethese activities in the audit log and establishappropriate layers of governance to reviewand monitor usage, the necessary controlsand safeguards are put in place.

A question that Microsoft is constantlyaddressing is: “Can SharePoint be vali-dated?” While the answer to this question isclearly “yes,” many still question how it isachieved. By utilizing a risk-based approachand following the steps above, one canclearly show that major risks have been mitigated and addressed. z

HighPoint Solutions is a premier provider of specializedIT and consulting services for the life sciences andhealthcare industries. Additional information is availableat www.highpoint-solutions.com.

Five Steps to EmbedCompliance in SharePoint

In highly regulated industries, organizationsoften turn to enterprise content managementsystems like Documentum that are built to copewith stringent controls, audits and regulations,despite costs and maintenance requirementswhich exceed those of SharePoint. Most firmsassume compliance cannot be embedded intoSharePoint since the platform allows for con-stant changes and evolutions from end userswithout involving IT. However, new tools andprocesses being leveraged in the life sciencesindustry point to ways companies can constrainSharePoint to achieve compliance.

1. Establish a comprehensive informa-tion architecture. Information architecture isa conceptual model that illustrates how infor-mation is labeled, organized and made avail-able. It is as critical to the deployment and useof SharePoint as it is to traditional contentmanagement solutions. Since SharePoint isdesigned to be a viral platform that is not com-pletely within the IT group’s control, standardsmust be established and enforced to achievebusiness goals. This important requirement isoften overlooked.

Traditional system designs focused ondocument taxonomy and metadata, whichdefine how documents will be classified andtagged. A more complete SharePoint modelincludes:u Site hierarchy;u Navigation;u Look and feel;u Content lifecycle management;u Personalized content; andu Content types and metadata.

2. Embed repeatable, secure processeswith stringent workflows. Business processesthat ensure compliance can be built into Share-Point through several mechanisms. One exam-ple is Nintex Workflow, which provides adrag-and-drop graphical tool for creatingworkflow steps. Not only does the graphicalmodel encourage broader use, but select com-ponents or entire workflows can be reused,allowing firms to establish consistent methodsfor managing the content lifecycle and con-trolling approval processes.

Furthermore, Nintex Workflow offers thecapability to extend the platform to externalpartners by automating the addition of usersto the Active Directory and establishing

KMWorld

David Gwyn is vicepresident of R&Dand collaborationfor HighPointSolutions. Withmore than 20 yearsof experience in thelife sciencesindustry, Gwyn is aseasoned executivewith extensive skill indeliveringDocumentum and

SharePoint. He is a member of the ProjectManagement Institute, International Institute ofBusiness Analysis and the Drug InformationAssociation.

David GwynBy David Gwyn, Vice President R&D and Collaboration, HighPoint Solutions

8 steps to leading a successful SharePoint project

8 steps to leading a successful SharePoint project

Business
Microsoft Office SharePoint Server 2007 Governance: From Chaos to Success in Ten Steps Joel Oleson – SharePoint Technical Evangelist

Microsoft Office SharePoint Server 2007 Governance: From Chaos to Success in Ten Steps Joel Oleson – SharePoint Technical Evangelist

Documents
Ten Steps to Creating a SharePoint Support Model - Geoff Evelyn

Ten Steps to Creating a SharePoint Support Model - Geoff Evelyn

Technology
5 steps to take before migration to sharepoint online

5 steps to take before migration to sharepoint online

Presentations & Public Speaking
Keynote SharePoint Community Conference 10 Steps to Successful Deployment (NZ Style)

Keynote SharePoint Community Conference 10 Steps to Successful Deployment (NZ Style)

Technology
5 Steps to Effective SharePoint Training and Adoption

5 Steps to Effective SharePoint Training and Adoption

Technology
The Steps To Effective SharePoint Governance

The Steps To Effective SharePoint Governance

Documents
SharePoint Lesson #61: Embed non-MS Content in SP2013

SharePoint Lesson #61: Embed non-MS Content in SP2013

Education
BITeamwork 3.0: OBIEE + SharePoint 2010 2013aws3.artofbi.com.s3.amazonaws.com/BITeamwork/BITeamwork3.0-OBI… · How To Embed OBIEE in SharePoint 2010 This section provides a step

BITeamwork 3.0: OBIEE + SharePoint 2010 2013aws3.artofbi.com.s3.amazonaws.com/BITeamwork/BITeamwork3.0-OBI… · How To Embed OBIEE in SharePoint 2010 This section provides a step

Documents
5 Steps to Plan Your Sharepoint Migration

5 Steps to Plan Your Sharepoint Migration

Technology
Steps to Effective SharePoint Governance - SPFest Chicago

Steps to Effective SharePoint Governance - SPFest Chicago

Technology
Ten Steps to to Creating a Successful SharePoint Support Model

Ten Steps to to Creating a Successful SharePoint Support Model

Documents
SharePoint 2013: Workflow Manager 1.0 Installation ... · PDF filePre-install steps ... SharePoint Server 2013 and next version of Office 365. ... from SharePoint 2013 workflow resource

SharePoint 2013: Workflow Manager 1.0 Installation ... · PDF filePre-install steps ... SharePoint Server 2013 and next version of Office 365. ... from SharePoint 2013 workflow resource

Documents
Embed a Data Connected Visio Diagram in SharePoint 2013 ... · 2013 Embed a Data Connected Visio Diagram in SharePoint 2013 Hands-On Lab Lab Manual

Embed a Data Connected Visio Diagram in SharePoint 2013 ... · 2013 Embed a Data Connected Visio Diagram in SharePoint 2013 Hands-On Lab Lab Manual

Documents
5 Steps for Constructing a Successful SharePoint Migration Plan

5 Steps for Constructing a Successful SharePoint Migration Plan

Business
SharePoint Governance: From Chaos to Success in 10 Steps

SharePoint Governance: From Chaos to Success in 10 Steps

Technology
Ten Steps to Creating a SharePoint Support Model

Ten Steps to Creating a SharePoint Support Model

Documents
3 Steps to Track and Re-Plan Your Project with SharePoint

3 Steps to Track and Re-Plan Your Project with SharePoint

Business
How to Kill Innovation in SharePoint in 5 Easy Steps

How to Kill Innovation in SharePoint in 5 Easy Steps

Technology
Steps to Effective Governance - SharePoint Saturday The Conference

Steps to Effective Governance - SharePoint Saturday The Conference

Technology
10 Real Steps to SharePoint Adoption - Eric Riz

10 Real Steps to SharePoint Adoption - Eric Riz

Technology
Embed PowerPoint Slides - Texas Tech · Embed PowerPoint Slides Blackboard Tutorials for Instructors . This tutorial is about: How to embed a PowerPoint slide . Steps Choose the page

Embed PowerPoint Slides - Texas Tech · Embed PowerPoint Slides Blackboard Tutorials for Instructors . This tutorial is about: How to embed a PowerPoint slide . Steps Choose the page

Documents
3 Simple Steps for Managing Project Risks in SharePoint › wp-content › uploads › 170620-Slides.pdf3 Simple Steps for Managing Project Risks in SharePoint with Traci Grassi. Risk

3 Simple Steps for Managing Project Risks in SharePoint › wp-content › uploads › 170620-Slides.pdf3 Simple Steps for Managing Project Risks in SharePoint with Traci Grassi. Risk

Documents
A Microsoft SharePoint App · 2018-01-25 · Technical Overview. A Microsoft ® SharePoint ® App . For Productivity. Outlook Integration. Meeting Invitation – Embed invitations

A Microsoft SharePoint App · 2018-01-25 · Technical Overview. A Microsoft ® SharePoint ® App . For Productivity. Outlook Integration. Meeting Invitation – Embed invitations

Documents
SharePoint 2010 in four easy steps (SharePoint Conference Russia)

SharePoint 2010 in four easy steps (SharePoint Conference Russia)

Technology
The Steps To Effective Governance - SharePoint Saturday New York

The Steps To Effective Governance - SharePoint Saturday New York

Technology
SHAREPOINT DEPLOYMENT GUIDE AND CHECKLISTS · 2018-01-11 · sharepoint resources reverse side governance tips and more information steps to a successful managed deployment sharepoint

SHAREPOINT DEPLOYMENT GUIDE AND CHECKLISTS · 2018-01-11 · sharepoint resources reverse side governance tips and more information steps to a successful managed deployment sharepoint

Documents
SharePoint Roadkill a Hillbilly's 10 Steps to SharePoint Deployment Failure - SPS Ozarks

SharePoint Roadkill a Hillbilly's 10 Steps to SharePoint Deployment Failure - SPS Ozarks

Technology
SharePoint Fest Denver - The Steps To Effective SharePoint Governance

SharePoint Fest Denver - The Steps To Effective SharePoint Governance

Technology
SharePoint Tutorial Lesson 60#: Embed Microsoft Content

SharePoint Tutorial Lesson 60#: Embed Microsoft Content

Education