Upload
sagefrog-marketing-group
View
221
Download
0
Embed Size (px)
DESCRIPTION
Most firms assume compliance cannot be embedded into SharePoint since the platform allows for constant changes and evolutions from end users without involving IT. However, new tools and processes being leveraged in the life sciences industry point to ways companies can constrain SharePoint to achieve compliance.
Citation preview
October 2010 S15
appropriate security models. It can also beleveraged to support approval workflows for site creation, which addresses one of the more difficult areas to manage withinSharePoint.
3. Enable digital signatures. Manyindustries have been leveraging the value ofelectronic signatures for years, e.g. for sign-ing an email or entering an ID and passwordto authenticate an approval, but a digital sig-nature is the only legally binding method in the electronic world. It not only providesthe ability to sign the document, but alsosecurely seals it against changes.
ARX CoSign adds digital signature capabilities that can be embedded within aSharePoint/Nintex workflow. The combina-tion of SharePoint, Nintex and ARX expands collaborative possibilities well beyond tradi-tional content management solutions. Exter-nal parties can be sent documents to digitallysign through workflows that automaticallyprovision the credentials without the need forIT support.
4. Institute auditing capabilities todeliver the evidence required by govern-ment agencies. Answering the question of“Who’s been doing what to my SharePointcontent?” is managed through the configu-ration of audit settings. These settingsallow SharePoint to track user activity in asecure repository that includes not onlybehaviors such as check-in and check-out,but also activities such as viewing or down-loading content.
Additionally, the use of tools such asAxceler’s ControlPoint software providesthe ability to audit your SharePoint site toanalyze user permissions at any point in theSharePoint farm, even down to the docu-ment level.
5. Develop a proper governance structure.Since SharePoint is typically not lockeddown and the structure can be changed by many users, a governance structure isnecessary to ensure that the compliantprocesses you implement with workflowsand digital signatures remain that way. In more traditional content management systems, the deployment and use of the sys-tem was controlled by the system architec-ture. Content was organized in folders andthe cabinet/folder hierarchy was typically
controlled by IT, thus providing a virtualvaccine against the viral spread of anuncontrolled taxonomy.
Since SharePoint is designed to reducethe need for IT involvement and put morecontrol in the hands of end-users, proce-dural controls must be established to ensurethat the proliferation of sites, libraries andfolders does not reach pandemic propor-tions. This is managed through an effective,multi-tiered governance structure that pro-vides guidelines and scope at each level toprovide boundaries on end-user creativity.These levels often are segmented at thefarm, site-collection and site tiers, with eachlevel building details on the decisions madein the tier above.
Prove it Through ValidationBy defining a robust information archi-
tecture that defines what and how content isstored and the ways in which it can be found,users are more likely to follow proceduresand use the system as intended. By leverag-ing powerful workflow tools and digital sig-natures that actually improve the businessprocess, activities are controlled and stream-lined in a manner that offers value to thebusiness community, rather than constrain-ing it. By configuring SharePoint to capturethese activities in the audit log and establishappropriate layers of governance to reviewand monitor usage, the necessary controlsand safeguards are put in place.
A question that Microsoft is constantlyaddressing is: “Can SharePoint be vali-dated?” While the answer to this question isclearly “yes,” many still question how it isachieved. By utilizing a risk-based approachand following the steps above, one canclearly show that major risks have been mitigated and addressed. z
HighPoint Solutions is a premier provider of specializedIT and consulting services for the life sciences andhealthcare industries. Additional information is availableat www.highpoint-solutions.com.
Five Steps to EmbedCompliance in SharePoint
In highly regulated industries, organizationsoften turn to enterprise content managementsystems like Documentum that are built to copewith stringent controls, audits and regulations,despite costs and maintenance requirementswhich exceed those of SharePoint. Most firmsassume compliance cannot be embedded intoSharePoint since the platform allows for con-stant changes and evolutions from end userswithout involving IT. However, new tools andprocesses being leveraged in the life sciencesindustry point to ways companies can constrainSharePoint to achieve compliance.
1. Establish a comprehensive informa-tion architecture. Information architecture isa conceptual model that illustrates how infor-mation is labeled, organized and made avail-able. It is as critical to the deployment and useof SharePoint as it is to traditional contentmanagement solutions. Since SharePoint isdesigned to be a viral platform that is not com-pletely within the IT group’s control, standardsmust be established and enforced to achievebusiness goals. This important requirement isoften overlooked.
Traditional system designs focused ondocument taxonomy and metadata, whichdefine how documents will be classified andtagged. A more complete SharePoint modelincludes:u Site hierarchy;u Navigation;u Look and feel;u Content lifecycle management;u Personalized content; andu Content types and metadata.
2. Embed repeatable, secure processeswith stringent workflows. Business processesthat ensure compliance can be built into Share-Point through several mechanisms. One exam-ple is Nintex Workflow, which provides adrag-and-drop graphical tool for creatingworkflow steps. Not only does the graphicalmodel encourage broader use, but select com-ponents or entire workflows can be reused,allowing firms to establish consistent methodsfor managing the content lifecycle and con-trolling approval processes.
Furthermore, Nintex Workflow offers thecapability to extend the platform to externalpartners by automating the addition of usersto the Active Directory and establishing
KMWorld
David Gwyn is vicepresident of R&Dand collaborationfor HighPointSolutions. Withmore than 20 yearsof experience in thelife sciencesindustry, Gwyn is aseasoned executivewith extensive skill indeliveringDocumentum and
SharePoint. He is a member of the ProjectManagement Institute, International Institute ofBusiness Analysis and the Drug InformationAssociation.
David GwynBy David Gwyn, Vice President R&D and Collaboration, HighPoint Solutions