In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.
10. assess the
risks and potential costs of non-compliance against
the projected expenses to achieve compliance,
11. At the very highest level we are talking about
making the right information available to the
people who should have it and protecting it from
the people who should not.
16. The onslaught of risk and compliance issues related to
Information sharing includes:
17. By 2016, Gartner predicts
that 20% of CIOs will lose
their job due to
information governance
and compliance
18.
19.
20. “Never in all history have we
Risk harnessed such formidable
Awareness technology. Every scientific
advancement known to man
Never in all history have we harnessed
such formidable technology. Every has been incorporated into
scientific advancement known to man its design. The operational
Risk
has been incorporated into its design.
The operational controls are sound and controls are sound and
Avoidance
foolproof!” foolproof!”
E.J. Smith, Captain of the
Titanic
E.J. Smith, Captain of the Titanic
21.
22.
23. Transparency/ Data Protection/
Collaboration Management
25. 1 Know who accesses what & when
• Record and track all user interactions, security changes, and search queries in any or all of
your Microsoft SharePoint environments
2 Track employees’ SharePoint usage
• See everything an individual employee or group of employees has done and is doing in
your SharePoint environment
3 Track an item through its entire life
• See what happened to a document, including when it was created and by whom; who has
viewed it when; and when it was deleted and by whom
4 Audit SharePoint search
• See who has performed a search, for what, and when. See how often an item is returned in
search results
26. Prevention
Assign permissions & access to SharePoint site
Assign metadata or policy to content with real time filtering and
scheduling
Assign policy access rights and permissions to content stored in
Prevent File Shares
Proactive policy enforcement of secure vs. non-secure sites
through automated site provisioning & permissions
management
27. Detect
Discover offensive content with real time scans and scheduled
risk reports
Detect Search for user permission with security search
Individual user or group profile of security permissions
28. Tracking
Track user activity with the user life cycle repots
Track Track content life cycle with item life cycle reports
29. Respond & Resolve
Legal hold and tracking
Respond Archive and encryption
& Restructure permissions & access metadata and security of
Resolve content itself
In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.
http://www.youtube.com/watch?v=F7pYHN9iC9I.Twenty-six percent of Americans have been told their personal information such as password or credit card number may have been exposed by a data breach, a survey by the security firm McAfee and the National Cyber Security Alliance showed Monday. Read more at: http://phys.org/news/2012-10-one-fourth-americans-victims-breach.html#jCp
Very large Oil & Gas company in Calgary - 50% of the workforce will be retiring in the next five years. How will this change their culture?
From Jeremy’s article: Now that essentially every employee is a “content contributor”, how do you address the inherent new risks associated with meeting regulatory, statutory and organisational compliance mandates? According to a recent study conducted by the Society of Corporate Compliance and Ethics as well as the Health Care Compliance Association, fears of an accidental breach far outweighs the fears of an intentional one - 61 percent of those surveyed believed an accidental breach by employees was “somewhat or very likely”. Fear can be a motivator, but it seems that for SharePoint deployments, many organisations are turning a blind eye to incorporating the platform into overall compliance strategies. According to a report from AIIM, while 53 percent of those surveyed consider SharePoint their primary ECM system, more than 60 percent of organisations have yet to incorporate their SharePoint deployments with existing compliance policies.
Health care and compliance association – Jan 2011 (n=518)
Fortune 500 energy company in California -- Lawsuit involved $60M in fine records that should have been expunged were found.
VA – patient record sharing – Google Docs – huge trouble privacy (PHI). VA employs nearly 280,000Compliance Officers overwhelmed by compliance alerts – 20M alerts per month – 700 SP Servers – how do you manage all of this?Dropbox – innovation demands