SharePoint Server is one of many collaboration tools that allows organizations to share documents, share knowledge, create metrics and help diverse and scattered team members work more effectively.
IT managers who are thinking about using SharePoint should also consider how it affects compliance in their organizations.
The first thing to figure out – while keeping compliance requirements in mind – is how SharePoint will be used. Will SharePoint be used to collaborate and update spreadsheets that are used to make business decisions or to process business transactions? Will it be used to create metrics and other information upon which business decisions are made? Will it be used as a data backup repository?
If "yes" is the answer to any of those questions, then there will be some compliance issues to tackle.
Windows IT managers should also ask whether the SharePoint Server will include personally identifiable information – or PII, accounting information, intellectual property or mission-critical information. It's not always a good idea to put PII and sensitive data into such collaboration systems. But, if the need arises, it's imperative that this information is properly secured.
Determining SharePoint Server location
Once IT managers establish how they will set up SharePoint, they must determine where to house SharePoint and who will be using it. Here is what they should ask themselves:
Is SharePoint Server
If SharePoint is located on a server on the Internet, extra layers of security controls will be needed. Furthermore, if SharePoint is hosted on an outsourced vendor's site, Windows IT managers will need to ensur
To continue reading for free, register below or login
To read more you must become a member of SearchWinIT.com
e not only that the vendor has proper controls in place but also that the security controls are detailed in the contract.
Once they establish how SharePoint will be used and where it will be located, Windows IT managers must consider the compliance implications of using a SharePoint Server platform. They should consider how the server is used internally as well as with business partners and customers.
There are common compliance requirements that apply to most laws, regulations, industry standards, contractual requirements and policies that managers need to address within a SharePoint environment. They include:
Supporting compliance requirements of SharePoint Server
Here are four ways for Windows administrators to support the wide range of compliance requirements:
This is just a short list of what Windows managers need to do to meet compliance requirements within a SharePoint environment. Putting these action items into practice will address 80% to 85% of the requirements for most organizations.
To stay up to date about the full range of compliance requirements for your SharePoint Server environment, Windows IT managers and administrators alike must establish an ongoing dialogue with their information security and compliance teams.
Rebecca Herold, CISSP, CISA, CISM, CIPP, FLMI, has more than 17 years of experience in IT, information security, privacy and compliance and is the owner and principal of Rebecca Herold LLC. She is an adjunct professor for the Norwich University Master of Science in Information Assurance program and is writing her 11th book. Her articles can be found at www.privacyguidance.com and www.realtime-itcompliance.com.
