On the Road with SharePoint
I always wanted to be a rock and roll star.
More specific
ally, the lead man in a band with legions of followers who hung on every guitar lick and spent way too much time thinking about the lyrics I sang. I dreamed of “riding that train” with Jerry, Janis and The Band, jamming and well… Alas, personal responsibility, a lack of musical talent, and the need to eat something more than veggie burritos on Shakedown Street, killed my rock and roll dream.
Or so I thought.
Accessibility in Microsoft Office 2010
Microsoft pro
vides an Accessibility Checker in Office 2010 that alerts users to certain accessibility issues in a file so that potential problems can be fixed that might keep someone with a disability from accessing your content. It allows an author to test for errors, warnings and tips at the time of authoring. While this tool is one step in the right direction for Microsoft as it offers help in creating more accessible content, it is still a few steps behind.
The problem lies with Accessibility Checker only checking. It does not guarantee that everyone in an organization is using it before publishing, saving or sending a document. It also requires employee training if they wish to use this as a solution to ensure their documents are accessible.
How to Prevent SharePoint Mistakes
Readin
g Mathew J. Schwartz’s article in Information Week, ‘10 SharePoint Security Mistakes You Probably Make,’ there were a few items of particular interest.
- The first was on the discovery that in the case of Bradley Manning leaking 250,000 U.S. State Department cables, the forensic expert “discovered Wget scripts on Manning’s computer that pointed to a Microsoft SharePoint server holding the Gitmo documents. He ran the scripts to download the documents, then downloaded the ones that WikiLeaks had published and found they were the same, Shaver testified.” (Source: Wired, Forensic Expert: Manning’s Computer Had 10K Cables, Downloading Scripts)
HiSoftware Wins GRC Technology Award
Yesterday HiSoftware was named one of the recipients of the Corporate Integrity’s inaugural GRC Technology Innovation awards. The award recognizes HiSoftware Security Sheriff™ SP as a GRC solution on the cutting edge of the industry. Michael Rasmussen, an internationally recognized expert on governance, risk management and compliance (GRC) and noted as the “Father of GRC” — being the first to define and model the GRC market in 2002 while at Forrester, said:
“HiSoftware is unique in its focus of applying GRC technology to the file level within Microsoft SharePoint, the most widely deployed ECM platform on the market today. Security Sheriff offers an unprecedented level of assurance that sensitive information can be secured inside SharePoint. HiSoftware has shown true innovation and leadership with this product.”
I’m so pleased to be part of a Company that is at the forefront of innovation for GRC. Read more here. For more information about the awards, visit Michael Rasmussen’s web site.
Content Managers Take Heed: Section 508 is Changing
The Section 508 regulations are about to change. That shouldn’t be a big surprise because, as technology leaps forwards, the challenges and opportunities for people with disabilities also change. Consequently, the rules for what kind of technology the government can use or buy should also change. These changes have been in the works for years. Change is coming and it’s inevitable. But while it may look innocent and inevitable, it isn’t. Read on for more details.
For web content, the most obvious change will be from the relatively basic 16 requirements in the older Section 508 regulations to the complex 38 “success criteria” that comprise the Web Content Accessibility Guidelines (WCAG) 2.0 levels A and AA. That’s a daunting but not insurmountable challenge.
A bigger challenge is the impact on content management systems. As accurately reported by Fierce Content Management, the new rules will affect:
- content that is public facing;
- content that is broadly disseminated within the agency;
- letters adjudicating any cause within the jurisdiction of the agency;
- internal and external program and policy announcements;
- notices of benefits, forms, questionnaires and surveys;
- emergency notifications;
- formal acknowledgements; and
- educational and training materials.
In other words, exactly the sorts of things agencies use content management system to do. Further, the new rules cover “authoring tools” that are used to create that content. Because so much content is created in CMS these days, the systems will all have to change if they want government customers. Certainly a big change for some, but a welcome one. Emphasizing better tools and backend technologies obviously make it easier to create compliant content. And, it also drives the market to make these technologies available to everyone.
But all is not rainbows and unicorns in the current draft Section 508 regulations. The new regulations require that IT needs to separately meet both the “functional performance requirements” and the “technical provisions.” What this means is that, even if you comply with all of the nitty-gritty technical requirements, you still have to demonstrate that people with various types of disabilities can use your product. This means getting people with different disabilities to “sign off” on your product before making a Federal government sale—and still risk being denied because your testers didn’t accurately reflect all users with those disabilities. If you also find that a little troubling, feel free to let the Access Board know how you feel before March 7. Those who wish to provide comments should contact Kathy Johnson at johnson@access-board.gov, (202) 272-0041 (v), or (202) 272-0065 (TTY).
To learn more about Web accessibility read the whitepaper Content Management Systems (CMS) and WCAG 2.0.
Ken Nakata is a well-known figure in the area of IT accessibility and works as the Director of Accessibility Practices for HiSoftware. His work focuses on web and software accessibility from both a legal and technical perspective. Nakata has helped shape the government’s policies for the Americans with Disabilities Act and Section 508 of the Rehabilitation Act.
Massachusetts Data Security Regulations: 1 Month to Deadline
The final phase of the Massachusetts data security regulation law officially entitled, 201 CMR 17.00, comes into effect on the 1 March 2011. With a month to go, businesses need to have procedures in place if they or their third party contractors handle any Massachusetts’ residents’ data, whether or not the company is located in the State.
Essentially, if any contractor, supplier, technology provider and other third party holds data on Massachusetts residents, a contract needs to be signed that says they comply with the new regulation. While the company doesn’t need to audit the third party, the signed contract should reserve the right to audit these companies.
So what does this mean for data captured or stored online by a third party? Well firstly, let’s identify a few examples of the third parties this could include:
- A marketing company with a database of Massachusetts residents that will send materials on behalf of a company
- A contractor with addresses of customers they need to supply services to, on behalf of a company
- A web developer that hosts a company’s website and requires login details
- A third party that hosts on behalf of a hospital health records or financial information
All of these instances will need to have appropriate measures in place to protect Massachusetts’ residents’ information; even if they only have a few MA residents within their data. These third parties need to assure company’s they are protecting data or face losing their client/customer.
The regulation purpose is stated as
This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
As a MA resident, I think the regulation has the right purpose. As part of the online privacy community, I also think it’s a good reminder of the importance of protecting a business. The benefits of protecting customers’ privacy are far greater to a business than the alternative. Privacy helps to:
- Protect your organization’s reputation internally and externally by assuring that your website properties are trustworthy and safe
- Immediately identify issues for correction before problems can arise
- Monitor for content or programming issues that could affect privacy requirements during website development
- Ensure that information collected from site visitors can be audited for compliance
- Create custom reports for internal website compliance management
- Earn customer confidence by providing a trusted environment of Internet confidentiality
For any company using the web to store private MA residents’ information, remember this is both internally and externally. You need automated privacy tools in place and that’s not just to enforce it, but to monitor against any breaches as it will only help to improve your data protection and help differentiate yourself against other businesses as you can show specific reporting examples, on demand, for your corporate customer or clients.
Kohl’s and USAA Earn Excellent Score in Forrester’s 2012 Customer Experience Index
Forrester Analyst, Megan Burns, blogged this week about the results of the Forrester’s 2012 Customer Experience Index (CXi). Impressively, Kohl’s and USAA, both HiSoftware customers, earned excellent scores. I believe both companies’ accessibility policies played to the strength of their customer experience. More to come on that…
There were three main takeaways from the report as said by Megan:
- Customers’ expectations of their experiences are getting higher. They’re accustomed to more options, greater control, and a worldwide platform to tell others what they think about the way brands treat them. What brands in one industry do affects what people expect from other industries, raising the bar for everyone at lightning speed.
- Parity is a moving target. Companies hoping to differentiate on the basis of customer experience (and there are a lot of them!) will have to work even harder just to catch up to the leaders in their industry. Case in point: The gap between the high and low scoring bank in our study grew by 10 points this year, in part because USAA widened its lead in this category by 6 points in a single year.
- No one can afford to be complacent when it comes to customer experience. While many scores rose this year, many also fell. Perennial leader Barnes & Noble dropped 7 points in one year, and was one of 23 brands whose scores fell by 5 points or more since 2011.
A customer’s experience presents huge revenue opportunities, but only if a site is working properly. And beyond consumers wanting and expecting a great online experience, comes the benefits of ensuring an accessible site.
Kohl’s was able to design a site for 100% of the population, rather than excluding 20% of the population with disabilities: a significant population that wants to use the Web freely and easily. While the legal team at Kohl’s drove the accessibility initiative, improved SEO was an added bonus that we are sure plays a role in benefiting the customer’s experience.
An inclusive design offers significant benefits beyond accessibility to include:
- Making a site more useable for everyone – by 35%*
- Platform independence – mobile to grow by 400% by 2015, iTV to embrace web apps
- Reduces page weight, bandwidth and maintenance
- Improves search engine rankings
- Future-proofs Web site/applications
USAA is taking the website another step further to ensure accessibility, but also to check against site quality. Site quality can have a great benefit or detrimental impact on the overall customer experience. In fact, analysis shows that a simple spelling mistake can impact revenue for a website.
Forrester’s recognition of Kohl’s and USAA is well deserved. Now if the can just get all businesses to recognize the role accessibility had in improving the customer experience, we’ll all benefit.
Check out the webinar with AbilityNet that promotes the benefits of an inclusive design to reaching new customers and improving the overall experience.
*Disability Rights Commission (DRC) ‘The Web – Access and Inclusion for Disabled People’ report 2004 (ISBN 0117032875)
For the last 6 years, Dan has helped HiSoftware customers in meeting Web Compliance requirements, specifically in the area of Accessibility and Privacy.
Global Data Privacy Day: Are you doing enough?
On the 28th Ja
nuary, organisations are being asked to take stock of how they handle data protection. Are your customers’ details safe? Your employees? Are you doing enough to ensure an individual’s right to protection of personal information as a fundamental freedom?
Data Privacy Day is an annual international awareness initiative that commemorates the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. In this networked world, in which we are thoroughly digitized, the day promotes awareness about the many ways personal information is collected, stored, used, and shared, and educates about privacy practices that will enable individuals to protect their personal information. It brings together advocates from businesses, governments, academics and not-for-profit organizations to promote collaboration and encourage dialogue on the issue of privacy.
Michael Kaiser, executive director, National Cyber Security Alliance said about the day, “As people across the globe continue to integrate the Internet into their daily lives, it becomes increasingly important that everyone understands privacy in the digital age, how to safeguard their data and own their online presence.”
Data Privacy Day is celebrated across the United States and Canada with European Privacy Day 2012 serving as the day’s counterpart in Europe. The European Privacy Day 2012 summaries the need for the day:
2011 was a year with privacy discussions about Facebook, use of hacking by journalists, use of intelligent CCTV by police forces, use of twitter during urban riots, face recognition, smart houses and smart viewing of houses, and ICT for active ageing.
Declarations and writings stating that ‘privacy is dead’ confirm the urgent need for more debate about these issues.
When pondering over all these online and offline developments, the first impression is not only that many facets of privacy are at stake, but that attitudes and responses of people are evolving. Despite all the declarations on the death of privacy, 2011 has shown that people do care about privacy both offline and online and are highly imaginative in the ways to strike back at these developments.
Resources
In honor of Data Privacy Day, you’ll find a compilation of white papers and on demand Webinars to help you make 2012 the year you take charge of your privacy initiatives. This extensive library of free resources provides valuable strategies, advice and processes from industry thought leaders to help you put an effective privacy program in place and ensure that sensitive data is kept private and secure.
Use these resources to ensure your organization is complying with privacy laws and regulations and start earning consumer confidence.
Olympic Security Dossier Left on Train: Could SharePoint have prevented?
The Sun reported earlier this week that a secret dossier detailing plans for policing this summer’s London Olympics were left on a train. Included in the dossier were names and mobile phone numbers of constables, sergeants and inspectors as well as details of pre-Olympics rehearsals, emergency “lock-down” procedures and plans to avoid traffic congestion.
The Guardian wrote an interesting post criticizing the Sun because of its dramatic reference that the file “contained details that would have helped al-Qaida terrorists mount a devastating attack on the Games in London this summer.” Before I get too involved with The Sun verses The Guardian newspaper, my point is that we should ensure the possibility doesn’t happen that an al-Qaida operative is on the same train at the same time as a police officer leaving a security dossier.
On this note, I couldn’t help wonder if SharePoint could have prevented this situation in the first place? Lost documents are nothing new so why does it still happen? Secure documents do not need to be left in places because they shouldn’t be printed in the first instance. It makes more sense for organizations to use SharePoint with a specific automated rules engine to define the parameters that people can access information.
In this instance, if the document was available to the constables, sergeants and inspectors mentioned in the dossier, they should only be able to access it from a computer using a secure SharePoint connection. Then, they should only be able to read it on screen or comment in a secure Team Site on the platform. No printing of the material should ever been allowed. Not only would this mean no loss of documents, but it would also help the Met monitor who was reviewing the information and how the readers felt about the plan (using the Team Site) to make improvements such as the radio comments that appeared in the dossier. Lastly, the Met could see if there was any person wanting to print the materials or access it inappropriately.
SharePoint could lend itself to a useful collaboration tool for the Met. If used with appropriate, automated compliance and security solutions, SharePoint could ensure that instances like this would be a thing of the past.
To help discover the range of issues driving organizations toward stronger content security and policy enforcement, and learn how the most forward-thinking organizations are managing content compliance, download a privacy whitepaper.
Governance: A key theme for SharePoint in 2012
Governance will be a key area of investment for SharePoint in 2012. It’s currently one of the main areas the platform is lacking. Built-in tools developed by ISVs will play a major role in helping organizations be compliant with global regulations and company compliance policies. But don’t just take my word for it…
In my daily reading over the past month I’ve come across a number of predications for 2012. Predictions for movies, awards, music and sports including the New England Patriots heading to the Super Bowl; and I’ve also read a lot about how Microsoft SharePoint will continue to see high user adoption. What’s most interesting is the number of people predicting that governance will play a key part to SharePoint’s development in 2012. This is an area I’ve been talking to businesses about for years as it’s absolutely necessary for the success of SharePoint.
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 