Blog Banner

Category Archives: Compliance

What’s Going on with Web Accessibility in Australia?

Australian FlagThere is a lot of nervousness and talk on Web accessibility in Australia these days.  That’s because there is a looming deadline on the horizon.  In 2010, the Australian government made headlines when it was one of the first governments to require the W3C’s Web Content Accessibility Guidelines (WCAG) 2.0 AA for all public sector websites.  This followed the country’s adoption of the Disability Discrimination Act (DDA) in 1992 and the UN Convention on the Rights of Persons with Disabilities (UNCRPD) in 2008 (note that the United States has still not ratified the UNCRPD).

In a nutshell, there are three main actions:

  1. Any websites that are owned or operated by the Australian government need to conform to WCAG 2.0 level AA by the end of 2014. This requirement applies to all Web content—regardless of whether it is on the Internet or intranet.  In other words, this requirement doesn’t just apply to government-owned public-facing sites, but also covers government employee-only sites, such as SharePoint sites.
  2. In addition, Australian government agencies are required to provide accessible alternatives to all PDF documents.
  3. Lastly, agencies are required to report on their progress in meeting WCAG 2.0 AA.

The new requirements provide some limited exemptions for older content created before July 2010.  For this older content, agencies have a choice—either (1) decommission and archive the content or (2) ensure it conforms to the older WCAG 1.0 requirements.

SPTechCon: SharePoint Compliance & Security, Chris McNulty Book Signing & More

Logo of SPTechConSharePoint security continues to be an ever present concern for organizations. Consider some recent stats on content security:

  • 46%, out of the 60% who indicated that their companies support BYOD, say that their companies do not use tools or policies to protect corporate data. Survey results reported by Bank Systems & Technology
  • Only 15% of respondents said their information governance plan is “in place, it’s important and it’s communicated and enforced.” AIIM survey of 548 members of its community

Next week, join HiSoftware at SPTechCon: The SharePoint Technology Conference in San Francisco to discuss these issues and how to keep SharePoint secure while maximizing your investment in the collaboration platform. Head on over to the HiSoftware Booth (605) to learn more about our award-winning solutions for secure collaboration and have some fun Sheriff style!

BBC Reports: 2014 the Year of Encryption

decorative image of padlockThe BBC reported that 2014 is the year of encryption. The article points out government surveillance and the threat of attacks from hackers as the main cause. Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company advised in the article:

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure “hardened” computers.

Outside threats are a huge concern, but effective content security needs to be handled from the inside. Forrester reported that 75% of data breaches come from within a company. Of these, 63% result from an employee losing or misplacing corporate assets; 12% were breached with ill intent.

HiSoftware on How to Avoid SharePoint Governance Mistakes

Decorative image of Most Wanted logoLast week our very own Kurt Mueffelmann joined Ruven Gotz, SharePoint MVP, Avanade alongside Jill Hannemann, Practice Director for Advisory Services, Portal Solutions and Gail Shlansky, Director of Product Marketing at Metalogix in a best of breed webinar “Most Common Governance Mistakes In SharePoint (and how to avoid them).”

Kurt gave some tips during the webinar that CMSWire included in a write up of the webinar:

On the topic of putting governance plans in place, the panelists said no template is automatically right for you organization. Kurt said, “Try not to boil the ocean. Decide what’s important to your organization.”

Asked if the [governance] plan belongs to the IT department or business managers, the panelists agreed that there shouldn’t be a single owner. “We look at it as being a team sport,” said Kurt. “I think it’s multifaceted. It not just whether IT or business owns it. It’s both.”

HHS to Survey 1,200 HIPAA Covered Entities

Healthcare networkThe Department of Health and Human Services’ Office for Civil Rights (OCR) announced it will survey up to 800 covered entities and 400 business associates to gather information as part of the first step in selecting organizations for the next round of HIPAA audits. The survey “will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit.” OCR intends to collect information that includes “recent data about the number of patient visits or insured lives, use of electronic information, revenue and business locations.”

In a blog by Robert W. Liles, Esq., he writes:

This latest survey may point to a revitalization of the HHS OCR HIPAA Audit Program, which has not been active since the conclusion of the pilot audit program in December 2012. It will provide another opportunity for HHS OCR to examine different mechanisms for compliance with HIPAA/HITECH, identify best practices, and discover new risks and vulnerabilities.

What can providers – as well as business associates – expect in the next round of HIPAA audits?  Providers should anticipate that HHS OCR will focus more specifically on many of the problem issues identified in the pilot audit program – timely and thorough security risk assessments, effective and ongoing risk mitigation plans, breach notification procedures, encryption, training, and policies and procedures.

Most Common Governance Mistakes In SharePoint (and how to avoid them)

Decorative logo of Metalogix Best of Breed ShowcaseYesterday I joined Ruven Gotz, SharePoint MVP, Avanade alongside Jill Hannemann, Practice Director for Advisory Services, Portal Solutions and Gail Shlansky, Director of Product Marketing at Metalogix in a best of breed webinar “Most Common Governance Mistakes In SharePoint (and how to avoid them).”

The discussion focused on the mission critical role SharePoint plays in an organizations content management and collaboration efforts and as a result, the important role governance plays in securing information integrity. We also touched on optimizing the value of content stored, accessed and shared within SharePoint. Despite the fact that governance is considered critical, most organizations suffer from a governance gap.

During the webinar, host Ruven Gotz asked panelists a series of questions. Some are summarized below.

Privacy Breaches Must Stop!

Decorative image privacyIf you think content security is a nice to have; think again. Just last week, it was reported that Stanford Hospital & Clinics and two of its vendors are set to pay more than $4.1 million to settle a class action claim. The claim said they violated a state privacy law by allowing the medical information of approximately 20,000 emergency room patients to be posted online for nearly a year.

According to a statement released by Stanford:

  • Multi-Specialty Collection Services and Corcino & Associates will pay $3.3 million
  • Stanford Hospital & Clinics will pay $500,000 for a program to educate vendors on recent regulations that hold them accountable for privacy breaches
  • The hospital will also pay $250,000 to cover the administrative costs of the settlement

Stanford’s breach of protected healthcare information (PHI) was unknowingly and illegally displayed on a public website for nearly a year, beginning on Sept. 9, 2010 before it was discovered. With such steep financial settlements and/or government penalties possible, not knowing that someone in your organization accidentally published PHI or other personally identifiable information (PII) is not a defense. This isn’t an isolated case, a Forrester report shows that a surprising 75% of breaches come from within the company, not outside threats like hackers.  Data from CyberFactors shows a similar picture, where 50% of the reported incidents were caused by an external actor, 40% by someone inside the organization, and 6% by a third-party contractor or vendor. 

Complete Solutions for Making Web, Office and PDF Content Accessible

Decorative image of Keyboard key with handicap symbolIdentifying issues is an important first step to accessibility; making the necessary fixes to the content is the key to achieving compliance. This is why we have now partnered with NetCentric Technologies, makers of the popular CommonLook suite of software and services for accessible electronic documents. Working together, we will provide our customers complete solutions for making Web, Office and PDF content accessible.

This partnership makes a lot of sense for our customers who are looking for a way to easily identify and fix problematic Office and PDF documents. When used together, Compliance Sheriff and CommonLook can ensure that all digital content within the organization is compliant.

Live from CSUN 2014

It’s Friday morning at CSUN 2014.  This year has been a whirlwind of exciting opportunities, catching up with clients and industry colleagues, and contributing to the discussion about different technologies.  Here are some of the things that have kept us busy.

  • IAAP Launch.  Yesterday morning, we were at the official launch of the International Association of Accessibility Professionals (IAAP).  HiSoftware is a founding member of IAAP.  What’s not as well-known is that HiSoftware was called in at the last minute to orchestrate the accessibility testing of the content management software that IAAP will be using.  The event was a complete sell-out and had a huge attendance.   I think people in this space want and need a way to “professionalize” the accessibility profession (e.g. through certification exams) and to collaborate on a global scale.  If you are tasked with accessibility, I urge you to get involved!

#SPC14 Roundup

SPC14 HiSoftware boothLast week I was at the SharePoint Conference in Las Vegas to talk everything SharePoint compliance and security. After a few days reflection, here’s my roundup of the week:

 1.        Everything Compliance

Microsoft did a lot of taking about SharePoint, Office 365, and Yammer. It became clear that attendees were bee lining it for us to discuss how to make this all compliant. The challenge for these organizations is that they store highly confidential documents that contain personal health information (PHI) and personally identifiable information (PII). Some need to comply with PCI rules. So how do you make all of this compliant? As Microsoft continues to encourage all types of collaboration across its portfolio of products, technology that can audit, classify, restrict, encrypt, track and control content will become essential.

Powered by WordPress