Tag Archives: Governance
A Checklist to Help with SharePoint
Enterprises deploying SharePoint 2010 have normally given detailed attention to technical considerations and will have worked hard to align the technology with corporate workflow.
SharePoint Compliance: Securing the Content & Infrastructure
Is your SharePoint Platform Content-Aware?
We know Microsoft SharePoint makes it easy to create and collaborate on content. And we also know that this results in an explosion of unstructured content, ranging from email to documents to blogs; all with the intention of having a collaborative conversation. SharePoint has also become core to operations with businesses increasingly making it their enterprise content management (ECM) system of choice.
HiSoftware Wins GRC Technology Award
Yesterday HiSoftware was named one of the recipients of the Corporate Integrity’s inaugural GRC Technology Innovation awards. The award recognizes HiSoftware Security Sheriff™ SP as a GRC solution on the cutting edge of the industry. Michael Rasmussen, an internationally recognized expert on governance, risk management and compliance (GRC) and noted as the “Father of GRC” — being the first to define and model the GRC market in 2002 while at Forrester, said:
“HiSoftware is unique in its focus of applying GRC technology to the file level within Microsoft SharePoint, the most widely deployed ECM platform on the market today. Security Sheriff offers an unprecedented level of assurance that sensitive information can be secured inside SharePoint. HiSoftware has shown true innovation and leadership with this product.”
I’m so pleased to be part of a Company that is at the forefront of innovation for GRC. Read more here. For more information about the awards, visit Michael Rasmussen’s web site.
Massachusetts Data Security Regulations: 1 Month to Deadline
The final phase of the Massachusetts data security regulation law officially entitled, 201 CMR 17.00, comes into effect on the 1 March 2011. With a month to go, businesses need to have procedures in place if they or their third party contractors handle any Massachusetts’ residents’ data, whether or not the company is located in the State.
Essentially, if any contractor, supplier, technology provider and other third party holds data on Massachusetts residents, a contract needs to be signed that says they comply with the new regulation. While the company doesn’t need to audit the third party, the signed contract should reserve the right to audit these companies.
So what does this mean for data captured or stored online by a third party? Well firstly, let’s identify a few examples of the third parties this could include:
- A marketing company with a database of Massachusetts residents that will send materials on behalf of a company
- A contractor with addresses of customers they need to supply services to, on behalf of a company
- A web developer that hosts a company’s website and requires login details
- A third party that hosts on behalf of a hospital health records or financial information
All of these instances will need to have appropriate measures in place to protect Massachusetts’ residents’ information; even if they only have a few MA residents within their data. These third parties need to assure company’s they are protecting data or face losing their client/customer.
The regulation purpose is stated as
This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
As a MA resident, I think the regulation has the right purpose. As part of the online privacy community, I also think it’s a good reminder of the importance of protecting a business. The benefits of protecting customers’ privacy are far greater to a business than the alternative. Privacy helps to:
- Protect your organization’s reputation internally and externally by assuring that your website properties are trustworthy and safe
- Immediately identify issues for correction before problems can arise
- Monitor for content or programming issues that could affect privacy requirements during website development
- Ensure that information collected from site visitors can be audited for compliance
- Create custom reports for internal website compliance management
- Earn customer confidence by providing a trusted environment of Internet confidentiality
For any company using the web to store private MA residents’ information, remember this is both internally and externally. You need automated privacy tools in place and that’s not just to enforce it, but to monitor against any breaches as it will only help to improve your data protection and help differentiate yourself against other businesses as you can show specific reporting examples, on demand, for your corporate customer or clients.
Kohl’s and USAA Earn Excellent Score in Forrester’s 2012 Customer Experience Index
Forrester Analyst, Megan Burns, blogged this week about the results of the Forrester’s 2012 Customer Experience Index (CXi). Impressively, Kohl’s and USAA, both HiSoftware customers, earned excellent scores. I believe both companies’ accessibility policies played to the strength of their customer experience. More to come on that…
There were three main takeaways from the report as said by Megan:
- Customers’ expectations of their experiences are getting higher. They’re accustomed to more options, greater control, and a worldwide platform to tell others what they think about the way brands treat them. What brands in one industry do affects what people expect from other industries, raising the bar for everyone at lightning speed.
- Parity is a moving target. Companies hoping to differentiate on the basis of customer experience (and there are a lot of them!) will have to work even harder just to catch up to the leaders in their industry. Case in point: The gap between the high and low scoring bank in our study grew by 10 points this year, in part because USAA widened its lead in this category by 6 points in a single year.
- No one can afford to be complacent when it comes to customer experience. While many scores rose this year, many also fell. Perennial leader Barnes & Noble dropped 7 points in one year, and was one of 23 brands whose scores fell by 5 points or more since 2011.
A customer’s experience presents huge revenue opportunities, but only if a site is working properly. And beyond consumers wanting and expecting a great online experience, comes the benefits of ensuring an accessible site.
Kohl’s was able to design a site for 100% of the population, rather than excluding 20% of the population with disabilities: a significant population that wants to use the Web freely and easily. While the legal team at Kohl’s drove the accessibility initiative, improved SEO was an added bonus that we are sure plays a role in benefiting the customer’s experience.
An inclusive design offers significant benefits beyond accessibility to include:
- Making a site more useable for everyone – by 35%*
- Platform independence – mobile to grow by 400% by 2015, iTV to embrace web apps
- Reduces page weight, bandwidth and maintenance
- Improves search engine rankings
- Future-proofs Web site/applications
USAA is taking the website another step further to ensure accessibility, but also to check against site quality. Site quality can have a great benefit or detrimental impact on the overall customer experience. In fact, analysis shows that a simple spelling mistake can impact revenue for a website.
Forrester’s recognition of Kohl’s and USAA is well deserved. Now if the can just get all businesses to recognize the role accessibility had in improving the customer experience, we’ll all benefit.
Check out the webinar with AbilityNet that promotes the benefits of an inclusive design to reaching new customers and improving the overall experience.
*Disability Rights Commission (DRC) ‘The Web – Access and Inclusion for Disabled People’ report 2004 (ISBN 0117032875)
For the last 6 years, Dan has helped HiSoftware customers in meeting Web Compliance requirements, specifically in the area of Accessibility and Privacy.
Governance: A key theme for SharePoint in 2012
Governance will be a key area of investment for SharePoint in 2012. It’s currently one of the main areas the platform is lacking. Built-in tools developed by ISVs will play a major role in helping organizations be compliant with global regulations and company compliance policies. But don’t just take my word for it…
In my daily reading over the past month I’ve come across a number of predications for 2012. Predictions for movies, awards, music and sports including the New England Patriots heading to the Super Bowl; and I’ve also read a lot about how Microsoft SharePoint will continue to see high user adoption. What’s most interesting is the number of people predicting that governance will play a key part to SharePoint’s development in 2012. This is an area I’ve been talking to businesses about for years as it’s absolutely necessary for the success of SharePoint.
Video: Web Compliance for Financial Services; Cable & Wireless and HiSoftware Partnership
Large enterprises are leading the way in Cloud computing adoption. These businesses are often in the most heavily regulated industries like banking, financial services, retail and utilities. Including HiSoftware Compliance Sheriff as part of a flexible computing platform offers these customers a technology to safeguard the business against both intentional and unintentional content breaches that could result in large financial penalties.
For banking and financial services clients with complex requirements, content compliance underpins effective communication. Cable & Wireless partnered with HiSoftware to showcase its BANKING 20|20 vision: to build a more agile platform for growth whilst simultaneously driving down operational costs.
View the video.
Does Governance in SharePoint Cover Content Compliance?
Image Credit: Afsart
On the AIIM website, there was a posting called “Governance: overused, misunderstood, flavour of the month?” I read it with interest as the author and quoted SharePoint consultant agreed that “governance is one of the most overused terms in the SharePoint community.”
The author quoted Paul Swinder (@pswider), SharePoint Consultant:
“Governance might be one of the most overused terms in the SharePoint community. Governance exists at many levels in different organizations. There is corporate governance, legal governance, project governance, system governance and many more. SharePoint governance might fall under system governance. It is a small piece of what might be a much bigger effort. Most often SharePoint governance discussions are a sub-topic of system governance, specifically one of many systems in our organization. (We need to) begin to break governance issues down to small efforts.”
The author then mentioned that he believes there are two parts to governance, “the guiding principles that help shape your direction and the actions taken to enforce those guiding principles.”
The enforcement is the tricky part for many businesses. Putting together a governance framework presents its challenges, but once done, it’s done. Whereas continuously monitoring SharePoint for any governance breaches becomes time consuming and costly, unless automated.
When reading this, I couldn’t help but ask the question does governance cover how people use SharePoint or does it govern the content that sits within SharePoint? The content is the area of underlying risk for many organisations and without proper compliance and monitoring of it businesses can be open to financial penalties or litigation. A solid governance strategy should outline what is and isn’t appropriate content from publishing sensitive customer data to correct branding. However, governance is about enforcement. An automated solution is the only way to monitor for compliance and protect a SharePoint project from unnecessary risk.
The Missed 6th Lesson for SharePoint Governance Plans
There is a great blog on Network World from Susan Hanley on the ‘5 Lessons I’ve Learned about How to Create Memorable and Useful SharePoint Governance Plans.’ In it she talks about the SharePoint Governance Plans she has worked on and the 5 lessons she’s learned about creating useful and memorable governance plans.
The five lessons are:
- Lesson 1: No one cares about governance … until you make it all about them!
- Lesson 2: Less is more
- Lesson 3: Create a roadmap
- Lesson 4: Build best practices in to your site templates
- Lesson 5: A governance plan doesn’t replace the need to provide training and training should include the governance plan
I’d suggest another:
Lesson 6: Automate the governance plan where possible
She is correct that no person will read an 80-page document and unless something is in it for the user, people won’t pay attention. If you automate as much of the governance plan as possible, then SharePoint users will pay attention and proper governance will follow.
Subscribe to our RSS Feed 
Follow Us on Twitter 
Find us on LinkedIn 