Blog Banner

Tag Archives: Risk

Michael Rasmussen on the “Big Data” Compliance Challenge

This is a topic many businesses are wrestling with without the full understanding of how “big data” is affecting compliance.

Notes from the Road: SharePoint Customer Journey


This week I’m on the road across the UK to discuss the SharePoint Customer Journey. After my first day with fellow presenters from Metalogix and KnowledgeLake, it is clear that migrating content into SharePoint is an issue. Both presenters have highlighted that it’s generally better that content is in SharePoint and the audience agreed as well. These companies come at SharePoint from two different perspectives – Metalogix to get the content into SharePoint and KnowledgeLake to find, capture, automate business processes and save content.

Olympic Security Dossier Left on Train: Could SharePoint have prevented?

The Sun reported earlier this week that a secret dossier detailing plans for policing this summer’s London Olympics were left on a train. Included in the dossier were names and mobile phone numbers of constables, sergeants and inspectors as well as details of pre-Olympics rehearsals, emergency “lock-down” procedures and plans to avoid traffic congestion.

The Guardian wrote an interesting post criticizing the Sun because of its dramatic reference that the file “contained details that would have helped al-Qaida terrorists mount a devastating attack on the Games in London this summer.” Before I get too involved with The Sun verses The Guardian newspaper, my point is that we should ensure the possibility doesn’t happen that an al-Qaida operative is on the same train at the same time as a police officer leaving a security dossier.

On this note, I couldn’t help wonder if SharePoint could have prevented this situation in the first place? Lost documents are nothing new so why does it still happen? Secure documents do not need to be left in places because they shouldn’t be printed in the first instance. It makes more sense for organizations to use SharePoint with a specific automated rules engine to define the parameters that people can access information.

In this instance, if the document was available to the constables, sergeants and inspectors mentioned in the dossier, they should only be able to access it from a computer using a secure SharePoint connection. Then, they should only be able to read it on screen or comment in a secure Team Site on the platform. No printing of the material should ever been allowed. Not only would this mean no loss of documents, but it would also help the Met monitor who was reviewing the information and how the readers felt about the plan (using the Team Site) to make improvements such as the radio comments that appeared in the dossier. Lastly, the Met could see if there was any person wanting to print the materials or access it inappropriately.

SharePoint could lend itself to a useful collaboration tool for the Met. If used with appropriate, automated compliance and security solutions, SharePoint could ensure that instances like this would be a thing of the past.

To help discover the range of issues driving organizations toward stronger content security and policy enforcement, and learn how the most forward-thinking organizations are managing content compliance, download a privacy whitepaper.


Keeping the Information Commissioner at Bay!

The increasing amount of personally identifiable information (PII) and protected health information (PHI) collected and utilised by government organisations presents an opportunity for a joined-up government, but also poses significant risk. The wrath of the Information Commissioner’s Office (ICO) and penalties associated with breaches of the Data Protection Act can be severe and all government agencies should mitigate their risk of exposure.

The E-Government Bulletin webinar, sponsored by HiSoftware, “Keeping the Information Commissioner at Bay: How to protect your organisation from content breaches” will be a live one-hour interactive online discussion on Wednesday 12 October 2011 from 14:00-15:00 GMT. The webinar will review some of the most recent and significant breaches of data privacy by local authorities and other public bodies that have incurred the displeasure of the Information Commissioner’s Office (ICO). It will examine the background and causes in each case, and the financial penalties each organisation incurred.

HiSoftware’s Chief Technology Officer, Thomas Logan, will provide insight into how these breaches could have been prevented, offering solutions and tips on how to avoid these costly pitfalls and stay on the right side of the law.

Which Camp Cares about Content in SharePoint?

Camping Who really cares about content in SharePoint? Is it driven by IT or the business? This is a question that is coming up a lot lately.

The IT Camp
Lots of the people I speak with in IT just don’t care about what’s happening with content. Their real focus is on the web platform or the technology behind the content. They feel that it’s up to the business to handle content published and governance certainly does not lie with them.

The Business Camp
The business cares about content, but can only put policies and procedures in place for employees to read. Brand image, usability, searchability and other quality assurance factors as well as the overwhelming need to protect against content risk (breaching the Data Protection Act for example) are certainly areas of great importance. However, the business doesn’t understand the technology or how to automate content compliance.

Merging Camps
What needs to happen is the business and IT camps need to align. IT needs to realise the importance of content compliance within the corporate governance strategy. The business needs to understand the technologies that are available to automate this process.

In a whitepaper authored by Mark Morrell, the former BT intranet manager, he mentions two points that underpin successful SharePoint projects and I would echo that these also apply to the content strategy:

1. Aligning SharePoint 2010 Strategy with the Business Strategy – Ensure both strategies are aligned, but also demonstrate how the intranet will contribute to the business.

2. Involving Stakeholders – Involve stakeholders such as senior management, heads of communications, human resources and business units, strong on knowledge sharing, in addition to the Head of IT and any heads within the IT function i.e. Head of IT Platforms or Collaboration with SharePoint 2010 plans to provide user requirements and feedback. By contributing to the process, user adoption is likely to be much higher.

The benefits to an organisation are certainly vast so the need for both camps to come together could provide a solid safety net and competitive advantages.

Free SharePoint Download

Risks and Rewards for SharePoint 2010

Mark Morrell - SharePoint Strategy guruWe’ve been fortunate to be able to provide our readers with an independent perspective on the risks and rewards for SharePoint 2010. Mark Morrell, former BT Intranet Manager and intranet pioneer combining strategic thinking with implementation skills, provides an in-depth look at how a FTSE 100 company tackled the intranet challenge. See below for the introduction to his whitepaper.

Readers may remember me during my time as the Intranet Manager at BT. For those of you that may not have worked with me, let me make my introductions. BT, a FTSE 100, is one of the largest global telecommunications services company in the world, operating in more than 170 countries. Its BT Retail division is a leading supplier of telephony, broadband and subscription television services in the UK with over 18 million customers.

My experience includes 15 years in an intranet role, including seven of those years as BT’s Intranet Manager. I have created and implemented strategies that helped to transform BT’s intranet into one of the best global examples for governance, engagement and collaboration. I have also established policies, implemented standards, designed corporate portals and measured the full value that BT’s intranet created.

Just Remember Who You Work For!! [Opinion]

Surveillience Collaborating in the enterprise is a tricky business especially for those of us who are used to collaboration in our personal lives. I heard one story recently of an employee of a large technology company that posted an inappropriate joke to the corporate intranet – he was subsequently fired. Now if he had posted that same joke to his Facebook page, it might have raised a few brows, even got a few tasteless laughs, but his friends would have spoke to him the next day.

The Compliance Challenge for Banks [Opinion]

British Banking Association I recently filmed a short video for the British Banking Association’s Annual Conference for Chairmen, CEO/CFO/COOs, Executive Directors, Managing Directors. As I stood in front of the camera and thought about the issues facing the finance industry, I conveyed the huge compliance challenge they face. They are increasingly struggling to keep up with the explosion of content and the growth in the number of people able to create and edit content. We are now typically talking about thousands of people.

Security Breaches will be made Public [Opinion]

Data Protection The European Commission (EC) will force firms to make their security breaches public.

In a speech at the British Bankers’ Association (BBA) Data Protection and Privacy Conference in London, Viviane Reding, vice-president of the European Commission, said “I intend to introduce a mandatory requirement to notify data security breaches. I understand that some in the banking sector are concerned that a mandatory notification requirement would be an additional administrative burden. However, I do believe that an obligation to notify incidents of serious data security breach is entirely proportionate and would enhance consumers’ confidence in data security and oversight mechanisms.”

Surrey County Council Fined £120,000 [News]

The Information Commissioner’s Office (ICO) has served Surrey County Council with a monetary penalty of £120,000 for a serious breach of the Data Protection Act after sensitive personal information was emailed to the wrong recipients on three separate occasions.

Powered by WordPress