Since the Enron and Worldcomm scandals organizations have become very concerned about meeting their regulatory compliance responsibilities (Such as SOX or NERC). For the executive, audits are a scary though since if the organization isnt prepared, audits can expose gaps and lead to unwanted industry headlines. For managers, they must have a solid plan and proof of execution that demonstrates staff compliance. For staff understanding your compliance responsibilities requires training and dialogue with their manager.
So where does SharePoint fit into the equation? From a compliance perspective its a risk unless an organization has a well understood and practiced information management policy. What’s the impact? SharePoint projects being shutdown or dramatically reduced in scope. For example, one of my clients had everything except for basic Web page publishing shutdown. Why? The compliance office could not guarantee to the executives that:
- Users would not place records in SharePoint
- Security would meet Safe Harbor requirements
- Information would not be leaked to the public
Think about it for a minute…what data is in your SharePoint system? Your fileshares and public folders? Are their compliance risks? Does every user understand compliance and their responsibilities? How often do you retrain staff? Do you? For example, once you light-up Search and begin crawling File Shares your risk is even greater since it will expose security wholes (access to sensitive data). Knowing this, how do you manage the safe harbor of data?
If you can answer these questions with confidence your (client) probably at risk and an audit will eventually uncover it!