Live from SharePoint Conference 2012.
This is a partner session by AvePoint.
Governance
20% CIO’s will lose their jobs for failing to implement discipline of information governance (Gartner Research 2016 Prediction).
Requirements for IT Governance:
- people have to be involved; an Executive sponsorship is mandatory to make governance project successful
- IT: Architect, IT operation & administration
- Business Owners: workload owners, departmental & functional owners
- Back Office: Finance, Legal, HR and Communication teams
- define a set of policies
- Infrastructure
- Operations
- Information Architecture
- Information Management
- Project Management
- define process to apply policy
- Manual: encouragement, resource intensive, human error
- Semi automated: PowerShell scripts, 3rd party tool
- Automated: custom application, 3rd party tool
- use some technology to assist processes and policies implementation
Compliance, Risk and Privacy
- Risk is the potential that a chosen action or activity will lead to a loss. The notion implies that a choice having an influence on the outcomes exists.
- Compliance means conforming with stated requirements.
Challenges of compliance obligations and risks to information:
- intellectual property and trade secrets
- sensitive customers
- collaboration on strategy
- personal information
- legal and compliance obligation
- …
Some specific risks to consider:
- confidentiality leaks
- loss of data integrity
- no access to or availability of data
Questions to ask:
- how do we protect the data
- how do we reduce the risk of exposure
- how do we quickly find information
- how to we prepare for litigation and eDiscovery
- how do we ensure policy consistency
- how do we scale the compliance solution to the enterprise
- how do we control cost
- what is our cloud strategy
Don’t just focus on what you can see.
Creating and maintaining a compliant SharePoint environment is a continuous process:
- analyze the current environment
- identify non compliance
- prioritize the business needs
- diagram new security boundaries
- architect
- undertake migration
- maintain control
How do we control
Cloud readiness assessment:
- assess existing sites and content
- report on and classify content
- design compliant information architecture
- determine cloud migration approach