4 Easy Steps to SharePoint Data Compliance

Compliance and Data protection has never been more important.  Microsoft has put a huge effort behind the “Data Loss Prevention” and “Labels” as well as site designs and levels to help users do the right thing.  Unfortunately, there has been a major disconnect between the business and IT (those tech teams providing the solutions) based on SharePoint Online and SharePoint 2019.  Business users often expect that IT has already setup the proper governance, compliance settings and all that’s necessary before the solution is released.  Very few company have setup the necessary, but new built in features of Site Classification, Data Loss prevention or the new SharePoint Labels.  Something I’ve repeated in the past that’s very applicable is defaults have faults.  SharePoint out of the box is not necessarily setup to ensure compliance in your industry without configuration.  These 4 prescriptive setups designed in a easy to consume Infographic provide the settings and configuration that’s required for compliance and due diligence for modern data protection.

Download the “4 Steps to Data Compliance in SharePoint” Infographic…

Feel free to use or share this infographic it in your slides, in your blogs, with your business and review with Information security Legal or security teams.  This Infographic is designed to be shared.  It has a license of creative commons share alike.

As it relates to the importance of compliance in Office 365 SharePoint Online, many companies are missing the keys to success and may find a lot of value in seeing a sample built out based on prescriptive guidance.  SharePoint Online may seem plug and play, and releasing the service as is and letting users get on with their work and sites may seem like the right thing to do.  The reality is, with a little bit of configuration the environment can be setup in a much more purposeful way to protect data and the company from litigation due to lack of reasonable compliance actions taken to protect information privacy and records.  SharePoint Server in 2016 and 2019 have support for Data Loss Prevention.  The need for compliance and privacy applies to all types of environments.

There are really 4 key steps in setting up and configuring your SharePoint environment for base compliance.  I’ve worked with Colligo to put together this clever Infographic designed to simplify the process.  I hope you enjoy it.  Hope you like the Infographic, but even better I hope you join us for the upcoming free webinar where I’ll walk you through the 4 steps in more detail.

Free Webinar: SharePoint Data Compliance Made Easy: Site Classifications, Labels and the User Experience

Over 60-minutes we’ll review 4 Easy Steps for Compliance:

  1. Defining Office 365 Labels for information protection
  2. How to create, publish and apply Labels to Libraries
  3. How to create and apply data loss prevention (DLP) policies to warn users and block data from leaks
  4. How to make it easy for users to Save and Classify emails and files to SharePoint without leaving Outlook and Office 365

Join Joel Oleson, a Microsoft MVP/RD and 19-year SharePoint veteran with 7 years of experience at Microsoft as he shares practical guidance to keep your data secure and compliant. Colligo’s Roland Reddekop will show how users can save, classify and label emails and files right from the applications they primarily work in like Outlook and Office 365.

Title: SharePoint Data Compliance Made Easy: Site Classifications, Labels and the User Experience
Date: Thursday, April 11, 2019
Time: 8 a.m. PST, 11 am EST — Register
Date: Thursday, April 11, 2019
Time: 11 a.m. PST 2 pm EST — Register
Speakers: Joel Oleson, MVP Office Apps and Services & RD
Roland Reddekop, Colligo

>> RSVP for the Webinar

This webinar and infographic is sponsored by Colligo. See more on the colligo.com website

Yammer Governance: Enterprise Social Policies

Many companies see the power in “social media,” but are afraid for fear they can’t control it.  It’s true. You can’t control it.  First admit that and start with a strategy for how you will manage it and what policies you’ll establish around it.  It is herding cats to try to control social.  It’s better to embrace social and help provide guidance, policies and a structure for people who are looking for a platform to evangelize your product or services.

Establish Policies and Guidelines – If there are no rules, then how can you break them?  Many employees would like to be able to openly collaborate with other employees but they are afraid because they don’t know what’s against policy.  Others will be social and talk at the water cooler or even at lunch in a cafe.  “Social” is not new, only the medium for how we do it has changed.  If you want to know what Microsoft is up to, all you have to do is hang out at lunch in popular lunch venues.  I’m not endorsing that strategy, but you understand what I’m saying.  You can gather a lot of information in a lunch time cafe.

Without guidelines that help employees know what’s ok and what’s not… they will use LinkedIn, Facebook, and Twitter to share what’s on their mind.  In the enterprise, sharing on enterprise social platforms like Yammer, SharePoint and Chatter — the need for policies is just as important.  People need to understand what is expected of them.  I highly recommend that platforms be established and endorsed to help gather employees to supported platforms.  If you want to promote cross departmental collaboration it doesn’t make sense to have IT on one platform and Engineering or Product Development on another.  Some companies may compromise with Sales using Chatter, but ultimately the fewer endorsed platforms the better you’ll be for getting the momentum needed to sustain adoption and growth needed for long term success and sustainability.

Policies can be established as an End User Agreement and part of end user security training videos.  While it’s true that most people don’t read the EULA it can protect company interests.  Work with Legal or LCA to review.  They also may have templates that can work to help you get started.  In a follow up post I’ll provide some examples that you can use.  It’s amazing the variety you’ll see at companies put together very simple guidelines.

 

Sample #1 – Simple:

 

1. Don’t do anything stupid that will reflect negatively on the company, partners or customers.

2. If you are tempted to do something stupid refer to rule #1.

 

Some companies will have fun with the approach helping people understand what is ok to do, and spend less time on what abuse looks like.  Others will use the policy to clarify what is already provided in other employee agreements.  These can also be captured in an graphic designed to inform such as an infographic or simple 5 step list and periodically shared it as the network gets going.  Here’s a simple list.

 

Sample #2

Your activity in this Enterprise Social Network is governed by the following guidelines:

 

1. Everything in X Network stays in X Network! (No public posts or Tweets, etc). Confidential information may be shared here ahead of the public, and can not be shared publicly. Violation of the confidentiality clause will result in expulsion from the community and your ability to use these tools.

2. Do not use this network for personal gain such as selling services outside of the business.

3. Be respectful to other members.

4. This network does not have a service level agreement.  If you are having a desktop or software problem contact the support desk.  There is value in sharing questions or solutions to problems that may be plaguing other users.

5. Don’t do anything stupid that will reflect negatively on you or your company

 

Scale through Ambassadors and Influencers – In Yammer you’ll find a yambassador program with an approach for promoting adoption, and essentially monitoring the usage or abuse of the platform.  This is often overlooked when you dig into failed deployments.  Companies that setup the platform and simply expect “social” to happen will experience the pent up demand and then a slowing based on adoption from key influencers acceptance of the platform.  The accepted strategy is to build relationships with key influencers and share information and bring them in.

If you’re looking for more examples of policies, the Yammer YCN (Yammer Customer Network) has some great samples as well.  Not a member of the YCN? http://yammer.com/ycn request to join!

 

I write at least once a week for the ViewDo Labs blog and would like to share what I write over there.  This was originally posted as “Building the Foundations of Enterprise Social: Policies” on the ViewDo Labs blog.

Governance the #1 Challenge to Managing SharePoint

According to Gartner 66% of SharePoint Customers do not believe they have adequate governance. (Based on a recent Gartner survey) Governance can be defined as a set of defined roles, responsibilities, policies, and procedures that will help your company to proactively manage your information technology resources in a way that maximizes business value.

I spoke with Christian Buckley and he shared that Axceler has been focused on Governance this year in a big way. In their attempt to better understand the problems around governance, they have launched an initiative this year to look at the different challenges to managing SharePoint. One such effort included contributed funding of IDM’s 2012 survey of knowledge and information managers. The results from that survey illustrate that Governance is at the forefront of the major challenges to managing SharePoint.

Gartner predicts that by 2016, more than 20 per cent of CIOs in regulated industries will lose their jobs for failing to implement the discipline of information governance successfully. How does one get a handle on it when we barely understand what it is, and keep expecting that somehow Microsoft is going to address this? Is the answer to fill out a governance plan template? Is it getting a bunch of steering committees involved? What is the best way to address these compliance and regulatory issues?

Governance has been a hot button, and it doesn’t appear to be getting addressed. The more sites that are created and the more content added to a SharePoint environment, the more difficult it can be to change course, correct mistakes and implement a governance model explains Jake Frazier in a recent article on CIOUpdate.com "Prolific SharePoint Sites Undermine Governance."

Debra Logan, vice president and distinguished analyst at Gartner explains "Information governance is the only way to comply with regulations, both current and future, and responsibility for it lies with the CIO and the chief legal officer. When organizations suffer high-profile data losses, especially involving violations of the privacy of citizens or consumers, they suffer serious reputational damage and often incur fines or other sanctions. IT leaders will have to take at least part of the blame for these incidents."

After digging through this, it’s easy to understand why Axceler has initiated a four-phase survey on different facets of governance planning and in their search to investigate best practices to solving these solutions and providing these to the community. See these efforts in each of the four phases below:

The overall goal of the initiative is to provide the SharePoint community with better information about what governance is, how peer organizations prioritize it, and best practices for planning and implementing a governance strategy. Christian Buckley (@buckleyplanet) of Axceler explains "It is an effort to take a neutral look at the subject, and share the results. Instead of creating one massive survey (the longer the survey, the less likely people are to complete it) we divided our surveys into four areas, and allow participants to complete the survey without registering (without capturing name and email). However, if someone would like to receive the full results, they’ll need to register. The goal is to get everyone to participate so they can get these results."

What an important and great initiative!

Participate in the current survey on governance planning here.

In October, Axceler will be publishing a detailed whitepaper that shares all of the data from these surveys – with analysis and some commentary, as well as input from members of the community.

References:

IDM: 2012 SharePoint Survey showcases governance concerns

CIOUpdate: Prolific SharePoint Sites Undermine Governance

SharePointEurope.com: As SharePoint Use Increases, Governance Decreases by Christian Buckley, Director of Product Evangelism, Axceler

 

This Article is sponsored by Axceler