Last December, we posted a blog article about how Microsoft SharePoint is “particularly well-suited” to manage user access requests. With the right enhancements and configurations, SharePoint can give teams the power to regulate access to physical and digital resources and thereby protect their organization’s security.
Controlling who has what access to data and systems is critical, but another important aspect of security management is compliance with regulations. Thousands of organizations work with highly sensitive data, from patient medical profiles to corporate financing records. Much of this data needs to be meticulously recorded, maintained, and accessed based on government and private sector regulations; remaining compliant with these regulations is not only critical to business operations, but is also mandated by law.
Industry-specific protocols vary widely and include a veritable alphabet of agencies and legislation: Sarbanes-Oxley (SOX), HIPAA, PCI, FISMA, and HITECH, to name a few. Staying compliant and following approved policies and procedures requires a system that can not only manage access request, but also provide additional services that assist employees in understanding and adhering to security regulations.
SharePoint for Security Policies and Employee Training / Education
Using SharePoint to manage user access requests is an important first step in implementing or expanding a security regime in an organization — but it can be taken further. SharePoint can provide additional security management services, three of which are detailed below. Implementing these processes will not only help a company to maintain compliance, but will also be a strong barrier to security losses and data breaches.
Security Policies need to be well documented, kept up to date, and readily available to all who need to read and comply with them. Security policies can be treated as assets, where they can be quickly viewed, tracked, edited, and shared with colleagues. Meta-data and properties about each policy and procedure can be recorded and used to manage these documents. Updates, revisions, review dates, annual renewals, and more can all be tracked with a policy management program. We have a variation of our Asset Management program that is adapted for this purpose.
Document Attestation can be implemented to confirm that employees read and acknowledge policies and documentation that apply to them. This can be done with a SharePoint tracking system, such as a version of our Help Desk that is modified for this purpose.
Employee Training – Employees can be assigned training tasks and activities to ensure they know how the policies pertain to their work and what procedures to follow to adhere to the company policies. A program like our Request Management system for SharePoint can be used to assign training tasks and track employee education and training results.
By using SharePoint or Office 365 for Security Policy Management, Document Attestation, and Employee Training, along with User Access Request Management, an organization can build a strong and compliant security foundation. Integrated security solutions such as these give organizations the tools they need to meet compliance and auditing requirements, while fostering communication and engagement across the enterprise.