Data Breaches and Implementing Proactive Security Policies

Posted by EPC Group on Jan.27, 2015 5:06 pm

Data Breaches and Implementing Proactive Security Policies

Over the past few, there have been some very high profile instances of data breaches in environments of all types. The NSA IT Administrator Edward Snowden, who accessed and shared classified NSA data, has been the most widely publicized incident around this and there has been an added push to mitigate future data breaches and examine how these types of incidences actually occurred.

Do you or the assigned person within your organization have reporting capabilities regarding user access and security levels? What about the ability to view “approved” security levels or have an available feature that sends out an alert if an unapproved security level is applied to an individual? Being more vigilant around securing your organization’s data should be one of the leading drivers of your SharePoint and overall IT roadmap as many organizations have become complacent in this area.

Read More

Topics: Data Breaches Data Risk & Compliance FISMA HIPAA Information Management Office 365 Security PHI - Protected Health Information PII - Personally Identifiable Information Safe Harbor Compliance Security Policies SharePoint Security

Implementing Records Management in SharePoint 2013 & Office 365 Using a Strategic & Proven Approach

Posted by EPC Group on May.07, 2015 4:06 pm

Introduction and Strategy Overview

Over the past 15+ years,  EPC Group has found that records management initiatives can be successfully accomplished by following a framework of defined guidelines and principles driven by compliance, collaboration, associated cost, and business continuity.

It is key that the initiative has executive buy-in to both promote and enforce the overall records management initiative. You should also assign specific responsibility to a records management related team (or team member) with a recognized and central discipline within the organization.

If it key to understanding your organization’s content lifecycle, as shown in the image below, in terms of when a document is created through when it is archived and even possibly destroyed.

This is where including your organization’s legal or records team(s) in the very beginning of this effort is extremely important so that you are not developing a SharePoint ECM or RM platform without having that the legal specifics set in stone.

Office 365 SharePoint Records Managemnet Consulting Experts Services 1

 

Initial Records Management Strategies in Building Your Core Team

EPC Group’s information architects recommend that you make the following elements a key part of your approach in building your core team and framework in implementing a successful records management initiative:

■ Create classification schemes and apply standard indexing terms across the organization via metadata

■ Keep it as simple as possible at the beginning to not overwhelm the project team

■ Ensure the project team members are properly trained and there is a milestone items to develop a defined change management procedure

■ Ensure there is a clear set of descriptions for the technology and a defined glossy to avoid misunderstandings as well as to on-board new members to ensure they are on the same page with the rest of the project team

The Strategic Approach for Implementing Your Records Management Initiative

The following should be part of the core elements to your strategic approach for the overall records management initiative:

■ Ensure the ECM / RM team works closely with IT’s at all times for both capacity and overall infrastructure planning

■ Always focus your approach around scalability as the system will grow and this must be a core part of your overall SharePoint roadmap

■ Determine the clear path and approach around In-Place vs. the Record Center

■ Identify the organization’s current retention schedule or any related development of a new or updated retention schedule

■ Ensure the team thinks in terms of how best to possibly utilize the retention schedule’s attributes and their possible mapping in SharePoint

■ Clearly define the organization’s compliance requirements and obtain sign-off by executive leadership to ensure all requirements have been identified

■ Work closely with the organization’s IT security (i.e. InfoSec) teams as well as key SharePoint team members to define the overall approach to Active Directory (AD) and SharePoint security groups and related policies

■ Define the organization’s monitoring, auditing and reporting requirements in relation to the organization’s records management initiative

■ Plan for and deploy centralized “core” content types that follows with a file plan for your organization’s strategy, as shown in the figure below:

Office 365 SharePoint Records Managemnet Consulting Experts Services 2

 

It is key to identify records management roles within your organization such as the following:

■ Records managers and compliance officers to categorize the records in the organization and to run the records management process

■ IT personnel to implement the systems that efficiently support records management

■ Content managers to find where organizational information is kept and to make sure that that their teams follow records management practices

■ Power Users who work with content daily but also have ownership or responsibilities to ensure policies are followed within a given site or sites

A major goal is to implement a process to ensure that records managers and content managers can survey document usage in the organization to determine which documents should become records and be able to answer questions such as:

■ Where are records stored?

■ How best can the defined retention periods be applied to records?

■ How best can they continually communicate with the individuals responsible for updating and maintaining the content within various types of records?

Additional SharePoint 2013 RM\ECM Thoughts

EPC Group will continue to build on this topic into the actual best practice designs of both the Information Architecture (IA) and System Architecture and share additional posts around SharePoint 2013 and Office 365’s SharePoint Online Records Management (RM) and Enterprise Content Management (ECM) strategies “from the consulting trenches.”

Developing a Scalabile Information Architecture for SharePoint Office 365 Consulting 5

Topics: ECM-Enterprise Content Management ERM-Enterprise Records Manaagement Information Architecture Information Management Office 365 RM-Records Management SharePoint 2013