Newsletters:

Prolific SharePoint Sites Undermine Governance - Page 1

May 9, 2011
By

Jake Frazier






Business teams find collaborative tools such as Microsoft’s SharePoint invaluable for tasks such as sharing documents and ideas, maintaining version control of work product, and creating everything from new products to document workflows. However, as we saw with the exponential growth of email in the early 2000s, in the absence of sound policies and controls to enforce those policies new productivity tools can quickly grow out of control.

Today, companies are finding themselves swimming in SharePoint sites much as they have with overgrown email servers and PST (and NSF) files. According to KMWorld the number of SharePoint user licenses is more than 130 million, and according to a Global360 survey, 97 percent of organizations will eventually use SharePoint. Clearly, SharePoint is here to stay and must be dealt with. The key to managing SharePoint team sites, as with all electronic information, is the disposition (e.g., deletion) of information once it no longer has business value and is not subject to a litigation hold or regulatory retention requirement.

To accomplish the defensible disposal of information, including information in SharePoint sites, companies must put in place and enforce a record retention policy that recognizes the three major reasons to keep information: business value, regulatory requirements and legal holds.


According to the Compliance Governance and Oversight Council (CGOC) Information Governance Benchmark Report, large organizations seem to be aware of this problem but are not able to overcome the challenges. Specifically, the study states that 85 percent of organizations include electronic information like that housed in SharePoint in their document retention policies; however, 77 percent noted that their policy is not currently “actionable” with regard to electronic information.

“Today, virtually all corporate information is managed by IT in its original form and its many duplicates, yet the survey showed that legal holds and retention management practices still function as if information is simply physical records managed by records personnel and general employees,” said Deidre Paknad, CGOC founder and president & CEO of PSS Systems, an IBM company. “The survey also showed that while legal executives are well aware of the risks, they have yet to bring the CIO to the table. As data volume continues to rise, so does cost and risk – it’s imperative that CIOs and GCs recognize that they share responsibility and invest together in modernizing their information governance practices to enable rigorous compliance and defensible disposal.”

Understanding the problem

Imagine a team of marketers at a pharmaceutical company preparing for a launch of a new drug. The marketing team generates a glut of marketing materials, including brochures, magazine and television advertisements, magazine inserts, warning labels, etc. But many other departments need to access this material. For example, researchers and subject matter experts as well as regulatory and compliance officials need to review text and messaging, while internal and external media teams must adapt the material to the needs of their specific venues. In most cases, such a launch results in dozens of SharePoint sites, but for the purposes of this example, we can consider it as a single site.

Without SharePoint (or another collaborative document management tool), numerous in-person meetings would be necessary, with significant time and money invested in bringing teams together. Also, dozens, hundreds or even thousands of emails would be sent back and forth as copy and graphics are created and reviewed. Days and weeks would be lost to delays, confusion over versions, and unnecessary rework.

Instead, a SharePoint site can be set up that provides team members with specific access only to the content they need to see. Each version can be “locked” while the next reviewer is reviewing the document to ensure proper version control, and notifications can be sent to the next reviewer when it is their turn to review a given document.

Page 1 of 3


Tags: IT management, eDiscovery, IT governance, GRC,
 

0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.

Author:

Comment:

 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email

Comment:

(Maximum characters: 1200). You have characters left.