SharePoint & Compliance, Part I: The Tools of the Compliance Trade
For many years, compliance has been a hot topic that companies have spent much time and money achieving. Each industry has a compliance model, all with the same end goal: having documents that outline and support strategies for compliance and ensuring they are accessible to employees, customers, or auditors. Failing to achieve this goal can result in fines, audits, or legal penalties. Let’s discuss how Microsoft SharePoint—a tool used to build enterprise intranets and online workspaces—keeps the businesses it supports compliant regardless of the industry they represent.
SharePoint Maintains Compliances & Reduces Typical Compliance Headaches
Policy and procedure documents identify how compliance will be achieved and the steps employees must take to ensure compliance when executing their daily tasks. Regulations dictate that these documents be reviewed regularly, with approved copies made visible to those who must use them. Using SharePoint document libraries with metadata allow document owners to track document revision dates, approval dates, versions and approver names. SharePoint document library views can filter and sort the documents based upon this metadata to show recently approved documents or those soon to require review.
The source versions of these documents must be protected from unauthorized edits. SharePoint supports security groups for different levels of users. Based on the permissions provided to a group, SharePoint controls whether they can view, access, or edit certain documents, either individually or by library. SharePoint allows high-level users to declare documents as records, which locks them from being edited or deleted. If compliance documents are discontinued, SharePoint can archive them to a secure Records Center, where they can be retained indefinitely and retrieved if necessary.
Further protection is provided by Information Rights Management. This feature can prevent files from being downloaded or printed by specified audiences, even when accessed from computers outside your company’s network. This prevents company employees from using old or expired policies or procedures, therefore avoiding any compromise of compliance.
SharePoint also streamlines the process of maintaining compliance. In the event a policy document must be updated and approved by multiple parties, SharePoint workflows can be leveraged. By automating the process of gathering approval signatures and archiving the final approved document in a protected library, your business not only stays compliant but does so efficiently by using best practices.
SharePoint is Proven to Provide Compliance for Industry Regulations
All publicly traded companies must adhere to the 2002 Sarbanes-Oxley Act. Within a year of the law’s enactment, Microsoft announced the Office Solution Accelerators program. SharePoint and Office features that could provide compliance were extended to other products and services, rather than having to create new functionalities to meet these needs. Microsoft uses SharePoint and other Office products internally to manage its own compliance requirements, and to date has never been found in violation of Sarbanes-Oxley. Doctor’s offices, hospitals, and other healthcare industry entities must abide by the Health Insurance Portability and Accountability Act (HIPAA).
While there is no official certification for HIPAA compliance, SharePoint and other Microsoft Office products have passed audits by accredited independent auditors. By providing administrators full control of the audience that can view sensitive information, SharePoint protects patients and ensures their confidentiality with their physicians. Microsoft will also sign a Business Associate Agreement with any HIPAA/HITECH Covered Entity to satisfy regulatory requirements.
Manufacturing companies- particularly those who distribute chemical products- are required to maintain and distribute Safety Data Sheets. These sheets provide instructions on how to safely handle their products. The US Occupational Safety and Health Administration requires these documents be available to all employees and regularly audited for deficiencies. SharePoint can protect the source documents, produce copies that cannot be tampered with, and make them available to the auditors who will evaluate their coverage.
Need Help Setting Up SharePoint? We’re Here to Help! In this Part I blog post, we’ve provided abstract examples of SharePoint’s ability to conform to and support compliance of industry regulations. Stay tuned for Part II, and we’ll cite some of our own personal experiences in building SharePoint ECMs for clients of various industries as well as how we used SharePoint to help them stay compliant.
Already convinced that SharePoint is the tool you need to solve compliance headaches? Get in touch and we’ll work together to find the right path for you.