Governance, Risk, and Compliance
Governance is fundamentally about making and enforcing decisions - ensuring they are made by the right people, and then put in to practice. Good governance informed by risk management and compliance concerns.
SharePoint governance centers around ensuring the success and continuity of business operations around a SharePoint deployment. The kinds of questions raised in considering SharePoint governance include:
- How do we ensure that we get business value from our SharePoint deployment
- Who should be granted access to what?
- Who pays for configuration changes to SharePoint?
- How do we ensure that key records are properly treated?
- How do we ensure that resources are properly allocated and managed?
- How do we ensure that security threats and vulnerabilities are properly treated?
These questions are answered by making decisions about responsibitilies and the use of controls, and by ensuring that mechanisms exist to ensure that these decisions are acted upon.
A SharePoint deployment typically crosses several business units, and encompasses existing and new relationships between these units.
The interfaces between business units should be based on exchange of value. "We'll do something for you if you do something for us". A key challenge in IT governance is building an appropriate exchange model - such as cost chargeback - to ensure that the IT department receives value in exchange for services offered. What makes this difficult is that different exchange models have different side-effects, and do not necessarily result in the kinds of behaviours desirable to align with broader corporate goals and strategies.
| Title | Link |
|---|---|
|
Administration accounts and roles Administration can occur at a number of levels of granularity in SharePoint. Microsoft refers to this as a three-tier administration model. The broadest, most powerful tier is that of Farm-level Administrators. This type of account provides control over the entire SharePoint farm. |
Read more... |
|
Risk Management with AS 4360:2004 The Australian standard AS/NZS 4360:2004 Risk Management - provides a description of a versatile and widely-applied risk management approach. It defines risk as "…the possibility of something happening that impacts on your objectives. It is the chance to either make a gain or a loss. It is measured in terms of likelihood and consequence." |
Read more... |
|
Security Governance SharePoint security governance is based around ensuring the confidentiality, integrity, and availability of information and services, while also ensuring that operational activities comply with relevant compliance requirements. |
Read more... |
|
Security Metrics Metrics are used to measure things. The problem they attempt to address is that of aligning organizational behavior with business goals. Good metrics provide visibility into performance, allowing for better informed decision-making, and can be used for forecasting and planning for future readiness and preparedness. |
Read more... |