Compliance Sheriff for SharePoint
Written by chris

HiSoftware Compliance Sheriff® SP for Microsoft SharePoint® 2010


Unstructured SharePoint Content is Putting Your Organization at Risk

With more than 65,000 customers and counting, there’s little doubt that SharePoint is rapidly becoming one of the market’s most widely deployed enterprise content management (ECM) systems. But despite this rapid adoption, gaps in SharePoint remain, particularly when it comes to data compliance and the management of private or otherwise sensitive content. In fact, only 20 % of the respondents to AIIM’s 2011 survey indicated they had sufficient confidence in SharePoint security to store sensitive information. And more than 60% of organizations surveyed have yet to bring SharePoint into line with their existing compliance policies.

Harness the Power of SharePoint Without the Compliance Risks

Compliance Sheriff SP is HiSoftware’s award-winning content-aware compliance solution for SharePoint. Fully integrated with SharePoint 2010, Compliance Sheriff SP allows organizations to realize the full ECM potential of SharePoint while mitigating the risk of a privacy breach and ensuring compliance with specific regulations and internal policies using the following functionality:

  • Scan: Organizations scan information at rest within their SharePoint sites against the Compliance Sheriff rules engine to assess the level of sensitive information present and identify compliance issues. In addition to information at rest, Compliance Sheriff SP also scans data in motion against these corporate policies as documents move in and out of your SharePoint environment.
  • Report: Through the Policy Dashboard, Compliance Sheriff SP provides executive visibility into SharePoint compliance status. Via standard reports, compliance and privacy officers get real-time insight into the compliance status of the SharePoint environment, identify teams or departments where issues are recurring, and measure progress against compliance objectives over time.
  • Classify: Compliance Sheriff SP continuously scans your SharePoint content and applies metadata values based on your specific policy parameters and business rules. Content scans are triggered:
    • by the Compliance Sheriff Server to scan data at rest within a specific SharePoint site, library or list;
    • automatically as new documents and items are added to SharePoint; or
    • by authorized users when they create and/or edit an individual document or content item.

HiSoftware is the only vendor to deliver both policy and user-based classification within SharePoint, offering layered protection that supports both compliance and information security mandates. A number of basic classification categories come standard with the solution, however, an organization may easily customize any number of new classification categories for their specific needs. Once an item is classified by Compliance Sheriff SP, the classification values can then be utilized by Security Sheriff SP to encrypt and/or apply permissions that restrict access to the item, regardless of the permissions applied to the larger SharePoint site, library or list in which the item physically resides. Classification can also aid in e-discovery, search and retrieval, and provide a persistent form of identification for sensitive content as your SharePoint environment grows and evolves.

Flexible Rules Engine

HiSoftware’s flexible content-aware rules engine ensures information moves in and out of your systems in accordance with your privacy policy, Written Information Security Program (WISP), and brand standards while preventing a damaging breach of private or other confidential information that could impact your bottom-line and your corporate reputation. Specific rule sets are pre-defined to address compliance with HIPAA/HITECH, MA 201 CMR, FISMA, COPPA, Section 508 and WCAG 1.0 and 2.0, OMB 10-22 and many other federal and state regulations. These rules are available for use in both Compliance Sheriff SP and Security Sheriff SP and are broken out into four modules, each sold separately.

  • Privacy – HiSoftware’s Privacy Module automatically scans SharePoint sites to detect the presence of PII and PHI and notify policy officers and privacy managers. Depending on your organization’s unique compliance approach and risk threshold, Compliance Sheriff can also confirm the use of secure methods to collect private information with the proper consents, and that whenever information is stored, accessed or moved, it is only by credentialed users and only to appropriate locations. Some of the specific privacy checkpoints offered standard with the privacy module include HIPAA, FISMA, COPPA, OMB 10-22 cookie guidance, and MA 201 CMR 17.
  • Accessibility – HiSoftware’s Accessibility Module establishes ongoing, automated checks to ensure SharePoint accessibility concerns are seamlessly managed and that compliance issues are flagged and prioritized for swift remediation. The Accessibility module Module checkpoints map to all the common Web accessibility standards, including Section 508, WCAG 1.0 and 2.0, Canadian Common Look and Feel (CLF) and XML Accessibility Guidelines (XAG).
  • Brand Integrity and Site Quality – HiSoftware’s Brand Integrity and Site Quality Module consistently scans and analyzes SharePoint content for broken links brand conformance issues such as logo consistency and integrity, correct legal name usage, copyrights and more. This module also includes checkpoints to monitor for offensive or inappropriate language that may be included in collaborative environments such as blogs, discussion lists or other user-generated social computing content. Detailed reports help development and quality assurance managers pinpoint and fix issues before issues arise.
  • OPSEC Information Assurance – The Compliance Sheriff OPSEC Module monitors and verifies that SharePoint content complies with federal risk assessment practices and the U.S. government’s OPSEC guidelines. This includes operational military information and helps to determines if published SharePoint content references any information that would reveal sensitive movements of military assets or the location of units, installations, or personnel where uncertainty regarding location is an element of the security of a military plan or program. These safeguards help protect against the accidental disclosure of confidential information and fully integrates OPSEC testing into quality assurance and content delivery processes for your SharePoint farm.

HiSoftware Connectors for Microsoft Office and Microsoft Outlook

By deploying the HiSoftware Connectors for Microsoft’s Office and Outlook applications, organizations can add further controls to prevent sensitive content from being viewed by unauthorized users. Compliance Sheriff SP, working in concert with the Connectors, allows individual content contributors to scan and classify content on its way into and out of SharePoint from within the familiar Microsoft ribbon interface. Once classified, credentialed Privacy or other policy officers may choose to upgrade, downgrade or override a user classification, as needed, to ensure that a specific document is tagged with the proper level of sensitivity. Both Connectors are optional add-ons and are sold separately.

Learn more about the HiSoftware Compliance Sheriff SP

Contact a HiSoftware solutions specialist to discuss your compliance needs.