The Content Compliance Two-Step

With the growing danger of threats, risks can be hard to manage. IT teams must be prepared to address regulatory compliance requirements.

26 July 2014


Today’s enterprise is demanding and ever-changing — a typical work day can consist of multiple emails, brainstorms, ad-hoc sharing, off-site meetings and mobile working on-the-go. Luckily, technology has caught up with the tides, and people can grab hold and cling to an enterprise collaboration solution as their lifesaver.

To be efficient, teams need a solution that allows them freedom and flexibility to share information easily. Information technology and security teams need a solution they trust to keep the content shared secure and compliant across their organization. To accomplish the latter, these teams must assess risks regularly and provide essential reporting to ensure corporate compliance requirements — no matter if the compliance group is centralized or decentralized.

Those IT Risks: What Can You Do?

With the growing danger of data breaches, security vulnerabilities and shadow IT penetrating the workplace, risks can be hard to manage. But at any rate, IT and security teams must be prepared to support compliance groups with policies and reports that address security and the growing regulatory requirements.

Here are two important questions to ask:

  • How will IT ensure that the file sharing and collaboration solution will support its company’s compliance requirements?
  • How will users know if they comply with these requirements?

Take the matter of content compliance one step at a time.

Step one: During the vendor evaluation process, consider the capabilities you’ll need for compliance before you start sharing information. Make sure your vendor can provide the following:

  • Access, retention and destruction management. Gives the appropriate access to information and securely records data retained in the event of an audit or legal review. It also securely destroys data as company policy dictates.
  • Future-proofing. Allows your solution to remain current with your specific industry regulations and complex regulatory environment.
  • Granular and comprehensive audit and compliance. Provides compliance visibility across all sharing activity, so you know who is authorizing access to your data. Additionally, this capability allows you to easily retrieve the required granular document and user-level records if there’s an audit.
  • Support to highly regulated industries. Ensures your vendor understands strictly regulated industries and that it is validated by your regulated users for 21 CFR Part 11 (Electronic Records and Electronic Signatures) compliance and onsite 21 CFR Part 11 based validation assessment

Step two: Build your policies, regulatory standards and workflows into the collaboration solution to ensure tracking and compliance across all information shared by employees. This will let users know they comply with regulatory requirements.

  • Information access. Your organization should be able to tell at any time who is accessing what information, how often, where it goes and what has been done to it (e.g., viewed, saved, printed).
  • Reporting. Your solution should include readily available self-service reports that provide a macro view of sharing activity at the file level — a common regulatory requirement.

Want to learn more about how you can keep your information safe and compliant? Check out the “Confidential Collaboration: How to manage regulatory compliance & data privacy while keeping your data safe” whitepaper by the law firm of Field Fisher Waterhouse.