It’s hard to overstate the impact of SharePoint in the realm of Information Management. From relatively humble beginnings, SharePoint has now used by over 200 million people spanning over 200,000 organizations and is found in every industry sector.
However, SharePoint on its own can not magically make Information better managed in your organisation. There is no SharePoint feature that assesses all your information, uploads just the valuable stuff, applies appropriate access controls, and fills in the metadata. In fact, most organizations with SharePoint still grapple with realising good Information Management – through no fault of SharePoint or its capabilities.
The General Data Protection Regulation (GDPR), which began as a regulatory requirement, is increasingly seen as both a catalyst and a long-term opportunity for organisations to embed better Information Management practices and thereby ultimately establish greater trust with customers and further unlock employee collaboration and productivity in many businesses.
Office 365 Capabilities
Information Management recommendations for SharePoint Online team sites draw on a variety of Office 365 capabilities. The following illustration shows four different recommended configurations for SharePoint Online team sites and file protection that balances security with ease of collaboration. These recommendations as a starting point and configurations should be adjusted to meet the needs of your organisation.
As illustrated:
- Baseline protection includes two options for SharePoint Online team sites — a public site or private site. Public sites can be discovered and accessed by anybody in the organization. Private sites can only be discovered and accessed by members of the site. Both of these site configurations allow for sharing outside the group.
- Sites for sensitive and highly confidential protection are private sites with access limited only to members of specific groups.
- Office 365 labels provide a way to classify data with a needed protection level. Each of the SharePoint Online team sites are configured to automatically label files in document libraries with a default label for the site. Corresponding to the four site configurations, the labels in this example are Internal Public, Private, Sensitive, and Highly Confidential. Users can change the labels, but this configuration ensures all files receive a default label.
- Data loss prevention (DLP) policies are configured for the Sensitive and Highly Confidential Office 365 labels to either warn or prevent users when they attempt to send these types of files outside the organization.
- For sites configured with highly confidential protection, Azure Information Protection encrypts and grants permissions for files.
SharePoint is a powerful and flexible platform that can serve organisations in a variety of information-centric scenarios, but at the end of the day it’s a tool, and it’s only as good as it’s set up to be. The intelligent compliance solutions in Office 365 help you assess and manage your compliance risks and leverage the cloud to identify, classify, protect, and monitor sensitive data residing in your Office 365 environment to support GDPR compliance.
As a Microsoft Partner, we can use our deep knowledge of the product and our years of practical experience to show organisations some of the features and services of Office 365 that can be effectively implemented to improve Information Management and accelerate GDPR compliance. For more information on how Microsoft Office 365 and SharePoint can assist you in this preparation, contact our team of experts by email: rjoyce@central-solutions.com or by phone: +353-(0)61-503009.