How to manage third-party risk with SharePoint

SharePoint has long been used as a tool to collaborate and communicate with external third-parties. It’s document management tools make it particularly well suited to co-working on many types of project. It’s flexible permissions, and self contained site structure model lends itself neatly to creating easy to use project specific spaces.

Consider the following scenario:

A departmental team get together to work on a new project. They want to develop a new type of widget, which they hope they be every bit as good as the widgets they make now but significantly cheaper. Before they do anything they need to conduct some research and then put together a presentation to the board.

Using SharePoint they can easily:

  • Create a dedicated site for their project, using a standard Team Site template
  • Assign simple user roles like Administrator, Contributor, and Reviewer using the ‘out of the box’ permissions model
  • Create and add documents, using a mix of Office Web Apps and the Office desktop clients to author and edit
  • Keep track of versions easily, and check documents in and out when individuals are working on them
  • Use SharePoint slide libraries to put together their final presentation

Reaching outside of their department

SharePoint fulfills the team’s requirements nicely, and using its core features they can set to work on their research and presentation. However before showing anything to the board they need to get some information from external third-parties. This is where ‘out of box’ SharePoint starts to fall down a little.

Specifically they want to be able to:

  • Open up their project site to selected third parties – Setting up and managing user accounts for external users can be tricky, often involving the IT department
  • Ensure these third parties have signed Non Disclosure Agreements covering the project – SharePoint doesn’t support a means to ensure people have read and acknowledged documents.
  • Share their research – Working in an Extranet environment makes this tricky for SharePoint
  • Gather feedback on the feasibility of their ideas – SharePoint feedback features are limited

It is possible to get the resident IT department to add third parties into the company’s main Active Directory user directory. This would in turn grant them access to SharePoint. But the IT guys are very busy, and it takes a long time to action requests. They also aren’t too keen on Active Directory becoming clogged up with temporary or guest accounts.

SharePoint doesn’t offer support for sign off or ‘read receipts’ of documents either. It’s survey function is basic, and it doesn’t support anyway to test if a document has been read or understood.

Building on solid foundations

Requirements like those described above are very common. Collaboris, in collaboration with our partners RioLinx, have developed a number of products that solve these problems.

Building on all that is great about SharePoint, Collaboris DocRead and DocSurvey and RioLinx Extradium offer secure enterprise grade solutions to managing and working with third parties in SharePoint. They help to reduce risk, empower non technical administrators, and perfectly complement ‘out of the box’ SharePoint.

Extradium allows non technical SharePoint administrators to setup a secure means of adding third party users. With requiring traditional IT department assistant, Extradium allows third parties to be treated like any other SharePoint users.

DocRead transforms collaboration with third parties. It allows any document to be easily distributed and then digitally acknowledged, with powerful reporting features to feedback on who has and hasn’t responded to mandatory reading requests. It uses standard SharePoint document libraries and lists, and takes the main out of managing third party mandatory reading.

DocSurvey supports advanced surveys and quizzes, making it really easy to solicit feedback and comments from users. DocSurvey surveys can be attached to any ‘out of the box’ SharePoint document, and can be used to ensure third parties have fully understood policies and procedures.

Managing third-party risk

Together DocRead, DocSurvey, Extradium and SharePoint can take the risk out of managing and working with third parties. SharePoint provides the base platform, with rock solid foundations and the features that many users have come to rely on.

Extradium makes it easy to add and manage third parties users, giving them access to SharePoint in a controlled and secure manner. DocRead and DocSurvey adds powerful ‘required reading’ and survey functionality – managing all aspects of assigning, tracking and confirming document acknowledgments.

Our departmental team, looking at developing better widgets, knew they wanted to use SharePoint and its powerful base feature set. With DocRead, DocSurvey and Extradium they can continue to use a tool they trust by adding powerful additional functionality that just works.

Find out more about how DocRead and Extradium can reduce the risks of working with third parties in SharePoint.