ISO 27001, COBIT & ITIL Compliance with SharePoint
Governance frameworks exist to help businesses and organisations implement best practice in their particular fields. They encourage the use of proven methodologies, aid compliance with relevant standards, and can generally help reduce risk and operating costs.
Three of the big governance frameworks for those operating in the Information Technology space are ITIL (Information Technology Infrastructure Library), ISO 27001 (International Standards Organisation) and COBIT (Control Objectives for Information and Related Technology).
Principles, Guidelines and Tools
All three frameworks offer a mix of guidance, advice and practical tools. Each has its own focus, though they can be used in conjunction. The latest version of COBIT now integrates with the ITIL standard, for example.
ITIL
ITIL is focused on how IT Services should be used to underpin business goals and objectives. Originally developed by the UK government in the 1980s to standardise their growing IT use, it is now used by institutions and businesses of all shapes and sizes.
ISO 27001
ISO 27001 is focused on information security standards, and was last updated in 2013. It describes a number of best practice guidelines for ensuring electronic data is maintained in a safe and secure manner.
COBIT
COBIT is a governance framework aimed at regulatory compliance and risk management. Now in its fifth edition, it covers areas like audit and assurance and governance of enterprise IT systems.
DocRead extends the SharePoint experience
As is often the case with SharePoint systems, the ‘out of the box’ experience does not provide the complete solution. Often additional tools or functionality are required. This is especially true when it comes to implementing and adhering to governance frameworks like those looked at above. SharePoint requires a tool like DocRead to extend and enhance its feature set.Examples of how how DocRead can help include:
Mandating Policies
All governance frameworks include policies and procedures that need to be read and understood. ISO 27001 accreditation in particular requires employees to confirm they have signed up to particular methods of working. DocRead allows any document to be distributed to a specific audience, and request formal digital sign-off saying they have read it.
Testing Understanding
ITIL, ISO 27001 and COBIT are evolving standards, with new versions and updates released on a regular basis. For an organisation to remain accredited requires ongoing effort and work. DocSurvey expands DocRead, allowing users to be tested on their understanding of the material and processes they signoff. Where DocRead helps with digital acknowledgement, DocSurvey greatly enhances digital learning and education.
Tracking User Activity
All frameworks require that a company's employees are proactively engaged. DocRead supports full tracking and reporting on non-compliant activity and users. Reports can be exported, filtered and sorted, and sliced and diced as required. Companies preparing for accreditation, or simply checking ongoing adherence to a particular standard, can use the tracking tools within DocRead to make the process easier.
Enhancing List Based Features
SharePoint allows many aspects of the ITIL, ISO 27001 and COBIT frameworks to be implemented as list based datasets and tools. DocRead not only offers the ability to target documents to users, but also makes targeting items stored in SharePoint lists simple. Once distributed, users are required formally to digitally sign-off and acknowledge the list item.
Have you heard about DocRead Smart Move?
"Smart Move" refers to the technology that detects when a user joins or leaves a group or audience. DocRead is able to utilise Smart Move to ensure that your users only ever receive the correct policies and procedures. This makes it ideal for on-boarding, secondments, new project work, external contractors and many other uses. When we ask for feedback, Smart Move is often voted as DocRead's most powerful feature. Read how Smart Move can save you hours of manual administration.