These are my notes from a webinar presented by Knowledge Management Associates, Inc. that featured speaker: Sean Megley, KMA SharePoint Architect and resident “compliantist.”
What contributes to the cost of compliance?:
- Lack of Tools
- Ad hoc audits
- Random frameworks
- Unreliable results
Sean thinks we should free ourselves from the “tyranny of spreadsheets and email!”
The greater the number of people you can get involved in compliance, the better the results. You want it to be easy, you want to get lots of people involved, and you want it to be part of the workflow. He thinks using SharePoint as a central database and portal effectively centralizes the processes and information.
Being in compliance means that you have evidence of compliance. You need a log to prove the steps you have taken.
Sean went through some more theories of compliance and then moved on to display a model SharePoint portal for compliance. The portal also incorporates InfoPath for replicated business processes. The portal logs the forms and data from InfoPath.
Sean used a wiki as a way to communicate, with links to key documents and policies.
Sean notes that the heart of SharePoint is a document repository. You can store documents and wrap information around the documents.
SharePoint has an alert feature built into its lists and libraries. The alert can trigger action based around compliance. SharePoint will let you know when something is changed or added.
SharePoint has key performance indicators (KPIs) to track controls.
Knowledge Management Associates is offering to pre-package the portal with controls and regulatory requirements built-in as a starting point. For example, he has put the text of a regulation and then mapped it to the controls of the company.
Why SharePoint and not Excel? SharePoint takes information in a spreadsheet and exposes it for other people to see and to allow other inputs and logging of changes.
SharePoint can be used for project management. It has a rudimentary Gannt chart tool.
The big question is whether you want to inflict SharePoint on your co-workers and IT staff. It can be a beast to manage and some of the 2.0 tools barely work.