This is a very process-driven activity that you and your legal counsel can bring in-house by automating the legal hold workflow, follow-up, auditing and reporting
I was recently discussing with a friend the steps to implement an information governance program. Unfortunately creating an information governance program is not a cut and dry formulaic process. Information governance is not just about records, but it is about information and the relationship...
Just remember that once a password is shared, all participants can view, edit, delete and that there is, generally speaking, no individual folder/file security, no versioning of documents (once overwritten the original is gone), no auditing (who made that last change?)
Turn on auditing so that the audit logs can see which users are accessing which documents
For example, exploratory search for early case assessment and processing large collections of email in a defensible and auditable way can be a significant challenge
The processes Microsoft’s staff uses also involves continuous auditing of all operator and administrator access, as well as a review of subsets of actions
With darkness came recession, with recession came audit, with audit came transparency, with transparency came the need for regulations, with regulations came the need for experience, and with need for experience came the challenges
(view only means that document cannot be downloaded or saved and is opened in a view screen) Restrict ability to share a document within a library/repository Restrict ability to add or create documents in a workspace by group or user Limit ability to search a directory/subdirectory Revoke access to the document based on preset requirements (employee leaves company) Maintain an audit trail of the document (who, where, when, what) Unauthorized attempted access reporting Enforce version control requirements (each version is protected with same rights) Help implement data protection for regulatory compliance (HIPAA, SOX, GLBA, etc.)
Other security guards required—and available—for an enterprise-class solution include: · Application security: permissions by document, folder, group, or role | check in and check out | version control | document and audit history · Synchronization: take your content with you | synchronize across all devices | automated, guided conflict resolution · Mobile security: device management | encryption | pins It’s a marriage made in heaven: your very own cloud for all your business content, accessed equally well by mobile apps, third-party apps, web portals, and browsers—on an infrastructure built to the highest security stands, one worthy of demanding military and financial institutions
2 Comments - no search term matches found in comments.
Do we have adequate audit capabilities to monitor our environment?