Every time an employee innocently sends a forgotten password to a co-worker over the system, every time an HR staffer forwards a resume to a hiring manager, every time a website content writer posts a new blog entry with an old brand mark -- there’s a question of violation of GRC rules.

The Shattered Web

Just a few years ago, the term “eContent” would have been dismissed as a typo. Today, it’s a term that almost every organization has to deal with. With the enterprise moving online to a greater and greater extent, companies are finding enhanced efficiencies in electronic documents and collaborative workflow -- creating a new kind of management challenge. Suddenly, Web 2.0 and 3.0 realities have come up against compliance requirements for privacy and risk management.

Customers are becoming more comfortable in providing their personal information, such as credit card numbers, addresses and financial data. But they are counting on the companies handling that information to do so in a confidential and secure manner. Within the enterprise, employees’ personnel files, pay data, passwords and other material have to be secure even as they are updatable. Every single day, more content is created and uploaded into the company’s store of material -- perhaps into the Cloud.

Not too long ago, information created by a company was generally static, or perhaps updated only quarterly. Today, companies know that to keep up with the marketplace, they must provide continuous digital content -- every day, sometimes every hour, to external audiences. Simultaneously, within an enterprise, work teams are creating even more content: documents, videos, presentations, audio files and more.

Into this Wild West of eContent comes SharePoint. This platform opens up collaborative possibilities across the enterprise, allowing everyone to contribute and participate in projects, even remotely. Because of its ease of deployment, low initial cost, and high business value for facilitating collaboration among team members, SharePoint has experienced a “viral spread.”

Content is exploding in both structured and unstructured formats -- it is virtually all electronic and subject to corporate and regulatory policies governing its dissemination, accessibility and security. In fact, analysts at such research firms as Forrester Research and The Gartner Group are confidently predicting that within five years the current Terabytes of data that many private and public sector organizations are responsible for will become Petabytes, and will continue to grow exponentially.

The Growing GRC Problem

At the same time that content is growing exponentially, compliance standards for risk protection are becoming more stringent. Regulations include COPPA, accessibility requirements such as Section 508, an enterprise’s own governance policies for defining inappropriate content and brand integrity, and, finally, industry-specific rules, such as HIPPA 5010. What’s a CIO to do in the face of these complex and seemingly endless demands? It seems that every quarter brings new regulations, along with new technologies, designed to open communication channels ever further and at the same time increasing GRC challenges.

Every time an employee innocently sends a forgotten password to a co-worker over the system, every time an HR staffer forwards a resume to a hiring manager, every time a website content writer posts a new blog entry with an old brand mark -- there’s a question of violation of GRC rules.

Is it possible to train everyone, to keep that training up to date, and to ensure compliance all the time? Do you even want to be regularly pulling people from their productive work to make sure they are trained in all the rules? And even if a company does so, will it actually work? Human error is a fact of life -- not even factoring in the disgruntled employee or hacker -- routine risks that every enterprise faces in this day of instant communication.

While training will always be a cornerstone of compliance, organizations need rigorous systems in place to safeguard themselves from content that exposes them to risk.

Need for Greater Compliance and Risk Management

IT managers and executives need quicker, automated and proactive solutions to get ahead of these problems. Organizations need to mitigate risk, ensure compliant Web properties, and eliminate countless personnel hours spent on testing Web content and applications.

The good news is, these goals are now entirely attainable. Technologies are now available to help organizations of all sizes examine and correct their compliance issues through automated compliance monitoring. When selecting a solution to monitoring content compliance across the enterprise, there are a number of factors to consider.

What to Look for in an Automated Content Compliance Solution

Full Integration into Workflow

By fully integrating within existing workflow, the successful content monitoring solution is able to test throughout the life-cycle of all enterprise content, ensuring compliance at every step. This integration allows for automatic monitoring for privacy issues, inappropriate content such as profanity, and other governance issues, including accessibility. Full integration into employee workflow can also helps to prevent issues before they even exist.

Empowering the Executive Team

The best content monitoring solutions can provide executives with immediate, complete and concise dashboard reports on the compliance status of an entire website or specified sections. This reporting gives the executive team a snapshot of compliance at any instant. Policy owners can have their policies quickly implemented and document their successes over time. Many of these reports are also required by compliance regulations and can be used for historical data.

Customization

Organizations need to be able to include their own customized policies (such as brand control and language monitoring) along with the regulated compliance issues. With easily customizable solutions, organizations can have the flexibility to monitor for security breaches as specific as project code names and merger news within moments. This type of customization is critical to receiving the best possible results from your content compliance solution.

Simplifying Work by the IT Staff

The beauty of an automated solution is in the man-hours that it frees up. The reporting structure of the software should include capabilities for technical users to identify the exact locations of errors, and even highlights the violating code. Other considerations for the technical team should also include the robustness of the rule sets in place. The more in-depth the solutions pre-installed rule sets, the less work the organization’s team will have to do on the other end.

The Solution

The content explosion has forever changed the landscape of enterprise content compliance. Manual monitoring and training are no longer sufficient to protect the enterprise from falling into non-compliance. But automated content compliance solutions protect the organization every day, every minute. They are the next line of defense in protecting the organization, its information and its reputation.

Editor's Note: You may also be interested in reading: