information management, Why You Must Identify Risks in SharePoint Technology #SPTechCon

SharePoint stakeholders can't know their risks without knowing their requirements.

And they can't know their risks without knowing the potentially adverse effects of those risks.

Bill English, 11-consecutive SharePoint MVP winner, champions these thoughts. Knowing your risks and potential outcomes can lead to strong governance and compliance.

And as English told an audience here today at the SharePoint Technology Conference at the Boston Park Plaza hotel, "Governance is the enforcement of compliance." 

Know Your Risks

Where do you start? 

"I think you get your risk factors from your business and technology requirements," said English, CEO of MindSharp. "Because if the business requires this -- A, B and C -- and you need the software to do A, B and C, what are the risks if those things don't happen? So you develop your risk indicators from your requirements."

It won't be easy figuring this stuff all out.

Some SharePoint stakeholders are new at this -- or, maybe they haven't thought about good governance and compliance since Joel Oleson, or "SharePoint Joel," released a SharePoint governance plan in 2007.

"Joel basically redefined management as governance," English told CMSWire, "and so what I'm trying to do is redefine governance as governance and redefine management as something else. Most people here (at the conference) have never heard of governance from this perspective."

Small vs. Large

Entity size matters. SharePoint users in small organizations will have different types of risk than those large enterprises.

Smaller? Risks will come from the "desires for what they can do around SharePoint vs. capabilities," English said.

Larger? "They will probably will have more risk around processes that become broken or stuck," English said, "or from just a lack of training and all kinds of moving parts, which is why a good enterprise architect really helps to make sure that your governance is in place."

Is Microsoft Helping?

As far as security management goes, English told CMSWire that Microsoft could do better in SharePoint.

information management, Why You Must Identify Risks in SharePoint Technology #SPTechCon

"Microsoft has done a really bad job of giving us good interfaces for security management," English said. "I shouldn't have to go third-party to get the kind of security management and reporting that I need and that's what they have done. And from a records management standpoint, they didn't give any reporting about where all the records are in the farm. You can't you find that out of the box."

Microsoft had not issued an immediate response per a CMSWire request today regarding SharePoint security management.

UPDATE: A Microsoft spokesperson, in an email to CMSWire shortly after 4 ET today, said Microsoft in May announced a number of security and compliance improvements, as well as a new Office 365 Trust Center.

"These are our latest offerings and announcements surrounding SharePoint security," the spokesperson said.

Know Your Effects

SharePoint stakeholders must realize potential outcomes to truly know their risk.

"It's the effects that are the risks," English said. "That's what the cost is."

English broke down potential effects into four categories: loss of finances, loss of goodwill, loss of customers and loss of top talent.

"Top talent doesn't like to work at mediocre organizations," he said. "They like to work at great organizations. That's where your real risk is. The fact that I let information out to the wrong people is bad, but the risk is that the information will be used against me. And customers learn about that, and they stop buying from me."

Get 'Em on Same Page

Shelley Norton knows a thing or two about risk. She works for Boston Children's Hospital and is a member of a learning and development team.

They work with sick children every day, and keeping children healthy is the natural priority. And of course, that comes with major risks. 

"There must be some place, a wheels-fall-off-the-bus kinda risk where everybody in the organization knows how critical it is to your organization," said Norton, a SharePoint user. "There must be something that makes everything grind to a halt when it's brought up." 

Title image by Howard Grill (Shutterstock).

Check out CMSWire's other coverage from the SharePoint Technology Conference: