GRC Roll-up: Good Governance in SharePoint 2010, Feds Outlines Cloud Security Standards

4 minute read
David Roe avatar

Even with the year winding down, there’s still some movement in the GRC space. This week, we looked at SharePoint governance with Quest, ASG bought Atempo, the new HIPAA standard is just about on top of us, and the U.S. government outlined its new security standards for cloud computing.

Good Governance for SharePoint 2010

Coming to the end of another year and we’re still discussing problems and solutions around SharePoint. This week, CMSWire Managing Editor Barb Mosher sat down with Bill Evans, Quest Software's VP and GM of SharePoint, and Chris McNulty, SharePoint Strategic Product Manager, to discuss the governance issues SharePoint users face.

The problem with SharePoint, they said, is that organizations get so excited there's an app in-house that workers can use so easily that they sometimes forget they need to plan how it should be implemented.

However, good governance strategies go a long way toward making software more user-friendly. In a recent SharePoint user survey, Quest found that only 17% of organizations implementing SharePoint had a governance committee.

ASG Buys Atempo

On the acquisition front, ASG has announced that it has acquired Atempo, a provider of data protection and backup management software.

The integration of Atempo's backup and archiving solutions expands ASG's ability to automate and simplify the management of complex IT environments and to reduce risk across the IT lifecycle.

By integrating Atempo's technologies into ASG's solutions, the company will provide a scalable, long-term data protection solution that works across any infrastructure and on any platform.

And with 13 offices worldwide, the new product will be a global offering.Atempo's archiving technology is focused on the long-term preservation of digital assets, storage resource optimization and capacity planning, metadata management and ensuring e-Discovery accessibility and meeting compliance requirements.

Also in acquisitions,DocuTech, mortgage data compliance vendor, has acquired the assets of Lender Support Systems, mortgage document software from parent company, Emphasys Software.

The acquisition of LSSI's Docs3D software and customer base enables DocuTech to continue growing its existing presence among regional banks and credit unions. 

Vanguard Upgrades Security Offering

Information security software vendor Vanguard Integrity Professionals has upgraded its security and compliance software solutions.

The new version of Vanguard Security and Compliance Solutions includes support for IBM z/OS 1.13, improved operational security management, expanded reporting capabilities and optimized performance enhancements.

With it, users get more granular control and detailed reporting capabilities that enable customers to achieve better security and respond to evolving regulatory requirements.

Learning Opportunities

The majority of the enhancements in this release were developed in response to customer requests, the company says.

New HIPAA Standard On the Way

And with the New Year on the horizon, January 1 is the deadline for the required adoption of the new standard for electronic claim transactions, the 5010 standard.

The 5010 standard replaces the 4010 standard and is required to accommodate regulatory changes in core billing processes such as claims submission and remission, claim status inquiry, eligibility inquiry and transaction acknowledgement.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress fifteen years ago, way back in 1996.

It spawned the HIPAA Privacy Standard (and a zillion Notice of Privacy Practices forms) and the HIPAA Security Standard, both enacted in the prior decade. One facet of HIPAA was a requirement that the Department of Health & Human Services create standards for all "covered entities" (i.e., medical practices, health plans, clearinghouses) to use when electronically conducting core administrative transactions.

The present standard is known as 4010 for short. The 5010 standard is an expansion for the 4010 and will allow for more efficient claims transactions. It can accommodate ICD-10 codes, which are slated to debut in October 2013.

Government Outlines Cloud Security Guidelines

Finally this week, if you think competition in the cloud computing market is getting crazy, then you'd better brace yourself, because it's set to get crazier.

The White House has outlined its approach to cloud computing for the next year that will see dozens of legacy systems go, as well as a new set of uniform security requirements that contractors will have to meet.

This has been in the works for a long time and many of the bigger cloud computing bruisers have been waiting around to see what they produce before launching a full-scale assault on Washington.