BLOG > ARTICLE

3 tips for staying compliant in a world where everyone customizes

4 min read

So the adoption of your digital workplace goes through the roof. And while everyone tailors it to their needs, how do you ensure that you stay compliant?

Compliance is a must

Depending on its market, geography, and size, your organization might be required to comply with laws and regulations. They could require you to prove that you have processes in place for properly managing information in your organization. But they could also require you to prove that these plans are actually enforced. And if you’re using SharePoint, or Office 365, you might have a tough nut to crack.

Compliance is a must imageThe sky is the limit

SharePoint is well-known for its extensibility capabilities. For years, it was a box of building blocks that you would use to assemble whatever solution you would need: from collaboration space to records management or even a public website.

More recent versions of SharePoint offer more complete and ready-to-use functionality out of the box, but still, there are plenty of ways for you to extend it to do whatever you need. It’s great, because it allows you to get more value for the money and make the technology work for you, but it also comes at a high price. Because everyone can extend SharePoint to their needs, without a proper plan, your intranet will grow uncontrollably, exposing your organization to risks.

Unfortunately, Office 365 only adds to this problem. Where organizations using SharePoint on-premises can only extend SharePoint, in the cloud your colleagues can also use powerful tools such as Flow, PowerApps or Teams to build powerful customizations. Again, these tools are very powerful and offer your organization many benefits, but left uncontrolled, they can become a compliance nightmare.

sky's the limit image3 tips In a world where everyone customizes, how do you stay compliant

Neither SharePoint nor Office 365 offers you a centralized location to manage all customizations. So to stay compliant, you need to take the initiative yourself. Here are 3 tips that will help you stay compliant.

Define a governance plan

Compliance means something different to every organization. Geography, market or size are factors that determine what laws and regulations your organization must meet with regards to information management. Typically, these laws and regulations are generic, so once you know them, you have to translate them to requirements specific to your digital workplace. With regards to Office 365, you could think of high-level things like data classification but also things like whether or not users should be allowed to embed scripts on pages and if so, what the process for that is to ensure compliance.

Create always up-to-date inventory of all applications

Having a plan is just the first step. No matter how good and clear it is, you have to put it to work.

As I mentioned earlier, there is no central location in SharePoint or Office 365 to manage or even see all customizations. And that’s a tricky part because over the years, SharePoint can now be customized in multiple ways and they’re all still available to your colleagues today. So to be able to see what different applications are in your environment, you will have to build something that would crawl the whole environment and discover all applications. It’s not trivial but you can’t continue without it.

Measure applications compliance status

Once you know what applications you have, you can start verifying to what extent they meet your compliance requirements. Some checks might be trivial. Some might require a more thorough analysis of the application and its building blocks. The most important part is, that whatever approach you choose for tracking the compliance status, it must be repeatable and automated.

In a recent scan of a SharePoint environment that we have done for a large enterprise, we discovered over 10.000 applications and more applications were being added to their environment every day. There is no way you can analyze that amount of applications on time not to mention regularly verify if anything has changed.

Next steps

Meeting compliance regulations is not easy, especially in the context of a digital workplace that employees can easily tailor to their needs. But if your organization is required to meet them, then you don’t have much choice other than to try to find a way to control your SharePoint and Office 365 with as little effort as possible. And we could help you with it. Click the button below to learn more about our Rencore Assessment offerings.

Book an Assessment

Waldek Mastykarz

Waldek is a Microsoft Office Development MVP and Head of Product at Rencore. He reinforces our product development adding loads of business experience from working as a SharePoint consultant for more than 10 years. Waldek is passionate about what he does and shares his enthusiasm through his blog and as a regular speaker at conferences and community events all over Europe. Recently, Waldek joined the SharePoint Patterns and Practices (PnP) Core Team to help developers make better use of the SharePoint and Office 365 platforms.