AvePoint ® Compliance Guardian is designed to ensure that information is available and accessible to the people who should have it and protected from the people who should not. Compliance Guardian helps organizations proactively protect SharePoint environments from harmful information leaks, contamination, or misuse while simultaneously ensuring that all activities and content residing in their environments are compliant, accessible, and manageable. AvePoint Compliance Guardian bridges the gap between compliance, IT, and the business to establish as well as support a constructive, productive, and compliant environment.
AvePoint Compliance Guardian helps organizations tackle the spectrum of areas that encompass compliance and risk mitigation, including (click on the boxes below for more information):
Compliance Guardian enables organizations to easily validate their IT systems, applications, and content against standards-based and custom organizational policies for accessibility. Compliance Guardian’s accessibility features allow users to test against regulatory requirements including: Section 508 of the Rehabilitation Act, Web Content Accessibility Guidelines (WCAG) 1.0 and 2.0, and Common Look and Feel (CLF).
Automated accessibility testing for content and IT system frameworks can also incorporate input from human testing to further validate test results and ensure compliance with the most rigorous standards. By aggregating discovered accessibility defects along with additional Compliance Guardian data, such as content access history, organizations can assign priority to the errors for decisive action. If you already have SharePoint deployed, learn more about AvePoint’s capabilities for SharePoint accessibility.
To continue reading about how AvePoint Compliance Guardian provides your organization with the means to to meet various web accessibility requirements, read one of our featured blog posts from one of AvePoint’s compliance subject matter experts at DocAve.com
AvePoint’s end-to-end solutions provide an integrated, full risk management life cycle approach that allows customers to address Operational Security (OpSec) and Sensitive Security Information (SSI) requirements and securely manage highly sensitive data. Compliance Guardian helps to close operational and security gaps caused by inadvertent mishandling of data or relaxed permissions controls for information stored on the Web or internal systems, ensuring no information that is sensitive in nature (e.g. ITAR information or logistical data) can be taken advantage of by a malicious third party, drastically mitigating risks of accidental breaches.
Through a multi-step approach to compliance, Compliance Guardian scans and reports on enterprise content for sensitive data including personally identifiable information (PII), protected health information (PHI) as well as Sensitive Security Information (SSI); tags or classifies that content appropriately; and takes action to protect your environment from privacy violations by deleting, quarantining, securing, or routing content to a more appropriate location. Compliance Guardian can be invoked as part of a real-time compliance risk assessment and risk management system and also used as part of an ongoing audit program, allowing organizations to continuously improve their compliance posture.
Ensure that your content complies with requirements for site quality, brand management, and maintains a consistent look and feel across your organization.
Compliance Guardian is designed to empower organizations to comply with regulatory, statutory or organization specific requirements to manage and oversee access to sensitive data by:
Compliance Guardian works with AvePoint's extended Compliance Solutions to provide a "heat map" that provides additional actionable context about the document including: how old is the document, who authored it, how many times has it been accessed, who can access it, who has accessed it and what have they done with it. In this way organizations can take specific steps to protect their environment and further mitigate the likelihood of a breach or data leak.
Through Compliance Guardian's graphical user interface, technical and non-technical compliance officers, including privacy officers, security officials, 508 coordinators, company executives, and SharePoint administrators, can:
By identifying, classifying, and taking action on compliance risks - and presenting this information in easily digestible formats for various stakeholders, organizations can more effectively build and maintain a compliant framework.
All Microsoft, All the Way
As with all AvePoint software, Compliance Guardian utilizes only fully supported Microsoft APIs.
In today’s hyper competitive business landscape, it is imperative that organizations balance the push to collaborate and share information across multiple data sources with the requirement to protect sensitive information. It is imperative that organizations ensure information is accessible and available to those that need it in their enterprise-wide content management and collaborative environments, while bringing the systems that support these initiatives in line with existing compliance policies in order to combat potential exposure of sensitive or classified information. A robust risk management framework must be implemented to support Accessibility, Privacy, Operational Security (OpSec) and Sensitive Security Information (SSI), and Site Quality.
Accessibility. Organizations must comply with accessibility statutes like Section 508 of the Rehabilitation Act, as well as the World Wide Web (W3C) Web Content Accessibility Guidelines (WCAG) 1.0 and 2.0 to ensure information is accessible and available to those that need it, regardless of physical ability. Compliance Guardian tests organizational content, as well IT system frameworks including Microsoft SharePoint, reporting on any accessibility errors and helping organizations to prioritize these errors based on activity and usage.
Privacy. Worldwide Public Sector organizations, public companies, regulated industries, and even medium or small business may be subject to a range of privacy and information security requirements. Privacy1 is a major concern of any organization that handles personally identifiable information (PII), protected health information (PHI), or even Sensitive Security Information (SSI). Private information in the wrong hands exposes significant financial risk, whether in regulator fines or by severely damaging a company’s reputability. As such, Compliance Guardian helps by scanning content upon upload or existing in enterprise content management systems for PII, PHI, or SSI, allowing organizations to tag this content appropriately and take decisive action to route it to the appropriate location, assign permissions, delete the content, or quarantine it for further review.
Operational Security/Sensitive Security Information. Information placed on the Web or within internal systems, even with good intent, can create operational and security gaps that could put assets at risk. Troop movement, dignitary visits, power plant schematics, bio hazards, diseases, border information, financial information, or an improper address or phone number may create security issues that could be taken advantage of by a third party. This type of information can create unintended consequences for potential National Security threat and/or terrorist activity. With the current administrations push for government agencies to put everything “online” in support of transparency in government, the potential for inadvertent or unauthorized disclosure of sensitive information continues to grow. Using search engines and information compilation algorithms, a single user can aggregate, analyze, and construct new levels of understanding from unclassified sources. Compliance Guardian helps to secure sensitive information and establish an effective risk management lifecycle to help organizations proactively mitigate risks of data leak.
Site Quality. As part of best practices for establishing corporate intranets or enterprise content management systems such as Microsoft SharePoint, organizations often establish branding guidelines so users have a greater sense of ownership of the system and are more encouraged to utilize the portal for collaboration, whether to find colleagues, organizational updates, or information relevant to their projects and activities. To ensure optimal user adoption, system usability and accessibility must also be considered and accounted for. As such, organizations must establish guidelines for Site Quality that not only account for accessibility and usability, but also branding guidelines, to establish a consistent look and feel (CLF). Compliance Guardian helps organizations comply with accessibility, branding, and look and feel guidelines to maintain optimal Site Quality.
Supporting Vertical and Industry Specific Regulations and Guidelines
AvePoint supports regulatory requirements across a range of vertical markets and industries, including financial services, government, and healthcare.
To learn more about how AvePoint helps government agencies comply with transparency requirements; accessibility requirements for citizens and employees with disabilities; and meet federal requirements for protection of personally identifiable information and management of Operational Security Risks, peruse our AvePoint Public Sector specific Products and Solutions
1 AvePoint is a corporate member of the International Association of Privacy Professionals (IAPP)
Scan your environment to identify non-compliant data across a broad framework of organization-specific or regulatory requirements, including Personally Identifiable Information, Information Assurance, Operations Security, Sensitive Security Information, Accessibility, Brand Management and Site Quality.
Utilize highly customizable business rules to classify content as it is uploaded or created with SharePoint or embedded metadata, ensuring sensitive or regulated content can be appropriately tracked and organizations can accurately determine risk levels of their information.
Based on content classification, block or quarantine non-compliant content; route content to the appropriate location; and apply appropriate security and permissions to ensure compliance with information governance, security and architecture policies.
Aggregate compliance scan results across one or many environments, and present results in easily consumable formats targeted towards various stakeholders – including executive dashboards, configurable risk analysis indicators, or trend results – for Compliance Officers, company executives, and SharePoint administrators. Gain contextual insight into results by aggregating data from AvePoint's DocAve Software Platform to comprehensively view, modify, and report on your environment's usage and activity history (the "who, what, when, and how"), permissions, and content at any level of granularity.
Scan non-SharePoint sources, including social or CRM platforms, against plain text or regular expressions by utilizing AvePoint's Content Compliance Engine API, ensuring privacy, policy, and accessibility violations can be identified and quickly addressed.
Need information regarding previous releases of Compliance Guardian?
Ensure SharePoint framework and web pages remain accessible to the people who need it in accordance with accessibility compliance regulations, regardless of physical ability.
It’s not a question of IF you’re moving to the cloud – but WHAT you’re moving to the cloud. This assessment helps organizations identify sensitive or regulated content and develop a best practices approach to separate regulated and non-regulated content or workloads, and subsequently migrate appropriate content to the cloud.
Assess a select portion of your SharePoint environment, detecting any areas of concern or risk, and report on compliance infractions and at-risk sites. Develop a best practices approach to subsequently reduce the risk of compliance infractions to support a comprehensive risk management lifecycle.
Comply with confidence. Ensure SharePoint content availability, integrity, and confidentiality.
Ensure enterprise-wide IT systems and content are available and accessible to the people who need it in accordance with accessibility compliance regulations, regardless of physical ability.
Secure sensitive information and establish an effective risk management lifecycle to help organizations proactively mitigate risks of data breach to comply with operational security and sensitive security information requirements.
Protect sensitive information to support privacy compliance by preventing data leaks or breaches, and automating remediation and redaction to quickly resolve privacy violations.
Track and monitor Web systems’ structural integrity to ensure compliance with site quality requirements and optimize quality of service for end-users from both a content and site perspective.
This document is intended to aid IT administrators and other stakeholders responsible for managing Microsoft SharePoint deployments, in planning and implementing a comprehensive, reliable and efficient compliance strategy appropriate to their organizational needs.
AVEPOINT IS A GLOBAL TECHNOLOGY COMPANY AND PROVEN SOFTWARE LEADER. SINCE ITS FOUNDING IN 2001, AVEPOINT HAS BECOME THE WORLD'S LARGEST PROVIDER OF ENTERPRISE-CLASS GOVERNANCE, COMPLIANCE, AND MANAGEMENT SOLUTIONS FOR SOCIAL ENTERPRISE COLLABORATION PLATFORMS, HELPING MORE THAN 10,000 CUSTOMERS. AVEPOINT, INC. IS HEADQUARTERED IN JERSEY CITY, NJ, WITH WHOLLY OWNED OPERATIONAL CENTERS ON FIVE CONTINENTS WORLDWIDE.