Compliance Guardian is a product of necessity for our customers – its focus of both compliance reporting and analysis, along with its ability to automate actions based on that analysis, provides a unique and powerful solution that can be used to manage compliance while mitigating risk. In addition, Compliance Guardian also provides a robust classification system that can be used to classify content for a multitude of needs, including risk management. Supporting multiple document types, the product provides both text- and element-based validation. Compliance Guardian also provides protection for data in content stores or for live data that is moving through the system in real time.
Now, here is a deeper dive into some of the main modules in Compliance Guardian and their associated features:
Content Classification – The metadata classification system scans data to determine the meaning and nature of the content. By testing for different conditions, the data can be automatically classified. These classifications are stored in metadata in the content being scanned, and for our SharePoint customers this metadata can also be stored in SharePoint. This higher level of data provides a great new asset in controlling use and / or distribution of the documents. The metadata is stored in name value pairs, and there can be as many metadata elements as necessary to address a company’s requirements. The system also provides the mechanism to trust the user of the system classification, thus taking advantage of the Content Subject Matter Expert (SME). Compliance Guardian is designed to retrieve and test both visual and non-visual content as part of the classification process.
Actions Based on Classification – Compliance Guardian allows actions to be related to metadata. The actions can include moving documents to the correct location; quarantining, deleting, or redacting content that is not within policy guidelines; and setting specific permissions. This becomes important when considering the use of sensitive data within an organization. These actions support different processing: “in-use” data “real-time processing” can work with classified data when submitted to a location, moved, or saved, while “at-rest” data can either be scanned on a scheduled basis or immediately for storage classification and action. The first method is most appropriate for a single document or bit of data, while the second is designed for large data storage systems. Both methods can be used with existing content.
Test Suites and Reports – Compliance Guardian is not just a classification system; it is also a reporting system that allows for automated testing of both content and frameworks. This automated testing produces rich report sets with actionable data. The default test suites available in Compliance Guardian are:
· Accessibility Guidelines “US Section 508 and W3C Web Content Accessibility Guidelines (WCAG)”
· Privacy Reporting “PII, PHI, and other factors”
· Operational Security
These test suites are both flexible and modifiable to allow customers to utilize a test management system that aligns with their specific policies. This is important because no two customers are identical, and experience shows that customers may deal with different technologies being deployed at a single location.
Dashboards – In order to be truly useful, reports must be flexible. Keeping this in mind, Compliance Guardian allows for the filtering and manipulation of the data as you watch the screen adjust to the new parameters. Some of the reports included within the dashboard include, but are certainly not limited to:
· Passed/Failed files, including distribution of error types and counts
· Top violations
· Initial risk reports
· Detail list reports
· Error highlighting for Accessibility
· Violations trend report
The reporting system also tracks historical data provide a view over time, which is second to none. On top of this, we know customers sometimes like to just get the data – so with every report you have the ability to export the data allowing you to interact with the results on the most granular level.
Understanding – Used as part of AvePoint’s extended Compliance Solution, Compliance Guardian allows customers to paint a real picture of risk that is unmatched today by aggregating violation data with system knowledge. Simply put, you can eliminate general risk and focus on understanding real risk. As an example, an organization might scan their documents to identify content with Personally Identifiable Information and find hundreds of those documents. However, using the additional context provided by AvePoint, they will also learn that 99% of the reported violations are of no risk due to location. More of the extended report data includes but is not limited to:
· Initial Risk Report
· Auditor Analysis Report “access times, dates, etc.”
· Security Information Reports “Item Level, Security Settings, AD Group information”
Unparalleled Management and Flexibility – Compliance Guardian utilizes the AvePoint DocAve Foundation for management, which provides enterprise scalability. If we take, for example, a SharePoint farm with 100 servers, you could install Compliance Guardian and the DocAve Agents to the farm and then manage all the servers form one central location. This decreases the level of effort to manage compliance, and Policy Managers do not need to have SharePoint knowledge to receive their reports and generate actionable information. In addition, the framework allows centralized scheduling and job monitoring. While the foundation is capable of working on a single server with no issues, the system is ready to grow with you.
Extensibility – Compliance Guardian’s Core Content Classification Engine (CCE) is accessible via an Application Programmers Interface (API), and this API allows the customer to test either a File or a Text String for compliance against a specific Test Suite before returning the results to the interface. This is important for customers that have built a custom test harness or automated testing framework, as it allows for the addition of compliance testing without recreating current automation efforts. By exposing the Compliance Guardian API, we are able to integrate more efficiently to existing quality efforts.
AvePoint Compliance Guardian introduces new layers of understanding to proven testing methodologies, which allow organizations to create and execute remediation plans as opposed to wondering where to begin! In addition, by combining reporting, classification, and action management, Compliance Guardian automates many of the requirements related to data and document management.
As we continue forward with the product, you can anticipate new test suites, enhanced APIs, and extended risk analysis – in addition to working with more log sources and content types. We hope you enjoy version 3.0 of Compliance Guardian, and we all look forward to hearing your feedback.