Compliance, Automated with Microsoft Office SharePoint Server

Utilities are facing unprecedented levels of regulatory compliance in an increasingly fast-moving business environment. Not only are they exposed to the harsh atmosphere of competition and enforcement, but on an almost daily basis, management and boards of directors are being asked to anticipate and implement significant regulatory requirements, in a cost effective way.

Utility directors of compliance and heads of regulation must take account of edicts from regulators such as OFGEM (regulator for the U.K.'s gas and electricity industries), Federal Energy Regulatory Commission (FERC) in the U.S, the North American Reliability Corporation (NERC) for Utility grid operations in North American and a whole host of other Utility specific Government regulations including: Sarbanes-Oxley Act of 2003 (SOX), European Union (EU) directives and environmental mandates.

At Microsoft we believe the ease-of-use and scalability of the Microsoft Office SharePoint System (MOSS) is ideally suited as a platform for addressing an organization’s regulatory compliance requirements without adversely affecting employee productivity. The 2007 release provides fundamental components required for regulatory compliance such as document and records management, versioning control, workflow processes, and auditing capabilities without ever leaving the familiar environment of Microsoft Office. These components and the system's extensible architecture have made it a favorite foundation for developing optimized solutions for regulatory compliance.

Two good learning opportunities concerning using SharePoint for regulatory compliance applications are available and are worth a little time investment.

First, a consultant from ICF International offers an interesting read on how SharePoint deployments can help utilities create a compliance culture in view of coming NERC regulations.

The article, Mind the Gap: Using SharePoint for Compliance Tracking, by Kevin McDonald is now posted on and discusses how U.S. and Canadian utilities are working overtime to ensure compliance with the North American Electric Reliability Corporation’s Critical Infrastructure Protection reliability standards is a hot topic these days as the organization gets closer to releasing its regulations. As part of its efforts to better address cyber security and critical infrastructure protection, the NERC standards (CIP-002 through CIP-009) are designed to ensure utilities and other users, owners, and operators of the bulk power system in North America have appropriate procedures in place to protect critical infrastructure from cyber attack.

McDonald describes how various SharePoint features automate at least of portion of the administrative tasks involved in compliance efforts. As McDonald points out, lessening the administrative burden with automated processes helps utilities comply with the spirit of the regulations rather than focusing on the mechanics. The article is timely considering the advancing schedule for standards review and eventual implementation.

The second learning opportunity, a free webinar on January 15 by Enterprise Informatics, dovetails well with McDonald’s article. Titled “Preparing for an Enterprise-wide SharePoint Deployment,” the webinar will discuss deploying defined SharePoint governance and site provisioning policies, envisioning and designing an enterprise-wide site hierarchy and constructing an information taxonomy that incorporates centralized indexing and records management. – Jon Arnold