Forum Discussion

CRIB111's avatar
CRIB111
Brass Contributor
Apr 03, 2019

sharepoint audit scope/healthcheck

what areas could/should be included in the scope of an audit/healthcheck (call it what you like) of a document management system like SharePoint, above and beyond the obvious, ensuring any confidential/sensitive documents are only accessible to authorised users/groups. We have a DMS based upon sharepoint that we have a few days to focus on from a risk/audit/compliance perspective, and trying to make sure we make best use of the time. 
 
Document Library
Permissions
security
sh
sharepoint server

1 Reply

  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    Apr 03, 2019

    Have you seen this resource, it's a good place to start:

     

    https://docs.microsoft.com/en-gb/office365/securitycompliance/secure-sharepoint-online-sites-and-files

     

    There also some great resources here around security, like Office 365 Information Protection for GDPR with guidance and recommendations, though it may not all be relevant. 

     

    https://docs.microsoft.com/en-gb/office365/enterprise/microsoft-cloud-it-architecture-resources

     

    CRIB111 This is predominantly for SharePoint Online, so it won't be as relevant if you are on SharePoint Server, though some of the concepts will still apply. In that case, start here perhaps - https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2 and https://support.office.com/en-us/article/view-audit-log-reports-b37c5869-1b47-4a82-a30d-ea20070fe527. This seems to be a reasonable overview - https://blog.syskit.com/sharepoint-audit-logs-management. Finally, this may help - https://docs.microsoft.com/en-us/sharepoint/sites/overview-of-security-groups-in-sharepoint-server and some of the resources linked from there like https://docs.microsoft.com/en-us/sharepoint/plan-your-permissions-strategy.

Resources