Forum Discussion
sharepoint audit scope/healthcheck
what areas could/should be included in the scope of an audit/healthcheck (call it what you like) of a document management system like SharePoint, above and beyond the obvious, ensuring any confidential/sensitive documents are only accessible to authorised users/groups. We have a DMS based upon sharepoint that we have a few days to focus on from a risk/audit/compliance perspective, and trying to make sure we make best use of the time.
Have you seen this resource, it's a good place to start:
Secure SharePoint Online sites and files
There also some great resources here around security, like Office 365 Information Protection for GDPR with guidance and recommendations, though it may not all be relevant.
Microsoft cloud IT architecture resources
CRIB111 This is predominantly for SharePoint Online, so it won't be as relevant if you are on SharePoint Server, though some of the concepts will still apply. In that case, start here perhaps - Configure audit settings for a site collection and View audit log reports. This seems to be a reasonable overview - SharePoint Audit Logs: A Key to Better SharePoint Management. Finally, this may help - Overview of security groups in SharePoint Server and some of the resources linked from there like Plan your permissions strategy.
