From the Experts | Montrium Services Blog

What to Consider When Establishing Governance for SharePoint Online

Written by Chrysa Plagiannos | June 13, 2019 at 3:00 PM

So you’ve decided to implement SharePoint Online, now how do you tailor its use to achieve your unique goals? Governance processes can be established for any IT system to ensure that your business needs are consistently met by the system. 

For life science organizations using Microsoft’s Office 365 SharePoint Online cloud service to manage GxP regulated content, these processes must also consider any applicable regulatory requirements. In this article, we will examine the governance considerations for using SharePoint Online to maintain electronic records.

Documenting SharePoint Online Governance

Governance practices are commonly enshrined within controlled documents, such as policies and procedures, that dictate the implementation, use, and administration of a computerized system. For SharePoint Online, governance procedures are needed to define how the system will be maintained in a controlled manner that ensures compliance with applicable regulations.

System documentation outlining the SharePoint Online capabilities and service terms supports governance processes implemented by the life science organizations. Collectively, the governance controls allow users to interact with SharePoint Online in a manner that meets their business needs and preserves the integrity of the data maintained in the system.

Some key types of documents that contribute to SharePoint Online governance include:

System-specific procedural controls

These controls provide guidance to both end users and IT personnel tasked with administering and maintaining the Office 365 tenant in which SharePoint Online is utilized. Given that these documents pertain to how an organization has implemented SharePoint Online for a specific business process, the content is often presented in the form of a work instruction detailing a precise sequence of activities. 

Documentation published by the cloud service provider

Office 365’s SharePoint Online is a subscription-based business collaboration and document management platform hosted by Microsoft. Microsoft provides subscribers with documentation describing its products, services and technical commitments to customers. The Service Level Agreement (SLA) is a crucial document from a governance standpoint since it describes Key Performance Indicators (KPIs) that can be used to measure service quality.

Procedural controls governing supporting processes

Life science organizations have in place quality system processes that support all systems deemed to have GxP impact. These processes also apply to the organization’s use of SharePoint Online. System changes within SharePoint Online would follow existing change management procedural controls.

Similarly, validation testing would be governed by the established process for computerized system validation activities. It is, therefore, essential that procedural controls governing these supporting processes are evaluated to ensure that they allow for SharePoint Online to be operated and maintained in a state of control while fulfilling requirements for the management of regulated content.


SharePoint Online: GxP and Non-GxP Uses

It is important to remember that SharePoint Online can be used to manage both GxP and non-GxP content. In this case, the use of SharePoint Online should be carefully planned and implemented so that, regardless of the specific business use, sufficient oversight is provided to protect both GxP and non-GxP data. This may involve creating distinct GxP and non-GxP sites as well as implementing technical controls to ensure that the content is adequately maintained based on the type of data stored in the sites.

Procedural controls describing the GxP and non-GxP use of SharePoint Online play a significant role in making sure that roles and responsibilities are clearly defined. This will allow users to interact with the system in a manner that aligns with their business process needs.

The Takeaway

Managing GxP-regulated content in the cloud can be a challenging endeavor, but Microsoft has taken measures to help their life science customers transition to Office 365. While resources provided by the cloud service provider can be valuable tools, the governance controls implemented by life science organizations lay the foundation for the continued controlled use of Office 365’s SharePoint Online.

Just as great buildings are built on strong foundations, governance processes provide a framework that will support the management of regulated content as your organization’s business and technical needs evolve over time.