By Jeff Sizemore
Compliance frameworks provide guidelines for effective and secure operations for content management across a company’s various repositories. They’re written as a set of controls, each one which corresponds to different settings and policies that an organization must follow in order to ensure the safety of their data. They’re designed to be very organized and actionable, and tend to operate similar to a checklist IT and security teams create policies and rules that define how processes and transactions will satisfy a framework’s controls. In an ideal world, IT admins would simply operate off of a scorecard that indicates what policies were, and were not, compliant. Ideal, but unfortunately, not realistic.
Checklists work for things like house maintenance; you identify and fix the things that don’t meet building codes, and then you feel safe, and the building inspector is happy. Content, however, doesn’t operate like that. Some content is essentially stateless; because of collaboration or continuously changing data, content assets change. Identifying adherence to compliance controls, therefore, means it has to be evaluated continuously.