Configuring a workflow

Using built-in SharePoint workflow templates you can configure a workflow using a browser and customize it in a way limited by workflow template structure to meet the exact needs. Workflow template defines a number of conditions to test and actions to be performed when these conditions are met.
Each workflow has the start and the end. The triggering event for a workflow is usually uploading a document or adding an item, but you can also configure it to be started manually. When a workflow event is triggered a new workflow instance is created. When a workflow completes all the stages, it is set to Completed status.
Additionally, workflows can use Task list and History list. It can add items to a Tasks list to help users to track what actions are required to complete workflow process and send emails to users when a task has been assigned to them. Workflow history provides the information about each workflow instance created, running or completed for an item or document. This list can be accessed only by adding /lists/workflow history/ to the sites URL, it is not available on the Site Contents page.
Let`s trace the process of configuring a workflow using built-in template. In our example we will use Three-State workflow. This workflow is perfect for tracking status of tasks or documents. We are going to create a workflow on project site that tracks documents and passes them through review and accepting process.

Adding a Choice column

If you want to associate List or Library with a Three-state workflow, you must add at least one Choice column that contains the state values that the workflow will track. To add this column:

  1. Chose the list or library you want to associate with a workflow and click on Library. Then click on Create Column.

  2. Enter the name of new column and choose Choice as its type.

  3. Enter the description of this new column, at least 3 choices for it and choose the necessary additional settings. You can enter more than 3 choices but three-state workflow can use only three options.

  4. Click OK.
Adding a Three-state workflow

Now you can add Three-state workflow to this library.

  1. Click on Library –> Workflow Settings and choose Add a Workflow from the drop-down menu.

  2. Choose Three-state workflow template and type the name of a new workflow.

  3. Specify the Task list and History list for this workflow, choose the start options and click Next.

  4. In the workflow states section you can choose the choice column and the values from it for each stage of the workflow.

  5. Specify the necessary settings for the Initiation stage of the workflow. The option to send email is enabled by default, you can disable it if required.

  6. Specify the necessary settings for Middle stage of the workflow.

  7. Click OK.

Now your Three-state workflow has been added to your library and you can check how it works.

Compliance in business: Laws and regulations IT departments should be aware of

In a business sense, compliance refers to a company’s efforts to obey all of the laws and regulations that govern how they can manage the business, their staff, and their treatment to their customers. The concept of compliance is to make sure that companies act responsibly and are held accountable for those actions.

This doesn’t just deal with ethical business practices or providing adequate customer service – these regulations are put in place to safeguard sensitive data, both of the business and the customer. So why is this so important? The most obvious and valuable outcome of compliance is that it decreases your risk of fines, penalties, work stoppages, lawsuits or a shutdown of your business.

It also helps to secure sensitive data, which is probably the most important aspect if your business. There are many laws and regulations IT departments need to be aware of in regards to compliance. What follows is a list of the most noteworthy to ensure your business follows:

  • The Sarbanes-Oxley Act of 2002 (SOX). Section 404 of SOX requires public companies annual reports to include the company’s own assessment of internal control over financial reporting, and its attestation by independent auditor. The above-mentioned assessment has been extended into the IT sphere by the opinion of the Public Company Accounting Oversight Board (PCAOB), corporation created by SOX to oversee the auditors of public companies
  • The Financial Services Modernization Act of 1999 (also known as Gramm-Leach-Bliley Act – GLBA) protects the privacy and security of individually identifiable financial information collected, stored, and processed by financial institutions. This set of recommendations for audit was produced by the Federal Financial Institutions Examination Council (FFIEC), an interagency group that includes five of the eight major financial regulatory agencies.
  • Health Insurance Portability and Accountability Act (HIPAA) focuses on the healthcare industry, but other companies can be impacted however, if they engage in related activities or if they provide services to companies that are directly affected by the regulation.
  • European Union Data Protection Directive (EUDPD) refers to the protection of data privacy for citizens throughout the European Union. It has a strong influence on international regulations, since it puts strict limitations on sending EU citizens’ personal information outside of the European Union to areas that are considered to have less than adequate standards for data security.
  • Bank Secrecy Act (BSA) requires banks and other financial institutions to report certain transactions to government agencies to help eliminate money laundering, tax evasion, or other criminal activities.
  • Payment Card Industry (PCI) Data Security Standard is used as a framework for the Cardholder Information Security Program (CISP), which is intended to protect cardholder data from exposure and compromise across the entire payment industry. Its goal is to ensure that members, merchants, and service providers maintain the highest information security standard.
  • California Senate Bill 1386 puts into practice robust disclosure requirements for businesses and government agencies that experience security breaches that might imperil the personal information of California residents. The bill was the first attempt to address the problem of identity theft on the state level.
  • International Convergence of Capital Measurement and Capital Standards—A Revised Framework (also known as Basel II) introduces recommendations by bank supervisors and central bankers from the assemblage of countries, which are the members of the Basel Committee on Banking Supervision for revising the international standards for measuring regulatory capital the adequacy of a bank’s capital.

There is also another set of rules arisen for the IT industry from the service providers’ perspective – the Defense Federal Acquisition Regulation Supplement (DFARS), used by Department of Defense (DoD). Special attention should be paid to the DFARS-252.204-7012 clause, issued by DoD in November 2013, which contains rules and requirements regarding utilizing and safeguarding Unclassified Controlled Technical Information (UCTI) that is vital to national security. According to its requirements the following specific areas must be protected:

  • The adequate safeguarding of UCTI on or transiting through contractor unclassified information systems
  • Reporting to the DoD and investigating any cyber incidents that affect UCTI

PlexHosted, as a respected SharePoint hosting provider, has successfully implemented DFARS-252.204-7012 clause to its infrastructure. A widely known fact is that the success of your business pretty much depends on its public image. And accordance to this set of required compliance standards, laws and regulations will help you to build positive reputation and also to improve consumer loyalty, since customers are more likely going to return to a product or service from a company they identify as trustworthy.