Since the release of the Microsoft Office SharePoint Server 2007, compliance has been a major focus of the Microsoft Office System. That focus continues with SharePoint 2010 and includes additional functionality that further enhances compliance capabilities.

Download the whitepaper @

In addition to the audit trails and document level security that were introduced in SharePoint 2007, there are now enhanced capabilities for document and records compliance. These enhanced features include:

• Records center document libraries can be placed anywhere in a site collection
• In-place records management in any document library
• Centrally managed and distributed content types and taxonomies
• Centrally managed policies and workflow enforced on content types
• Workflow can promote a document from “loose collaboration” to a formally declared and managed “record”, including the capability for electronic signatures.
• Multi-stage records disposition
• Centralized audit trails and audit trail reporting that is easily configured with no additional coding necessary.

While these features can be applied to a broad range of regulations, including Sarbanes-Oxley and HIPAA, they also apply to 21 CFR Part 11. Thus the Microsoft Office SharePoint Server 2010 when combined with other Microsoft technologies, including Active Directory, Information Rights Management, and (optionally) the Microsoft PKI system, provides a system that may be configured to assist with 21 CFR Part 11 compliance.

In a departure from previous whitepapers on the topic, we approach this document a bit of a different way:

1. Describe the overall SharePoint architecture needed to support compliance
a. Including both conceptual and product-level architectures
2. Provide a set of use cases for compliance and then detail the configurations necessary to support those use cases.
3. Provide a mapping between 21 CFR Part 11 and the configurations detailed as part of the use cases that support each individual line of the regulation.

This approach will be more useful for those involved in the validation effort as it provides the use cases and then the configurations necessary for validation.

Of course, software cannot be compliant by itself, so SharePoint 2010 and other Microsoft technologies must be used in conjunction with a broader compliance framework, including appropriate configurations, policies, procedures and validation documentation that are the responsibility of the implementing party.

Last edited Jul 13, 2011 at 9:56 PM by ParagonSolutions, version 2


No comments yet.