There’s one question everyone asks us: “Why did you build your GRC application on SharePoint?”

It’s a great question and one of my pet subjects. I love answering it.

We’ve even produced a white paper on the topic. But if digesting white papers is not your thing, read on…

Recently I was at a briefing about the new EU General Data Protection Regulation (GDPR) and one of our competitors had people there. After the event was over, there followed the usual rush to the lift. But I had to take a call for a couple of minutes so was a little held up.

By the time I boarded the lift, the crowd had gone. I found myself alone except for a man and a woman – representatives of one of our competitors. Their conversation was enlightening and – inadvertently – shows the value of SharePoint as a platform for a GRC solution such as StratexPoint. They had no idea who I was.

It was, if you like, an elevator non-pitch.

Competitor Sales Person:“Do we have a good answer for Company X’s questions about access control and permissions? And can we say that our application will help them with this new EU GDPR requirement?”

I try to give the impression I’m not listening, staring down at my shoes.

Competitor Technical Person: *“We have not heard anything back from the US development team, but on its own we cannot meet their access control and permissions requirements – and we certainly can’t help with GDPR.”

Competitor Sales Person (looking shocked):“What! We’ve already stated in the RFP response we could do that and I reassured them on those points last week.”*

Competitor Technical Person (looking a little smug):“Yes, yes I know. I talked to some of the guys here and we think we can blag it with SharePoint. SharePoint does all of this out of the box and we figure we integrate with SharePoint, kind of… so will probably be able to get away with it.”

My antennae are twitching. Possibly so am I. I try extra hard to give the impression I’m not listening. Wow, my shoes are really shiny!

Competitor Sales Person (not happy):“Maybe we should tell them not to bother buying our application and use SharePoint instead!”

I can’t be certain I’m not smirking, but do my best to maintain a poker-face.

Competitor Technical Person:“Well that wouldn’t be a bad option for them. They already use it across the business so it’s familiar and would save them a load of money if they leveraged it further. I have always said we should develop more of our stuff in SharePoint – it is a great platform for this sort of application.”

Competitor Sales Person (agitated now and also somewhat pink):“Well we don’t sell SharePoint do we? And I need this deal. They are coming in this afternoon and I hope you techies do a good job.”

Silence. Doors open.

And that is why we built our GRC solution on SharePoint; the strength of the platform and rich development environment ‘out of the box’. To quote an (unnamed) competitor “it is a great platform for this sort of application”.

From a user point of view, it is often already a familiar part of the everyday work environment thus delivering easy and high level of adoption. It also brings a welcome simplification of the IT landscape through leveraging an existing IT investment. Better still, it reduces the overall cost of ownership of applications.

Ironically, one of the data breach scenarios mentioned in the executive briefing related to accidental breaches… like conducting unguarded, commercially sensitive conversations in lifts.