Your small business has begun to grow and now needs a human resource system. Unfortunately, there just isn’t enough room in the budget to purchase a new HR system. Fortunately, you had enrolled your business into Office 365.
HR data pose the problem of storing forms and other data that contains personally identifiable information (PII). If placed in the wrong hands, PII can cause an individual and the business grave damage. It is of the utmost concern that this data be properly secured.
One of the biggest concerns was the security of the personal information contained within the forms. The recruiters are required to collect certain information on the recruiter, but after being submitted that form was placed into a document library that others had access to. We have multiple recruiters that need edit permissions to submit forms, therefore they are also able to see everything that everyone else submits.
What to do? To solve this problem, we implemented a simple workflow. As soon as a new form was submitted a workflow would initiate. The very first step would be to make a copy of the form and place that copy in another document library that only a few people and the site collection administrator had access to. Once the form is copied it is then deleted from the original document library. Within the secured document library I have the versioning settings as follows:
- Require content approval for submitted items -> no
- Create a version each time you edit a file in this document library -> Create major & minor versions
- I also have both limits set to 500
- Who should see draft items in this document library -> Any user who can read items
- Require documents to be checked out before they can be edited? -> Yes
Now, if anyone opens, views, or edits a file we will have the ability to see this. If your company has an information management policy for retention or archiving, then that can also be applied here.
For another type of hiring process, the workflow was a bit more in-depth. The problem with having PII was still there though. To solve this problem, the very first step of the workflow was to create a copy of the form and place it into another secured library with the same permissions. Unlike the prior workflow, there were subsequent steps that needed to execute and if the form was deleted, then the workflow would stop. So I placed an action into the workflow to mask all of the PII with X’s. Once all of the subsequent workflow steps are completed, the form would then be deleted.
This isn’t the ideal process, however, it is a good temporary solution until the business outgrows it and generates the need for a true HR system. Until then, SharePoint has come to the rescue once again!
Need help with SharePoint? Feel free to contact me.
Have a bigger project? Check out my company, UDig, LLC.