Microsoft

Low Friction Information Governance with Microsoft

Sev Derghazarian
March 16, 2021
4 min read

Information is at the core of every informed business action or decision. To provide value and avoid unnecessary risk, such as a lawsuit, to an organization, information must be captured, shared, accessed, stored and disposed of following a governed lifecycle to avoid misinformation, inefficiencies and breach of legal or regulatory requirements.

The following challenges are common among organizations attempting to ensure compliance within classic frameworks and tools:

  • Inefficient systems, originally put in place to manage physical records, as opposed to digital systems
  • Lack of employee adherence to tagging and organizing documents as required across the organization (e.g., managing documents, their versions, in the appropriate places, from draft initiation to publishing)
  • Inconsistent oversight and application of compliance needs, including the retention of data in different information and document file repositories
  • Staff expectations on how to conduct information management tasks, and leaders’ expectations on how to best ensure their team’s adherence
  • System resources required to procure, build, manage and maintain repositories, including a records center and archiving systems.

Electronic content management systems such as Microsoft SharePoint have transformed the capability and capacity of organizations to meet these requirements without relying on manual processes which are both time-consuming and prone to information mismanagement.

SharePoint Online provides organizations the benefit of leveraging an in-place records management system. Rather than relying on human decisions or limited automation of when and where to retain content, SharePoint Online provides out-of-the-box features for seamless retention, without requiring user intervention or restriction.

Documents and items in SharePoint Online can be applied to a policy that will ensure retention regardless of deletion or being overwritten, allowing for content to be discoverable by authorized individuals (e.g., approved eDiscovery investigators) for the defined period (e.g., seven years). Retention policies also allow for automatic deletion of documents after a specific duration, which is critical when handling sensitive information such as personal information (PI) or personal health information (PHI).

Automation reduces friction

Retention automation reduces risk by ensuring policies are adhered to, but also providing the ability to delete information once it should no longer be stored, for example, once a document no longer has business value.

For more advanced needs, Microsoft 365 provides more advanced capabilities without additional third-party systems or forcing staff to interact with different tools and interfaces. These features include but are not limited to:

  • Application of compliance capabilities to multiple applications, including:
    • Automated retention of all emails, documents, and chat messages within the M365 tenant
    • In-application tagging for sensitivity to automate applications of permissions (e.g., allow only internal sharing) and document standards (e.g., watermark stating a document is confidential)
    • Monitoring and alerting of sensitive information types (e.g., passport numbers included in an email) in email and chat communications as well as documents
    • Tracking user and administrator actions and activities in Microsoft 365 for up to 10 years using the Advanced Audit Log
  • Providing a minimum or maximum retention at the document level with a few user clicks
  • Automatically setting the retention based on the storage location (e.g., Board of Directors collaboration area) or type of information within the document (e.g., monitor for financial data)
  • Ensuring documents identified as confidential do not leave the organization’s cloud environment by restricting the ability to download and copy to unmanaged devices and external accounts (e.g., cannot email outside of the company)
  • Providing eDiscovery specialists the ability to search across the organization, directly, without the need to request IT resources (and introduce potential conflicts of interest) to search and export results from multiple data sources.

Microsoft 365 provides a series of compliance tools for the core productivity and communication applications used by enterprise organizations as their day-to-day tools.

Most importantly, they optimize these capabilities by enabling automated methods for application, execution, and oversight (using reports, dashboards, and alerts). By reducing friction with staff for compliance, in terms of end-user effort as well as education and training, organizations can reduce their compliance risk while improving employee productivity.

Ensuring compliance

Managing compliance is an ongoing process that is benefitted from continuous improvement due to an ever-changing environment, both from within the organization and from outside regulatory and legal authorities.

  • Review all legal and policy-based compliance needs
  • Identify existing information repositories and how they interact with business information through its lifecycle
  • Ensure available software is configured and capturing organizational requirements
  • Identify opportunities to optimize adherence and minimize outstanding risk (e.g., build a roadmap)
  • Implement a governance strategy to manage and maintain the organization’s compliance needs and capabilities as they evolve over time.

To learn more about our Microsoft consulting solutions, contact us.

 

Sev Derghazarian

Manager
Software Services

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More