SlideShare a Scribd company logo
BLETCHLEY PARK
2022
A Microsoft 365 Community
COLLABORATION CONFERENCE
Wednesday, 5th October 2022
Governance, Risk and Compliance and you
Microsoft Purview and beyond
Nikki Chapple, Simon Hudson
BLETCHLEY PARK
2022
Thank you to all our Sponsors
Silver
Platinum
Gold
Silver
Lunch
Sponsor
Community
Sponsors
Simon Hudson
Founder, Cloud2, Kinata, Novia Works
20+ years innovating with Microsoft technologies
Entrepreneur in Residence, University of Hull
M365 North user group host
simon@noviaworks.co.uk
@simonjhudson
Nikki Chapple
30+ years in IT & business transformation
Specialist Microsoft 365 governance &
compliance
Co-author MM4M365 GRC Maturity model
Co-host All things M365 compliance Podcast
Nikki.chapple@cloudway.com
@chapplenikki
Agenda
An overview of GRC (Governance Risk and Compliance) obligations and
approaches
What's in Purview
Pragmatic approaches to elevating your Compliance Score
Wider technical and business thinking for de-risking your operations
and organisation
Thoughts on using the Maturity Model for Microsoft 365 GRC
Competency to set your objectives
Governance, Risk and
Compliance…
it's not nice to have
It's The Law
GRC
Security
Processes
Governance
Strategies
Policies, Monitoring
Culture
Identify
Analyse
Control
Laws
Regulations
Controls
Activities
Elements
of
Governance,
Risk,
and
Compliance
Data is exploding Data regulations are increasing Risks of not being compliant
Protecting data has become
more challenging We need to simplify
compliance and to reduce risk
Why do we need Governance, Risk & Compliance?
The risks of not being compliant
Loss of trust
and
Reputational
damage
Operational
/ Financial
impacts and
loss
Fines
The data challenges
• ?% of organisations no longer have
confidence to detect and prevent loss
of sensitive data
• ?% of corporate data is “dark” – it’s
not classified, protected or governed
• ?%
• Insiders are responsible for almost ?%
of data breaches
• ?+ updates per day from regulatory
bodies https://forms.office.com/r/gXMzqULYNH
The results
• 88% of organisations no longer have the confidence to detect and prevent
loss of sensitive data
• >80% of corporate data is “dark” – it’s not classified, protected or governed
• 64%
• Insiders are responsible for almost 25% of data breaches
• 250+ updates per day from regulatory bodies
Microsoft
Purview
Comprehensive solutions to help
govern, protect, and manage your
data estate
https://compliance.microsoft.com/homepage
https://azure.microsoft.com/en-gb/services/purview/
An intelligent, built-in, and extensible solution to know and protect sensitive data
Excel
Prevent accidental or unauthorized sharing of sensitive data
Classify and govern data at scale
Microsoft Purview Audit
Power your forensic and compliance investigations
Your compliance
score:
1254/2000 points
achieved
Compliance Manager
65%
Purview in context
Pragmatic approaches to GRC and the Purview score
Governance, Risk and Compliance Assessment
Who, Where, How & When
Current vs.
Future state
People
Technology
Process
Strategy
Regulations
Culture Priorities
GRC Maturity
Recommendations
What & Why
Risk & compliance
stance
Monitor and
Enhance
Align the inputs with the demonstrable
action-orientated outputs
Benchmarked against the GRC Competency
https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365-
maturity-model--governance-and-compliance
Compliance Score vs Secure Score
Purview
• Number of elements: 2000+
• Grouped into
• Security, compliance & privacy
• 9 sub-categories:
• Protect information, Govern information, Control
Access, Manage Devices, Protect against threats,
Discover and respond, Manage internal risks,
Manage compliance, Privacy Management
• 350+ Assessment templates
• Board Led
• Business, Process & Technical control driven
• (Documentation, Operational and technical)
• Requires many controls outside the reach of the
M365 /Azure platform
Entra/Defender
• Number of elements: 58
• Grouped into
• Identity, Data, Apps
• Singular security score
• IT Led
• Technical control driven
How are Compliance Scores calculated?
How are Compliance Scores calculated?
Review and prioritise in Purview
??%
The business context
Business GRC
Corporate GRC
Purview + Azure +
other platforms
and systems
Purview
• GRC doesn’t end at Purview
• Address your other platforms
and Line of Business
systems/infrastructure
• E.g Azure
• Think about the wider
business needs
Practical steps
Establish board accountability
Agree strategy and priorities
Embed cultural change
Establish a programme for continuous improvement
Select initial focus area in Purview for attention
Build tools & processes outside Purview for non-technical control
The Kinata GRC portal
Risk-based approach
• It’s not binary ; black and
white; on or off.
• Each decision will require
judgement
• Risk (impact & probability),
consequence (hazard),
implementation effort
• Actions to mitigate needed
• Accept (Risk register),
transfer, minimise/eliminate,
insure.
The Maturity Model levels
100
Start-ups, new teams
and rapidly created
processes
• plus failing functions etc.
200
Maturing
organisations and
teams
• plus inefficient and at-risk
functions
300
Established
organisations
• Stable but not class
leading functions
400
Successful/efficient
organisations,
functions and
processes
• Especially regulated
functions
500
Best of breed
• Exemplars
Maturity Model for Microsoft 365 assets
Business Process
Staff & Training
Collaboration
Communication
Management of Content
People & Communities
Search
Data & Analytics
Customization & Development
Modern Infrastructure
Principles of…
How to elevate…
Published Competencies
In progress Competencies
Supporting Articles
Communication
People & Communities
Search
Communication
Staff & Training
Security
Collaboration
Governance & Compliance Running a MM4M365 workshop
Practitioner meeting recordings
Employee Experience
Tools
https://docs.microsoft.com/en-us/microsoft-365/community/
@M365Maturity | @M365CommDocs | #MM4M365
Governance, risk and
compliance is not a
project, it’s a lifestyle
Start small and grow
Look beyond Microsoft
and definitely beyond
IT
Questions &
comments
BLETCHLEY PARK
2022
Thank You!

More Related Content

What's hot

Data saturday Oslo Azure Purview Erwin de Kreuk
Data saturday Oslo Azure Purview Erwin de KreukData saturday Oslo Azure Purview Erwin de Kreuk
Data saturday Oslo Azure Purview Erwin de Kreuk
Erwin de Kreuk
 
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Chirag Patel
 
Cloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxCloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptx
abhishek22611
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Albert Hoitingh
 
Security and governance with AWS Control Tower and AWS Organizations - SEC204...
Security and governance with AWS Control Tower and AWS Organizations - SEC204...Security and governance with AWS Control Tower and AWS Organizations - SEC204...
Security and governance with AWS Control Tower and AWS Organizations - SEC204...
Amazon Web Services
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365
Joanne Klein
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
Drew Madelung
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Joel Oleson
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
CAF intro Hosters modern
CAF intro Hosters modernCAF intro Hosters modern
CAF intro Hosters modern
ssuserdb85d71
 
Building an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelBuilding an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance Model
Karl Ots
 
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Joanne Klein
 

What's hot (20)

Data saturday Oslo Azure Purview Erwin de Kreuk
Data saturday Oslo Azure Purview Erwin de KreukData saturday Oslo Azure Purview Erwin de Kreuk
Data saturday Oslo Azure Purview Erwin de Kreuk
 
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023
 
Cloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxCloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptx
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
 
Security and governance with AWS Control Tower and AWS Organizations - SEC204...
Security and governance with AWS Control Tower and AWS Organizations - SEC204...Security and governance with AWS Control Tower and AWS Organizations - SEC204...
Security and governance with AWS Control Tower and AWS Organizations - SEC204...
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel OlesonMicrosoft Teams Governance and Security Best Practices - Joel Oleson
Microsoft Teams Governance and Security Best Practices - Joel Oleson
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
CAF intro Hosters modern
CAF intro Hosters modernCAF intro Hosters modern
CAF intro Hosters modern
 
Building an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelBuilding an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance Model
 
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
 

Similar to Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022

Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Nikki Chapple
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice |  ESPC22 Dont let governance risk and compliance be a roll of the dice |  ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
Nikki Chapple
 
Dont let governance risk and compliance be a roll of the device | Modern Wor...
 Dont let governance risk and compliance be a roll of the device | Modern Wor... Dont let governance risk and compliance be a roll of the device | Modern Wor...
Dont let governance risk and compliance be a roll of the device | Modern Wor...
Nikki Chapple
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Nikki Chapple
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear LLC
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
WithumSmith+Brown, formerly Portal Solutions
 
Sept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project ManagementSept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project Management
Haroon Abbu
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Nikki Chapple
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
EnricoJohanes1
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Precisely
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
Rochester Security Summit
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
 
Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1
Marysmith401
 
Data Governance Workshop
Data Governance WorkshopData Governance Workshop
Data Governance Workshop
CCG
 
Leveraging Office 365 Through Modern Licensing
Leveraging Office 365 Through Modern LicensingLeveraging Office 365 Through Modern Licensing
Leveraging Office 365 Through Modern Licensing
Softchoice Corporation
 
Oracle_SmartERP - SCM RoundTable, What's Keeping You Up at Night
Oracle_SmartERP - SCM RoundTable, What's Keeping You Up at NightOracle_SmartERP - SCM RoundTable, What's Keeping You Up at Night
Oracle_SmartERP - SCM RoundTable, What's Keeping You Up at Night
Smart ERP Solutions, Inc.
 
La Importancia del Análisis de la Información
La Importancia del Análisis de la InformaciónLa Importancia del Análisis de la Información
La Importancia del Análisis de la Información
Nexolution
 
Enterprise digital Labs
Enterprise digital LabsEnterprise digital Labs
Enterprise digital Labs
Zinnov
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
Resolver Inc.
 

Similar to Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022 (20)

Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice |  ESPC22 Dont let governance risk and compliance be a roll of the dice |  ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
 
Dont let governance risk and compliance be a roll of the device | Modern Wor...
 Dont let governance risk and compliance be a roll of the device | Modern Wor... Dont let governance risk and compliance be a roll of the device | Modern Wor...
Dont let governance risk and compliance be a roll of the device | Modern Wor...
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
 
Sept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project ManagementSept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project Management
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
Maximize ROI of Insurance Digital Transformation Initiatives with Proven Data...
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
 
Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1
 
Data Governance Workshop
Data Governance WorkshopData Governance Workshop
Data Governance Workshop
 
Leveraging Office 365 Through Modern Licensing
Leveraging Office 365 Through Modern LicensingLeveraging Office 365 Through Modern Licensing
Leveraging Office 365 Through Modern Licensing
 
Oracle_SmartERP - SCM RoundTable, What's Keeping You Up at Night
Oracle_SmartERP - SCM RoundTable, What's Keeping You Up at NightOracle_SmartERP - SCM RoundTable, What's Keeping You Up at Night
Oracle_SmartERP - SCM RoundTable, What's Keeping You Up at Night
 
La Importancia del Análisis de la Información
La Importancia del Análisis de la InformaciónLa Importancia del Análisis de la Información
La Importancia del Análisis de la Información
 
Enterprise digital Labs
Enterprise digital LabsEnterprise digital Labs
Enterprise digital Labs
 
The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field The Journey to Integrated Risk Management: Lessons from the Field
The Journey to Integrated Risk Management: Lessons from the Field
 

More from Nikki Chapple

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Nikki Chapple
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Nikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Nikki Chapple
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Nikki Chapple
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Nikki Chapple
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Nikki Chapple
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Nikki Chapple
 

More from Nikki Chapple (17)

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
 

Recently uploaded

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 

Recently uploaded (20)

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 

Governance, Risk and Compliance and you | CollabDays Bletchley Park 2022

  • 1. BLETCHLEY PARK 2022 A Microsoft 365 Community COLLABORATION CONFERENCE Wednesday, 5th October 2022 Governance, Risk and Compliance and you Microsoft Purview and beyond Nikki Chapple, Simon Hudson
  • 2. BLETCHLEY PARK 2022 Thank you to all our Sponsors Silver Platinum Gold Silver Lunch Sponsor Community Sponsors
  • 3. Simon Hudson Founder, Cloud2, Kinata, Novia Works 20+ years innovating with Microsoft technologies Entrepreneur in Residence, University of Hull M365 North user group host simon@noviaworks.co.uk @simonjhudson
  • 4. Nikki Chapple 30+ years in IT & business transformation Specialist Microsoft 365 governance & compliance Co-author MM4M365 GRC Maturity model Co-host All things M365 compliance Podcast Nikki.chapple@cloudway.com @chapplenikki
  • 5. Agenda An overview of GRC (Governance Risk and Compliance) obligations and approaches What's in Purview Pragmatic approaches to elevating your Compliance Score Wider technical and business thinking for de-risking your operations and organisation Thoughts on using the Maturity Model for Microsoft 365 GRC Competency to set your objectives
  • 6. Governance, Risk and Compliance… it's not nice to have It's The Law GRC Security
  • 8. Data is exploding Data regulations are increasing Risks of not being compliant Protecting data has become more challenging We need to simplify compliance and to reduce risk Why do we need Governance, Risk & Compliance?
  • 9. The risks of not being compliant Loss of trust and Reputational damage Operational / Financial impacts and loss Fines
  • 10.
  • 11.
  • 12.
  • 13. The data challenges • ?% of organisations no longer have confidence to detect and prevent loss of sensitive data • ?% of corporate data is “dark” – it’s not classified, protected or governed • ?% • Insiders are responsible for almost ?% of data breaches • ?+ updates per day from regulatory bodies https://forms.office.com/r/gXMzqULYNH
  • 14. The results • 88% of organisations no longer have the confidence to detect and prevent loss of sensitive data • >80% of corporate data is “dark” – it’s not classified, protected or governed • 64% • Insiders are responsible for almost 25% of data breaches • 250+ updates per day from regulatory bodies
  • 15. Microsoft Purview Comprehensive solutions to help govern, protect, and manage your data estate https://compliance.microsoft.com/homepage https://azure.microsoft.com/en-gb/services/purview/
  • 16.
  • 17.
  • 18. An intelligent, built-in, and extensible solution to know and protect sensitive data Excel
  • 19. Prevent accidental or unauthorized sharing of sensitive data
  • 20. Classify and govern data at scale
  • 21.
  • 22.
  • 23.
  • 24.
  • 25. Microsoft Purview Audit Power your forensic and compliance investigations
  • 27. Purview in context Pragmatic approaches to GRC and the Purview score
  • 28. Governance, Risk and Compliance Assessment Who, Where, How & When Current vs. Future state People Technology Process Strategy Regulations Culture Priorities GRC Maturity Recommendations What & Why Risk & compliance stance Monitor and Enhance
  • 29. Align the inputs with the demonstrable action-orientated outputs Benchmarked against the GRC Competency https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365- maturity-model--governance-and-compliance
  • 30. Compliance Score vs Secure Score Purview • Number of elements: 2000+ • Grouped into • Security, compliance & privacy • 9 sub-categories: • Protect information, Govern information, Control Access, Manage Devices, Protect against threats, Discover and respond, Manage internal risks, Manage compliance, Privacy Management • 350+ Assessment templates • Board Led • Business, Process & Technical control driven • (Documentation, Operational and technical) • Requires many controls outside the reach of the M365 /Azure platform Entra/Defender • Number of elements: 58 • Grouped into • Identity, Data, Apps • Singular security score • IT Led • Technical control driven
  • 31. How are Compliance Scores calculated?
  • 32. How are Compliance Scores calculated?
  • 33. Review and prioritise in Purview ??%
  • 34.
  • 35. The business context Business GRC Corporate GRC Purview + Azure + other platforms and systems Purview • GRC doesn’t end at Purview • Address your other platforms and Line of Business systems/infrastructure • E.g Azure • Think about the wider business needs
  • 36. Practical steps Establish board accountability Agree strategy and priorities Embed cultural change Establish a programme for continuous improvement Select initial focus area in Purview for attention Build tools & processes outside Purview for non-technical control
  • 37. The Kinata GRC portal
  • 38. Risk-based approach • It’s not binary ; black and white; on or off. • Each decision will require judgement • Risk (impact & probability), consequence (hazard), implementation effort • Actions to mitigate needed • Accept (Risk register), transfer, minimise/eliminate, insure.
  • 39. The Maturity Model levels 100 Start-ups, new teams and rapidly created processes • plus failing functions etc. 200 Maturing organisations and teams • plus inefficient and at-risk functions 300 Established organisations • Stable but not class leading functions 400 Successful/efficient organisations, functions and processes • Especially regulated functions 500 Best of breed • Exemplars
  • 40. Maturity Model for Microsoft 365 assets Business Process Staff & Training Collaboration Communication Management of Content People & Communities Search Data & Analytics Customization & Development Modern Infrastructure Principles of… How to elevate… Published Competencies In progress Competencies Supporting Articles Communication People & Communities Search Communication Staff & Training Security Collaboration Governance & Compliance Running a MM4M365 workshop Practitioner meeting recordings Employee Experience Tools https://docs.microsoft.com/en-us/microsoft-365/community/ @M365Maturity | @M365CommDocs | #MM4M365
  • 41. Governance, risk and compliance is not a project, it’s a lifestyle Start small and grow Look beyond Microsoft and definitely beyond IT