SlideShare a Scribd company logo
Maturity Model for Microsoft 365
Practitioners
February 2022
Governance, Risk and
Compliance Competency
⭐ Guest star ⭐ Nikki Chapple| @chapplenikki
Marc Anderson, Sympraxis Consulting | @sympmarc
Simon Doy, iThink 365 | @simondoy
Simon Hudson, Novia Consulting | @simonjhudson
Sharon Weaver, Smarter Consulting | @sharoneweaver
Initiative started by Sadie Van Buren as the SharePoint Maturity Model in 2010
Agenda
• Practitioner & Maturity Model overview
• Artifacts and Updates
• Purpose
• How to get more involved
• Shout-out & Picture Time (Together Mode!)
• Launch of the Governance, Risk and
Compliance Competency
The approach and articles on Microsoft Docs
Improve organization through use
of technology
Benchmark company and
department
Select appropriate approach
Develop an organizational business
and technical roadmap based on:
• What's possible
• What's desired
• Organization's culture and drivers
Lead and support strategic
planning, with senior management
Align implementation needs and
objectives
Discuss use of the platform with IT
– not just technology
Socialization tool
Business Process
Staff & Training
Collaboration
Communication
Management of Content
People & Communities
Search
Data & Analytics
Customization &
Development
Modern Infrastructure
Principles of…
How to elevate…
Published
Competencies
In progress
Competencies
Supporting
Articles
Communication
People & Communities
Search
Communication
Staff & Training
Security
Collaboration
Governance, Risk &
Compliance
Running a MM4M365
workshop
Practitioner meeting
recordings
Employee Experience
Tools
Governance, Risk and
Compliance
MM4M365 provides benchmarks to measure your organization
Maturity Level Description Intent
Level 500
Optimizing
• Deliberate and systematic process improvement/optimization
• Focus is on continually improving process performance
• Addressing statistical common causes of process variation and iterative process
improvement
Optimal, systematic, statistical,
improvement-focus,
automated, assured, proactive
Level 400
Predictable
• Actively managed in accordance with agreed processes and has tracked metrics
• Effective achievement can be evidenced across a range of operational conditions
• Process has been tested and refined
• Process users demonstrate competence
Productive, interactive,
responsive, enhanced,
effective, adaptable, quality
Level 300
Defined
• Defined and standardized
• Signed off, managed process
• Limited validation of effectiveness, doesn’t include edge cases
• Process users demonstrate familiarity
Documented, policy-driven,
planned, controlled, stable
Level 200
Managed
• Key processes defined but not standardized, uniformly or strongly applied
• Some ability to demonstrate consistent outcomes
• Limited buy-in from staff and management
• Widespread inconsistency and resistance
Routine, legacy, fire-fighting,
variable, personally managed
Level 100
Initial
• Default, starting/exploratory state
• People driven processes, lacking documentation and discipline
• Many ways of doing the same thing (with variable results)
• Characterised by inefficient legacy approaches and pockets of unmanaged innovation
Ad hoc, reactive, uncontrolled,
chaotic, unstable, not designed
MM4M365 – Intention at each level
Maturity Level Description Intent
Level 500
Optimizing
• Deliberate and systematic process improvement/optimization
• Focus is on continually improving process performance
• Addressing statistical common causes of process variation and iterative process
improvement
“We want to ensure all the key
processes are always effective
and resilient, while designing the
same into anything new we do”
Level 400
Predictable
• Actively managed in accordance with agreed processes and has tracked metrics
• Effective achievement can be evidenced across a range of operational conditions
• Process has been tested and refined
• Process users demonstrate competence
“Let’s make things even better by
measuring, analyzing and taking
actions to improve based on
that“
Level 300
Defined
• Defined and standardized
• Signed off, managed process
• Limited validation of effectiveness, doesn’t include edge cases
• Process users demonstrate familiarity
“We have defined our processes,
policies and procedures,
everyone seems to be doing the
right thing; let’s keep doing that”
Level 200
Managed
• Key processes defined but not standardized, uniformly or strongly applied
• Some ability to demonstrate consistent outcomes
• Limited buy-in from staff and management
• Widespread inconsistency and resistance
“We should ensure everyone
knows what they should be
doing”
Level 100
Initial
• Default, starting/exploratory state
• People driven processes, lacking documentation and discipline
• Many ways of doing the same thing (with variable results)
• Characterised by inefficient legacy approaches and pockets of unmanaged innovation
“Let’s keep putting the fires out
and keep the lights on!”
Practitioners for
Maturity Model
for Microsoft 365
Get Involved
https://aka.ms/sharing-is-caring
Purpose
• Safe space to hone
your pitch, test your
thoughts, or decide
how to promote your
use of the Maturity
Model
Discussion-based
monthly meeting
• Highlights of new
assets
• Understanding the
competencies
• Mapping technology
to maturity levels
and competencies
• Running a workshop
• Measuring maturity
• Sharing anecdotes
and success stories
• Feedback on the
maturity model
Contribute
on GitHub
Run a MM4M365 workshop
https://symp.info/MM4M365Workshop
Recordings
http://mmvideos.m365.ms/
✔Governance, Risk and Compliance
Modern Infrastructure
Data & Analytics
Employee Engagement
Accessibility & the Maturity Model
https://aka.ms/sharing-is-caring
Community Docs Sessions
Wednesday, 17th November, 7am PST
First Time Contributor Sessions
Wednesday, 15th December, 7am PST
Thank you, January attendees
Abbas A. Dirani
Agnes Molnar
Alexander Ernon
Annie Torres
Anthony Escobedo
Ashley Agler
Carianne M. Wong
Chris Graves
Christian Schneider
Daniel Westerdale
David Warner II
David Young
Edmund Davis
Edris Kakembo
Eric Moran
Henrik Yllemo
Igor Karon
James Cragle
Jason Lambiris
Jason McDougall
Joy Muehlenbein
Kat Memenza
Kathleen Boilek
Katrin Rannaste
Kevin McDonnell
Kirt Spaulding
Lance Yoder
Marc Anderson
Matthew Burback
Michael Markett
Michelle A Heisler
Mike Duffy
Mike Dumka
Nicole J Fleming
Nikki Chapple
Pam Green
Pete Simpkins
Ralph Rivas
Sabrina Faragoza
Sam Bridegroom
Simon Doy
Simon Hudson
Stéphane Chandonnet
Tim L Balk
Trey Smith
Topic: Applying Governance Risk and Compliance
https://aka.ms/sharing-is-caring
Please turn your video on
We are together in this as
a community!
Nikki Chapple Intro / Bio Slide
Nikki Chapple is aPrincipalCloud Architect at CloudWay.
She specialises inMicrosoft 365 governance and compliance. Nikki is a
regular speaker and blogs onMicrosoft 365 and Teams governance,
compliance and adoption best practice and top tips.
Nikki has 30 years’ experience covering both IT and business roles and prides
herself on delivering a holistic and risk-based approach to digital
transformations. Nikki holds multiple certifications from Microsoft including
the Certified Enterprise Administrator Expert and is also a TOGAF qualified
Enterprise Architect and PROSCI qualified Organisational Change Manager.
Her motto is “Microsoft 365 governance and compliance is not a project it is a
lifestyle. It needs to be embedded into the culture of the organization”.
https://nikkichapple.com/
Governance,
Risk and
Compliance
Competency
Governance
• Strategies, frameworks, culture and plans that
are directed and monitored
Risk
• Potential exposure to non-compliance (penalties,
fines, reputational damage, material loss)
• Identify, analyze and control risks appropriately
Compliance
• External regulations and controls that
an organization must follow
• Being compliant does not mean you are secure
Why do we need a Governance, Risk and Compliance maturity model?
Data is exploding Data regulations are increasing Risks of not being compliant
Protecting data has
become more
challenging
We need to simplify
compliance and to
reduce risk
Regulation Scope Penalties
GDPR Organizations that process the personal
data of EU residents
Fines of up to 4% of the company’s annual worldwide
turnover or €20 million
PCI DSS Business that processes, stores or
transmits credit card data
Fines of up to $100,000 per month for noncompliance
Suspension of card acceptance
HIPAA US healthcare providers that transmits
health information in electronic form
Fines of up to $50,000 per violation, with an annual
maximum of $1.5 million
Prison terms of up to ten years
CCPA Organizations and have at least $25
million in annual revenue* that process
the personal data of California residents
Statutory damages between $100 to $750 per California
resident.
Fine of up to $7,500 per record
Standard Scope
ISO 27001 Establishment, implementation, maintenance and continuous improvement of an information security
management system (ISMS)
Do we understand
our compliance
scope?
Do we know what
our internal and
external business
drivers & risks are?
Do we understand
where our business
critical and sensitive
data is?
Do we have clear
accountability for
GRC?
Do our employees
have a GRC mindset?
Do we have a
framework to
manage GRC?
Do we have a
roadmap to improve
compliance posture?
Do we have technical
controls to manage
our data?
How do we measure
up to the maturity
model?
Governance Risk and Compliance maturity levels
GRC = Strategic with
continuous
assessment. External
benchmarks
People = Pervasive
compliance culture.
Secure & compliant
by default
Processes =
Continuous
improvement. Extend
to supply chain
Technology =
Automated & risk
based, integration
with 3rd parties
Level 500 – Optimizing
“We want to ensure all the
key processes are always effective and
resilient, while designing the same into
anything new we do”
GRC = Tailored,
controlled &
measured
People = Dedicated
roles. Shared
accountability
Processes =
Streamlined &
simplified with
metrics
Technology =
Targeted and more
comprehensive
Level 400 – Predictable
“Let’s make things even better
by measuring, analyzing and
taking actions to improve
based on that“
GRC = Framework
established but
tactical
People = Siloed roles
& individual
responsibilities.
Processes = Tactical
& inconsistent
Technology =
Generic to limit over
exposure
Level 300 – Defined
“We have defined our processes, policies
and procedures, everyone seems to be
doing the right thing; let’s keep doing
that”
GRC = Compliance &
risk needs
understood
People = No formal
roles & low
awareness
Processes = Adhoc &
uncoordinated
Technology = Basic
& unmanaged
controls
Level 200 – Managed
“We should ensure everyone knows
what they should be doing”
GRC = Not
understood
People = Undefined
roles &
responsibilities
Process = Adhoc &
reactive
Technology = No
controls
Level 100 – Initial
“Let’s keep putting the fires out and
keep the lights on!”
GRC approach
People
Process
Technology
MM4M365 – Intention at each level
Maturity Level Description Intent
Level 500
Optimizing
• Leadership team sees value in achieving compliance as providing a strategic advantage to the
organization.
• The organization proactively reviews and updates risk and compliance metrics to address gaps and
prevent compliance failures. Results are monitored & used for continuous improvement.
• Tailored compliance controls with policy enforcement are implemented to provide different levels of
protection during collaboration depending on sensitivity, risk, and environment.
“GRC is a strategic asset to drive
the business; let’s make sure we
are the best and stay that way.”
Level 400
Predictable
• The leadership team sees value in continuously improving the governance, risk and compliance
program
• Dedicated teams and individuals are in place with clearly defined roles and responsibilities.
Compliance and operations teams work in partnership to assess risk and compliance.
• There are mechanisms to continuously assess compliance control and process gaps to prevent
compliance failures.
“GRC is critical to us, let’s make
sure we are doing it right,
everywhere, all the time (to
ensure I don’t go to jail).“
Level 300
Defined
• The leadership team see compliance as essential to business continuity and may value the rigor as a
business improvement tool.
• Strong content management tools and processes that include effective lifecycle management are in
place.
• Governance, risk and compliance controls are implemented but are reliant on the user to apply the
right controls to the right content.
“We have defined our processes,
policies and procedures,
everyone seems to be doing the
right thing; I hope it’s enough.”
Level 200
Managed
• Leadership understands and accepts the importance of governance and compliance but has not
driven it into the organization nor recognized it as a business enabler.
• Governance and compliance management is local, uncoordinated or sporadic It is dependent on
individual people to action and monitor.
• Basic technical controls may exist but may not be appropriately implemented to ensure compliance.
“GRC is important – you lot
should go and do it!
Level 100
Initial
• The leadership team do not believe that compliance is fundamental to their overall objectives.
• GRC processes and controls are either absent or ad hoc or out of date.
• There is ad-hoc implementation and response to incidents (reactive).
“We can ignore Governance, Risk
and Compliance (until there is an
incident).”
MM4M365 – Intention at level 100
Maturity Level Description Intent
Level 100
Initial
GRC
Approach
Compliance not important or ignored
High risk of exposure to fine, reputation
damages or material loss “We can
ignore
Governance,
Risk and
Compliance
(until there is
an incident).”
People
Undefined roles & responsibilities
No awareness of risk
Process
Absent or ad-hoc or out of date.
Any action is reactive
No risk assessment
Technology
Ad-hoc implementation and response to
incidents
Data is unmanaged and overexposed
MM4M365 – Level 100 example
Example Controls
🏭
Small
manufacturer
140 KWs
160 FLWs
Single
location
1. None
How do we move to
next level
1. Find champion in
organisation
2. Understand the risks
of non-compliance
“We are only a
small
organization, so
it does not apply”
“We have never
had a breach”
“Compliance gets
in the way of
business”
“Its up to the
departments to
decide their
rules”
“We don’t store
sensitive data.
Email is not PII”
“We don’t have
the technical
skills to manage
this”
MM4M365 – Intention at level 200
Maturity Level Description Intent
Level 200
Managed
GRC
Approach
Compliance & risk understood but not
managed
Not a business driver
Compliance is painful
“GRC is
important –
you lot
should go
and do it!
People
No formal roles
Dependent on individuals
Low awareness of risk and compliance
Processes
Adhoc and locally driven
No controls
Technology
Basic controls implemented but ungoverned
Data storage ungoverned
All data is treated equally
MM4M365 –Level 200 example
Example Controls
🚛
UK
Logistics
company
250 KWs
3,800
FLWs
Multiple
locations
1. Email archiving
2. Block guest access
3. Block self service Team
creation
How do we move to next
level
1. C-suite understand their
accountable
2. Understand your data
3. Maturity assessment
4. Build GRC roadmap
“We understand
what we need to
do”
“We have written
polices but they are
difficult to enforce”
“I don’t know where
my sensitive data is”
“We use WhatsApp.
It’s easy”
“There are no rules
on what data is
stored where”
“Our FLW do not
have computers”
MM4M365 – Intention at level 300
Maturity Level Description Intent
Level 300
Defined
GRC
Approach
Essential to business
‘Top-down’ cultural change Baseline
framework standardized policies
“We have
defined our
processes,
policies and
procedures,
everyone
seems to be
doing the right
thing; I hope it’s
enough.”
People
Siloed roles
Staff awareness of responsibilities
Event driven activities (e.g. audit)
Process
Local process, measures & controls
Inconsistent implementation
Risks are reviewed but still unknowns
Technology
Controls implemented but reliant on
user applying controls
Focus on automating controls on
higher risk locations (e.g. Finance, HR)
MM4M365 – Level 300 example
Example Controls
📖
Global
publisher
Multiple
autonomous
companies
11,000 KWs
20+
countries
1. Migrate data into Microsoft
365
2. Standard retention policies
3. Sensitive and retention
labelling but manual
4. Teams and site governance
5. DLP to block external access
6. Compliance baselined
How do we move to next level
1. Tailoring controls risks
2. Maximizing use of tools
“We manage GRC
but is it resource
intensive or added
as part of another
role”
“It is difficult to get
consensus
between the
companies”
“Compliance is
managed
differently across
companies”
“We have
implemented
standard set of
technical controls”
“We have used our
SharePoint quota”
“We reduced our
Teams from 25,000
to 11,000
MM4M365 – Intention at level 400
Maturity Level Description Intent
Level 400
Predictable
GRC
approach
Tailored, controlled & measure
Enterprise risk management
“GRC is critical
to us, let’s
make sure we
are doing it
right,
everywhere, all
the time (to
ensure I don’t
go to jail).“
People
Dedicated roles.
Shared accountability
across compliance and security
Processes Streamlined & simplified with metrics
Technology
Targeted and more comprehensive
Data actively managed
MM4M365 – Level 400 example
Example Controls
⚖️
International
law firm
4000 KWs
In 10 +
countries
E5 licenses
1. Multi-geo
2. Teams and sites governance
3. Internal access only
4. Advanced audit
5. Advanced eDiscovery
6. Data classification
7. Upload & download DLP
8. Retention and deletion polices
How do we move to next level
1. Custom sensitive types
2. Targeted AAD B2B access
3. Insider Risk & Comms compliance
4. Advanced eDiscovery ingestion
5. Compliance templates
6. Privacy management
7. Adaptive scopes
“We have country
specific data
requirements we
must enforce”
“We have dedicated
compliance board”
“Need to drive
productivity but
have to balance
compliance risks”
“We have to manage
client matter data for
our cloud adverse
clients”
“We have a roadmap
to maximize
technology to
control and monitor”
Need external
support to minimize
risk through use of
technology
MM4M365 – Intention at level 500
Maturity Level Description Intent
Level 500
Optimizing
GRC
approach
Strategic advantage
Embedded in strategic planning
Continuous assessment “GRC is a
strategic asset
to drive the
business; let’s
make sure we
are the best
and stay that
way.”
People
Enterprise-wide risk
Pervasive compliance culture
Secure & compliant by design
Processes
Continuous improvement
Proactive reviews
Extend to supply chain
External assessments & benchmarking
Technology
Automated, risk based & tailored
Integration with 3rd parties
Data intelligently managed
 The Microsoft 365 Maturity Model – Governance, Risk, and Compliance
Competency | Microsoft Docs
 One Stop Shop - Compliance Customer Experience Engineering (CxE)
(microsoft.github.io)
 Microsoft 365 Compliance: A Practical Guide to Managing Risk by Erica
Toelle
Q&A
Recording off!
Thank you
Follow us on Twitter
@M365Maturity | @M365CommDocs
Take the Maturity Model Self-Assessment:
https://symp.info/MM4M365-SelfAssessment
Fill out the Maturity Model Survey: https://symp.info/MM4M365Survey
Discussions in Github: https://symp.info/MM4M365Discussion
YouTube: https://symp.info/MM4M365Videos
Slide decks: https://symp.info/MM4M365Slides
Next MM4M365 monthly call
Jan 18th 10am ET / 7am PT
Third Tuesday of every month
https://aka.ms/sharing-is-caring
aka.ms/m365pnp

More Related Content

Similar to Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practitioners - Feb 2022

The Agile Generational Workforce
The Agile Generational WorkforceThe Agile Generational Workforce
The Agile Generational Workforce
Cprime
 
From Chaos to Order: Building a Business Architecture
From Chaos to Order:  Building a Business ArchitectureFrom Chaos to Order:  Building a Business Architecture
From Chaos to Order: Building a Business Architecture
Michael King
 
CISSP Training Program
CISSP Training ProgramCISSP Training Program
CISSP Training Program
IEVISION IT SERVICES Pvt. Ltd
 
Ram Kumar G A Personal Profile
Ram Kumar G   A Personal ProfileRam Kumar G   A Personal Profile
Ram Kumar G A Personal Profile
Ram Kumar G
 
Chief Compliance Officer: What does it take to do the job? The Organization's...
Chief Compliance Officer: What does it take to do the job? The Organization's...Chief Compliance Officer: What does it take to do the job? The Organization's...
Chief Compliance Officer: What does it take to do the job? The Organization's...
OnlineCompliance Panel
 
Cissp classroom program ievision
Cissp classroom program ievisionCissp classroom program ievision
Cissp classroom program ievision
IEVISION IT SERVICES Pvt. Ltd
 
cPrime Agile Enterprise Transformation
cPrime Agile Enterprise TransformationcPrime Agile Enterprise Transformation
cPrime Agile Enterprise Transformation
Cprime
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation Steps
PECB
 
Mujeebur rahmansaher presentation
Mujeebur rahmansaher presentationMujeebur rahmansaher presentation
Mujeebur rahmansaher presentation
Mujeebur Rahmansaher
 
RBL Omnia, a world-class offering
RBL Omnia, a world-class offeringRBL Omnia, a world-class offering
RBL Omnia, a world-class offering
The RBL Group
 
2014.07 Exec User Group - Atlassian - Sydney
2014.07 Exec User Group - Atlassian - Sydney2014.07 Exec User Group - Atlassian - Sydney
2014.07 Exec User Group - Atlassian - Sydney
ServiceRocket
 
RBL Omnia - Detailed Deck
RBL Omnia - Detailed DeckRBL Omnia - Detailed Deck
RBL Omnia - Detailed Deck
The RBL Group
 
Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...
Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...
Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...
2toLead Limited
 
Stella Brits Roles and Responsibilities - QMS
Stella Brits Roles and Responsibilities - QMSStella Brits Roles and Responsibilities - QMS
Stella Brits Roles and Responsibilities - QMS
Stella Brits
 
Auditing as a profession
Auditing as a professionAuditing as a profession
Auditing as a profession
Lloyd's Register - Management Systems
 
RBL Omnia, a world-class offering
RBL Omnia, a world-class offeringRBL Omnia, a world-class offering
RBL Omnia, a world-class offering
The RBL Group
 
OPI Presentation
OPI PresentationOPI Presentation
OPI Presentation
Tom Onguru
 
Dynamic Print for Dscoop9 Recipes for Success – Profitable Operations
Dynamic Print for Dscoop9   Recipes for Success – Profitable Operations Dynamic Print for Dscoop9   Recipes for Success – Profitable Operations
Dynamic Print for Dscoop9 Recipes for Success – Profitable Operations
DynamicDave
 
Sullivan and Cogliano Capabilties 1.22.16
Sullivan and Cogliano Capabilties 1.22.16Sullivan and Cogliano Capabilties 1.22.16
Sullivan and Cogliano Capabilties 1.22.16
Herb Cogliano
 
Sidat Hyder e-learning
Sidat Hyder e-learningSidat Hyder e-learning
Sidat Hyder e-learning
Muhammad Usman Bashir
 

Similar to Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practitioners - Feb 2022 (20)

The Agile Generational Workforce
The Agile Generational WorkforceThe Agile Generational Workforce
The Agile Generational Workforce
 
From Chaos to Order: Building a Business Architecture
From Chaos to Order:  Building a Business ArchitectureFrom Chaos to Order:  Building a Business Architecture
From Chaos to Order: Building a Business Architecture
 
CISSP Training Program
CISSP Training ProgramCISSP Training Program
CISSP Training Program
 
Ram Kumar G A Personal Profile
Ram Kumar G   A Personal ProfileRam Kumar G   A Personal Profile
Ram Kumar G A Personal Profile
 
Chief Compliance Officer: What does it take to do the job? The Organization's...
Chief Compliance Officer: What does it take to do the job? The Organization's...Chief Compliance Officer: What does it take to do the job? The Organization's...
Chief Compliance Officer: What does it take to do the job? The Organization's...
 
Cissp classroom program ievision
Cissp classroom program ievisionCissp classroom program ievision
Cissp classroom program ievision
 
cPrime Agile Enterprise Transformation
cPrime Agile Enterprise TransformationcPrime Agile Enterprise Transformation
cPrime Agile Enterprise Transformation
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation Steps
 
Mujeebur rahmansaher presentation
Mujeebur rahmansaher presentationMujeebur rahmansaher presentation
Mujeebur rahmansaher presentation
 
RBL Omnia, a world-class offering
RBL Omnia, a world-class offeringRBL Omnia, a world-class offering
RBL Omnia, a world-class offering
 
2014.07 Exec User Group - Atlassian - Sydney
2014.07 Exec User Group - Atlassian - Sydney2014.07 Exec User Group - Atlassian - Sydney
2014.07 Exec User Group - Atlassian - Sydney
 
RBL Omnia - Detailed Deck
RBL Omnia - Detailed DeckRBL Omnia - Detailed Deck
RBL Omnia - Detailed Deck
 
Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...
Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...
Microsoft x 2toLead Webinar Session 4 - How Employee Performance and Manageme...
 
Stella Brits Roles and Responsibilities - QMS
Stella Brits Roles and Responsibilities - QMSStella Brits Roles and Responsibilities - QMS
Stella Brits Roles and Responsibilities - QMS
 
Auditing as a profession
Auditing as a professionAuditing as a profession
Auditing as a profession
 
RBL Omnia, a world-class offering
RBL Omnia, a world-class offeringRBL Omnia, a world-class offering
RBL Omnia, a world-class offering
 
OPI Presentation
OPI PresentationOPI Presentation
OPI Presentation
 
Dynamic Print for Dscoop9 Recipes for Success – Profitable Operations
Dynamic Print for Dscoop9   Recipes for Success – Profitable Operations Dynamic Print for Dscoop9   Recipes for Success – Profitable Operations
Dynamic Print for Dscoop9 Recipes for Success – Profitable Operations
 
Sullivan and Cogliano Capabilties 1.22.16
Sullivan and Cogliano Capabilties 1.22.16Sullivan and Cogliano Capabilties 1.22.16
Sullivan and Cogliano Capabilties 1.22.16
 
Sidat Hyder e-learning
Sidat Hyder e-learningSidat Hyder e-learning
Sidat Hyder e-learning
 

More from Nikki Chapple

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Nikki Chapple
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Nikki Chapple
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Nikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Nikki Chapple
 
Dont let governance risk and compliance be a roll of the device | Modern Wor...
 Dont let governance risk and compliance be a roll of the device | Modern Wor... Dont let governance risk and compliance be a roll of the device | Modern Wor...
Dont let governance risk and compliance be a roll of the device | Modern Wor...
Nikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Nikki Chapple
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Nikki Chapple
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Nikki Chapple
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Nikki Chapple
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Nikki Chapple
 

More from Nikki Chapple (20)

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
 
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023
 
Dont let governance risk and compliance be a roll of the device | Modern Wor...
 Dont let governance risk and compliance be a roll of the device | Modern Wor... Dont let governance risk and compliance be a roll of the device | Modern Wor...
Dont let governance risk and compliance be a roll of the device | Modern Wor...
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
 

Recently uploaded

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 

Recently uploaded (20)

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 

Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practitioners - Feb 2022

  • 1. Maturity Model for Microsoft 365 Practitioners February 2022 Governance, Risk and Compliance Competency ⭐ Guest star ⭐ Nikki Chapple| @chapplenikki Marc Anderson, Sympraxis Consulting | @sympmarc Simon Doy, iThink 365 | @simondoy Simon Hudson, Novia Consulting | @simonjhudson Sharon Weaver, Smarter Consulting | @sharoneweaver Initiative started by Sadie Van Buren as the SharePoint Maturity Model in 2010
  • 2. Agenda • Practitioner & Maturity Model overview • Artifacts and Updates • Purpose • How to get more involved • Shout-out & Picture Time (Together Mode!) • Launch of the Governance, Risk and Compliance Competency
  • 3. The approach and articles on Microsoft Docs Improve organization through use of technology Benchmark company and department Select appropriate approach Develop an organizational business and technical roadmap based on: • What's possible • What's desired • Organization's culture and drivers Lead and support strategic planning, with senior management Align implementation needs and objectives Discuss use of the platform with IT – not just technology Socialization tool Business Process Staff & Training Collaboration Communication Management of Content People & Communities Search Data & Analytics Customization & Development Modern Infrastructure Principles of… How to elevate… Published Competencies In progress Competencies Supporting Articles Communication People & Communities Search Communication Staff & Training Security Collaboration Governance, Risk & Compliance Running a MM4M365 workshop Practitioner meeting recordings Employee Experience Tools Governance, Risk and Compliance
  • 4. MM4M365 provides benchmarks to measure your organization Maturity Level Description Intent Level 500 Optimizing • Deliberate and systematic process improvement/optimization • Focus is on continually improving process performance • Addressing statistical common causes of process variation and iterative process improvement Optimal, systematic, statistical, improvement-focus, automated, assured, proactive Level 400 Predictable • Actively managed in accordance with agreed processes and has tracked metrics • Effective achievement can be evidenced across a range of operational conditions • Process has been tested and refined • Process users demonstrate competence Productive, interactive, responsive, enhanced, effective, adaptable, quality Level 300 Defined • Defined and standardized • Signed off, managed process • Limited validation of effectiveness, doesn’t include edge cases • Process users demonstrate familiarity Documented, policy-driven, planned, controlled, stable Level 200 Managed • Key processes defined but not standardized, uniformly or strongly applied • Some ability to demonstrate consistent outcomes • Limited buy-in from staff and management • Widespread inconsistency and resistance Routine, legacy, fire-fighting, variable, personally managed Level 100 Initial • Default, starting/exploratory state • People driven processes, lacking documentation and discipline • Many ways of doing the same thing (with variable results) • Characterised by inefficient legacy approaches and pockets of unmanaged innovation Ad hoc, reactive, uncontrolled, chaotic, unstable, not designed
  • 5. MM4M365 – Intention at each level Maturity Level Description Intent Level 500 Optimizing • Deliberate and systematic process improvement/optimization • Focus is on continually improving process performance • Addressing statistical common causes of process variation and iterative process improvement “We want to ensure all the key processes are always effective and resilient, while designing the same into anything new we do” Level 400 Predictable • Actively managed in accordance with agreed processes and has tracked metrics • Effective achievement can be evidenced across a range of operational conditions • Process has been tested and refined • Process users demonstrate competence “Let’s make things even better by measuring, analyzing and taking actions to improve based on that“ Level 300 Defined • Defined and standardized • Signed off, managed process • Limited validation of effectiveness, doesn’t include edge cases • Process users demonstrate familiarity “We have defined our processes, policies and procedures, everyone seems to be doing the right thing; let’s keep doing that” Level 200 Managed • Key processes defined but not standardized, uniformly or strongly applied • Some ability to demonstrate consistent outcomes • Limited buy-in from staff and management • Widespread inconsistency and resistance “We should ensure everyone knows what they should be doing” Level 100 Initial • Default, starting/exploratory state • People driven processes, lacking documentation and discipline • Many ways of doing the same thing (with variable results) • Characterised by inefficient legacy approaches and pockets of unmanaged innovation “Let’s keep putting the fires out and keep the lights on!”
  • 6. Practitioners for Maturity Model for Microsoft 365 Get Involved https://aka.ms/sharing-is-caring Purpose • Safe space to hone your pitch, test your thoughts, or decide how to promote your use of the Maturity Model Discussion-based monthly meeting • Highlights of new assets • Understanding the competencies • Mapping technology to maturity levels and competencies • Running a workshop • Measuring maturity • Sharing anecdotes and success stories • Feedback on the maturity model Contribute on GitHub Run a MM4M365 workshop https://symp.info/MM4M365Workshop Recordings http://mmvideos.m365.ms/
  • 7. ✔Governance, Risk and Compliance Modern Infrastructure Data & Analytics Employee Engagement Accessibility & the Maturity Model
  • 8. https://aka.ms/sharing-is-caring Community Docs Sessions Wednesday, 17th November, 7am PST First Time Contributor Sessions Wednesday, 15th December, 7am PST Thank you, January attendees Abbas A. Dirani Agnes Molnar Alexander Ernon Annie Torres Anthony Escobedo Ashley Agler Carianne M. Wong Chris Graves Christian Schneider Daniel Westerdale David Warner II David Young Edmund Davis Edris Kakembo Eric Moran Henrik Yllemo Igor Karon James Cragle Jason Lambiris Jason McDougall Joy Muehlenbein Kat Memenza Kathleen Boilek Katrin Rannaste Kevin McDonnell Kirt Spaulding Lance Yoder Marc Anderson Matthew Burback Michael Markett Michelle A Heisler Mike Duffy Mike Dumka Nicole J Fleming Nikki Chapple Pam Green Pete Simpkins Ralph Rivas Sabrina Faragoza Sam Bridegroom Simon Doy Simon Hudson Stéphane Chandonnet Tim L Balk Trey Smith Topic: Applying Governance Risk and Compliance https://aka.ms/sharing-is-caring
  • 9. Please turn your video on We are together in this as a community!
  • 10. Nikki Chapple Intro / Bio Slide Nikki Chapple is aPrincipalCloud Architect at CloudWay. She specialises inMicrosoft 365 governance and compliance. Nikki is a regular speaker and blogs onMicrosoft 365 and Teams governance, compliance and adoption best practice and top tips. Nikki has 30 years’ experience covering both IT and business roles and prides herself on delivering a holistic and risk-based approach to digital transformations. Nikki holds multiple certifications from Microsoft including the Certified Enterprise Administrator Expert and is also a TOGAF qualified Enterprise Architect and PROSCI qualified Organisational Change Manager. Her motto is “Microsoft 365 governance and compliance is not a project it is a lifestyle. It needs to be embedded into the culture of the organization”. https://nikkichapple.com/
  • 12. Governance • Strategies, frameworks, culture and plans that are directed and monitored Risk • Potential exposure to non-compliance (penalties, fines, reputational damage, material loss) • Identify, analyze and control risks appropriately Compliance • External regulations and controls that an organization must follow • Being compliant does not mean you are secure
  • 13. Why do we need a Governance, Risk and Compliance maturity model? Data is exploding Data regulations are increasing Risks of not being compliant Protecting data has become more challenging We need to simplify compliance and to reduce risk
  • 14. Regulation Scope Penalties GDPR Organizations that process the personal data of EU residents Fines of up to 4% of the company’s annual worldwide turnover or €20 million PCI DSS Business that processes, stores or transmits credit card data Fines of up to $100,000 per month for noncompliance Suspension of card acceptance HIPAA US healthcare providers that transmits health information in electronic form Fines of up to $50,000 per violation, with an annual maximum of $1.5 million Prison terms of up to ten years CCPA Organizations and have at least $25 million in annual revenue* that process the personal data of California residents Statutory damages between $100 to $750 per California resident. Fine of up to $7,500 per record Standard Scope ISO 27001 Establishment, implementation, maintenance and continuous improvement of an information security management system (ISMS)
  • 15.
  • 16. Do we understand our compliance scope? Do we know what our internal and external business drivers & risks are? Do we understand where our business critical and sensitive data is? Do we have clear accountability for GRC? Do our employees have a GRC mindset? Do we have a framework to manage GRC? Do we have a roadmap to improve compliance posture? Do we have technical controls to manage our data? How do we measure up to the maturity model?
  • 17. Governance Risk and Compliance maturity levels GRC = Strategic with continuous assessment. External benchmarks People = Pervasive compliance culture. Secure & compliant by default Processes = Continuous improvement. Extend to supply chain Technology = Automated & risk based, integration with 3rd parties Level 500 – Optimizing “We want to ensure all the key processes are always effective and resilient, while designing the same into anything new we do” GRC = Tailored, controlled & measured People = Dedicated roles. Shared accountability Processes = Streamlined & simplified with metrics Technology = Targeted and more comprehensive Level 400 – Predictable “Let’s make things even better by measuring, analyzing and taking actions to improve based on that“ GRC = Framework established but tactical People = Siloed roles & individual responsibilities. Processes = Tactical & inconsistent Technology = Generic to limit over exposure Level 300 – Defined “We have defined our processes, policies and procedures, everyone seems to be doing the right thing; let’s keep doing that” GRC = Compliance & risk needs understood People = No formal roles & low awareness Processes = Adhoc & uncoordinated Technology = Basic & unmanaged controls Level 200 – Managed “We should ensure everyone knows what they should be doing” GRC = Not understood People = Undefined roles & responsibilities Process = Adhoc & reactive Technology = No controls Level 100 – Initial “Let’s keep putting the fires out and keep the lights on!” GRC approach People Process Technology
  • 18. MM4M365 – Intention at each level Maturity Level Description Intent Level 500 Optimizing • Leadership team sees value in achieving compliance as providing a strategic advantage to the organization. • The organization proactively reviews and updates risk and compliance metrics to address gaps and prevent compliance failures. Results are monitored & used for continuous improvement. • Tailored compliance controls with policy enforcement are implemented to provide different levels of protection during collaboration depending on sensitivity, risk, and environment. “GRC is a strategic asset to drive the business; let’s make sure we are the best and stay that way.” Level 400 Predictable • The leadership team sees value in continuously improving the governance, risk and compliance program • Dedicated teams and individuals are in place with clearly defined roles and responsibilities. Compliance and operations teams work in partnership to assess risk and compliance. • There are mechanisms to continuously assess compliance control and process gaps to prevent compliance failures. “GRC is critical to us, let’s make sure we are doing it right, everywhere, all the time (to ensure I don’t go to jail).“ Level 300 Defined • The leadership team see compliance as essential to business continuity and may value the rigor as a business improvement tool. • Strong content management tools and processes that include effective lifecycle management are in place. • Governance, risk and compliance controls are implemented but are reliant on the user to apply the right controls to the right content. “We have defined our processes, policies and procedures, everyone seems to be doing the right thing; I hope it’s enough.” Level 200 Managed • Leadership understands and accepts the importance of governance and compliance but has not driven it into the organization nor recognized it as a business enabler. • Governance and compliance management is local, uncoordinated or sporadic It is dependent on individual people to action and monitor. • Basic technical controls may exist but may not be appropriately implemented to ensure compliance. “GRC is important – you lot should go and do it! Level 100 Initial • The leadership team do not believe that compliance is fundamental to their overall objectives. • GRC processes and controls are either absent or ad hoc or out of date. • There is ad-hoc implementation and response to incidents (reactive). “We can ignore Governance, Risk and Compliance (until there is an incident).”
  • 19. MM4M365 – Intention at level 100 Maturity Level Description Intent Level 100 Initial GRC Approach Compliance not important or ignored High risk of exposure to fine, reputation damages or material loss “We can ignore Governance, Risk and Compliance (until there is an incident).” People Undefined roles & responsibilities No awareness of risk Process Absent or ad-hoc or out of date. Any action is reactive No risk assessment Technology Ad-hoc implementation and response to incidents Data is unmanaged and overexposed
  • 20. MM4M365 – Level 100 example Example Controls 🏭 Small manufacturer 140 KWs 160 FLWs Single location 1. None How do we move to next level 1. Find champion in organisation 2. Understand the risks of non-compliance “We are only a small organization, so it does not apply” “We have never had a breach” “Compliance gets in the way of business” “Its up to the departments to decide their rules” “We don’t store sensitive data. Email is not PII” “We don’t have the technical skills to manage this”
  • 21. MM4M365 – Intention at level 200 Maturity Level Description Intent Level 200 Managed GRC Approach Compliance & risk understood but not managed Not a business driver Compliance is painful “GRC is important – you lot should go and do it! People No formal roles Dependent on individuals Low awareness of risk and compliance Processes Adhoc and locally driven No controls Technology Basic controls implemented but ungoverned Data storage ungoverned All data is treated equally
  • 22. MM4M365 –Level 200 example Example Controls 🚛 UK Logistics company 250 KWs 3,800 FLWs Multiple locations 1. Email archiving 2. Block guest access 3. Block self service Team creation How do we move to next level 1. C-suite understand their accountable 2. Understand your data 3. Maturity assessment 4. Build GRC roadmap “We understand what we need to do” “We have written polices but they are difficult to enforce” “I don’t know where my sensitive data is” “We use WhatsApp. It’s easy” “There are no rules on what data is stored where” “Our FLW do not have computers”
  • 23. MM4M365 – Intention at level 300 Maturity Level Description Intent Level 300 Defined GRC Approach Essential to business ‘Top-down’ cultural change Baseline framework standardized policies “We have defined our processes, policies and procedures, everyone seems to be doing the right thing; I hope it’s enough.” People Siloed roles Staff awareness of responsibilities Event driven activities (e.g. audit) Process Local process, measures & controls Inconsistent implementation Risks are reviewed but still unknowns Technology Controls implemented but reliant on user applying controls Focus on automating controls on higher risk locations (e.g. Finance, HR)
  • 24. MM4M365 – Level 300 example Example Controls 📖 Global publisher Multiple autonomous companies 11,000 KWs 20+ countries 1. Migrate data into Microsoft 365 2. Standard retention policies 3. Sensitive and retention labelling but manual 4. Teams and site governance 5. DLP to block external access 6. Compliance baselined How do we move to next level 1. Tailoring controls risks 2. Maximizing use of tools “We manage GRC but is it resource intensive or added as part of another role” “It is difficult to get consensus between the companies” “Compliance is managed differently across companies” “We have implemented standard set of technical controls” “We have used our SharePoint quota” “We reduced our Teams from 25,000 to 11,000
  • 25. MM4M365 – Intention at level 400 Maturity Level Description Intent Level 400 Predictable GRC approach Tailored, controlled & measure Enterprise risk management “GRC is critical to us, let’s make sure we are doing it right, everywhere, all the time (to ensure I don’t go to jail).“ People Dedicated roles. Shared accountability across compliance and security Processes Streamlined & simplified with metrics Technology Targeted and more comprehensive Data actively managed
  • 26. MM4M365 – Level 400 example Example Controls ⚖️ International law firm 4000 KWs In 10 + countries E5 licenses 1. Multi-geo 2. Teams and sites governance 3. Internal access only 4. Advanced audit 5. Advanced eDiscovery 6. Data classification 7. Upload & download DLP 8. Retention and deletion polices How do we move to next level 1. Custom sensitive types 2. Targeted AAD B2B access 3. Insider Risk & Comms compliance 4. Advanced eDiscovery ingestion 5. Compliance templates 6. Privacy management 7. Adaptive scopes “We have country specific data requirements we must enforce” “We have dedicated compliance board” “Need to drive productivity but have to balance compliance risks” “We have to manage client matter data for our cloud adverse clients” “We have a roadmap to maximize technology to control and monitor” Need external support to minimize risk through use of technology
  • 27. MM4M365 – Intention at level 500 Maturity Level Description Intent Level 500 Optimizing GRC approach Strategic advantage Embedded in strategic planning Continuous assessment “GRC is a strategic asset to drive the business; let’s make sure we are the best and stay that way.” People Enterprise-wide risk Pervasive compliance culture Secure & compliant by design Processes Continuous improvement Proactive reviews Extend to supply chain External assessments & benchmarking Technology Automated, risk based & tailored Integration with 3rd parties Data intelligently managed
  • 28.  The Microsoft 365 Maturity Model – Governance, Risk, and Compliance Competency | Microsoft Docs  One Stop Shop - Compliance Customer Experience Engineering (CxE) (microsoft.github.io)  Microsoft 365 Compliance: A Practical Guide to Managing Risk by Erica Toelle
  • 30. Thank you Follow us on Twitter @M365Maturity | @M365CommDocs Take the Maturity Model Self-Assessment: https://symp.info/MM4M365-SelfAssessment Fill out the Maturity Model Survey: https://symp.info/MM4M365Survey Discussions in Github: https://symp.info/MM4M365Discussion YouTube: https://symp.info/MM4M365Videos Slide decks: https://symp.info/MM4M365Slides Next MM4M365 monthly call Jan 18th 10am ET / 7am PT Third Tuesday of every month https://aka.ms/sharing-is-caring