SlideShare a Scribd company logo
10TH ANNIVERSARY JUBILEE EDITION OF THE
EUROPEAN COLLABORATION SUMMIT
Real World Governance, Risk
and Compliance
Nikki Chapple, Simon Hudson
Adopting Microsoft Purview and beyond
10TH ANNIVERSARY JUBILEE EDITION OF THE
EUROPEAN COLLABORATION SUMMIT
Simon Hudson
Founder, Cloud2, Kinata, Novia
Works
20+ years innovating with
Microsoft technologies
Entrepreneur in Residence,
University of Hull
M365 North user group host
simon@noviaworks.co.uk
@simonjhudson
Nikki Chapple
30+ years in IT & business
transformation
Specialist Microsoft 365 governance
& compliance
International speaker & blogger
All things M365 compliance Podcast
co-host
Nikki.chapple@cloudway.co
m
@chapplnikki
Nikkichapple.com
Welcome ♥
GRC… bane or benefit
What do you feel about
GRC?
Entry Poll
Agenda
An overview of GRC (Governance Risk and Compliance) obligations
and approaches
What's in Purview
Pragmatic approaches to elevating your Compliance Score
Wider technical and business thinking for de-risking your
operations and organisation
Thoughts on using the Maturity Model for Microsoft 365 GRC
Competency to set your objectives
Governance, Risk and
Compliance…
it's not nice to have
It's The Law
GRC
Security
Processes
Governance
Strategies
Policies, Monitoring
Culture
Identify
Analyse
Control
Laws
Regulations
Controls
Activities
Elements
of
Governance,
Risk,
and
Compliance
Data is exploding Data regulations are increasing Risks of not being compliant
Protecting data has become
more challenging We need to simplify
compliance and to reduce risk
Why do we need Governance, Risk &
Compliance?
The risks of not being compliant
Loss of trust
and
Reputational
damage
Operational
/ Financial
impacts and
loss
Fines
Meta - €1.2bn
(Ireland)
Largest GDPR fine
ever, was imposed
for Meta's transfers
of personal data to
the U.S. on the
basis of standard
contractual clauses
Reference: Numbers
and Figures | GDPR
Enforcement Tracker
Report 2022/2023
(cms.law)
GDPR Fines by sector
Reference: Data
security incident
trends | ICO
Data security incidents by type - ICO (UK)
What are the GRC
compliance
challenges?
Data challenges poll
Microsoft
Purview
Comprehensive solutions to help
govern, protect, and manage your
data estate
https://compliance.microsoft.com/homepage
https://azure.microsoft.com/en-gb/services/purview/
Microsoft Purview
Comprehensive solutions to help govern, protect and manage your data estate
Understand & govern data
Manage visibility and governance of
data assets across your environment
Safeguard data, wherever it lives
Protect sensitive data across clouds,
apps, and devices
Improve risk & compliance posture
Identify data risks and manage regulatory
compliance requirements
Microsoft ecosystem
Support for multi-cloud, hybrid, SaaS data | Third-party/partner ecosystem
Medical
info
Passport
info
Financial
data
Address
Phone #
PII
User
data
Trade
secrets
Revenue
plan
Name
Company
IP
Risks
Data landscape is fragmented creating risks
Data protection is a defense in depth approach
Purview in context
Pragmatic approaches to GRC
and the Purview score
Governance, Risk and Compliance Assessment
Who, Where, How & When
Current vs.
Future state
People
Technology
Process
Strategy
Regulations
Culture Priorities
GRC Maturity
Recommendations
What & Why
Risk & compliance
stance
Monitor and
Enhance
Align the inputs with the demonstrable
action-orientated outputs
Benchmarked against the GRC Competency
https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365-
maturity-model--governance-and-compliance
Can Copilot help?
Wouldn’t it be great if Compliance Copilot could help with setting
all this stuff up. Maybe it needs to be exposed to all the
Compliance standards and regulations…
But that’s in the future
Compliance Score vs Secure Score
Purview
• Number of elements: 2000+
• Grouped into
• Security, compliance & privacy
• 9 sub-categories:
• Protect information, Govern information, Control
Access, Manage Devices, Protect against threats,
Discover and respond, Manage internal risks,
Manage compliance, Privacy Management
• 350+ Assessment templates
• Board Led
• Business, Process & Technical control driven
• (Documentation, Operational and technical)
• Requires many controls outside the reach of the
M365 /Azure platform
Entra/Defender
• Number of elements: 58
• Grouped into
• Identity, Data, Apps
• Singular security score
• IT Led
• Technical control driven
Review and prioritise in Purview
??%
The business context
Business
GRC
Corporate
GRC
Purview +
Azure +
other
Microsoft
365
Purview
• GRC doesn’t end at
Purview
• Address/add your other
platforms and Line of
Business systems /
infrastructure
• E.g. Azure, Salesforce
• Think about the wider
business needs
Practical steps
Establish board accountability
Agree strategy and priorities
Embed cultural change
Establish a programme for continuous improvement
Select initial focus area in Purview for attention
Build tools & processes outside Purview for non-technical control
The Kinata GRC portal
Where should you start
The Maturity Model levels
100
Start-ups,
new teams
and rapidly
created
processes
• plus failing
functions etc.
200
Maturing
organisations
and teams
• plus inefficient
and at-risk
functions
300
Established
organisations
• Stable but not
class leading
functions
400
Successful/
efficient
organisations,
functions and
processes
• Especially
regulated
functions
500
Best of
breed
• Exemplars
More information on the maturity model
What level of GRC
maturity has your
organisation achieved?
GRC Maturity Poll
Summary
Establish board accountability and Chief Risk officer role
Agree strategy and priorities
Embed cultural change
Establish a programme for continuous improvement
Select initial priority areas for attention
Build tools & processes outside Purview for non-technical
controls
Best Practice
Before you start you need to know where you are now
You cannot go from 1% to 100% in one day
Take crawl-walk-run approach
Manage based on risk
Be realistic. Design something that can be implemented
Involve the right teams
GRC… bane or benefit
What do you feel about
GRC?
Exit Poll
Governance, risk and
compliance is not a
project, it’s a lifestyle
Start small and grow
Look beyond Microsoft
and definitely beyond
IT
10TH ANNIVERSARY JUBILEE EDITION OF THE
EUROPEAN COLLABORATION SUMMIT
Simon Hudson
Founder, Cloud2, Kinata, Novia
Works
20+ years innovating with
Microsoft technologies
Entrepreneur in Residence,
University of Hull
M365 North user group host
simon@noviaworks.co.uk
@simonjhudson
Nikki Chapple
30+ years in IT & business
transformation
Specialist Microsoft 365 governance
& compliance
International speaker & blogger
All things M365 compliance Podcast
co-host
Nikki.chapple@cloudway.co
m
@chapplnikki
Nikkichapple.com
THANK YOU ♥
Questions?
Real World Governance Risk and Compliance | European Collaboration Summit 2023

More Related Content

Similar to Real World Governance Risk and Compliance | European Collaboration Summit 2023

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
 
Principles of good collaboration between communications & I.T in Higher Educa...
Principles of good collaboration between communications & I.T in Higher Educa...Principles of good collaboration between communications & I.T in Higher Educa...
Principles of good collaboration between communications & I.T in Higher Educa...
Régis Faubet
 
Best Practices for Engaging with Salesforce.com for Enterprise Deployments
Best Practices for Engaging with Salesforce.com for Enterprise DeploymentsBest Practices for Engaging with Salesforce.com for Enterprise Deployments
Best Practices for Engaging with Salesforce.com for Enterprise Deployments
dreamforce2006
 
Adaptive insights forrester and boston scientific webinar_final
Adaptive insights forrester and boston scientific webinar_finalAdaptive insights forrester and boston scientific webinar_final
Adaptive insights forrester and boston scientific webinar_final
Adaptive Insights
 
SharePoint: the AIIM Certificate Program
SharePoint: the AIIM Certificate ProgramSharePoint: the AIIM Certificate Program
SharePoint: the AIIM Certificate Program
Bob Larrivee
 
Mastech
MastechMastech
Mastech
waral01
 
Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1
Marysmith401
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
EnricoJohanes1
 
Tvmc Saa S Solutions Briefing 2008
Tvmc Saa S Solutions Briefing 2008Tvmc Saa S Solutions Briefing 2008
Tvmc Saa S Solutions Briefing 2008
Enrique A. Ortiz-Mundo, MS
 
0 to 60 in 45 Days - Implementation Best Practices
0 to 60 in 45 Days - Implementation Best Practices0 to 60 in 45 Days - Implementation Best Practices
0 to 60 in 45 Days - Implementation Best Practices
dreamforce2006
 
Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...
Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...
Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...
Optimizely
 
Webinar for September 2019 - Organisational Design and Strategy
Webinar for September 2019 - Organisational Design and StrategyWebinar for September 2019 - Organisational Design and Strategy
Webinar for September 2019 - Organisational Design and Strategy
The Digital Insurer
 
Building a Center of Excellence for your Salesforce crm team
Building a Center of Excellence for your Salesforce crm teamBuilding a Center of Excellence for your Salesforce crm team
Building a Center of Excellence for your Salesforce crm team
Buyan Thyagarajan
 
B P G005 Johnson 091807
B P G005  Johnson 091807B P G005  Johnson 091807
B P G005 Johnson 091807
Dreamforce07
 
GRC IMPRIVA
GRC IMPRIVAGRC IMPRIVA
GRC IMPRIVA
timearhart
 
Soln deck business operations support services_final
Soln deck business operations support services_finalSoln deck business operations support services_final
Soln deck business operations support services_final
Adobe
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice |  ESPC22 Dont let governance risk and compliance be a roll of the dice |  ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
Nikki Chapple
 
Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...
Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...
Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...
2toLead Limited
 
Jeff kushner trends in grc management
Jeff kushner   trends in grc managementJeff kushner   trends in grc management
Jeff kushner trends in grc management
jpkush
 
PRESTO Continuous Improvement
PRESTO Continuous ImprovementPRESTO Continuous Improvement
PRESTO Continuous Improvement
TOPP Tactical Intelligence Ltd
 

Similar to Real World Governance Risk and Compliance | European Collaboration Summit 2023 (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Principles of good collaboration between communications & I.T in Higher Educa...
Principles of good collaboration between communications & I.T in Higher Educa...Principles of good collaboration between communications & I.T in Higher Educa...
Principles of good collaboration between communications & I.T in Higher Educa...
 
Best Practices for Engaging with Salesforce.com for Enterprise Deployments
Best Practices for Engaging with Salesforce.com for Enterprise DeploymentsBest Practices for Engaging with Salesforce.com for Enterprise Deployments
Best Practices for Engaging with Salesforce.com for Enterprise Deployments
 
Adaptive insights forrester and boston scientific webinar_final
Adaptive insights forrester and boston scientific webinar_finalAdaptive insights forrester and boston scientific webinar_final
Adaptive insights forrester and boston scientific webinar_final
 
SharePoint: the AIIM Certificate Program
SharePoint: the AIIM Certificate ProgramSharePoint: the AIIM Certificate Program
SharePoint: the AIIM Certificate Program
 
Mastech
MastechMastech
Mastech
 
Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1Lean six sigma yellow belt 1 day seminar1
Lean six sigma yellow belt 1 day seminar1
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
 
Tvmc Saa S Solutions Briefing 2008
Tvmc Saa S Solutions Briefing 2008Tvmc Saa S Solutions Briefing 2008
Tvmc Saa S Solutions Briefing 2008
 
0 to 60 in 45 Days - Implementation Best Practices
0 to 60 in 45 Days - Implementation Best Practices0 to 60 in 45 Days - Implementation Best Practices
0 to 60 in 45 Days - Implementation Best Practices
 
Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...
Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...
Make Every Touchpoint Count: How to Drive Revenue in an Increasingly Online W...
 
Webinar for September 2019 - Organisational Design and Strategy
Webinar for September 2019 - Organisational Design and StrategyWebinar for September 2019 - Organisational Design and Strategy
Webinar for September 2019 - Organisational Design and Strategy
 
Building a Center of Excellence for your Salesforce crm team
Building a Center of Excellence for your Salesforce crm teamBuilding a Center of Excellence for your Salesforce crm team
Building a Center of Excellence for your Salesforce crm team
 
B P G005 Johnson 091807
B P G005  Johnson 091807B P G005  Johnson 091807
B P G005 Johnson 091807
 
GRC IMPRIVA
GRC IMPRIVAGRC IMPRIVA
GRC IMPRIVA
 
Soln deck business operations support services_final
Soln deck business operations support services_finalSoln deck business operations support services_final
Soln deck business operations support services_final
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice |  ESPC22 Dont let governance risk and compliance be a roll of the dice |  ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
 
Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...
Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...
Microsoft x 2toLead Webinar Session 2 - How Employee Learning and Development...
 
Jeff kushner trends in grc management
Jeff kushner   trends in grc managementJeff kushner   trends in grc management
Jeff kushner trends in grc management
 
PRESTO Continuous Improvement
PRESTO Continuous ImprovementPRESTO Continuous Improvement
PRESTO Continuous Improvement
 

More from Nikki Chapple

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Nikki Chapple
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Nikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Nikki Chapple
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Nikki Chapple
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Nikki Chapple
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Nikki Chapple
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Nikki Chapple
 

More from Nikki Chapple (18)

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
 

Recently uploaded

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 

Recently uploaded (20)

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 

Real World Governance Risk and Compliance | European Collaboration Summit 2023

  • 1. 10TH ANNIVERSARY JUBILEE EDITION OF THE EUROPEAN COLLABORATION SUMMIT Real World Governance, Risk and Compliance Nikki Chapple, Simon Hudson Adopting Microsoft Purview and beyond
  • 2.
  • 3.
  • 4. 10TH ANNIVERSARY JUBILEE EDITION OF THE EUROPEAN COLLABORATION SUMMIT Simon Hudson Founder, Cloud2, Kinata, Novia Works 20+ years innovating with Microsoft technologies Entrepreneur in Residence, University of Hull M365 North user group host simon@noviaworks.co.uk @simonjhudson Nikki Chapple 30+ years in IT & business transformation Specialist Microsoft 365 governance & compliance International speaker & blogger All things M365 compliance Podcast co-host Nikki.chapple@cloudway.co m @chapplnikki Nikkichapple.com Welcome ♥
  • 5. GRC… bane or benefit What do you feel about GRC? Entry Poll
  • 6. Agenda An overview of GRC (Governance Risk and Compliance) obligations and approaches What's in Purview Pragmatic approaches to elevating your Compliance Score Wider technical and business thinking for de-risking your operations and organisation Thoughts on using the Maturity Model for Microsoft 365 GRC Competency to set your objectives
  • 7. Governance, Risk and Compliance… it's not nice to have It's The Law GRC Security
  • 9. Data is exploding Data regulations are increasing Risks of not being compliant Protecting data has become more challenging We need to simplify compliance and to reduce risk Why do we need Governance, Risk & Compliance?
  • 10. The risks of not being compliant Loss of trust and Reputational damage Operational / Financial impacts and loss Fines
  • 11. Meta - €1.2bn (Ireland) Largest GDPR fine ever, was imposed for Meta's transfers of personal data to the U.S. on the basis of standard contractual clauses
  • 12. Reference: Numbers and Figures | GDPR Enforcement Tracker Report 2022/2023 (cms.law) GDPR Fines by sector
  • 13. Reference: Data security incident trends | ICO Data security incidents by type - ICO (UK)
  • 14. What are the GRC compliance challenges? Data challenges poll
  • 15. Microsoft Purview Comprehensive solutions to help govern, protect, and manage your data estate https://compliance.microsoft.com/homepage https://azure.microsoft.com/en-gb/services/purview/
  • 16. Microsoft Purview Comprehensive solutions to help govern, protect and manage your data estate Understand & govern data Manage visibility and governance of data assets across your environment Safeguard data, wherever it lives Protect sensitive data across clouds, apps, and devices Improve risk & compliance posture Identify data risks and manage regulatory compliance requirements Microsoft ecosystem Support for multi-cloud, hybrid, SaaS data | Third-party/partner ecosystem
  • 18. Purview in context Pragmatic approaches to GRC and the Purview score
  • 19. Governance, Risk and Compliance Assessment Who, Where, How & When Current vs. Future state People Technology Process Strategy Regulations Culture Priorities GRC Maturity Recommendations What & Why Risk & compliance stance Monitor and Enhance
  • 20. Align the inputs with the demonstrable action-orientated outputs Benchmarked against the GRC Competency https://learn.microsoft.com/en-us/microsoft-365/community/microsoft365- maturity-model--governance-and-compliance
  • 21. Can Copilot help? Wouldn’t it be great if Compliance Copilot could help with setting all this stuff up. Maybe it needs to be exposed to all the Compliance standards and regulations… But that’s in the future
  • 22. Compliance Score vs Secure Score Purview • Number of elements: 2000+ • Grouped into • Security, compliance & privacy • 9 sub-categories: • Protect information, Govern information, Control Access, Manage Devices, Protect against threats, Discover and respond, Manage internal risks, Manage compliance, Privacy Management • 350+ Assessment templates • Board Led • Business, Process & Technical control driven • (Documentation, Operational and technical) • Requires many controls outside the reach of the M365 /Azure platform Entra/Defender • Number of elements: 58 • Grouped into • Identity, Data, Apps • Singular security score • IT Led • Technical control driven
  • 23. Review and prioritise in Purview ??%
  • 24.
  • 25. The business context Business GRC Corporate GRC Purview + Azure + other Microsoft 365 Purview • GRC doesn’t end at Purview • Address/add your other platforms and Line of Business systems / infrastructure • E.g. Azure, Salesforce • Think about the wider business needs
  • 26. Practical steps Establish board accountability Agree strategy and priorities Embed cultural change Establish a programme for continuous improvement Select initial focus area in Purview for attention Build tools & processes outside Purview for non-technical control
  • 27. The Kinata GRC portal
  • 29. The Maturity Model levels 100 Start-ups, new teams and rapidly created processes • plus failing functions etc. 200 Maturing organisations and teams • plus inefficient and at-risk functions 300 Established organisations • Stable but not class leading functions 400 Successful/ efficient organisations, functions and processes • Especially regulated functions 500 Best of breed • Exemplars More information on the maturity model
  • 30. What level of GRC maturity has your organisation achieved? GRC Maturity Poll
  • 31. Summary Establish board accountability and Chief Risk officer role Agree strategy and priorities Embed cultural change Establish a programme for continuous improvement Select initial priority areas for attention Build tools & processes outside Purview for non-technical controls
  • 32. Best Practice Before you start you need to know where you are now You cannot go from 1% to 100% in one day Take crawl-walk-run approach Manage based on risk Be realistic. Design something that can be implemented Involve the right teams
  • 33. GRC… bane or benefit What do you feel about GRC? Exit Poll
  • 34. Governance, risk and compliance is not a project, it’s a lifestyle Start small and grow Look beyond Microsoft and definitely beyond IT
  • 35. 10TH ANNIVERSARY JUBILEE EDITION OF THE EUROPEAN COLLABORATION SUMMIT Simon Hudson Founder, Cloud2, Kinata, Novia Works 20+ years innovating with Microsoft technologies Entrepreneur in Residence, University of Hull M365 North user group host simon@noviaworks.co.uk @simonjhudson Nikki Chapple 30+ years in IT & business transformation Specialist Microsoft 365 governance & compliance International speaker & blogger All things M365 compliance Podcast co-host Nikki.chapple@cloudway.co m @chapplnikki Nikkichapple.com THANK YOU ♥ Questions?