Collaboration is the key to successfully embracing Microsoft Purview for compliance
Staying on top of the latest technological advancements can offer organisations a very real competitive edge. The rapid rate of change, however, can also give compliance teams sleepless nights. Shadow IT, BYOD and other potential threats love nothing more than a continuously shifting landscape in which to hide.
So how do you embrace technological innovation (and the agility and productivity it brings) without compromising compliance?
The key is collaboration.
Technology is not just a massive business enabler; it’s also a powerful tool for compliance teams. With the right technology, it’s possible to both monitor and report on threats, and exert some control over user behaviour. Getting this right, however, requires that IT and compliance work in harmony, maintaining a careful balance that takes business-wide collaboration to achieve.
Here’s how to get that ball rolling.
Engage the right stakeholders
Compliance is not a standalone area. It touches on almost every aspect of operations. As a result, creating practical, effective data classification strategies, policies and technology controls requires input – and buy-in – from senior stakeholders across the business.
Bringing these stakeholders on board at the outset of your compliance journey is the key to ensuring information protection policies and processes are genuinely fit-for-purpose. (It also tends to encourage greater commitment to their implementation and adoption.)
Form a steering committee
Business-wide stakeholder involvement shouldn’t be reserved purely for the initial stages of the compliance journey. A strong steering committee – with representation from all key business areas – is crucial for maintaining harmony between compliance and ongoing technological advancement.
A good steering committee is one with senior stakeholders empowered to make the necessary decisions. They should also fully understand the implications of these decisions on the people, processes and technology within their business area, and be able to support their implementation.
Lean into change management
Defined processes and policies are vital, but their success often boils down to one, simple thing: users. Working closely with Learning and Development or Change Management teams can be pivotal in helping users understand what they should and shouldn’t be doing, and why it matters if they get it wrong.
Ideally, this process should extend well beyond the implementation phase of new information protection policies. It’s a very successful way to close any lingering gaps in understanding flagged by ongoing monitoring of policy breaches, helping to reduce risk and improve compliance.
Learn the lingo
IT professionals aren’t expected to be compliance experts, but having a basic grasp of the key metrics relevant to the risk teams can help narrow down priorities and streamline IT decision-making.
Likewise, compliance/risk teams that understand the technology at hand are far better positioned to make optimal use of the available features.
Being able to speak the same language – at even a basic level – also greatly improves collaboration between IT, business, and compliance. It’s a lot easier to work together when you understand each other’s needs and challenges.
The first step of any journey is always the hardest. It helps if you have a practical place to work out the kinks and build some positive momentum.
Find out more about our Microsoft 365 Compliance Assessment to help you take the first steps.