skip to main content

Many organisations rush the deployment of Microsoft 365 without establishing good information governance. Often this results in confusing mess of Microsoft Teams and SharePoint Online Sites with users unsure where to work and collaborate. 

It gets worse, as it is so easy to share content, both internally and externally, that users inadvertently disclose confidential data and files to the wrong people, say by uploading or moving files into a folder that has already been shared externally.

Deltascheme has a wealth of skills and experience in helping organisations quickly establish an information governance framework to ensure the business objectives and benefits of Microsoft 365 are achieved with content properly managed and protected. We work with key stakeholders and representatives from the business, IT, and information management to define the key design and security principles and identify the key roles, responsibilities, and competencies. This is used to create a training and communications needs analysis and adoption plan. As part of the roll out, we deliver training, write crib sheets for ‘owners’ and ‘end users’ or create a ‘learning portal’ with pages and guides tagged by activity, role, and product.

Establishing information governance takes time and requires an ongoing commitment and resourcing. To address the immediate information security risks, we work with IT and information governance to strengthen the Microsoft 365 tenancy security settings, control Microsoft 365 Teams and Group provisioning and establish permission models.

Information Governance may also encompass Records Management requirements which are largely catered for in the Security and Compliance Centre. For example:

  • Global security policies – such as restricting who can create Office 365 groups and add members and guests.
  • Retention Labels – to apply retention schedules to preserve and protect content.
  • Data Loss Prevention (DLP) – to automate the detection of sensitive information and prevent the sharing of content with internal and/or external users.
  • Device Management – to manage and secure mobile devices that connect to your Microsoft 365 organisation.
  • Search and eDiscovery – to identify, hold, search, and export content.
  • Digital Rights Management – provided by Sensitivity Labels / Azure Information Protection (AIP) to classify, label, and protect documents and emails.