Leveraging Microsoft to meet high demands for security and standardisation
The agency knew it wanted to leverage Microsoft 365 tools such as SharePoint Online and Microsoft Teams as their formal information repository, which would act as a source of truth and house the bulk of their information. This way, they would be able to efficiently implement apply information management requirements and have oversight of proper use and disposal of all data inside the environment. To achieve this, they needed to implement sufficient security controls and information management capabilities to allow sensitive, secure information in their Microsoft 365 environment and support a BYOD policy for employees.
To secure the Microsoft 365 environment and data, Protiviti used features found in the Microsoft Purview compliance portal. Information management controls such as retention labels and sensitivity labels automatically applied information and security classification to files, enabling the agency to use and manage protected information inside of Microsoft 365.
With the appropriate Sensitivity classifications in place, the agency was able to restrict access to more sensitive information based on where the information was stored, and how it was being accessed.
A More Secure and Effective Remote Work Solution
By implementing an enterprise process to provide a comprehensive solution for collaboration, communication, and as an authoritative information repository for the organisation’s content, the client can now align enterprise information standards across the organisation, greatly increasing their ability to work and communicate effectively. Streamlining their solution and using Microsoft 365 features not only improves their efficiency and access to information, but also allows them to exponentially increase the total percentage of information that will be managed effectively, with proficient oversight.
Prior to this project, the agency used separate tools for collaboration and for storing official records and resources of business value, resulting in repositories containing only what individuals placed in them as part of their records management procedures. Moving to Microsoft 365 empowers them to store most of their information in one place, without the need to manage and move additional copies, as they will be able to apply concepts such as retention, disposition, eDiscovery and information security classification at a far wider scope.
The agency’s project team recognised that using Microsoft 365 reduces risk at the enterprise level — including reputational and legal risk — by providing an effective system to enforcing the organisation’s retention and disposition schedule according to the government’s requirements.
By streamlining all information management onto one platform, following a data migration, the agency can remove legacy third-party systems to save on licensing costs and reduce the manual effort staff spend working between different systems. With a total of up to 150,000 employees relying on this system, including a segment of staff members operating strictly on BYOD policies, the impact of improving efficiency and workflow in one streamlined solution cannot be understated.
Looking to the future
The impact of this project extends beyond empowering the agency’s staff to deliver secure and compliant information management capabilities with secured and remote modern work capabilities. With this solution, Protiviti has helped the client successfully present to the government’s technology and solution governance and authorisation board to be granted initial approval for the use of Microsoft 365 and an official Electronic Document and Records Management System (EDRMS). This endorsement allowed the agency to move forward and implement Microsoft 365 as an EDRMS, opening the door to other agencies within the same government to begin adoption of more Microsoft 365 enterprise features, while driving innovation and modernising their information and records management practices.