So you learnt how to crawl, and now you want to run

Colinda Latour

Loading

So, You Think You are Ready to Run…


But have you learned to walk yet?
If you recall, in March we published a blog titled, “Fixing the Basics: The Importance of Learning to Crawl before Walking and Running,” in which we outlined some of the key foundational elements necessary to reach the goal of having an effective, efficient, and secure data, information and records management programme. The foundational elements are part of the crawl stage or a fix the basics stage where time and energy are put into doing things such as:

  • Creating an Information Governance committee or group
  • Reviewing joiners, leavers, and movers’ processes and training
  • Reviewing the sensitivity classification taxonomy and ensuring your current classifications meet your needs, and
  • Starting clean-up activities to find and remove ROT (redundant, obsolete, trivial) information.

*For the full blog, click here to read Fixing the Basics: The Importance of Learning to Crawl before Waling and Running.


In this blog, So You Think You Are Ready to Run, we will guide you through various scenarios and elements that are considered part of the walking and running stages for achieving a robust data security and lifecycle management programme.

Before we run, we must walk Photo: Guillaume de Germain

Once you have finished with the crawl stage, referred to in Fix the Basics, it is time to walk. You may feel like you are ready to run, but it is important to continue to build your programme in a way that makes sense—just as if we continue the house building analogy from the first blog, Fix the Basics—you can’t paint walls of a home that you haven’t even erected yet, it doesn’t make sense.

Now that you laid your foundation and the Information Governance group have approved the necessary policies and procedures, you updated your training requirements for movers, joiners, and leavers, you know what out-of-the-box Sensitive Information Types (SITs) you want to implement, and you have a plan for Data Loss Prevention (DLP) policies – plus everything else on your to-do list for Fix the Basics – you are ready to move onto the next stage, walking.


Walking

During this stage you get to start implementing what you were creating and planning for during Fix the Basics. For example, for Data Loss Prevention, depending on where you are with this, you may want to configure or refine your policies to include policy tips and protection such as restricting the sharing of sensitive information via email.

For protecting sensitive and personal information, you can use automation to detect sensitive information through Sensitive Information Types (SITs) and/or Trainable Classifiers (TCs) and once you start to see where the data you want to protect lives. This requires a period of time for monitoring then evaluating the results to determine if the SITs and TCs are finding the right information. You can choose to refine these now, or that can be part of the run stage.

As well, during the walking stage, you can ask your users to start manually labelling the sensitivity classifications.

In the workstream for Data Lifecycle Management while you are performing initial clean-up of the ROT – Redundant, Obsolete, or Trivial as started in Fix the Basics, you can continue to improve the lifecycle by creating your M365 file plan based on your retention schedule.

Next, is when you decide which is the best way to apply retention and disposition across your organisation. Will you use the big-bucket approach, will it be automated, manual, or a combination? Who is responsible – the end user, admins – and will you have disposition reviews?

These are all questions that can be answered and planned for within the walk stage if they were not addressed in the crawl stage, and the implementation of DLM labels and policies can occur during the run stage.

If you are feeling overwhelmed reading these paragraphs – don’t stress – that is completely understandable. Creating or even only improving an already existing effective information and records governance, security, and management programme is not easy. Especially if you are doing it by yourself.

That is why we are here. Infotechtion have successfully transitioned many large and global enterprises to modern and automated data security and governance standards in Microsoft 365. We have developed blueprints for best practices to fast-track the implementation of Microsoft Purview Information Protection (MPIP), Data Loss Prevention (CLP), Insider Risk Management (IRM), and Data Lifecycle Management (DLM)/Records Management in a way that suits your organisation’s needs and resources.

If you have managed to finish crawling and have started to walk, but are worried about falling before you get to the run stage, reach out – we are happy to help.

Running

Now that you have begun to dive into Microsoft Purview and have been using SITs, you have created your File Plan, and have started to work with Data Loss Prevention policies, now during the running stage, it is time is to take this to the next level for your organisation.

This may mean automating retention based on various techniques such as:

  • Default library setting
  • Site/site collection policy
  • Based on personal and sensitive information surfaced through SITs or other methods such as Trainable Classifiers
  • Content Types.

 

Or, based on your results from monitoring the data your SITs or Trainable classifiers were surfacing, you can create meaningful MPIP policies that will ensure protection of this data. At this point, if you have policies in place, you would be refining them during the run stage.

Running is about improving what you already have in place and making things more efficient and effective. It is about taking a look at what is working and asking, how can I make this better? It is also about taking a look at what is not working and seeing where you can implement improvements.

It is crucial that in order to remain “running” and beyond when creating and maintaining a highly effective data, information, and records security and lifecycle management programme, you revisit, monitor and continuously check on how things are currently with the view to improve. Take the time during the run stage to measure where you are, define your KPIs you will measure against moving forward, and be always thinking of ways to improve.

If you are at the run stage within your organisation and you want to take stock of where you are and which areas need improvement, it is a great idea to schedule that in to your annual planning process so any necessary changes can be added into budget or resourcing needs.

Bring in your Change Management and Learning & Development Teams for a smooth transition Photo: Fauxels

Another important aspect of maintaining your programme is to involve your change management and learning and development teams along the way to ensure clear, meaningful, and impactful messaging and training.

If you could use some guidance with this or want more information on how to ensure you are on the right track as you go from crawling to walking to running, be sure to reach out and ask – we are here to help!

Email contact@infotechtion.com for more information.

 © 2024 Infotechtion. All rights reserved 

Facebook
Twitter
LinkedIn
Email

By submitting this form you agree that Infotechtion will store your details and send future resources. You may opt-out any time.

Recent posts

Job application.

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorestandard dummy text ever since.

Please fill the form

Job application.

Join Infotechtion for an impactful career filled with passion, innovation, and growth. Embrace diversity, collaboration, and continuous learning. Discover your potential with us. Exciting opportunities await!

Please fill the form

By submitting this form you agree that Infotechtion will store your details.
All information provided is stored securely and in line with legal requirements to protect your privacy. You may opt-out any time.