Proper IT governance ensures that technology investments match the organization’s overall mission and that data is managed in compliance with regulations. IT governance is particularly essential in protecting companies from fraud. Well-implemented IT governance plans ensure that strategies, processes, and stakeholders are in place to support the organization’s overall governance strategy.
One of today’s most common stumbling blocks in IT governance is the movement of data to cloud storage. Often, IT governance involves integrating Office 365, one of the most common cloud sharing and storage cloud platforms available, with more than 120 million business users in October 2017.
Of course, Office 365 governance comes with a specific set of best practices for governance alignment. Here are six important considerations for ensuring Office 365 compliance.
1. Create a list of employees responsible for supervision of Office 365.
When considering your governance policy, keep in mind that email and third-party communications will need to be collected by internal reviewers, and later, as necessary, external reviewers. So, make sure that you have a team designated to collect, classify, and review communications to ensure they are complying with expectations.
2. Choose the Office 365 features you plan on adopting.
Office 365 comes with several applications, including the popular Exchange email and SharePoint Online. But there are also a few lesser-known apps that may also be useful, as well. For the features that you do use, outline each one's function and its intended users. Hide or disable features you don't want to offer.
3. Make sure your Office 365 governance reflects the constant changes that developers make to the program.
Office 365 is always in flux. While Microsoft-initiated changes can be positive, they can make integrating Office 365 into your governance plan more challenging. Make sure your governance plan notes that these changes will happen regularly – on Microsoft’s time and without your input
4. Land on a storage amount that functions with your data compliance plan.
Office 365 allows for unlimited archiving of communications and data. With this idea in mind, you need to decide how much data you want to be included in the auto-expanding archive. The more archiving of information the improved governance, but you also need to weigh storage with costs and feasibility of collecting this much data.
5. Develop your data retention plan.
In connection with item #4, create labels to categorize data you want to be stored. These decisions should be made in your retention policy; for most companies, it is not feasible to archive every piece of data. For example, you could create a labeling system that labels the following types of information, per Microsoft’s suggestions:
- Competitive research that should be retained and deleted permanently;
- Visas needing to be marked as records;
- Tax forms that should be retained for a set period.
6. Prepare a continuity plan for former employees’ emails.
A commonly-overlooked piece of governance for Office 365 is the importance of Litigation Holds after an employee leaves your organization. Rather than deleting that person’s data, an organization must create an inactive mailbox for a set period. This data will be archived by Office 365 for as long as is signified.
Office 365 will only become more useful in the years to come. But before an ethical migration, companies need a thoroughly-outlined plan of adoption. TrnDigital has helped companies integrate all aspects of Office 365 into their operations. From creating a team for application maintenance to coaching your team on the SharePoint Online Framework, TrnDigital can give you peace of mind about data retention and confidentiality in your governance.