cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Roadmap for Information Protection & Governance?

ShimKwan
Brass Contributor

‎Feb 07 2022 06:52 PM

‎Feb 07 2022 06:52 PM

Roadmap for Information Protection & Governance?

Hi,

 

We are starting on an Information Protection & Governance journey at our org, and we are putting together a high level roadmap.

 

There would naturally be multiple iterations of this, but when looking for a high level roadmap - what do you think of this?:

 

  1. Compliance Management
  2. Information Protection
  3. Insider Risk Management
  4. Communication Compliance
  5. Information Governance
  6. Records Management
  7. Discover & Respond (eDiscovery)

 

Thank you,

SK

 

925 Views
0 Likes
2 Replies
Reply
2 Replies
KentMitchell

‎Mar 21 2022 08:20 AM

‎Mar 21 2022 08:20 AM

Re: Roadmap for Information Protection & Governance?

 Great question! 

 

I checked with a lead Engineer, and his feedback on this topic is that most Customers deploy in this order: 

 

  1. Information Protection - MIP
    1. DLP
    2. Sensitivity Labels/ AIP Scanner
  2. D&R (eDiscovery)
  3. MIG (Information Governance)
  4. IRM (Insider Risk Management)

The rationale given is that deploying MIP first enables richer signals to IRM. 

 

The engineer informed that often, customers will deploy D&R and MIG together, as they are similar in theme. 

 

Lastly, D&R before IRM because D&R features help with the IRM escalations or investigations. 

 

When you're ready to get started with your deployment, the MIP Setup Guide in the M365 Admin Center gives a simplified list of deployment steps, offering step-by-step guidance and automation.

 

0 Likes
Reply
IvoMaas140

‎Nov 22 2022 05:48 AM

‎Nov 22 2022 05:48 AM

Re: Roadmap for Information Protection & Governance?

Actually a good approach. But if i might add i would suggest setting up some default DLP rules that capture everything you do, but are put in monitor mode. That way you can capture sensitive data withing your environment. For example a document that contains gdpr related information that is copied to USB. Once you have this information you can then continue to define the actions you want to allow/deny in your environment.

Once you have all that you can then start configuring the solutions proposed by kentmitchell.
0 Likes
Reply