Standards, maturity models, and certifications…oh my!
All businesses regardless of the goods or services they provide, their size or their industry are impacted daily by the requirements of regulations and standards imposed from government, accreditation bodies, customer contracts, or just plain internal directives. Annual audits, employee education, specialized software systems, and potentially whole departments are instituted to ensure compliance. The expenses involved are an accepted “cost of doing business.”
More importantly, as we have seen with our customers, businesses are still using the same manually intensive approaches to ensure compliance that they established years or even decades ago. In some cases, organizations are using software systems that no longer exist in the market or run on unsupported systems, which creates an entirely different problem. These same customers have moved, at least in some part, to Microsoft 365 or Microsoft Azure, but they have not yet leveraged the full potential of these platforms to support their compliance efforts.
Information Management and Protection
At the heart of any compliance process is the management and protection of information. Depending on the requirements, this management of information could be as simple as ensuring centralized storage of specific documentation and fully audited and secured management of documentation access. Data loss prevention (DLP) and encryption of data may also be required as part of achieving compliance with desired standards. Additionally, companies potentially have requirements to accurately report on how the information has moved through the organization, how it has been modified, and if external (non-company) sharing is occurring.
Microsoft 365 offers numerous capabilities to protect, govern, and audit information; some of these topics have been touched upon in previous Insights. Microsoft is continually advancing the features and capabilities in all these information control areas, yet most companies do not realize they are paying for them as part of their Microsoft 365 licensing. This leads to wasted effort and expense in purchasing other third-party products or developing manual processes to handle the organization’s needs.
Microsoft 365 even offers tools and features to address:
- Insider risk management – Organizations can set custom policies that allow detection and take automatic action on malicious or inadvertent risk activities such as leaks of sensitive data, confidentiality violations, IP theft, fraud, and regulatory compliance violations,
- Communication compliance – Using predefined and custom policies in Microsoft 365, internal and external communications can be scanned for policy matches and appropriate remediation actions taken.
- Privileged access management – This granular control over privileged admin task access in Microsoft 365 requires users to request just-in-time access to complete elevated and privileged tasks through highly scoped and time-bound approval workflows.
All the above are included in nearly all Microsoft 365 SKUs (e.g., E3 and E5) and, therefore, do not require additional licenses to implement. Imagine if your organization could take advantage of these security and compliance capabilities!
Automation and Artificial Intelligence
As Abel Solutions’ Strategist and Chief Technologist Jason Bell discussed in his webisode, Microsoft 365 and Microsoft Azure provide access to Microsoft’s Power Platform and Microsoft’s Cognitive Services to bring automation and analysis capabilities to businesses. Abel Solutions has been helping our customers leverage these capabilities to implement advanced quality management solutions. These solutions directly address organizations’ needs to ensure processes and practices are operating to any compliance scenario such as ISO 9001:2015, NIST 800-171, or SOC to name a few.
Too often customers are either paying additional fees to third-party providers for the same features they have available through their Microsoft licensing, or they just do not realize the advancements that exist in the cloud that allow for rapid deployment of solutions to help them achieve compliance requirements. Far from sitting on the sidelines, Microsoft has been innovating and providing platforms and services to allow organizations to succeed with all types of compliance.
For example, a recent company sought Abel Solutions’ assistance with requirements related to the new Cybersecurity Maturity Model Certification (CMMC) that the Department of Defense (DoD) is rolling out in their contracts recently. If you are not familiar, CMMC is the follow-on to DFARS (Defense Federal Acquisition Regulation Supplement) that impacts any company in the DoD supply chain and is meant to enhance the protection of controlled unclassified information (CUI) within the supply chain. To support the certification process, the customer would have to manually review hundreds of disparate legal documents for specific criteria—a process that was going to be ripe for human error and thus cause the company to be out of compliance.
Abel Solutions designed a simple and cost-effective solution leveraging Microsoft 365 and the Text Analytics and Computer Vision services in Azure to allow the customer to pool all their documents into Azure and identify if the specific criteria existed in the legal documents. Based on the criteria identified through the analytics, specific actions are taken on the documents through automated workflows (e.g., notifications to the legal department for review and tracking, escalation to executive management, etc.). A solution that would have taken months to design and build a few years ago could instead be up and running in a couple of weeks. This is the power these tools bring to the enterprise.
The Future is Here
Abel Solutions continues to help our customers on their cloud journeys and to maximize their investment in the cloud. Engage with us and see how we can partner for your success.
This month’s Insight was written by Abel Solutions’ Vice President Scott Burba.