yoko:10 first confirmed the clients’ classification and core information security requirements, in respect to email (sent both internally and externally) and Office 365 files. The features and capabilities of sensitivity labels (including reporting) were then reviewed and assessed against requirements.
yoko:10 worked with the client to define a classification scheme that would be simple to use, but broad enough to classify all the types of information they managed. Individual label settings were confirmed and configured, including the automatic application of headers / watermarks and advanced Outlook features, such as blocking external email recipients when sending confidential information.
Members of the clients’ information governance steering group completed a short pilot, with feedback being reviewed, and configuration being amended where necessary.
Communications and guidance were prepared, before being shared with the organisation via a Teams meeting. Sensitivity labels were then published to all employees within the organisation.
Yoko:10 presented several options for defining retention labels and managing data once placed under retention. Alternate approaches were discussed, with a preferred option being agreed with the client.
Departments were tasked with identifying information assets, including associated retention periods for each. The final list of assets was reviewed and rationalised, with a resulting set of retention labels being agreed.
yoko:10 configured the required retention labels, before publishing these for a small pilot group. Analysis was also completed against existing Microsoft 365 file locations, to establish when automatic file deletion, triggered by labels, would occur.
Before publishing labels to all Office 365 locations (mailboxes, Teams and SharePoint), meetings were held with each department to explain data retention, why the project was happening, what it meant for them, what their responsibilities would be and how labels would be applied to folders, files and emails.