Information Governance Blueprint for BEIS – Award-winning Solution

Solution Summary

Founded in 2016 following a series of preceding Government bodies, the Department for Business, Energy and Industrial Strategy (BEIS) inherited a diverse technology landscape containing content from multiple systems of record. This disparate array of content management solutions, including Alfresco, Trim, an on-premises SharePoint instance, and Gimmal, has presented the Department with the multifaceted challenge of planning and executing successful information governance.

Having already moved to Microsoft 365 and rolled out Teams, BEIS wanted to introduce a new architecture that places compliance at the heart of its design. To ensure the success of this initiative, BEIS sought the external expertise of Intelogy, the leading Microsoft 365 compliance specialist in the UK.

Providing best practice skills transfer around the use of compliance capabilities in Microsoft 365, our team appraised BEIS’ current information storage and collaboration practices. The Department’s existing retention schedule was evaluated and used as the basis for defining a new model of retention labels. Our team created an extensive Information Governance ‘Blueprint’ that detailed more than 70 recommendations, and now forms the basis of BEIS’ Microsoft 365 information governance strategy.

Wanting to realise some of the recommendations detailed in our Blueprint, BEIS commissioned Intelogy to oversee the implementation of a comprehensive Microsoft Teams workspace provisioning process, which oversees the creation of Teams. A bespoke Power Apps form allows staff to request new workspaces and ensures that all necessary information, such as the purpose, sensitivity, and context of the workspace, are provided at the point of submission. Upon submission, and after additional validation and compliance verification, Azure-hosted logic automatically creates the new Team, then configures the workspace based on the information provided. This model allows different retention labels and metadata to be consistently applied to different types of Teams, allowing contextual and reliable application of retention relying on manual classification by end users. Additionally, a capability that automatically intercepts new private channels and ensures that these are included within the scope of the governance through automatic application of metadata and default retention labels.

Challenges

With 7,000 staff across the Department, BEIS produces and processes a large volume of new information on a daily basis. Managing this information effectively is of utmost importance to the Department, not only to help improve the efficiency of staff, but also to ensure that they are legally compliant with legislative and regulatory obligations.

Having inherited multiple records and information management solutions from preceding Departments, BEIS had developed a strong information management culture, with a diverse and complex range of systems of record. Focussing on consolidating these solutions, BEIS selected SharePoint Online as its principal information storage platform and engaged in a process of migrating content out of legacy applications. By 2020 the Department was relying on Gimmal to apply retention to their content in SharePoint, albeit, with moderate success due to the inconsistency of inherited metadata. Recognising that Microsoft’s records management capabilities had been continuously improving over the previous few years, BEIS sought a specialist supplier to steer their approach to information governance in Microsoft 365.

Solution Overview

Intelogy kicked off the project by identifying gaps in the Department’s existing technology and governance policies. We embedded ourselves into BEIS’ Knowledge & Information Management team and conducted open discussions and workshops to understand their information governance strategy and future objectives. These exercises granted us valuable insights into BEIS’ existing technology landscape and helped us to understand how information is currently stored and shared, both internally and externally. As part of this, we also undertook a detailed review of the existing Microsoft 365 architecture to help shape our thinking and approach.

After gathering all of the required information, we unified the requirements, concepts and decisions together into a “Blueprint”, which made more than 70 recommendations steering the Department’s future information governance in Microsoft 365.

The Blueprint represented a detailed design for the configuration of the compliance capabilities across multiple Microsoft 365 workloads, with particular emphasis on application of governance to unstructured content stored in Microsoft Teams and SharePoint Online. In the context of broader governance plans, it recommended the introduction of a new provisioning process for these workloads to bring their creation in line with other proposed guidelines and recommendations, and explored whether or not a number of existing processes needed to be altered to support automated application of information compliance and security capabilities. This included the need to associate Sites and Teams with appropriate retention labels at the point they are provisioned. The Blueprint also included considerations around consistent naming conventions and the wider lifecycle of different types of workspaces.

In parallel with the Blueprint, Intelogy undertook a Proof of Concept exercise, which successfully verified the automated application of default retention labels, providing BEIS with confidence that the proposed architecture would meet their requirements.

A series of design principles were defined for the project:

• Fix the future first – The initial focus of the engagement was to apply governance to new Teams at the point of creation and also to ensure that controls were applied to support the workspaces throughout their lifecycle. This approach ensures a finite number of legacy sites, significantly reducing the complexity of applying retrospective governance.
• Reduce the burden on users by automating – This principle has seen us introduce automated processes that remove manual effort for end users. The result has been to see governance applied by stealth, with minimal impact on staff.
• Consider Microsoft tools first – Harnessing the capabilities provided in the Microsoft 365 platform has allowed BEIS to consolidate processes and remove reliance on third party software. This has allowed the Department to get more out of their investment in Microsoft 365 while reducing ongoing costs.

Options for enforcing information protection were explored in order to help ensure that sensitive content is controlled, while reducing the likelihood of accidental data loss. A functional, organisation-wide taxonomy was introduced, to allow consistent application of default metadata, which significantly improves the ability to find content through Microsoft Search. This consistent approach to metadata has been extended to SharePoint Sites, allowing the Department to search for workspaces that share the same classification.

As part of this engagement, Intelogy conducted tailored training sessions to upskill BEIS’ team as it was important that the Department acquired the skills needed for ongoing maintenance of the solution. Our fully integrated ‘single-team’ approach to working with BEIS has proven highly successful in delivering this goal, by allowing us to approach the delivery and architecture together. This transparent working model has empowered BEIS’ KIM team, so that they have the skills they need to both support and even extend the solution independently in the future.

Results

As a result of the work undertaken collaboratively by Intelogy and BEIS, the Department has successfully launched a new Teams provisioning solution that automates the application of retention and metadata. This allows staff to easily create new workspaces, that are each contextually configured with minimal ongoing overhead. The Department is delighted with the change introduced by Intelogy, with significant improvements being introduced in information governance strategy, staff understanding and technology. The engagement has enabled BEIS’ KIM team to take direct ownership and control of their Compliance Center and has fundamentally re-shaped the Department’s Microsoft 365 architecture.

The new retention solution that has been successfully adopted across BEIS has proven so successful that it is also used to control the creation of Teams across 10 other public bodies that work in partnership with the Department. Bespoke retention labels were created for each separate organisation, ensuring that disposition reviews can easily be delegated.

Recently, at the IRMS (Information & Records Management Society) Conference, the Knowledge and Information Management team at BEIS received the “Information and Records Management Team of the Year 2022” award for this highly successful programme. Intelogy is proud to have supported BEIS throughout this project as the delivery partner, and we are delighted that this partnership has resulted in such a well-received, award-winning solution.

“We are thrilled to have won the IRMS Team of the Year 2022. Thank you to our delivery partner Intelogy who supported us in delivering an innovative solution that will help transform how BEIS managed its information. Intelogy supported our vision of having learning at the heart of our project team culture. We look forward to continuing our partnership this year”.

– Helen Paul, Information Governance Lead, BEIS