Let's talk

Information Governance and Compliance: Step by Step

What is information governance?

Information governance entails the management and categorisation of data within an organisation. This involves establishing rules and assigning responsibilities to ensure that data is used and stored securely and in compliance with legal and operational guidelines.

Why does information governance matter?

Internal Inefficiency and Confusion

Unclear communication may contribute to the emergence of mismanaged information. This mismanaged information then further contributes to communication breakdown, with a lack of clarity surrounding where to find resources, who owns data, how old data may be, and whether information has been duplicated. Information governance requires the development of a framework to clearly communicate how to handle data, reducing time lost searching for information and using tagging to effectively track how old data may be. This is where cloud applications can play a vital role.

Non-Compliancy and Fines

Within the UK, organisations have a number of legal information governance requirements in the form of GDPR, the Data Protection Act 2018, and NIS regulations. Implementing an information governance solution allows organisations to achieve these regulations and avoid the risk of severe non-compliancy fines.

How do I implement governance into my organisation?

Microsoft Information Governance (MIG)

Information governance tools, such as MIG, allows your organisation to manage content. With MIG, you can archive third-party data, retain mailbox content from inactive mailboxes, bulk import PST files (data storage files containing personal information) to Exchange Online mailboxes, and manage records from declaration to retention or deletion. MIG also allows you to apply retention labels, controlling whether or when to delete content automatically using a workflow.

Cyber Security Training, Planning, and Awareness

An integral component of information governance is communication. This is two-fold. It is important both to communicate regulation with staff, offering cyber security training, and to listen to teams and gain visibility into their operations, their knowledge, and their comfort levels as this can inform the communication circulated surrounding training and best practices. It is paramount that this information is directly communicated, rather than making what may be inaccurate assumptions.

check-circle colour-Yorkshire Water

Compliance and managing risks

So far, this blog has addressed how to manage content securely. However, it is important to consider what actions may need to be taken to mitigate damage should an account be compromised:


Cyber security certifications, such as Cyber Essentials plus, allow organisations to deliver real improvements and protect themselves from common cyber threats. By achieving a certification, organisations can also assure any external parties or customers that they are committed to protecting their stored information.


internet digital security technology concept for business background. Lock on circuit board-Data Security in 2021 #3: Cyber Security as a System – 29th April


Microsoft 365

Compliance manager, a part of Microsoft 365, is a great tool to help implement and maintain legislative compliance. To also mitigate the impact of compromised accounts, organisations can find a number of tools within Office 365 and Microsoft 365.

Data Loss Prevention (DLP)

DLP allows organisations to identify sensitive information (such as data containing personal identifiable information) across Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. This information can then be used to automatically apply policies, controlling who is granted access. This reduction in accounts with access to sensitive data reduces the risk of a compromised account accessing this information.

Advanced Threat Analytics (ATA)

ATA utilises behavioural analytics and machine learning to monitor working patterns and detect abnormal behaviour. These detections may be able to identify phished accounts and malicious attacks, allowing security teams to take the appropriate steps to mitigate damage.

Information Rights Management (IRM)

IRM can be applied to lists or libraries to limit the actions users can take on any files downloaded, limiting read access and encrypting downloaded files, allowing only a limited number of users and programs the ability to decrypt these files. Again, this reduces the number of accounts with access to sensitive data, reducing the risk of a compromised account accessing this information.


How can I find out more?

Synergi are offering our recent webinar, in partnership with Evolve North, ‘Data Security in 2021 #1: Information Governance & Compliance’ on demand as well as the second webinar in this series, ‘Data Security in 2021 #2: IT Security in the cloud’.
Or check out our upcoming events in this Data Security series ‘Cyber Security as a System’ and ‘Data Protection & Business Continuity’.

Synergi is a Microsoft, Sophos, and Datto Gold Partner. To find out more about information governance and risk management, reach out to Synergi’s Managed Services team by emailing enquiries@teamsynergi.co.uk, calling 0191 4770365 or completing the contact form below.

cyberessentials_certification mark plus_colour-

Cyber Essentials Certified Plus

Untitled design (5)-

Microsoft Solutions Partner



Nintex Partner Award for Customer Success (EMEA)


Nintex Partner Award for Business Transformation


Regional Spotlight Nintex Partner Award

Nintex-Partner-Premier-Horz _CMYK-

UK Nintex Premier Partner


Crown Commercial Service


Sophos Gold Partner

Blue Diamond Partner Program Logo JPG-

Datto Blue Diamond Partner


Yubico Gold Partner

YES! I want to know more ...

Get in touch with our friendly team of experts. Start your digital transformation journey today.

Call: +44 (0) 191 477 0365

  • This field is for validation purposes and should be left unchanged.