days until DORA is in effect on January 17, 2025. Download your cheat sheet here.
Charting the Microsoft 365 Copilot Implementation Lifecycle – Part 2: The Assess Phase
This is the second in a four-part series devoted to the multi-phase implementation journey that financial firms must undertake to make optimal use of Microsoft 365 Copilot, the high-demand AI assistant. It’s a journey through four phases – Organize, Assess, Deploy and Manage – that ECI is helping clients navigate as a trusted MSP partner. Part 1 focused on the preliminary Organize step of taking an inventory of affected systems, assets, policies and processes. Now let’s examine what comes next, as IT teams pursue the Assess phase to flesh out a detailed implementation blueprint for maximum impact and value.
Crafting the Blueprint for Copilot Implementation
While the initial discovery work in the Organize phase was a necessary first step, the Assess phase is where organizations build the actual blueprint for implementation. The goal is to get a more granular understanding of where and how Copilot will be incorporated into enterprise operations; exactly how systems and data will be impacted by the new technology; and specific adjustments in security, access protocols and other policies and procedures that will need to take place to accommodate Copilot.
These steps may sound tedious for business users eager to leverage the time-saving capabilities of Copilot as an AI assistant that can take the burden off human analysts for tasks like scanning various Excel files to look for drivers of deltas and other patterns; churning through historical data on investment options and transactions; or reconciling company-by-company variations in KPIs and other metrics to conduct apples to apples comparisons when conducting due diligence. But handing these tasks over to an AI assistant without the planning steps that happen in the Assess phase is a recipe for introducing risk and error into the operation.
For instance, Copilot makes it easier to share data across Microsoft applications like Excel, Teams, PowerPoint, Outlook and Word. But simply unleashing Copilot into enterprise systems without consideration for possible data loss, workflow bottlenecks or altered access protocols can lead to performance, security and compliance breakdowns that cut into the organization’s bottom line and could even prompt regulatory fines or other penalties. That’s why the Assess phase is so important for crafting a detailed picture of Copilot’s precise role in the organization at the cyber asset and functional level.
Key Activities in the Assess Phase
To guard against the above risks and ensure maximum performance from Copilot, the Assess phase is where we build out the detailed road map and blueprint for implementation. This includes closer evaluation and adjustment of access protocols, metadata and data loss prevention (DLP) measures to help shape project plans and remediation efforts aimed at tightening security and cleaning up access controls.
As such, the Assess phase has a lot to do with integrating Copilot into the organization’s larger security and governance posture. This is where the combination of ECI’s Microsoft Gold Partner status and our deep expertise in both DLP strategy and governance, risk and compliance (GRC) planning really pay dividends for financial sector clients seeking to implement Copilot.
Especially in a sector where sensitive PII and financial information are highly regulated, Copilot must be implemented in close alignment with a strong DLP strategy. ECI helps clients take a comprehensive approach to this, with proactive mapping of which data is running on which systems; who has access; which data sets are subject to which regulations; and how data is encrypted. These insights are critical to grasp in the Copilot Assess phase, and we back this strategy with robust vulnerability management, penetration testing and vendor risk management protocols.
Ensuring Copilot aligns with a strong GRC program is equally critical in the Assess phase; otherwise, regulatory risk may arise. That’s because the same qualities that make Copilot such a time-saver as an AI assistant can also spell trouble if any of its automated tasks prompt compliance violation; strict rules from the SEC, GDPR and other regulatory bodies apply regardless of whether a machine or person is performing a business function. ECI excels at GRC frameworks for the financial sector, with continuous visibility across internal operations and controls, and ongoing monitoring of an often-changing financial regulatory landscape.
These activities illustrate how critical the Assess phase is in the Copilot implementation journey – a phase designed to put the organization on solid footing to subsequently roll out Copilot in the enterprise with confidence and ease. We’ll explore that rollout in our next post on the Deploy phase.