InLigo’s Cybersecurity – Protection Processes and Procedures

Information Protection Processes and Procedures

Security policies (that address purpose, scope, roles, responsibilities management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

InLigo’s Discovery Questions

1. Do you have a SaaS backup solution in place?  
2. What solutions should we be backing up?  
3. What RPO or RTO (Recovery Time Objective (RTO) and Recovery Point Objective (RPO) metrics do you want to meet?  
4. What are the company’s retention policies for Exchange, SharePoint, OneDrive, and Teams?  
5. How long after a user leaves the organization is information permanently deleted?  
6. How long after a user leaves do we delete backups? 

Microsoft 365 Solution 

• Unlimited Archiving, Custom Retention Policies, Litigation Hold. 
• SOP (Standard Operating Procedure) 
• Backup RPOs/RTOs 

Business Case 

By default, the retention policy set for deleted mail items in 365 is 30 days. If you do not have a backup provider this data will be permanently deleted. You could set up a retention policy to extends that retention period and even scope the policy to certain type of sensitive data. Retention tags can be created with custom controls to apply at a user level rather than an organizational level. 

Action Items 

1. Ensure you have Microsoft 365 Backup from a 3rd party provider. 
2. Define your retention policies across email, documents, and chat. 
3. Define your retention policies depending on the business needs. 
4. Align with the HR department at your company to ensure proper management of employee records.