Financial services business Adviceworx has safeguarded all its data with Microsoft Purview’s comprehensive solutions for information protection, data governance, risk management and compliance, a total solution implemented by Netsurit.
The purchase drivers
Adviceworx helps clients to grow and preserve their wealth. The business has a network of close to 120 advisory practices located in 50 offices nationally. Its financial planners execute independently but adhere to a common operating model. Adviceworx has the full operational infrastructure to operate as a Category I financial services provider.
As a small investment advisory firm, Adviceworx required strong regulatory compliance and information protection due to the nature of its work and the clients the business services.
External stakeholders required regular reports to prove Adviceworx compliance status, and progress on improving regulatory compliance and information protection. The company's business prospects would become limited were it not able to demonstrate a strong commitment to and an actively managed roadmap towards regulatory compliance and information protection.
“Netsurit has been a managed services provider to Adviceworx for several years,” says Stuart Porrill, Executive: Partner Services at Adviceworx. “We contacted Netsurit to investigate compliance solutions. The challenge was that we had limited visibility of what sensitive information was being sent out of the organisation, as well as limited ability to protect confidential communications to internal and external recipients.
“In addition, we did not have strong controls integrated into Exchange Online and other Microsoft 365 workloads to detect and prevent leakage of confidential information. Initially, we were interested in deploying local third-party compliance software. After researching the General Data Protection Regulation (GDPR), and how Microsoft was helping companies to ensure compliance, we contacted Netsurit, and the rest is history.”
Business objectives
The South African Protection of Private Information Act (POPIA) came into effect in July 2021. This legislation, among other things, promotes the protection of personal information processed by public and private bodies, introduces minimum requirements for the processing of personal information, outlines the rights of data subjects, regulates the cross-border flow of personal information, introduces mandatory obligations to report and notify data breach incidents and imposes statutory penalties for violations of the law.
POPIA specifies wide-reaching legal requirements for the protection of private information that a company may hold regarding customers, staff, suppliers and other stakeholders. It is similar in scope and impact to the European Union’s GDPR. All organisations in South Africa are required to be POPIA compliant and to have a compliance plan in place.
In addition, there are several regulations other than POPIA that impact how information is held and managed by organisations in South Africa, including the Consumer Protection Act (CPA), the Electronic Communications and Transactions Act (ECT), and others. As a financial services provider, Adviceworx is also subject to a number of specific regulations that apply to this sector.
Like other financial services providers in South Africa, Adviceworx has a heavy regulatory burden to comply with. As a small company, it is challenging to be subjected to the same regulations and requirements as much larger organisations. However, Adviceworx is required to be compliant in order to avoid penalties and retain the trust of its stakeholders.
Specifically, some of the larger investment organisations in South Africa with which Adviceworx have long-standing business relationships have stated the requirement that business partners need to explicitly show their compliance status and provide a roadmap for ongoing improvement in information protection, governance and regulatory compliance before they will continue to do business with them.
The solution
Microsoft Purview, a new set of solutions designed to help organisations govern, protect and manage their entire data estates, offered a comprehensive set of features to enable the management of information protection, compliance and governance for Adviceworx.
Netsurit upgraded Adviceworx’s licensing to include the Microsoft 365 Compliance add-on SKU and supplement the existing Microsoft 365 E3 + Microsoft 365 E5 Security add-on. The following Microsoft Purview compliance solution components were included:
- Compliance manager;
- Information protection;
- Data loss prevention (DLP);
- Endpoint DLP; and
- E-Discovery.
The Purview solution components were tightly integrated with the Microsoft 365 Defender security stack and the Office 365 productivity services, both of which Adviceworx was already using for much of its internal IT service provisioning.
Because Netsurit has been a managed services provider to Adviceworx for several years, the Netsurit Security and Operations Centre (NSOC) was already providing a managed security service to Adviceworx and also offered the capability to perform ongoing management of the Microsoft Purview compliance solution. This was important as Adviceworx does not have sufficient capacity to perform much of the ongoing compliance management tasks in-house.
Netsurit’s compliance solutions expertise
Netsurit has developed a structured approach for the implementation of compliance solutions with a series of predefined steps.
“We first held workshops with Adviceworx during which the compliance requirements were evaluated and prioritised, after which an implementation plan was developed,” says Dean Naidoo, Account Executive at Netsurit. “The existing data repositories were scanned to identify potentially sensitive information. The sensitive information types were defined for the evaluation of information. Sensitivity labels were applied where relevant. Policies were created for the various Purview compliance services, such as information protection and data loss prevention (DLP).”
Throughout, the implementation team worked closely with business stakeholders to ensure that the technical solution aligned with business requirements and constraints. Training was also provided to internal stakeholders to ensure that they understood how to use the Microsoft Purview compliance solution components to meet the organisational compliance requirements.”
Challenges overcome
The requirement for POPIA compliance was not well defined at the initiation of the project. This required Netsurit and Adviceworx to collaborate and define a workable set of compliance policies and controls to meet the immediate requirements.
Business benefits
Microsoft Purview can be effectively implemented even in relatively small organisations that have the same regulatory and internal and compliance requirements as large players.
Adviceworx now has improved business processes that give the company control of data classification and communications compliance controls. The organisation is more compliant with internal and external requirements. In addition, the reports generated allow Adviceworx to easily demonstrate status and progress with regulatory compliance and information protection to internal and external stakeholders. The improved visibility of its compliance status is of great benefit to the business.
Because regulatory compliance is now a key condition for legally doing business in South Africa, being POPIA compliant avoids massive potential penalties and ensures that business partners are willing to work with Adviceworx because of the enormous progress it has made in managing information protection and compliance. Adviceworx would quite possibly not stay in business had it not met these requirements. Although there is no direct financial ROI, the value of the solution should be measured in terms of penalties avoided and external business relationships preserved.
The future
With legislation forever changing and evolving, the company will be required to keep its systems updated and in line with new developments. “We hope that Netsurit will continue with us on this journey,” says Porrill. “The Netsurit team has been extremely helpful and professional and the systems that have been put in place are working as intended. We are most happy with the outcome.”
Share
Netsurit
Netsurit is a global Managed Services Provider that delivers remarkable results. For organizations battling the non-stop challenges of the modern workplace but lacking end-to-end IT expertise, Netsurit ensures business-critical apps and infrastructure are always on, secure, and resilient. Netsurit helps accelerate growth, increase productivity, and drive business excellence through digital innovation and transformation.
With headquarters in New York and Johannesburg, Netsurit provides Managed Services for organizations of all sizes. Its culture is based on the tenet, “Supporting the Dreams of the Doers.”