With the decision to introduce Windows 10, an insurance company also had to revise and adapt its legal regulations and the internal governance rules derived from them. As part of the overall project, we took on this task and at the same time introduced a control process for future software adaptations.

In the first assessment, the important key points such as technology (Windows 10 version, Exchange, SharePoint, Azure, etc.) as well as internal and external regulations (BaFIN, KRITIS, etc.) were recorded. Based on the resulting information, the areas of responsibility, such as

  • Data protection representative
  • Responsible for Group Policy Management
  • Person responsible for Identity Management
  • Product owner

were defined and interviews were conducted with the responsible persons.

The result was recorded as a recommendation for action and is regularly reviewed.