Project Management

Project Management Central

Please login or join to subscribe to this thread

Topics: Information Technology
Urgent Request of a sample Project Plan to implement a vendor neutral DLP solution
I just joined a new org, and one of my first projects is to rollout DLP to the whole corporate.
Trying to look for sample project plan to capture all that is required to rollout DLP to the leadership.
I don't have a sample plan, but even if I did have one from a previous employer, it might not help you, as DLP is more than just a tool. For example, are you dealing with the following (don't answer me, I don't want a response on a public forum):
- PII, PHI, PCI, or other compliance regulations
- Intellectual property
- the need to track data on endpoints, networks, and the cloud
- the need to identify and protect data at rest
- internal threats, external threats, or both

These all involve one or more tools, but there are culture change considerations if your culture isn't already addressing these areas. If your data is in multiple locations, you'll need to identify those locations and determine a strategy for each. Do you need alerts, encryption, physical security, 2FA, more restrictive security controls, etc...?

I may be getting ahead of myself, but your plan should also consider how to respond to data loss, which could vary depending on the type of data. You'll want to document a plan for auditing and responding to audits. When it comes to using technology, you might also want a tool that supports your company's data retention policies (when and how to delete information you no longer need to store) and consumer privacy requirements (GDPR, CCPA, etc...).

Getting back to culture change, if you're implementing new tools and new processes, be aware of where and when you're creating new work. How people feel about new project work can have an impact on the outcome of the project. How people feel about additional workload after the project is over can affect how long it takes to make effective use of what the project delivered.

If you have a complex technology stack, prepare yourself for a lot of analysis to define the affected systems and processes.

Please login or join to reply

Content ID:

"We should be careful to get out of an experience only the wisdom that is in it - and stop there; lest we be like the cat that sits down on a hot stove-lid. She will never sit down on a hot stove-lid again, and that is well; but also she will never sit down on a cold one anymore."

- Mark Twain