After us taking a look into almost all of the Copilot experiences in Power Platform for creators, shared some initial insights and useful resources for further learning, today I want to talk about a possible format of a risk assessment documentation.
A good way to start this initiative is to identify who should be part of it. Since we have multiple experiences to consider and we don’t want to hinder the productive use of Copilot for too long, we should avoid being the bottleneck. Therefore, we should form a project team for this task. We should also consult with key stakeholders from both business and IT to understand their requirements. In some cases, it might be wise to involve the workers council at an early stage. We should ask our CISO to be the project sponsor for this initiative.
A possible improvement is to verify whether a similar initiative is already in progress or concurrent. As mentioned earlier, some of the architectural design aspects are quite similar and we could eliminate redundant steps and leverage key insights from other projects, such as the risk assessment content that our Microsoft 365 colleagues may have created for their evaluation of Copilot.
For instance, suppose your colleagues have gone through this learning material and encountered the diagram of an architecture shown above. Your team may want to adapt this diagram for the Copilot in Power Platform experiences and make some changes to it. A common misconception that we have hopefully addressed throughout this mini series is that pre- and post-processing services are the same for Power Platform. Nevertheless, the diagram is a good layout template for further documentation.
Depending on whether the environment is in the US- or the EU region, we have observed different responses. Therefore, our risk assessment documentation should address these differences, especially if our organization operates in multiple regions and uses different environment regions in our tenant. To clarify this in my customer briefings, I am sharing with yours this visual:
The links included are:
- Microsoft Cloud enables customers to keep all personal data within European Data Boundary – EU Policy Blog
- Microsoft EU Data Boundary Overview | Microsoft Trust Center
- Legal Docs | Microsoft Dynamics 365
- Enable copilots and generative AI features – Power Platform | Microsoft Learn
- Microsoft Privacy Statement – Microsoft privacy
- Introducing the Microsoft Copilot Copyright Commitment
- Microsoft Services Agreement
This visual helps to provide more context on the services and sources being involved. Often times, I am adding the following visuals to outline, where you could get all these links from.
Not many people would have done this task so far – honestly, who reads the terms and conditions so carefully in case of following the links provided in addition? Back to our documentation, what should it look like?
Our first chapter should be about describing the purpose of this risk assessment and documentation. It should be outlined where readers might be able to follow-up with their questions or feedback. As this document would receive updates over the course of time, it´s a good idea to add a versioning and summarize changes made to the document in an appendix.
And what about the rest of it? That´s something for the next time. Until then,…