Project Details
Client Snapshot
A Midwestern specialty insurance firm with 500–1,000 employees providing underwriting and claims services in a tightly regulated environment. Leadership had already invested in Microsoft 365 E5 licensing, including Microsoft Purview Information Protection, but the tooling was significantly underused.
The Challenge
Regulatory pressure on insurance carriers had ramped up sharply. NAIC Model Laws, the California Consumer Privacy Act, and the New York Department of Financial Services cybersecurity regulation all placed new scrutiny on the handling of Nonpublic Personal Information. The firm had already invested in Microsoft Purview Information Protection, a strong foundation. Access to technology, however, wasn’t the problem.
The real gap was operationalization:
Pressure to demonstrate compliance with NAIC and state privacy laws.
Sensitive data scattered across Exchange Online, SharePoint, OneDrive, and on-premises file servers.
Employees protecting data using ad hoc tactics like password protection and naming conventions, inconsistent and unauditable.
A licensed data-security platform that wasn’t doing the work it was bought to do.
Instead of clarity, the existing approach created uncertainty and added risk. The firm brought in X- Centric to convert its Purview licenses into a workable, durable compliance solution.
Our Approach
X-Centric brought structure, clarity, and speed to data protection, making it simple, scalable, and aligned with day-to-day business workflows. The work unfolded in four integrated phases.
1
Facilitated workshops and data mapping across repositories to surface high-risk content. Both IT and business teams gained clear visibility into where sensitive information actually lived.
2
Defined and deployed a four-tier sensitivity label framework, Public, Internal, Confidential, Restricted, and enabled mandatory labeling across Microsoft Office apps. Clear rules reduced employee ambiguity and set a consistent baseline for future audits.
3
Built a self-paced training program with knowledge checks and 10 short videos covering classification and protection inside Microsoft Office apps. Result: 92% training completion, ensuring policies were not just deployed but adopted.
4
Launched a targeted 50-user pilot with Underwriting and Claims teams, using their feedback to refine policies before the full rollout. Edge cases surfaced early, and broader rollout was both easier and more widely accepted.
Outcomes
The deployment delivered audit readiness for the first time, and shifted the workforce from uncertainty to confidence in handling sensitive data.
Metric | Before | After | Benefit |
|---|---|---|---|
Files classified and labeled | Ad hoc | 1.2M items | 60-day rollout |
Employee data-handling confidence | 59% | 87% | +28 points |
Audit evidence-gathering time | Weeks | Days | Real-time dashboards |
Training completion | N/A | 92% | Adoption secured |
First-time audit readiness for NAIC and state insurance commissioner inquiries.
Labels embedded in Office apps clarified document handling at the moment of work.
A cross-functional steering committee now resolves policy edge cases swiftly.
Clear automation roadmap powered by real user behaviour and policy telemetry, next steps include auto-classification and Conditional Access enforcement.
Internal teams now share a common language for handling sensitive data; IT and compliance
leaders can respond to regulator requests with materially greater speed and clarity.
Client Review
“[Placeholder quote, to be sourced from sponsor. Example tone: “Regulators used to ask us a question and we’d disappear for two weeks gathering evidence. Now we open a dashboard. The labels are doing the work, and the team trusts the system.”]”
Steve Kims
Specialty Insurance Firm
What This Means For Your Business
If you’re a regulated firm with Microsoft Purview licenses you aren’t fully using, you’re paying for compliance capability and getting compliance risk. The fastest path to audit readiness usually isn’t buying more tools, it’s operationalizing the ones you have, with a clear labelling framework, rapid pilot, and adoption-first rollout.
Project information
Client:
Specialty Insurance Firm
Industry:
Insurance
Solution:
Cybersecurity · Microsoft Purview
Engagment:
60-day rollout