π¦ WS2 β Exception Management
π WS3 β Quarantine Optimization
π WS4 β Reporting, Automation & AI Engineering
π‘οΈ WS5 β DLP Expansion (Policy & Channels)
π·οΈ 4-label sensitivity taxonomy
π‘ DSPM operating model
βοΈ Non-standard policy dev (SitPak)
β Deliverable tracker Β· π Platform workbook
DLP enforcement ladder, policy scope, and channel coverage. SOW3 WS5: expand net-new policies using WS1-validated SITs. February 2026 Discovery Policies are the evaluation baseline.
β π·οΈFour-label taxonomy β Public, Internal, Confidential, and Restricted β with automation matrix, protection controls, and rollout guidance. Classification integrity underpins all SOW3 DLP enforcement.
β π‘Data Security Posture Management operating model β continuous visibility, risk scoring, and cross-platform signals. Feeds SOW3 WS3 quarantine baseline and WS4 reporting KPIs.
β πReporting architecture feeding SOW3 WS4. Dual-ingestion model: UAL audit + Defender XDR enrichment β normalized KPI marts β 5 dashboard tiers. Monthly cadence: 20thβ25th rollup window. AI Builder β Copilot Credits migration required by Nov 1, 2026.
β πMicrosoft-core, Splunk-consumer hybrid model with SOW3 context. 7 reasoning points, platform ownership matrix, 8 implementation phases. SOW3 delivery closes November 30, 2026.
β π‘οΈMicrosoft-native reporting path: Defender XDR β Sentinel/Log Analytics β KQL semantic functions β Sentinel Workbooks + Power BI dashboards + Logic Apps automation. Supports SOW3 WS4 reporting automation build.
β βοΈAI-assisted SIT engineering β core methodology for SOW3 WS1 net-new SIT builds. Single-prompt pipeline with PowerShell automation, SitPak 2026 methodology, and Power Automate approval gates. WS1 SIT validation gates WS5 policy deployment.
βPurview Data Map, Data Catalog, classification scanning, SHIR on-prem onboarding, and two-lane governance model. Discovery Policy baseline (Feb 2026) evaluated across all channels as part of SOW3 WS1.
β β»οΈRetention policies, records management, lifecycle stages, disposition review, and auto-apply label strategy. Lifecycle controls support SOW3 quarantine optimization (WS3) and exception workflows (WS2).
β πUpcoming module covering Insider Risk Management policy design, indicator tuning, and integration with DLP and Labeling.
βCanonical design spec for this platform β file structure, naming rules, LLM reconstruction prompt, token system reference, and section skeleton template for new topics.
βDefault four-label schema: Public β Internal β Confidential β Restricted. Tailored for healthcare and enterprise environments. Override in Setup to match any clientβs approved taxonomy.
SOW No. 3 planning workbook β five work streams: SIT Maturation, Exception Management, Quarantine Optimization, Reporting & Automation, DLP Expansion. Includes Q&A log, task tracking, decisions log, weekly sync log, and Q2βQ4 2026 execution plan.
β βLeadership-facing SOW No. 3 tracker β status per work stream (WS1βWS5), audit-defensibility scope notes, AI-Assisted Engineering operating assumption notice, AI Builder credit migration warning (Nov 1, 2026 deadline), and executive print/PDF view.
βData Map + DSPM scan all workloads
Apply sensitivity labels per taxonomy
DLP rules enforce based on label + content
Activity Explorer + DSPM posture + lifecycle