Cyber Control & Governance Improvement Plan

A hands-on, 10-week engagement to operationalise IT Security controls and achieve NIST CSF 2.0 alignment for Principality Building Society.

Explore the 10-Week Plan

Strategic Approach

Moving from fragmented SharePoint documentation to a unified, NIST-aligned governance framework.

The Challenge

Incomplete and outdated SharePoint documentation
Inconsistent control definitions and evidence requirements
Lack of alignment with NIST CSF 2.0 (Govern function)
Manual, time-consuming evidence collection processes

The Solution

AI-powered analysis of existing SharePoint library
Rapid generation of NIST-aligned template matrices
Operational playbooks and automation roadmap
Formalised Governance Review Cycles (GRC)

10-Week Delivery Roadmap

A phased, milestone-driven approach to security control excellence.

0Phase
Pre-Start

Mobilisation & Inventory

  • Engagement kick-off with key stakeholders
  • Full inventory of SharePoint security documentation
  • Environment access and tooling setup
1Phase
Week 1

Discovery & Scope Definition

  • Create Documentation Scope Matrix aligned to NIST CSF 2.0
  • Identify "Crown Jewel" controls for priority uplift
  • Stakeholder interview sessions to validate "as-is" processes
2Phase
Weeks 2 – 3

AI-Powered Template Creation & Gap Analysis

  • Generate standardised NIST-aligned documentation templates
  • Automated comparison of existing docs vs. NIST requirements
  • Production of Current State Report & Prioritised Improvement Plan
3Phase
Weeks 4 – 6

Documentation Uplift & Standardisation

  • Drafting of Operational Process Documentation (SOPs)
  • Development of Technical Incident Playbooks
  • Refinement of Security Control Framework (Evidence & Methods)
4Phase
Weeks 7 – 8

Automation, Reporting & Governance

  • Identify automation opportunities for evidence collection
  • Establish centralized reporting dashboards for control health
  • Define NIST-aligned Governance Review Cycles
5Phase
Weeks 9 – 10

Training, Handover & Close

  • Knowledge base finalisation and team training
  • Formal handover of all deliverables to Principality leads
  • Engagement review and final closure report

NIST CSF 2.0 Templates Showcase

Standardised outputs designed for clarity, compliance, and operational efficiency.

NIST ID Control Name Validation Method Evidence Required
GV.OC-01 Security Roles & Responsibilities Policy Review / Interview Job Descriptions, RACI Matrix
PR.AC-01 Identity Management Sample Testing AD Export, Joiner/Leaver Logs
DE.CM-01 Continuous Monitoring Log Analysis SIEM Dashboard Screenshots

AI-Driven Gap Analysis

Simulating the process of ingesting SharePoint libraries to identify compliance gaps against NIST CSF 2.0.

📁

Upload SharePoint Document Library (Mock)

Drag and drop files here or click to simulate ingestion

Ingesting documents...

Key Benefits & Value

Why this approach ensures rapid improvement and long-term sustainability.

🚀

Fast Value

AI-driven templating reduces documentation time by up to 60%, allowing focus on control operationalisation.

🛡️

Future Proof

Full alignment with NIST CSF 2.0 ensures the framework stays relevant for years to come.

⚙️

Automation Ready

Deliverables include a roadmap for automated evidence collection, reducing future manual effort.

📊

Clear Visibility

Centralised reporting dashboards provide senior management with a real-time view of security health.