Getting ready to implement Dynamics 365 or getting ready to upgrade your existing implementation? Don't forget to make some time to evaluate policies and compliance items as a part of your plan. 

6 Policy and Compliance Items to Evaluate for Dynamics 365

The following six policy and compliance items are often overlooked, or worse yet, noted as a future to-do that never actually gets done.

1. Dynamics 365 Master Data Management

No really. Especially if your implementation involves any sort of integration (whether it be direct or indirect) with another system. Deciding which platform will be the official source of truth is crucial. In the event something goes awry after you're in production, it is important to know which system you will restore data from to get back to a clean state. This can get tricky especially when it comes to account and contact data.

Don't forget the smaller aspects of MDM like naming conventions, phone and address formatting, and data retention policies and archival. They're just as important in aiding to keep data clean between upgrades as the latest research indicates that the average cost of e-discovery is $5.70 per record. For more information check out

One step you can take as an organization to aid with this effort is to name a Data Steward that owns the information and standards within the system.

2. Dynamics 365 Security

Sure, you'll set up security as a part of your initial implementation - but are you taking the time to reevaluate during each upgrade? The employees that leave the organization are typically dealt with by IT. But are you taking into consideration what roles folks needs when they change roles within the organization? They may or may not need more or less permissions than they had in their previous role.

Don't forget about login and password requirements! Are they strong enough? Are you requiring they be changed at certain intervals?

And we would be remiss not to mention governmental standards that must be met depending on your industry, location, etc. like PCI/PII, GDPR or CAN-SPAM.

Perhaps most importantly, are you thinking about the protection of your organization with regard to the data you're allowing employees to collect about your customers? Even something as small as a sales rep tracking his client's wife's name and the ages of his children could be classified as personally identifiable information. Are you taking the necessary precautions to protect that data?

3. Onboarding and Offboarding Dynamics 365 Users

While this may seem small, it can get more complicated than you think! Make sure you've got a comprehensive checklist that not only IT and HR are following but also your system administrators for onboarding and offboarding employees.

This goes hand in hand a bit with security but, just saying they need access to CRM is not helpful! What security role should they have? Are there any exception additive roles that they should have? Who needs to approve ongoing changes?

What is your plan for offering training to get them up to speed? After all, you've done all this work to ensure you've got nice clean data. And you're trying to follow the rules with regard to security, compliance, etc. so let's make sure that employees that may be new to the organization or new to CRM aren't getting in there and mucking it all up!

How will you deal with records owned by an individual that is leaving the company or moving to a new role? Is their role being back-filled, or do you need to disperse the records across other team members?

4. Change Management - Adopting Dynamics 365

Let's be honest… not everyone is going to love CRM right out of the gate! So what are you going to do about that? Make sure to decide up front how your organization is going to manage change including how you will plan for resistance. Will you proceed with carrots first and switch to sticks if need be? Will you present a combination of carrots and sticks up front? Will usage of CRM just become a part of the job description of the employees expected to use it? Make sure it is well documented and that the expectations have been shared up front in order to save yourselves and other managers from having the tough conversations later.

5. CRM Governance

Have you defined who officially owns CRM within the organization? If not, you need to. In some companies this may be a single role or team. In larger organizations we typically recommend ownership be managed by a steering or leadership committee. This team is responsible for the ongoing growth and health of the tool. They should meet regularly with a standard agenda, serving as the hub for any enhancements, upgrades, cleanup, governance, support, etc. They don't necessarily have to be the team to execute on these items, but they should be providing the oversight in order to ensure they are getting done.

6. Compliance and Audit Regulations

Depending on your industry and whether you're privately or publicly held you may have some compliance and audit requirements that are necessary to keep in check. Some examples of governing agencies include: IRS, OSHA, SEC, EEOC, FED, FTC, OCC, etc. Be sure you understand what those are. 

Check out Microsoft Audit Overview for more information on how to configure CRM for audits.

Dynamics 365 is an investment that can reap many rewards when rolled out and maintained correctly. Be sure to get these important items right from the start. If you're already underway, remember to revisit these with each and every upgrade… and sometimes in between! Need some help? Contact our team at C5Insight, we'd love to work alongside your team on these important tasks!