Author

Steve Howlett

Microsoft 365 architect with over 25 years of experience delivering enterprise governance, compliance, and collaboration solutions across highly regulated environments.
See my LinkedIn Profile here.

25+

Years Experience

M365

Platform Specialist

100%

Audit Ready

Background

Enterprise governance
in regulated environments

The documentation products described on this site are not templates or advisory frameworks. They are formal organisational artefacts, written to withstand executive, audit, and regulatory scrutiny.

This work draws on decades of experience in environments where documentation isn't a nice-to-have — it's the difference between defensible decisions and unacceptable risk exposure.

"Most organisations discover that foundational governance documentation doesn't exist in a form suitable for executive or regulatory reliance. These products fill that gap."

Expertise

Areas of focus

Specialising in the intersection of Microsoft 365, enterprise governance, and regulatory compliance — with particular focus on emerging AI governance requirements.

M365 Governance

Enterprise architecture, tenant design, and governance frameworks for Microsoft 365 environments.

AI & Copilot

Risk assessment and governance documentation for AI enablement in enterprise environments.

Compliance

Data classification, sensitivity labelling, and regulatory compliance documentation.

Security Policy

ISO 27001 and NIST-aligned security policy development and audit preparation.

Risk Documentation

Board-level risk documentation and executive decision support artefacts.

M&A Governance

Tenant migration governance and post-merger integration documentation.

Approach

Documentation that
transfers risk

The documentation products on this site share a common philosophy: they exist to transfer risk from implicit technical decisions to explicit executive accountability.

This isn't about creating paperwork. It's about ensuring that significant technology decisions — particularly those involving AI and data governance — are made with appropriate executive oversight, documented rationale, and clear accountability.

Every document is written with a specific audience in mind: board members, audit committees, and regulators. Not technology teams, not vendors, not consultants.