Case Studies

Case Study: Projects with Microsoft GRC

Microsoft GRC Akvelon


Microsoft, one of the largest software and technology companies in the world, as well as Costco and Android.

Business Need

Akvelon has teamed with the Microsoft Governance, Risk Management, and Compliance (GRC) team on multiple occasions to provide solutions to various projects over the years. Below are just a few examples.

Active DFD

Akvelon partnered with GRC to design and develop a web-based interactive tool for documenting the network architecture of the various O365 environments. This top to bottom solution enables GRC to produce a first-of-its-kind network architecture diagram for O365, which improves the quality of the diagram while reducing the time it takes to produce, and also demonstrates compliance more efficiently.

Technology Used: C#, Visio VBA, JavaScript, MS SQL, IIS

Active Framework Browsing

Akvelon partnered with the GRC Compliance Team to create a web portal for active framework, evidence, and AutoDoc. Before Active framework browsing, users were forced to retrieve the information of these active framework controls from Excel files. To ensure quality, Akvelon is working through the entire software development life cycle of the project including: requirement analysis, spec, design and development, testing etc. (everything but maintenance).

Technologies Used: ASP.NET MVC, Knockout JS library, unity, C#

AutoDoc Tool

Akvelon is working with O365 GRC, Workload Champions, and several engineers to develop the AutoDoc tool. There needed to be a way to streamline collaborative collecting/reviewing/editing of implementation details and there needed to be a tool that would build an SSP document based on those details.

Prior to AutoDoc, the GRC Compliance Team had to pull this information from Excel sheets which was inefficient and time consuming. With the development of AutoDoc, each person/role involved will be much more efficient. They’ll be able to see a summary of their work completed, receive automatic notifications of work items that need to be done, have a means for collaborative collecting, reviewing and editing of implementation details, and the SSP document will be automatically generated with the just one click. This type of structured database ensures that the involved roles can spend their time working rather than collecting data.
Technologies Used: ASP.NET MVC 4, C#, JavaScript, Knockout JS, jQuery, Linq, Entity Framework, SQL, T-SQL, SQL Server

Commerce Platform Compliance Team

Akvelon ipartnered with the Commerce Platform Team in a Technical PM capacity to provide a technical bridge between the CPA’s and the Engineering Team, with a key focus around IT controls.

O365 GRC Continuous Testing (Evidences)

Akvelon developed a web portal for active framework, evidence, and AutoDoc that gives users the ability to request/provide evidence and allows auditors to check the accuracy of the evidence. This end to end solution allows for quick communication between users to get the necessary information, which ultimately saves time and leads to better efficiency. Akvelon’s team worked through the entire software development life cycle of the project: requirement analysis, spec, design and development, testing etc. (everything but maintenance).
Technologies Used: ASP.NET MVC, Knockout JS Library, Unity, C# JavaScript, Entity Framework, SQL Azure, SharePoint


Costco Systems Security Process Analysis

Akvelon provided Costco with end to end systems security process analysis. We collaborated with Costco to write information security policies and standards based on an ISO framework that matched the PCI requirements, SOX & HIPAA regulations, and existing company policy decisions. Designed an information security risk management framework using NIST as a guide, and also we developed information security processes. These processes include: system characterization, controls analysis, risk assessment, test planning, and risk treatment plan.Android Security Scanner

Akvelon Security Scanner is a custom application that utilizes both static and dynamic analysis. The application scans any Android application for malicious activities. It inspects permissions, app ingested information, and what requests are made from a given application. Akvelon Security Scanner is often used for certification of preloaded apps for compliance with security policies.