Compliance management capabilities in Microsoft
3 minute read
Common compliance needs
- Data management is now pivotal
Common compliance regulations and standards
Health Insurance Portability and Accountability Act (HIPPA) - regulation on how health related information should be protected
Family Educational Rights and Privacy Act (FERPA) - rules to protect student information
ISO 27701 - rules and guidance to manage personal information and demonstrate compliance
Offerings of the Service Trust Portal
Provides information, tool and resources about; Microsoft security, Privacy and Compliance
- Compliance manager
- Measures progress in completing actions that help reduce risk around data protection and regulatory standards
- Trust documents
- links to security implementation and design documentation
- Industries and regions
- Compliance information organized by industry and region
- Trust center
- Information about security, compliance and privacy in the cloud
- Resources
- Information about the features and tools available for data governance and protection in Office 365 and data centers
- My library
- Add documents and resources relevant to your organization
Microsoft’s privacy principles
Microsoft’s products and services run on TRUST
- Privacy is about how and why data is collected and used
- Microsoft have six principles
- Control: customer is incontrol
- Transparency: about data collection
- Security: protecting data that’s entrusted using strong encryption
- Legal protection: respecting local privacy laws
- No content-based targeting: no email chat or files are used for targeted advertising
- Benefits: when data is collected it’s to benefit the customer not Microsoft
Compliance center
Brings all the tools and data needed to help understand and manage an organization’s compliance needs
Requires Microsoft 365 SKU and one of the following roles; Global Administrator, Compliance Administrator or Compliance Data Administrator
Compliance score card
- Show compliance score
- Sends the admin to the compliance manager to see a breakdown of the score
- Measure of progress in completing recommended improvements within controls
- Understand the organization’s compliance posture
- Prioritize actions based on potential risk
Solution catalog
- Links to collections of integrated solutions
- Used to manage end-to-end compliance scenarios across three compliance solution areas
- Information protection & governance
- Insider risk management
- Discovery & respond section
Active alerts -Summary of the most active alerts
Compliance manager
- Feature in the Microsoft 365 compliance center
- Taking inventory of data protection risks
- Manage complex controls
- Pre-built assessments
- Workflows
- Step-by-step improvements
- Compliance score
Controls
- A requirement of a regulation, standard or policy
- Defines how to assess and manage system configuration, organizational process and people responsible for meeting a specific requirements
- Microsoft-managed controls
- Your controls
- Shared controls
Assessments
- Grouping of controls
- Completing the actions in an assessment help meet the requirements of standard, regulation or law
Templates
- Quickly create assessments
Improvement actions
- Centralize compliance activities
- Provides recommended guidance
Benefits of compliance manager
- Translate complicated compliance requirements into simple language
- Large number of out-of-the-box assessments
- Maps regulatory controls against actions
- Step-by-step guidance
- Prioritize actions
Use and benefits of compliance score
- Measures progress within a control
Difference between compliance manager score and compliance score
Compliance manager is end-to-end solution in Microsoft 365 that enables admins to manage and track activities.
Compliance score is a calculation of the overall compliance posture.
Understand the compliance score
Overall score is calculated using scores from
- Your actions
- Microsoft actions
Each action is categorized
- Mandatory
- Discretional
Each action has sub-categories
- Preventative
- Detective
- Corrective