Companies today operate under strict regulatory conditions. Complying with those regulations can be daunting, but failure to do so has serious implications. Managing compliance, therefore, is imperative. Microsoft offers Compliance Manager, a unique cross-Microsoft-Cloud tool, that allows organizations to manage and navigate the complex terrain of regulations. Here is how Compliance Manager works to help your company comply with the law and applicable regulations and standards.

Who is Compliance Manager For?

Compliance Manager is for any company or organization that needs a comprehensive and proactive tool to assess, track, verify regulatory compliance and assign tasks related to the same. Anyone who must comply with regulations or standards like the following would benefit from this tool:

  • EU General Data Protection Regulation (GDPR)
  • Health Information Portability and Privacy Act (HIPAA)
  • International Organization for Standardization (e.g., ISO 27001 and ISO 27018)
  • National Institute of Standards and Technology (NIST)

Essentially, the tool allows you to protect data and meet regulatory requirements via Microsoft cloud services.

What are Compliance Manager’s built-in features?

Compliance Manager features various tools to help your organization comply with regulations and standards pertinent to data protection and security. Here are three specific capabilities featured:

  1. Assessment. The tool allows you to assess compliance from one place. Risk assessments are conducted on an ongoing basis.
  2. Protection. Users can protect data across all devices, applications, and cloud services by using encryption, controlling access, and implementing information governance.
  3. Response. Users can respond to regulatory requests through the incorporation of eDiscovery and auditing tools that allow you to locate relevant data for meaningful responses.

Through these features, Compliance Manager works to help you stay in and proactively manage compliance.

How does Compliance Manager Work?

Compliance Manager works by utilizing a single dashboard to see compliance stature. The dashboard provides summaries of your company’s assessments and action items. From those summaries, you can access controls and tools like exporting data to Excel.

You create assessments for the regulations and/or standards that matter to your company using Office 365, Azure, or Dynamic 365.

From these assessments, you receive actionable insights and detailed information about what Microsoft does to secure your data and help you comply with regulations.

Assessments

On the Assessments page, you are provided snapshots of your company’s compliance with specific regulations and standards — like those listed above — assessments of each.

For instance, compliance snapshots of your company will identify your company’s overall compliance with regulations like GDPR or standards associated with NIST or ISO. Each category is provided a “Compliance Score,” and the higher the score, the better your compliance stature.

On the same page, you are also provided with snapshots of assessments for each of these same categories. An Assessment Status is provided to let you know the status of the current assessment (e.g., in progress).

Under each of these snapshots, whether it is for compliance or assessment, you are additionally informed of:

  • The created date;
  • The modified date;
  • The number of customer-managed actions and the number of those actions that have been addressed; and
  • The number of Microsoft managed actions and the number of those actions that have been addressed.

Action Items

This page provides guidance on actions that could or should be taken to increase your Compliance Score. These are recommendations and are up to the company to implement.

Controls

Controls are the core of how Compliance Manager works. There are two controls: Microsoft and Customer.

Microsoft managed controls is a family of controls that align your company assessments with the standards and regulations. They are managed controls used to implement the assessment and assess compliance. Customer-managed controls, on the other hand, are controls that you as an organization manage. Here, you can implement actions recommended by Microsoft to increase your Compliance Score.

Compliance Manager is a tool to simplify compliance for organizations. It offers real solutions to a complex problem.