Compliance Manager Preview

  • Article

The new Compliance Manager (CM) within O365, helps organizations meet compliance obligations like the European Unions’ General Data Protection Regulation (GDPR) or ISO 27001. You can visit the Service Trust site to access the Compliance Manager. The CM can perform a real-time risk assessment with a score that reflects a company’s compliance position against data protection regulations when using Microsoft Cloud services. The CM can also suggest recommended actions and step-by-step guidance.

Here is the walk through when you sign up for the Compliance Manager:

The preview program includes the following capabilities:

  • A dashboard to summarize Microsoft's and your GDPR, ISO 27001, and ISO 27018 control implementation progress for Office 365
  • Actionable insights to help you improve your data protection capabilities
  • Control management and audit-ready reporting tools

Compliance Manager uses the Assessments as the basis for managing your compliance activities. Assessments include a cloud service and one or more standards/regulations. When you open Compliance Manager, you'll see your organization's progress towards completing each Assessment. To get you started, we've added Office 365 Assessments for ISO 27001:2013 and the EU General Data Protection Regulation (GDPR). Click on the name of the Assessment to open it.

Each Assessment displays at-a-glance a status indicator for each set of controls - those managed by Microsoft, and those managed by your organization. Use this dashboard to track your organization's compliance efforts. Click on the name of the Assessment to view detailed information about the standard or regulation as it is mapped to the selected cloud service. The information includes a list of the in-scope services, implementations details about the controls for which Microsoft is responsible, and recommendations for you from Microsoft regarding the controls for which your organization is responsible.

The Microsoft Managed Controls section provides you with details on how Microsoft has implemented each control, including information about when and how the control was last tested by a third-party auditor and the results of that test. The Customer Managed Controls section provides you with recommended actions your organization can take along with tools to facilitate compliance management.

To view all the recommended actions that should be taken by your organization, click Customer Managed Controls, click a control family to expand it, and view each item within the control family. Action Items can be assigned to individuals in your organization who can create test plans, perform recommended customer actions, document implementation details, and gather and upload evidence.

With Compliance Manager, you can generate reports containing implementation and assessment details, along with links to uploaded files. These reports can be provided to auditors, regulators, senior management, and other risk/compliance stakeholders in your organization.

Compliance Manager enables you to track your organization's compliance efforts by providing you with the tools to understand, track, manage, and audit your organization's responsibility for each standard or regulation. Get started with Compliance Manager by creating an Assessment for one of Microsoft's cloud services and at least one or more standard or regulation.

With this new available option from the CM, customers can continue to adhere to their compliance and regulatory needs with providing detailed information to report on their audits.