What's New in Microsoft Purview Compliance Manager
In the new world of hybrid work, maintaining compliance has become a board-level directive1. Local and global regulations dictate how to manage, store, and transmit data, making the intersection between compliance and data security more critical than ever before. To adhere to this new way of working, risks need to be identified and mitigated, and data needs to be properly governed. At Microsoft we are empowering customers on their digital transformation journeys by helping improve the way compliance is managed while meeting valuable business outcomes by:
- Eliminating blind spots with the right set of security, compliance, and privacy controls
- Safeguarding critical data from external and internal threats
- Identifying risks and addressing regulatory compliance requirements
Microsoft Purview Compliance Manager helps organizations simplify compliance and reduce risk. It translates complex regulatory requirements into specific controls, allowing organizations to constantly assess, monitor, and improve their compliance posture, all while saving time and money.
Today we are excited to share how Compliance Manager helped Webber Wentzel – South Africa’s leading law firm – improve their compliance posture by raising their score from 24 to over 80%.
We are constantly innovating and building product enhancements that help customers do more with less. The following features – all of which are GA – help customers get compliant, stay compliant, and scale compliance with one single tool that works out of the box. Let’s learn more about these announcements:
Ensuring data residency for the EU and North America
Making sure data lives within the right geographies
In March 2021, Brad Smith (Vice Chair and President) announced Microsoft’s promise to Storing and Processing EU Data in the EU. Today, EU customers using Compliance Manager can ensure their data resides within the EU Data Boundary as part of the Microsoft Cloud initiative. This means customer data in the Microsoft Cloud (Azure, Microsoft 365, and Dynamics 365) will only be stored and processed in the EU. For example, if an EU customer creates and manages an assessment in Compliance Manager, that data will reside within European data centers. The same applies for scenarios in North America.
Figure 1: EU GDPR assessment in Compliance Manager
Updated templates for 350+ regulations worldwide
Easily translate regulations into tangible actions
Did you know that there are more than 250 updates to regulations and standards every day? It is overwhelming for organizations to keep up to date with all these changes plus the evolving compliance landscape. Compliance Manager solves for this complexity by tracking and incorporating all regulatory changes. Just in the past month, we have added or updated the following regulations:
New IRAP with ISM Version 3.5 - Official
Update Australia Public Record Act
Update New York Privacy Act
Update IRAP with ISM Version 3.5 - Protected
Update CMS Information Systems Security and Privacy Policy (IS2P2)
Update New Zealand HIPC
Update Australia Privacy Act
Update Canada - Breach of Security
Update Revisions to the Principle for Sound Management
Update Indiana Disclosure of Security
Update Australia Privacy (Credit Reporting)
Update TISAX 5.1
Figure 2: New and updated templates for over 350+ regulations
Alerts & notifications
Stay in the know of any control changes
Last April, we announced the general availability of Alerts & notifications. This feature makes it easier for customers to quickly act on non-compliant controls. As a Compliance officer or admin, you can set up an alert policy to outline the conditions that trigger an alert and modify the frequency of these notifications. When Compliance Manager detects a match to your policy condition, the user receives an e-mail with details on the alert. For example, if an organization has disabled multi-factor authentication in their tenant, the admin will quickly be notified of this action so they can take remediation as quickly as possible and minimize data protection risks.
Figure 3: Setting up conditions and policies to enable alerts & notifications
Recommendation Engine
Pick and choose the most relevant regulations
According to a Gartner study, only 25% of organizations know which regulations are most relevant to them. Earlier this year, we announced the general availability of recommendation engine. This feature is intended to make it easier to get started with our solution. Compliance Manager’s recommendation engine helps surface the most relevant regulations for your organization based on your company’s size, industry, and region. With just 5 simple clicks, you can help your company begin to comply with the right set of regulations.
Figure 4: Recommendation engine helps you pick the most relevant regulations
Get started today!
We are committed to helping organizations do more with less by delivering capabilities that make the end-to-end compliance management experience more efficient. Get started with Compliance Manager through the Microsoft Purview portal today!
Additional resources:
- Check out our Microsoft Mechanics Video and 60 second overview video!
- Sign up for a free premium assessment trial
- Visit the Technical Documentation to get started.
On behalf of the Compliance Manager team,
Daniel Hidalgo