Home

Manage Your Compliance from One Place – Announcing Compliance Manager

Compliance requirements can be complex to interpret; highly manual; difficult to track and act upon; and costly. Do you know that there are an average 201 updates per day from 750 regulatory bodies all over the world[1]? Research shows that 65% of firms ranked “design and implementation of internal processes” the biggest hurdle of GDPR compliance[2]. We know achieving organizational compliance could be very challenging. It is hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement controls with limited in-house capability.

Today, we are pleased to announce a new compliance solution to help your organization to meet data protection and regulatory standards more easily when using Microsoft cloud services – Compliance Manager will enable you to manage your compliance from one place. You can sign up for the preview program today.

Compliance Manager helps you with 3 key aspects:

 

  • Enables you to perform real-time risk assessment on Microsoft cloud services 
  • Provides actionable insights to improve your data protection capabilities
  • Simplifies compliance processes through built-in control management and audit-ready reporting tools

 Compliance Manager dashboardCompliance Manager dashboard

Real-time Risk Assessment: Compliance Manager provides a summarized dashboard showing your compliance posture against the data protection regulatory requirements that matter to you when using Microsoft cloud services. In each control framework, you can get a compliance score that reflects your real-time compliance posture and helps you to make real-time risk assessments.

 

Actionable Insights: You can get rich insights into Microsoft's and your responsibility to meet compliance standards. For each Microsoft-managed control, you can see the control implementation and testing details, test date and results. For the controls you manage, you will receive recommended actions with step-by-step guidance for implementation and testing. This tool will help you better understand how to use the Microsoft cloud features to efficiently implement the controls managed by you.

 

Control management tool for customer-managed controlsControl management tool for customer-managed controls

Simplified Compliance: Compliance Manager also helps you to simplify your compliance process by providing the control management tool for you to assign tasks and collaborate across teams more efficiently. You can generate audit-ready reports with evidence in a few clicks, reducing the need to manually collect information across multiple teams. This tool will help compliance / security / privacy officers, and risk assessors to perform proactive pre-assessment and get ready for the audits.

 

Compliance Manager will be available for public preview in November 2017. To get notification when the public preview is available, sign up for the preview program here.

Check out this video to learn more about how Microsoft can help you with GDPR compliance.

 

Frequently Asked Questions

1. Which cloud services are covered by the Compliance Manager?

For the preview program, Compliance Manager will cover Office 365.

We target to cover Office 365, Dynamics 365 and Azure when Compliance Manager is released. As we continue to grow our cloud services, we will expand the scope of dashboard to include them as well. Compliance Manager will not yet be available in Microsoft's unique clouds for China, Germany and Azure Gov/GGC High and DoD.

 

2. Does showing a compliance score in Compliance Manager indicate that Microsoft is a compliance expert?

The compliance score does not express an absolute measure of how compliant you are. It expresses the extent to which you have implemented controls, which can support data protection and compliance. No service can guarantee that you will be fully compliant, and the “compliance score” should not be interpreted as a guarantee in any way.

 

3. What compliance offerings, in terms of regulations, come with the Compliance Manager?

We target to cover GDPR, NIST 800-53, ISO 27001, and ISO 27018 standards when Compliance Manager is released.

 

4. Will I be able to use it for on premise services?

The current version of the dashboard will focus on tracking, implementing, and monitoring data protection and compliance on Microsoft cloud services.

 

5. How is the compliance score calculated?

Compliance score is based on the operating effectiveness of Microsoft controls and the customer controls you manage. Different controls have different levels of risk. We assign a weightage to each control based on the level of risk involved due to control failure. For example, if a control around providing information security awareness training is not fulfilled, it will create a risk to your data protection and compliance goals. However, this risk is not as great a risk as if your logical access control fails. Therefore, logical access controls will have bigger weightages in calculating compliance score than controls like security awareness training and will have bigger impact on the score. The end goal of providing you a score is to help you with your risk management decisions.   

 

6. How does the “Compliance Score” differ from “Secure Score”?

Secure score is a security analytics tool to help organizations better understand their security posture  in Office 365, while the compliance score provides a broader view of an organization’s data protection and compliance posture in the Microsoft cloud services - Azure, Dynamics 365, and Office 365. The compliance score and secure score can be associated in that compliance score is calculated across large superset of data protection and compliance controls; whereas secure score is focused on subset of configurable security controls.

 

7. Does a high or perfect score mean that I am fully compliant?

The score does not express an absolute measure of how compliant you are. It helps you understand whether you have successfully implemented your controls and if Microsoft controls are compliant. Beyond Microsoft-managed controls’ contribution to the score, a high score indicates that you have implemented more controls and that you have ascertained that the implementation is successful. This supports your goal towards being on track to be compliant.

 

8. If there are changes in regulations and / or regulation requirements, do I get an alert and is it reflected in my score?

If any changes in regulations necessitates changes into controls that support those regulations, we will update those controls and send you a notification if you subscribed to alerts for Compliance Manager. Any changes in the status of Microsoft managed controls will be reflected in your overall compliance score within 24 hours. Any changes in the status of controls managed by you will be reflected in real time in your overall compliance score.

 

9. How do I get the Compliance Manager preview?

Microsoft 365, Azure, and Dynamic 365 users (including trial users) will have access to the public preview version in November 2017.  To get notification when it's available, you can sign up for the preview program here.

 

10. How much does it cost?

As of now Compliance Manager preview version itself will be free for Microsoft 365, Azure, and Dynamics 365 users. We are still assessing the nature of the final licensing and will provide more information when closer to general availability in 2018.  

 

*Compliance Manager Preview is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager Preview should not be interpreted as a guarantee of compliance.

 

[1] Thomson Reuters – Cost of Compliance 2017

[2] http://resources.compuware.com/research-improved-gdpr-readiness-businesses-still-at-risk-of-non-complian...

 

 

13 Comments
New Contributor

Hello,

 

can i activate this preview feature on my Tenant from demos.microsoft.com so i can evalute its benefits ?

 

From the descrption above i believe this could be a very interesting tool to position at customers.

 

Thanks in advance

Hi Pedro,

 

We will release the public preview version on Nov 16th 2017, and you will be able to access it and evaluate it before GA next year.

We currently are still working on developing the product for preview, so there is no demo available yet, but will definitely share more information when it's close to the release date.

 

Thanks,

Tina

Occasional Visitor

Hi Tina,

 

I was wondering whether the scores are calculated automatically by the tool accessing information from the cloud services that a company uses or is this report a self-servicing one? If it's an automatically generated report, are there parts where self-servicing is enabled?

Thank you for your answer in advance!

Great news ! Awaiting for the preview !

Hi Nora,

For the first version of GA release next year, it will still be self-serving. Once you implement the control and mark the test result "passed", you compliance score will reflect this change. We will consider the automation in our future roadmap.

 

Hi Nuno,

Thank you for the support! Please remember to sign up for the preview program, we will send out an email to notify you when it's available.

 

Frequent Visitor

Hi Tina

Several clients are requesting this kind of portal for the control of compliance with all the compliance. FY18 is a critical year because of the many regulations that are going to have to be met.

With your permission I will start talking about Compliance Manager in my GDPR talks since it is an incentive to start generating a real demand on compliance compliance.

It is great news that Microsoft is striving to provide solutions to this part of digital transformation.

I look forward to the next news.

Hi Rafael,

 

It's great to hear the excitement about the product. I will share more information about demoing the product after the preview program goes live next week. Thank you for the support!

Visitor

Hi Tina,

 

I tried to register for the Preview Program of Compliance Manager but did not receive any confirmation email.  Not sure why this should happen but I tried through a different email ID as well.  Is there any other channel through which I can sign up for the Preview Program?

 

Thanks,

Sohit

Hi Sohit,

 

I just checked the sign-up list, and your name is there (we found both emails)! We will send you a notification email on 11/16 to inform you how you can access to Compliance Manager.

 

Thanks,

Tina

Occasional Visitor

This looks very interesting. I will be talking about it in a webinar I'm presenting today to draw attention to it. As per the comment from Rafael, 2018 is a key year for compliance legislation so I'm looking forward to this going GA.

Frequent Visitor

You can give us the url of the webminar. It would be fantastic to be able to see your perspective on compliance.

Waiting for tomorrow to start looking at this great portal :)

Occasional Visitor

Tina - Just to let you know that I registered and did get an email, so it is working. Looking forward to the preview. 

 

@Rafael Ansino Lara - thanks - I'll put the URL here when the recording is available. It's majored on addressing GDPR compliance by targeting PST files using one of our products and I mention Compliance Manager in a sentence about tools that Microsoft provides to help organisations manage their path to compliance. You're very welcome to watch and spread the good word!!!

Visitor

Thank you so much, Tina !