Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
Microsoft Purview - Compliance Score (Part 1) - Overview
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
This blog series is aimed at Security and Compliance officers who need to understand how the Microsoft Purview Compliance Manager assessments can help them meet their regulatory and certification needs.
This document will only be discussing the assessment specific to ARMA GARP and which Purview components are needed to meet those requirements in the assessment and its associated certifications and regulations.
This document does not cover any other aspect of Microsoft E5 Purview, including:
For details on licensing (ie. which components and functions of Purview are in E3 vs E5) you will need to contact your Microsoft Security Specialist, Account Manager, or certified partner.
We will not be walking through the ARMA GARP assessment step-by-step. For more information on running an assessment in Compliance Manager, you should reference the corresponding documentation listed in the Appendix and Links section below.
We will be walking through how the ARMA GARP assessment can be leveraged to meet the multiple certification and regulatory needs and provide quantifiable results for meeting those certification and regulatory needs.
Looking at the ARMA GARP assessment at a high level.
It is highly recommended that you run your own ARMA GARP assessment to see the following information in your own Tenant.
It is highly recommended that you run your own ARMA GARP assessment to see the following information in your own Tenant.
Here is the definition listed in Microsoft Purview Compliance Manager.
“ARMA Generally Accepted Recordkeeping Principles (GARP) documents the five levels inherent to a maturity model and maps their relationship to the Institution's principles (i.e. Principle of Accountability, Principle of Transparency, Principle of Integrity, Principle of Protection, Principle of Compliance, Principle of Availability, Principle of Retention, Principle of Disposition). The document provide the ways an organization can implement principles for improved operational effectiveness and better information governance. It offers details for use of the Principles regardless of an organization's size, type (e.g., for profit, government, nonprofit, not for profit), or industry sector.”
You can also find more information at the ARMA GARP official website, listed in the Appendix and Links section below.
This is the official Microsoft tool that scans your tenant and compares it to the ARMA GARP. It then provides a report and workflow.
We narrow the scope of from All ARMA GARP Control Families (8x) the Assessment runs to just the Compliance applicable ARMA GARP Control Families (8x). Then we can take those tactical Control Families and leverage the applicable Microsoft Purview tools that, when applied, can help you meet these Control Families.
Let us look at the details of the ARMA GARP assessment as they related to Microsoft Compliance Purview solutions and your Compliance Score for your Microsoft tenant.
The ARMA GARP assessment will report back on ALL the Control Families that are part of the ARMA GARP assessment.
From a Purview perspective, here are the 8 Control Families that are applicable to ARMA GARP workloads.
Now that you know which Control Families are relevant to ARMA GARP, here are the Purview solutions that are part will help you meet those baseline needs.
Let us look at a diagram the ARMA GARP assessment’s points that it applies 1) ARMA GARP Controls overall, 2) points that can specifically be addressed by Purview related tools, and 3) then the percentage of the ARMA GARP assessment points covered by implementing the Purview tools.
Microsoft Purview Compliance Manager - Microsoft Purview (compliance) | Microsoft Learn
Microsoft Purview Compliance Manager - Microsoft Purview (compliance) | Microsoft Docs
Microsoft Purview- Paint By Numbers Series (Part 0) - Overview - Microsoft Tech Community
Compliance score calculation - Microsoft Purview (compliance) | Microsoft Learn
Note: This solution is a sample and may be used with Microsoft Compliance tools for dissemination of reference information only. This solution is not intended or made available for use as a replacement for professional and individualized technical advice from Microsoft or a Microsoft certified partner when it comes to the implementation of a compliance and/or advanced eDiscovery solution and no license or right is granted by Microsoft to use this solution for such purposes. This solution is not designed or intended to be a substitute for professional technical advice from Microsoft or a Microsoft certified partner when it comes to the design or implementation of a compliance and/or advanced eDiscovery solution and should not be used as such. Customer bears the sole risk and responsibility for any use. Microsoft does not warrant that the solution or any materials provided in connection therewith will be sufficient for any business purposes or meet the business requirements of any person or organization.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.