How to meet the requirements of GDPR, HIPAA, ISO 27001, ISO 27018, NIST 800-53, NIST 800-171, and many others with Compliance Manager.
The need to meet the demands of various regulatory bodies seems to grow daily. This, plus any internal corporate edicts and the job of your company's compliance team, can seem overwhelming. According to a Thomson Reuters report, more than half of respondents said they spend over four hours a week tracking and analyzing regulatory developments and one out of four are devoting more than eight hours a week to compliance management.
Microsoft is aiming to ease your compliance burden with the release of Compliance Manager. Generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers, Compliance Manager enables you to track, assign, and verify your organization’s regulatory compliance activities with respect to Microsoft cloud services.
Below are three key ways Compliance Manager can help you meet your regulatory and data protection requirements.
1) Enables on-going risk assessments
Compliance Manager enables you to perform on-going risk assessments for both Microsoft responsibilities as the data processor and provides you with a list of features that you control with recommendations on settings for the various compliance regulations. This is critical in meeting the complex compliance obligations of various regulatory standards related to GDPR, HIPAA, ISO, and NIST.
The tool includes Compliance Score, providing visibility into your compliance status with a risk-based score. The Compliance Score is based on the operating effectiveness of internal controls managed by both Microsoft and your internal compliance team. Each control is assigned a weight based on the level of risk you may be exposed to if you fail to implement or pass the test of a control. Combining this information with other tools enables you to better conduct self-assessments, so you can focus on areas of regulatory risks.
2) Provides actionable insights
One common problem organizations have is finding talent with expertise in both industry compliance and technology solutions. Most of the time, compliance personnel have in-depth knowledge of regulations and standards, while IT professionals have the technology tools that help the company to protect data. Because there is lack of connections between these two areas, meeting data protection and regulatory requirements can become a very disjointed process. To help reduce this challenge, Compliance Manager builds the connection between the data protection capabilities and the regulatory requirements, so now you know which technology solutions you can leverage to meet certain compliance obligations.
Compliance Manager combines the control information from the “Microsoft control framework” view with a “certification controls or regulatory article” view to provide better visibility to your organization’s compliance and data protection profile. Many controls are a requirement for multiple compliance regulations. In these scenarios, the technical control is displayed once along with which regulations are applicable for it.
You still have the same experience for each control, for example, step by step guidance to implement internal controls and develop business processes for your organization.
3) Simplifies your compliance process
By enabling you to assign, track, and record your compliance activities, Compliance Manager simplifies the process of collaborating across teams and managing your documents for creating audit reports. Using group functionality you can create multiple assessments for any standard or regulation by time, by team, or by business units.
This functionality provides you with a more robust way to manage compliance activities based on your organizational needs for performing risk assessments.
As a Microsoft Gold Cloud Partner, Interlink Cloud Advisors can show you how Compliance Manager addresses your compliance needs, especially those surrounding GDPR while the deadline is approaching quickly. We can help you implement Compliance Manager and more importantly, add the protections to Office 365 by providing consulting on the policies, procedures, and the software tools that will help you be compliant.