Enterprises conduct business in a complicated data protection regulatory environment. This fact is particularly true for business operations that include, or could potentially include, international customers. And with the global reach of the internet, that would include any enterprise with a website requesting simple customer information like name and email address. In some cases, just noting the IP address of a website visitor is enough to kick in privacy regulations.
In this business environment it is vital that all enterprises take measurable and documented steps toward compliance with all relevant data protection and security regulations. Of course, this is not an easy task. Which is why Microsoft released Compliance Manager to general availability on February 23, 2018.
The online tool is now generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers in public clouds. And while the Microsoft Compliance Manager cannot make your enterprise compliant with every regulation, it can help organizations meet their data protection and regulatory requirements while using Microsoft cloud services.
SEE: Intrusion detection policy (Tech Pro Research)
The Microsoft Compliance Manager is a standalone tool, separate from the normal administrative dashboard. Users can access Compliance Manager by signing into their Office 365, Dynamics 365, or Azure user account via the Service Trust Portal. Click on the Compliance Manager tab and login. The first time you sign in, you will be required to accept a rather lengthy NDA agreement, part of which you can see in Figure A.
Admittedly, this NDA was not expected and raised an eyebrow, but I decided to throw caution to the wind and accept it.
As you can see in Figure B, the Microsoft Compliance Manager is presented in fairly standard dashboard motif, showing a score that represents a level of compliance for your associated Microsoft product under specific regulations. My Office 365 assessment for the GDPR, for example, is underdeveloped with a compliance score of just 243 out of 568.
In this example, the Compliance Manager shows that Microsoft has implemented the default GDPR compliance protocols for my installation of Office 365, but that I have yet to perform my enterprise-specific due diligence. With the GDPR becoming fully enforceable on May 25, 2018, I'd better take some action. This is likely a compliance status common to many enterprises.
To increase the compliance score, enterprises would drill down into each regulatory category and check off individual security protocols and other procedures as they are completed. Some items in the list are likely to be part of your enterprise's security system already, while some will require additional resources and implementation.
A high compliance score will provide your organization with some level of assurance with regard to specific regulatory requirements and provide a clearer assessment of systemic risk. The Microsoft Compliance Manager offers enterprises measurable and documented progress toward compliance, which could be valuable when defending against future fines and assessments.
It is important to note, that the Compliance Manager is available by default to any credentialed user of Office 365, Dynamics 365, or Azure in your organization. To change the default permissions, at least one user must be added to each Compliance Manager role. After a user is added to a role, the default permissions are removed and only users that have been added to a role will be able to access Compliance Manager and perform the actions allowed by that role.
SEE: EU General Data Protection Regulation (GDPR): The smart person's guide (TechRepublic)
Determining whether your enterprise follows all of the potentially applicable regulations in today's work environment is no simple task. Failing to comply with even one regulation could carry with it devasting financial penalties. Enterprises need sophisticated tools to help manage this considerable and uncertain risk.
With the Microsoft Compliance Manager now available, enterprises using Office 365, Dynamics 365, or Azure can assess their risk for non-compliance for many regulations and then take documented steps toward reaching full compliance where it is lacking. A free tool that could save your enterprise financial hardship—that is certainly worth checking out.
- Microsoft 365 adds data protection tools to help customers remain GDPR compliant (TechRepublic)
- How to get your company on track to comply with GDPR (TechRepublic)
- How to add useful features, apps, and tools to your SharePoint site (TechRepublic)
- Microsoft takes aim at Google, Box, Dropbox with OneDrive switch offer (ZDNet)
- GDPR: These are the organisations which are least prepared (ZDNet)
How regulatory compliant is your enterprise? How do you know? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.