Microsoft has announced the all new Compliance Manager public preview.I had already seen Compliance manager at quite a few Microsoft events, but now finally it is possible to play with the tools ourselves.
Do you want to try it too? You can get to the Compliance Manager by visiting the following link:
Once you have gone through the sign in screen and accepted the terms and conditions you can start playing around. Once you got to https://servicetrust.microsoft.com/ComplianceManager you will find the guided tour option:
Once done, you will get the Assessments for ISO 27001:2013 and GDPR presented to you:
As GDPR is really hot at the moment, I’m going to look at GDPR, but both compliance frameworks are from fairly similar form the Compliance Manager perspective.
First thing you will noticed is that the Customer Controls and and the Microsoft Controls give you an X of Y rating. This shows you how many of the checks (=controls) you have passed and how many you have not passed.
So I’m going to start opening up the GDPR assesment.
You will now see a few sections on your screen. The top section gives you the quick overview of the assessment, showing you that 60% has already been completed.
Then you will fine the Office 365- in-Scope Cloud Services
When you open this up you will find a full overview of the products that are included:
- Sharepoint Online
- Exchange Online
- Microsoft Booking
- Microsoft Graph API
- Microsoft Analytics
- Microsoft Planner
- Microsoft Stream
- Office Delve
- Office 365 Groups
- Office 365 Video
- Microsoft StaffHub
- Microsoft PowerApps
- Microsoft Teams
- Skype for Business
Then you get to the Microsoft Managed Controls. The Microsoft Managed Controls are the checks/assessments that Microsoft has already done for you. Simply because these are quite often down to getting things right in the hosted cloud environments of Microsoft’s Office 365.
So, we don’t need to worry about these?
Well not really, it as a compliance manager it might still be useful to understand which controls have been assessed. Even if it is just to help you understand all the requirements for GDPR. Looking under the blue More link you will find the further details.
If we now take a look at the Customer Controls:
This is where we can find all the things that you should complete. There are 47 controls ready for you to be completed. So better get on with it!
Are you worried about GDPR? Have a look at the GDPR Activity hub as well