Updated: Aug 10, 2020
A global enterprise has to be compliant with thousands of regulatory requirements impacting how they manage data and content. Some of the regulations are often very complex to understand, and it can be difficult to determine what you need to do to ensure compliance. It often ends up with analysis paralysis - or spending a fortune on lawyers and consultants.
Microsoft is working on introducing a Compliance Score tool that will help you simplify compliance and risks for Microsoft 365 and beyond. The tool will come with pre-configured templates for improving compliance with:
California Consumer Privacy Act (CCPA) (preview)
How does it work? Let me guide you through it based it my first impressions. When you login to the M365 Compliance Center, you can access a preview of the Compliance Score. This is your custom dashboard showing your current score, what needs attention, and guides you to take actions to improve your score and compliance with the above regulations. The Compliance Score is available for all M365 licenses, - you don´t need the E5 license to use it.
Microsoft has already a lot of data protection functionality enabled in your M365 tenant to protect your information. This provides you with an initial score, and you can then add assessments to improve your score and compliance. As an example, if you are in the financial services industry, you may to add the FFIEC assessment. If you operate in Europe, you may want to add the EU GDPR assessment.
Some of the key tools that you have available:
Assessments are guided templates with groupings of actions necessary to meet the requirements of one or more standards, regulations, or laws. As an example for the GDPR template, if you complete all actions within it, it helps you configure M365 in line with the GDPR requirements.
My impression is that E5 customers will be able create custom assessment, - either against internal policies or standards, or against industry-specific regulations.
Each assessment provides you with a list of actions to take to configure M365 to meet the requirements of one or more standards, regulations, or laws.
And for each action, you can assign responsibilities, set implementation status, test status, and test date. You can also filter the actions to better plan your work, e.g. first focus on retention labels, record, labels, and label policies to automate records management in SharePoint Online and Teams. You can also upload notes, test approvals and confirmations.
When starting an action, this will take you to the Compliance Center to make the required configurations. Please be aware that some of these actions may require the E5 or E5 Information Protection and Governance add-on license.
You can in the Solutions tab see M365 functionality that are available to protect and govern information. It shows you how they will impact your compliance score and how well you are using the available solutions.
The new Compliance Score tool will make it more a lot easier to ensure compliance.
It helps you understand the compliance requirements for new and complex regulations
It guides you implement M365 features for ensuring compliance
It ensures the implementation is done well with roles and responsibilities, testing, and documentation
It helps you maximize the value of our M365 investment
It helps you reduce risks and document your compliance efforts.
You will still need help determining how to best configure the different Office 365 Compliance features, e.g. set the right retention and disposition with record labels and label policies to automate records management with SharePoint Online. Feel free to contact us if you need help with this.