How Microsoft Purview Compliance Manager Keeps Your Compliance Strategy on Track
As businesses are gathering more data than ever, their digital footprint is growing. It’s becoming more challenging to manage, organize, protect, and utilize the growing volume of data we collect. With new updates to data protection regulations every day, it’s difficult to track which regulations will affect your business and how to ensure you’re in compliance.
Microsoft is simplifying the data governance process with Microsoft Purview. This is a set of solutions that provides your business with the ability to govern, protect, and manage your entire data estate from one, single dashboard.
In this blog, we’ll focus on Microsoft Purview Compliance Manager, which is a feature within the Microsoft Purview compliance portal.
Microsoft Purview Compliance Manager
Microsoft Purview Compliance Manager is a dashboard page with Microsoft Purview that provides your current compliance score so you can see where you stand, what needs attention, and how to address those items with guided improvement actions.
Here is an example of a Compliance Manager dashboard:
Compliance Manager simplifies the data governance process with:
- Pre-built assessments for common industry and regional standards and regulations or custom assessments for those with more unique compliance needs
- A single tool for completing your risk assessments more efficiently
- Guidance on suggested improvement actions to help you stay in compliance with the relevant standards and regulations for your individual organization
- A compliance score that helps you measure your current posture
This compliance score helps your business understand what needs attention and how to address those areas that need improvement.
Understanding Your Compliance Score
Initially, you’re given a score based on your Microsoft 365 data protection baseline, which is a set of controls that includes key regulations and standards for data protection and general data governance. This is drawn from NIST CSF, ISO, FedRAMP, and GDPR.
Your overall compliance score will be determined by regulation, standard, or policy improvement actions items that have been completed. Depending on the risk involved, each action item will have a different impact on your compliance score. This will help your business prioritize which action items are the most critical and will improve your position overall.
A score value is assigned at three levels:
- Improvement action score: Each improvement action has a different impact on your compliance score, depending on the level of risk involved
- Control score: This is the sum of points earned by completing improvement actions and your implementation status equals “implemented” or “alternative implemented” and any tests have been passed
- Assessment score: This is the sum of your control scores and is calculated using action scores
Compliance Manager will automatically update your dashboard and compliance score within 24 hours of a change being made (such as completing an improvement action).
There are three types of improvement actions, some of which are mandatory, and others will be discretionary:
- Preventative actions: These address specific risks to prevent attacks and breaches
- Detective actions: These monitor your systems to identify irregular conditions or behavior that may signal intrusions or breaches
- Corrective actions: These actions reduce the immediate effects of a security incident
These improvement actions provide recommended guidance to help you consistently align with the changing data protection regulations and standards.
Microsoft Purview Data Map
The Microsoft Purview Data Map provides the foundation for data discovery and data governance. There are two components to the Microsoft Purview Data Map: metadata storage and operation throughput.
Operations are the throughput measure of the Microsoft Purview Data Map, including Create, Read, Write, Update, and Delete on metadata stored within the Data Map.
Storage includes the following types of metadata:
- Technical Metadata: Schema, data type, columns, etc.
- Business Metadata: Automated and manual tagging of descriptions, glossary terms, etc.
- Operational Metadata: Data factory copy and data flow activity run status, and runs time
- Semantic Metadata: Collection mapping to data sources or classifications
All Microsoft Purview accounts start with one capacity unit and elastically grow based on usage.
Next Steps: Take Control of Your Data Governance and Compliance
Staying compliant with the constant rotation of data regulations can be an enormous challenge for businesses of every size and industry. Microsoft Purview Compliance Manager provides your business with the ability to manage your compliance requirements in a simpler and more streamlined manner.
Understanding your compliance score, you can take advantage of this broad view of your data governance and act quickly to make any necessary improvements.
If your business could benefit from a more efficient approach to data governance and compliance, contact your Arraya expert to learn more about Microsoft Purview.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.