Cloud migration offers a host of benefits for organizations, particularly in an increasingly mobile landscape. However, the hybrid cloud environment brings added compliance risk. Previously, Microsoft offered a compliance program just for the financial services industry. In the past year, they expanded the Compliance Program for Microsoft Cloud to help customers in all industries.
The Compliance Program offers personalized, subscription-based regulatory guidance for customers across the spectrum. This includes assistance with navigating the complexity involved in onboarding to any Microsoft Cloud. It also includes ongoing expert advice and community connections to assist with maintaining compliance and addressing cloud security.
The program includes four primary features, described below:
- Ask an expert
- Risk and control mapping
- Compliance community
- Proactive risk assurance
Ask an Expert
In certain highly regulated industries, organizations may be required to complete risk assessments and obtain board-level approval before using third-party cloud services. One-on-one access to Microsoft experts can help clear roadblocks and accelerate the assessment and approval process.
The first feature of the Compliance Program gives risk stakeholders such as CISOs or compliance and privacy officers direct, personalized access to Microsoft compliance experts. These Microsoft cloud service engineers and compliance experts provide critical insight into the capabilities and risks of Microsoft cloud services.
Risk and Control Mapping
Part of the cloud services approval process involves completing complex risk assessment questionnaires. A second feature of the Compliance Program provides support from Microsoft experts in completing these questionnaires.
Compliance is not a “one and done” activity. Regulations continually evolve, as does the cyber landscape. To maintain compliance, organizations must stay on top of these changes. Engaging with a community of industry peers, external regulators and Microsoft experts delivers critical information on emerging regulatory developments.
The Compliance Program includes access to dedicated webcasts and round table discussions focused on specific industries. Additionally, program members benefit from an annual Compliance Summit and bi-monthly “office hours” centered on topics of more general compliance interest.
Proactive Risk Assurance
The 2021 Cost of Compliance Report by Thompson Reuters indicated a global average of 257 regulatory updates every day. Keeping track of nearly 100,000 regulatory changes annually makes the already difficult task of managing compliance risk even harder.
The Compliance Program allows organizations to address regulatory challenges proactively. In addition to timely communication of external audit results, Microsoft and industry experts keep customers abreast of upcoming regulatory changes. They also detail updates to Microsoft Cloud features that may impact compliance risk.
Additional Microsoft Compliance Tools
In addition to the Compliance Program, and in response to an increasingly complicated regulatory landscape, Microsoft has increased their focus on developing compliance tools. To that end, the new Microsoft Purview suite delivers a unified information governance and compliance solution for Microsoft 365.
For instance, the Microsoft Purview Compliance Manager provides a centralized dashboard to track risk level and measure compliance progress. A combination of built-in and customizable alerts keeps companies on top of malware activity, possible permissions abuse and other potential threats.
Another key aspect of Microsoft Purview supports compliance by allowing organizations to monitor and govern protected data by applying sensitivity labels. Similarly, companies can apply retention labels or policies to both specific files and entire folders, thus ensuring mandated data retention.
Accessing the Compliance Program for Microsoft Cloud
The compliance program for Microsoft Cloud is a fee-based service available to organizations with Microsoft 365 and Office 365 licenses. For information on how to access this service, contact a Microsoft partner such as Messaging Architects. Our compliance consultants can also assist you with implementing Microsoft Purview and other essential compliance tools.