New high score! Using Microsoft’s Compliance Score metric to understand and enhance compliance maturity
Microsoft Purview – Microsoft’s data governance and compliance toolset – covers a lot of ground from a lot of angles. Many of these would seem to be more IT-focussed, particularly as cyber security controls tend to overlap with the many requirements of global standards and privacy regulations. (Here’s looking at you, authentication, Identity management, Information protection and Data Loss Prevention). Others are firmly aimed at business users, helping compliance/risk/privacy professionals understand, assess, manage, monitor and report on compliance maturity.
The heart of this business-focussed element in Purview is arguably Compliance Manager. Its dashboards are specifically designed to enable compliance/risk professionals to:
· Assess and take inventory of the organisation’s people, process and technology controls
· Collaborate on and manage the complexities of control implementation
· Stay up to date on regulations and standards
· Monitor and Report on compliance progress
Needless to say, these are all invaluable business tools. If you ask us, however, the best part of Compliance Manager isn’t so much what it does as how it does it.
Introducing Compliance Score
The very first thing you’ll see when exploring Compliance Manager is a little something called your Compliance Score. Now, don’t be fooled into thinking this is some kind of gamification gimmick. Rather, this little metric is one of the best non-IT-focussed compliance tools we’ve ever seen, especially when it comes to motivating risk and compliance teams.
What is it, and what does it do?
The Compliance Score is essentially a measurement of your organisation’s current levels of compliance with basic standards and privacy regulations and, by extension, your compliance maturity. It’s calculated by assigning points (weighted by risk level) for the completion of improvement actions that align your compliance posture with applicable regulations, standards or policies.
(If you’ve only just started your compliance journey, your initial score will be based on the Microsoft 365 data protection baseline – a set of controls that includes key regulations and standards for general data protection and governance (Initially based on EU GDPR, NIST & ISO 27001).
The higher your Compliance Score, the further along you are in your compliance journey. But Compliance Manager’s scoring dashboard offers much more than just a gauge of current progress.
By offering a breakdown of score by compliance area, the dashboard makes it easy to see exactly where your controls are falling short. Better yet, it provides a list of suggested improvement actions for each area. These can be prioritised according to their potential impact on your overall Compliance Score (i.e. risk reduction potential), making it much easier to focus resources on areas with the highest risk-reducing impact.
Why we’re fans of Compliance Score
For us, the value of Compliance Manager’s Compliance Score is its ability to kickstart a compliance journey. It offers a quick and easy inroad into Purview’s compliance capabilities for non-IT users, and makes it easier to avoid decision paralysis with its clear, impact-focussed approach to risk improvement actions.
That said, this isn’t just a tool for beginning your compliance journey. By inputting and capturing evidence of people and processes controls in the platform, you can use Compliance Score to gain a much more complete picture of how your organisation is doing. More advanced/specialised templates can also be deployed and configured to keep even the most complex compliance journey or industry specific regulation on track and moving forward.
Compliance Manager and Compliance Score are powerful tools, but they cannot operate in a vacuum. The success of any compliance programme also relies on all stakeholders being engaged and on the same page. That kind of collaboration can be tricky when business and IT tend to speak very different languages with risk and compliance teams often sceptical of solutions that stem from the technology space.
Having a compliance partner (well-versed in both languages) to facilitate these conversations can make all the difference. Get in touch to find out more.
Interested in finding out more about Microsoft Compliance Manager?
Download our free eBook here.