Gen AI in Business - Global Trends Report 2024.pdf
O365Con18 - Compliance Manager - Tomislav Lulic
1.
2. Compliance Manager
How to improve processes with workflow-based risk assesment
tool
Tomislav Lulić
ECS - Eurocomputer Systems
3.
4. Building a trusted cloud
“Businesses and users are going to embrace
technology only if they can trust it.”
—Satya Nadella
At Microsoft, we do not take your trust for granted
• We are serious about our commitment to protect
customers in a cloud-first world
• We live by standards and practices designed to earn your
confidence
• We work across industries and with regulators to build
trust in the cloud ecosystem
4
6. About… Office Apps & Services
[Office 365]
More than 20 years in IT
• Various industries (Logistics, Steel, Food, Pharmaceutics)
Cloud, private Cloud, On-Premise infrastructure
• Software Asset Management and lifecycle
ISO 27001/ISO 20000 auditor
Microsoft Community in Croatia
• Microsoft EDU ITPro group
• Microsoft ITPro group
9. What is Compliance Score?
• Key component (measure)
• Each control that is marked as
implemented and tested brings
points
• Allows companies to understand
and manage compliances
• Higher number is better, shows
better compliance
13. Which products are covered?
• Office 365:
• Detailed information about Microsoft’s internal
controls for and recommended customer actions for
GDPR, ISO 27001, ISO 27018, NIST 800- 53, NIST 800-
171, and HIPAA
• Azure:
• Detailed information about Microsoft’s internal
controls for ISO 27001 and ISO 27018
• Dynamics 365:
• Detailed information about Microsoft’s internal
controls for NIST 800- 53; recommended customer
actions for partial GDPR controls managed by
organizations
14. Unavailable locations for Compliance Manager
• 21Vianet
• Office 365 Germany
• Office 365 U.S. Government Community High (GCC High)
• Office 365 Department of Defense
16. Compliance Manager
Manage your compliance from one place
Ongoing risk assessment
An intelligent score reflects your compliance
posture against regulations or standards
Simplified compliance
Streamlined workflow across teams and
richly detailed reports for auditing
preparation
Actionable insights
Recommended actions to improve your data
protection capabilities
17. Compliance Manager
Manage your compliance in one place
View your compliance posture against
evolving regulations in real-time
Take recommended actions to improve
your data protection capabilities
Conduct pre-audits to prepare for
external audits
19. Assessments in Compliance Manager
Example of managed
controls:
• A – Regulations
• B – Compliance score
• C – Implementation status
• D – detailed informations
20. Risk-based scoring methodology - Score?
The scoring system used
by Compliance Score is
based on several key
factors, such as:
• The essence of the control
• The level of risk of the control
based on the kinds of threats
• The external drivers for the
control
Password policy
Computer lock
22. Guest Reader Contributor Assessor Administrator Portal Admin
Read info provided by MS
Users can only read information provided
by Microsoft, no tenant-specific info
Read data
Users can read but not edit data.
Edit data
Users can edit all fields, except the Test
Result and Test Date fields.
Edit test results
Users can edit the Test Result and Test
Date fields.
Manage assessments
Users can create, archive, and delete
Assessments.
Manage users
Users can add other users in their
organization to the Reader, Contributor,
Assessor, and Administrator roles.
Role-Based user management