Describe the compliance management capabilities in Microsoft Purview Flashcards

1
Q

Microsoft Purview - Compliance Portal

A

The Microsoft Purview compliance portal brings together all of the tools and data that are needed to help understand and manage an organization’s compliance needs.

The compliance portal is available to customers with a Microsoft 365 SKU with one of the following roles: Global administrator, Compliance administrator. Compliance data administrator.

The default compliance portal home page contains several cards including:

-The Compliance Manager card: Helps your org simplify compliance and reduce risks around data protection and regulatory standards. Detailed insights about your compliance, improvement actions, and more.

–The Classification panel helps you get insights on the data across your organization through features like sensitive information types, classifiers, and more.

-The Solution catalog card: Links to collections of integrated solutions to help you manage end-to-end compliance scenarios. (Information protectionn & Governance, Privacy, Insider risk management, Discovery & Response)

-The Active alerts card includes a summary of the most active alerts and a link where admins can view more detailed information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Compliance Manager

A

Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal that helps admins to manage an organization’s compliance requirements with greater ease and convenience.

Helps simplify compliance and reduce risk by providing:

-Prebuilt assessments based on common regional and industry regulations and standards. Admins can also use custom assessment.
-Workflow capabilities.
-Step-by-step improvement actions
-Compliance score which helps an organization understand its overall compliance posture.

As admins use Compliance Manager to assign, test, and monitor compliance activities, it’s helpful to have a basic understanding of the key elements:

-A control is a requirement of a regulation, standard, or policy. It defines how to assess and manage system configuration, organizational process, and people responsible for meeting a specific requirement. (Microsoft-managed controls, Your controls, Shared controls)

-An assessment is a grouping of controls from a specific regulation, standard, or policy. Completing the actions within an assessment helps to meet the requirements of a standard, regulation, or law.

-A Templates helps admins to quickly create assessments.

-An Improvement actions help centralize compliance activities. Can be assigned to users in the organization to do implementation and testing work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Benefits of Compliance Manager

A

-Translating complicated regulations, standards, company policies, or other control frameworks into a simple language.

-Providing access to a large variety of out-of-the-box assessments and custom assessments to help organizations with their unique compliance needs.

-Mapping regulatory controls against recommended improvement actions.

-Providing step-by-step guidance on how to implement the solutions to meet regulatory requirements.

-Helping admins and users to prioritize actions that will have the highest impact on their organizational compliance by associating a score with each action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Use and Benefits of Compliance Score

A

Compliance score measures progress in completing recommended improvement actions within controls. The score can help an organization to understand its current compliance posture. It also helps organizations to prioritize actions based on their potential to reduce risk.

-The overall compliance score is calculated using scores that are assigned to actions. Actions come in two types: Your improved actions and Microsoft actions.

-Actions are categorized as mandatory, discretionary, preventative, detective, or corrective

Actions are categorized as mandatory, discretionary, preventative, detective, or corrective:

-Preventative actions are designed to handle specific risks, like using encryption to protect data at rest if there were breaches or attacks.
-Detective actions actively monitor systems to identify irregularities that could represent risks
-Corrective actions help admins to minimize the adverse effects of security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between Compliance Manager and compliance score?

A

Compliance Manager is an end-to-end solution in the Microsoft Purview compliance portal to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

-The compliance score is available through Compliance Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly