Compliance Best Practices


In the Solution Accelerators – Security and Compliance (SA-SC) team our intention is to provide customers with the ability to easily adopt Microsoft technologies to create solutions. The idea might sound like a marketing ploy, but the truth is that we DO work hard to make Act Faster, Go Further a meaningful slogan.


Over the past several months this blog has spent time discussing new accelerators that our team has released, but very little time has been spent looking inside the group and its activities.


As a new Product Manager for SA-SC I want to enhance this blog, and provide an ongoing look inside our efforts. I want to give you a chance to see how we work within Microsoft to help our technology become easier to adopt. To start with, I want to talk about some of the work being done by our Compliance project team and their efforts to bridge the gap between technology and compliance.



Compliance Ready Customer-Driven Products


Compliance is a remarkably complex problem for many organizations. Before you can figure out how you can comply with a regulation such as HIPAA, SOX, or PCI-DSS, you need to be able to know what you're trying to secure and why.


The Compliance team has been working diligently to put a face on the many compliance mechanisms.



Compliance Best Practices


One idea that has been getting attention in SAT is the idea of easy-to-use Compliance Best Practices, or CBPs. So the next question worth asking is what are CBPs?


CBPs are " Recommended tasks to help organizations comply with regulations and legislation such as SOX and PCI. IT Pros can create checklists of best practices to help prepare representative data about compliance for auditors, which can help reduce the risk of audit failure. Such best practices are recommended by oversight organizations such as the American Institute of Certified Public Accountants (AICPA) and the International Organization for Standardization (developer of the ISO 27000 standard)."


I look forward to sharing more information about CBPs and plan to provide an analysis of one as it becomes available in the near future. The current challenge involves creating a feedback loop—that is, figuring out the best way to ensure that best practice guidance becomes best practice.