Compliance Manager templates list

In this article: View the comprehensive list of templates available for creating assessments in Compliance Manager.

Important

The assessment templates that are available to your organization depends on your licensing agreement. Review the details.

Overview

Microsoft Compliance Manager provides a comprehensive set of templates for creating assessments. These templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.

Templates are added to Compliance Manager as new laws and regulations are enacted. Compliance Manager updates its templates when the underlying laws or regulations change. Learn more about how review and accept updates.

View detailed guidance on working with templates to create your assessments.

List of templates and where to find them

Below is the complete list of templates in Compliance Manager. Each template details page provides information about the regulation or standard to which it applies. The links in the template names below take you to related documentation about that standard, regulation, or law.

Where to find your templates

In Compliance Manager, go to your Assessment templates page. You'll see a list of all the templates available to your organization.

  • Included templates are templates included as part of your organization's licensing agreement.
  • Premium templates displays additional templates your organization may choose to obtain (refer to the service terms).

Read more about how to view and manage your templates.

Included templates

Premium templates

  • AICPA/CICA Generally Accepted Privacy Principles (GAPP) (Microsoft 365)
  • Alabama - Policy 621: Data Breach Notification (Microsoft 365)
  • Alaska - Chapter 48 - Personal Information Protection Act (Microsoft 365)
  • Albania - The Law on the Protection of Personal Data No. 9887
  • Antigua and Barbuda-Data Protection Act /2013(Microsoft 365)
  • Argentina - Personal Data Protection Act 25.326 (Microsoft 365)
  • Arkansas - Personal Information Protection Act (Microsoft 365)
  • Asia Pacific Economic Cooperation (APEC) Privacy Framework
  • Australia - Spam Act 2003 (Microsoft 365)
  • Australian Energy Sector Cyber Security Framework (AESCSF) (Microsoft 365)
  • Australian Information Security Registered Assessor Program (IRAP) Version 2 (Microsoft 365)
  • Australian Prudential Regulation Authority CPS (Microsoft 365)
  • Austrian Telecommunications Act 2003 (Microsoft 365)
  • Barbados - Data Protection Bill 2019 (Microsoft 365)
  • Belgium NBB Dec 2015 (Microsoft 365)
  • Bermuda - Electronic Transaction Act (Microsoft 365)
  • Brazil - Consumer Protection Code Law No. 8078 (Office 365)
  • Brazil - General Data Protection Law (LGPD) (Microsoft 365)
  • California - Civil Code Section 1798
  • California - Database Breach Act (California SB 1386)
  • California - Education Code-EDC, Title 3, Division 14, Part 65, Chapter 2.5- Social Media Privacy
  • California Consumer Privacy Act (CCPA) (Microsoft 365)
  • Canada - Breach of Security Safeguards Regulations (Microsoft 365)
  • Canada - British Columbia - Information Privacy & Security - FOIPPA (Microsoft 365)
  • Canada - Office of the Superintendent of Financial Institutions (Microsoft 365)
  • Canada - Personal Health Information Protection Act (PHIPA) (Microsoft 365)
  • Canada - Personal Information Protection and Electronic Documents Act (PIPEDA) (Microsoft 365)
  • Canada Cybersecure (Microsoft 365)
  • CAN-SPAM Act (Microsoft 365)
  • CDSA Content Protection & Security Standard (Microsoft 365)
  • CFR - Code of Federal Regulations Title 21 (Microsoft 365)
  • Children's Online Privacy Protection Rule (COPPA) (Microsoft 365)
  • China - Personal Information Security Specification (Microsoft 365)
  • CIS Implementation Group 1, Group 2, Group 3
  • Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
  • CMMC Level 1, Level 2, Level 3, Level 4, Level 5 (Microsoft 365)
  • COBIT 5 (Microsoft 365)
  • Colombia - External Circular Letter 007 of 2018 (Microsoft 365)
  • Colombia - Law 1581/2012 (Microsoft 365)
  • Computer Fraud and Abuse Act (CFAA) (Microsoft 365)
  • Connecticut General Statutes - General Provisions for state contractors who receive confidential information (Microsoft 365)
  • Consumer Personal Information Security Breach Notification Act (Microsoft 365)
  • Criminal Justice Information Services (CJIS) Security Policy (Microsoft 365)
  • Croatia - Personal Data Protection Act (Microsoft 365)
  • Cybersecurity Law of the People's Republic of China (Microsoft 365)
  • Czech - Act No. 110/2019 Coll. on Personal Data Processing - 2019 (Microsoft 365)
  • DFARS (Microsoft 365)
  • Directive 2013/40/EU Of The European Parliament And Of The Council (Microsoft 365)
  • Dubai - Health Data Protection Regulation (Microsoft 365)
  • Dubai Consumer Protection Regulations (Telecommunications Regulatory Authority)(Microsoft 365)
  • Dubai ISR (Microsoft 365)
  • Electronic Code of Federal Regulations - Part 748.0 and Appendix A (Microsoft 365)
  • Estonia - Personal Data Protection Act (Microsoft 365)
  • Estonia - The system of security measures for information systems (Microsoft 365)
  • EU - ePrivacy Directive 2002 58 EC (Microsoft 365)
  • FDIC Privacy Rules (Microsoft 365)
  • Federal Financial Institutions Examination Council (FFIEC) Information Security Booklet (Microsoft 365, Intune)
  • FedRamp High Security Controls (Office 365)
  • FedRamp High Security Controls_NIST 800-53 (Microsoft 365)
  • FedRAMP Moderate
  • Finnish Criteria for Assessment of Information Security of Cloud Services (Microsoft 365)
  • France - Act 78-17 Of 6 January 1978 On Information Technology, Data Files and Civil Liberties (Microsoft 365)
  • Freedom of Information Act (FOIA) (Microsoft 365)
  • FTC Privacy of Consumer Financial Information (Microsoft 365)
  • Generally Accepted Recordkeeping Principles (Microsoft 365)
  • Germany - Cloud Computing Compliance Controls Catalog (C5) (Microsoft 365)
  • Germany - Federal Data Protection Act (Microsoft 365)
  • Gramm-Leach-Bliley Act, Title V, Subtitle A, Financial Privacy (Microsoft 365)
  • Greece - Law 2472/1997 on the Protection of individuals with regard to the processing of personal data (Microsoft 365)
  • Hawaii - Security Breach of Personal Information Chapter 487N
  • HIPAA/HITECH (Microsoft 365, Intune)
  • HITRUST (Microsoft 365)
  • Hong Kong - Personal Data (Privacy) Ordinance (Microsoft 365)
  • Indonesia - Law 11/2008 (Microsoft 365)
  • Indonesia - Peraturan Pemerintah No.82 Tahun 2012 - Government Regulation - Data Protection Regulation (Microsoft 365)
  • IRS-P1075 (Microsoft 365)
  • ISO 27017:2015 (Microsoft 365)
  • ISO/IEC 27018:2014
  • Israel - Privacy Protection (Transfer of Data to Databases Abroad) Regulations (Microsoft 365)
  • ITU X.1052 Information Security Management Framework (Microsoft 365)
  • Japan - Act on Prohibition of Unauthorized Computer Access (Microsoft 365)
  • Japan Privacy Mark
  • Japanese Act on the Protection of Personal Information (Law No. 57 of 2003) (Microsoft 365)
  • Joint Commission AHO Information Management Standard (Microsoft 365)
  • Kenya Data Protection Act (Microsoft 365)
  • Korea - The Act on Promotion of Information and Communications Network Utilization and Data - Protection (Microsoft 365)
  • Korea Personal Information Protection Act (Microsoft 365)
  • Kuwait - CSF (Microsoft 365)
  • Luxembourg Act (Microsoft 365)
  • Maine - Act to Protect the Privacy of Online Consumer Information
  • Maine - Notice of Risk to Personal Data (Microsoft 365)
  • Malaysia - Personal Data Protection Act (PDPA) (Microsoft 365)
  • Malaysia Risk Management in Technology (RMiT) (Microsoft 365)
  • Massachusetts - 201 CMR 17.00: Standards For The Protection Of Personal Information Of - Residents Of The Commonwealth (Microsoft 365)
  • Mauritius Data Protection Act 2004 (Microsoft 365)
  • Mexico - Federal Consumer Protection Law (Microsoft 365)
  • Mexico Federal Data Protection Law (Microsoft 365)
  • Motion Picture Association (MPA) Content Security Best Practices (Microsoft 365)
  • NAIC - Standards for Safeguarding Customer Information Model Regulation MDL-673 (Microsoft 365)
  • Nepal - Right to Information Act
  • NERC CIP (Microsoft 365)
  • Netherlands - Personal Data Protection Act / 1999 (Microsoft 365)
  • Nevada Chapter 603A - Security and Privacy of Personal Information (Microsoft 365)
  • New Zealand Health Data Retention Policy (Office 365)
  • New Zealand Health Information Privacy Code 1994 (Microsoft 365)
  • New Zealand Health Information Security Framework (HISF) -2015 (Microsoft 365)
  • New Zealand Privacy Act (Microsoft 365)
  • New Zealand Telecommunications Information Privacy Code 2003
  • Nigeria Data Protection Regulation (Microsoft 365)
  • NIST 800-37 (Microsoft 365)
  • NIST 800-53
  • NIST 800-63 Digital Identity Guidelines (Microsoft 365)
  • NIST 800-171 (Microsoft 365)
  • NIST CSF (Microsoft 365)
  • NIST Privacy Framework
  • NIST Special Publication 800-128 (Microsoft 365)
  • Norway - Personal Data Act (Microsoft 365)
  • NYDFS (Microsoft 365)
  • Oman - Electronic Transactions Law (Microsoft 365)
  • OWASP ProActive Controls for Developers 2018 v3.0 (Microsoft 365)
  • Pakistan Electronic Data Protection Act 2005 -Draft (Microsoft 365)
  • PCI DSS v3.2.1 (Microsoft 365)
  • Peruvian Legislation Law 29733 Law of Data Privacy Protection
  • Philippines BSP Information Security Management Guidelines (Microsoft 365)
  • Philippines Data Privacy Act of 2012 (Microsoft 365)
  • Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017 (Microsoft 365)
  • Puerto Rico - Citizen Information on Data Banks Security Act (Microsoft 365)
  • Qatar Cloud Security Policy
  • Republic of Moldova Law on Personal Data Protection (Microsoft 365)
  • Reserve Bank of India Cyber Security Framework (Microsoft 365)
  • Russian Federation Federal Law Regarding Personal Data (Microsoft 365)
  • SEC 17-4(a) (Microsoft 365)
  • SIG (Microsoft 365)
  • Singapore - Banking Act (Cap.19)
  • Singapore - IMDA IoT Cyber Security Guide (Microsoft 365)
  • Singapore - Monetary Authority of Singapore Technology Risk Management Framework (Microsoft 365)
  • Singapore - Multi-Tier Cloud Security (MTCS) Standard (Microsoft 365)
  • Singapore - Outsourced Service Provider Audit Report (OSPAR) (Microsoft 365)
  • Singapore - Personal Data Protection Act / 2012 (Microsoft 365)
  • Singapore Spam Control Act (Microsoft 365)
  • SOC 1 (Microsoft 365)
  • SOC 2 (Microsoft 365)
  • South Africa Consumer Protection ACT 68 2008 (Microsoft 365)
  • South Africa Consumer Protection ACT 68 2008 (Microsoft 365)
  • South Africa Electronic Communications and Transactions Act, 2002 (Microsoft 365)
  • South African POPIA (Microsoft 365)
  • SWIFT Customer Security Controls (Microsoft 365)
  • Switzerland - Federal Act on Data Protection (FADP) (Microsoft 365)
  • Taiwan - Implementation Rules for the Internal Audit and Internal Control System of Electronic Payment Institutions - 2015 (Microsoft 365)
  • Taiwan - Regulations Governing Approval and Administration of Financial Information Service Enterprises Engaging in Interbank Funds Transfer and Settlement (Microsoft 365)
  • Taiwan - Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions (Microsoft 365)
  • Taiwan- Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries (Microsoft 365)
  • Taiwan Personal Data Protection Act (PDPA) (Microsoft 365)
  • Texas - Identity Theft Enforcement and Protection Act (Microsoft 365)
  • Thailand PDPA (Microsoft 365)
  • Trade Secrets Act of The Republic of China (Microsoft 365)
  • Trinidad and Tobago Data Protection (Act 13 of 2011) (Microsoft 365)
  • Trusted Information Security Assessment Exchange
  • Turkey - KVKK Protection of Personal Data 6698 (Microsoft 365)
  • UK - The Offshore Petroleum Activities Regulations / 2011 (Microsoft 365)
  • UK Cyber Essentials (Microsoft 365)
  • UK- Cyber Security for Defense Suppliers Standard (Microsoft 365)
  • UK Privacy and Electronic Communications (Microsoft 365)
  • Ukraine - Protection of Personal Data Law (Microsoft 365)
  • US - Federal Information Security Modernization Act of 2014 (FISMA) (Microsoft 365)
  • US FERPA (Microsoft 365)
  • US-Cloud Act (Microsoft 365)
  • Utah Consumer Credit Protection Act (Microsoft 365)
  • Vietnam - Consumer Rights Protection Law (Microsoft 365)
  • Vietnam - Law on Information Technology (Microsoft 365)