Simplify assessment of compliance risk and posture with actionable insights

Let’s look at some of the tools Microsoft 365 provides to assess and manage your compliance risk, and security posture.

Service Trust Portal

The Service Trust Portal (STP) provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. It also includes independent third-party audit reports of Microsoft's online services, and information about how our online services can help your organization maintain and track compliance with standards, laws, and regulations such as:

  • International Organization for Standardization (ISO).
  • Service Organization Controls (SOC).
  • National Institute of Standards and Technology (NIST)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • General Data Protection Regulation (GDPR)
  • Office 365 Auditing

The Service Trust Portal includes the following compliance tools:

  • Compliance Manager. your dashboard to standards, regulations, and assessments.
  • Trust documents. Audit reports, data protection info about how Microsoft operates Azure, Dynamics 365, and Office 365, Azure Security and Compliance Blueprint.
  • Regional Compliance. Regionally specific compliance information, often in the form of legal opinions that describe Microsoft cloud services in different countries, like Australia, Poland, or the UK.
  • Privacy. Information about the capabilities in Microsoft services that you can use to address specific GDPR requirements, as well as GDPR documentation.

You can access the Service Trust Portal by going to http://aka.ms/STP.

Here's an overview of the Service Trust Portal.

Compliance Manager

The Compliance Manager is a cross-Microsoft solution that helps meet complex compliance obligations, including:

  • GDPR
  • ISO 27001
  • ISO 27018
  • NIST 800-53
  • HIPAA

Compliance Manager provides three key capabilities:

  • Ongoing risk assessment. View a summary of your compliance posture against the data protection regulatory requirements that are relevant to your organization, in the context of using Microsoft cloud services. The dashboard provides you with your compliance score, which helps you make appropriate compliance decisions.
  • Actionable insights. Understand the responsibility that you and Microsoft share in meeting compliance standards. For components that Microsoft manages, you can see the control implementation and testing details, test date, and results. For components that you manage, you can see recommendations for appropriate actions and guidance on how to implement them.
  • Simplified compliance. Simplify processes to achieve compliance. It provides built-in collaboration tools that you can use to assign tasks to your teams. You can also generate audit-ready reports with links to the evidence you collected.

Compliance Manager The Compliance Manager Assessments page

Here's a video demo of Compliance Manager: