Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Solution Accelerators
Click to Rate and Give Feedback
TechNet
TechNet Library
 IT Compliance Management Guide
IT Compliance Management Guide

Published: October 29, 2008   |   Updated: November 9, 2009

 

What’s New

IT Compliance Management Series – now in Beta

The IT Compliance Management Series is intended for IT managers, professionals, and partners who must configure Microsoft products to address specific IT governance, risk management, and compliance (GRC) requirements. Successful implementation of the recommendations contained within this series will allow organizations to shift the enforcement and management of IT GRC requirements away from personnel and onto the underlying Microsoft technology.

The IT Compliance Management Guide, a part of the IT Compliance Management Series, will be updated in a forthcoming release. New extensions to the series are now available as Beta downloads. These guides, resources, and compliance baselines provide direction on how to enable Windows® 7, Windows Server® 2008, and Windows Server 2008 R2 to support your organization’s key IT GRC initiatives by taking advantage of features and technology inherent in the operating systems. Preview and provide feedback on these Beta releases.

Download This Solution Accelerator

Click here to download the IT Compliance Management Guide from the Microsoft Download Center.

About This Solution Accelerator

The IT Compliance Management Guide can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. This Accelerator enables a better understanding of how an IT GRC control framework can help you implement controls to address GRC requirements that apply to your organization. In addition, you can use its configuration guidance to help efficiently address your organization's GRC objectives. 

Dd206732.image1(en-us,TechNet.10).jpg

 

The IT Compliance Management Guide is a Microsoft Operations Framework (MOF) 4.0 companion guide that is based on the Regulatory Compliance Planning Guide. It addresses GRC authority document requirements.

The IT Compliance Management Resources workbook provides an extensive inventory of GRC–related configuration and management guidance organized by Microsoft products.

"This guide contains the information that will enable IT professionals to have an informed discussion with their GRC subject matter experts, including legal and audit personnel. The overview of the audit process and descriptions of general GRC terminology and control concepts will allow IT professionals to be an active participant in these discussions. The associated workbook provides a comprehensive list of Microsoft resources that address GRC planning and product configuration topics relevant to IT professionals.

As with any tool, the use of the information in this guide should be discussed with organizational GRC subject matter experts to determine how it fits within the organization’s overall efforts."

Grant Thornton LLP

Included in the Download

The IT Compliance Management Guide includes the following components:

  • IT Compliance Management Guide.docx. This guide will prepare you for a conversation with GRC subject matter experts such as attorneys, auditors, specialists, and consultants working for your organization. It introduces an approach based on Microsoft Operations Framework (MOF) 4.0 that can help you address compliance requirements as well as organization-wide governance initiatives.
  • IT Compliance Management Resources.xlsx. This Microsoft Excel workbook contains four worksheets. The Instructions worksheet provides reader instructions on the use of the tabs within this workbook. The GRC Control Objectives worksheet contains high-level objectives that are applicable to an IT department assigned GRC duties. The GRC Configuration Job Aids worksheet contains GRC objectives and associated Microsoft product configuration guidance to meet these objectives. The GRC Management Inventory worksheet contains GRC management guidance and additional product guidance for the management of a GRC solution.

In More Detail

The IT Compliance Management Guide is designed to help IT managers, business managers, Microsoft customers, and the ecosystem of Microsoft partners plan for and address specific IT compliance requirements that relate to applicable GRC authority documents. Such documents include regulations, publications from standards bodies and industry organizations, organizational policies, and agreements.

The goal is to shift the effort of GRC requirements enforcement and management to Microsoft products through the configuration of existing Microsoft product features and functions.

The IT Compliance Management Guide.docx file contains the following chapters:

  • Overview. This chapter introduces the guide, defines its audience, and provides business driver information. It also includes a "How to Use This Guide" section and a listing of contributors.
  • Chapter 1: GRC Authority Documents. This chapter provides a brief overview of the representative authority documents discussed in the guide.
  • Chapter 2: Using Controls for Compliance Management. This chapter provides information about different types of compliance management controls.
  • Chapter 3: Using an IT Framework for Compliance Management. This chapter discusses how IT frameworks address compliance objectives and the benefits that they provide.
  • Chapter 4: Using MOF for Compliance Management. This chapter provides information about using the MOF GRC SMFs for compliance management as well as an overview of the IT audit process.
  • Chapter 5: Microsoft Technology Solutions for Compliance Management. This chapter includes content to explain how to review each MOF SMF to process GRC authoritative documents, understand requirements, develop controls, implement configuration to enable controls, and manage their operation.

The IT Compliance Management Resources.xlsx file contains the following four worksheets:

  • Instructions. Includes usage instructions for both IT managers and IT professionals.
  • GRC Control Objectives. A filterable worksheet that provides mapping to the following headings.
    • MOF phase
    • MOF Services Management Function
    • IO Category
    • IO Capabilities
    • GRC Control Objectives
    • GRC Focus
    • SOX
    • GLBA
    • EUDPD
    • PCIDSS
    • ISO 27002
    • COBIT
    • GAPP
    • HIPAA
  • GRC Configuration Job Aids. A filterable worksheet that provides mapping to the following headings.
    • MOF Service Management Function
    • Product
    • GRC Target Objective(s)
    • GRC Prospective
    • Guidance Link
  • GRC Management Inventory. A filterable worksheet that provides mapping to the following headings.
    • Product Solution
    • Resource Title
    • Guidance Link

Related Resources

  • IT Compliance Management Series Beta. This series will help you implement controls to address IT GRC requirements within your organization. These guides and resources are designed to help configure Microsoft products to address specific IT compliance requirements for Windows® 7 and Windows Server® 2008, including updates for Windows Server 2008 R2.
  • Microsoft Operations Framework (MOF) 4.0. MOF 4.0 delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services for GRC activities.
  • Security Compliance Management Toolkit. This toolkit provides proven methods that your organization can use to effectively monitor the compliance state of recommended security baselines for Windows Vista, Windows XP Service Pack 2 (SP2), and Windows Server 2003 SP2.
  • Security Risk Management Guide. This guide helps customers plan, build, and maintain a successful security risk management program.

Community and Feedback

  • Subscribe to the Compliance Management Forum to join discussions and collaborate on GRC-related compliance management issues with your peers.
  • Subscribe to the Regulatory Compliance Blog to discuss current issues related to GRC at Microsoft.
  • If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).

About Solution Accelerators

Solution Accelerators are authoritative resources that help IT pros plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:

  • Communication and collaboration
  • Security, data protection, and recovery
  • Deployment
  • Operations and management

Download This Accelerator

Click here to download the IT Compliance Management Guide from the Microsoft Download Center.

 

© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker