lunes, 24 de noviembre de 2008

IT Compliance Management Guide (Microsoft)

The IT Compliance Management Guide can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. This Accelerator helps you better understand how an IT management framework can help you implement controls to address GRC requirements that apply to your organization. In addition, you can use its configuration guidance to help efficiently address your organization's GRC objectives.

The guide introduces an approach based on Microsoft Operations Framework (MOF) 4.0. MOF provides an IT service life cycle process model that helps you address these compliance requirements as well as organization-wide governance initiatives.


The IT Compliance Management Guide is designed to help IT managers, business managers, Microsoft customers, and the ecosystem of Microsoft partners plan for and address specific IT compliance requirements that relate to applicable GRC authority documents. Such documents include regulations, publications from standards bodies and industry organizations, organizational policies, and agreements.

The goal is to shift the effort of GRC requirements enforcement and management to Microsoft products through the configuration of existing Microsoft product features and functions.

The IT Compliance Management Guide.docx
file contains the following chapters:
- Overview. This chapter introduces the guide, defines its audience, and provides business driver information. It also includes a "How to Use This Guide" section and a listing of contributors.
- Chapter 1: GRC Authority Documents. This chapter provides a brief overview of the representative authority documents discussed in the guide.
- Chapter 2: Using Controls for Compliance Management. This chapter provides information about different types of compliance management controls.
- Chapter 3: Using an IT Framework for Compliance Management. This chapter discusses how IT frameworks address compliance objectives and the benefits that they provide.
- Chapter 4: Using MOF for Compliance Management. This chapter provides information about using the MOF GRC SMFs for compliance management as well as an overview of the IT audit process.
- Chapter 5: Microsoft Technology Solutions for Compliance Management. This chapter includes content to explain how to review each MOF SMF to process GRC authoritative documents, understand requirements, develop controls, implement configuration to enable controls, and manage their operation.

The IT Compliance Management Resources.xlsx file contains the following four worksheets:
Instructions. Includes usage instructions for both IT managers and IT professionals.

- GRC Control Objectives. A filterable worksheet that provides mapping to the following headings.
  • . MOF phase
  • . MOF Services Management Function
  • . IO Category
  • . IO Capabilities
  • . GRC Control Objectives
  • . GRC Focus
  • . SOX
  • . GLBA
  • . EUDPD
  • . PCIDSS
  • . ISO 27002
  • . COBIT
  • . GAPP
  • . HIPAA

- GRC Configuration Job Aids. A filterable worksheet that provides mapping to the following headings.
. MOF Service Management Function
. Product
. GRC Target Objective(s)
. GRC Prospective
. Guidance Link

- GRC Management Inventory. A filterable worksheet that provides mapping to the following headings.
. Product Solution
. Resource Title
. Guidance Link


For the latest information, please see microsoft.com/technet/SolutionAccelerators

No hay comentarios: