Checking for compliance

We talk a lot about compliance at Microsoft,  We throw acronyms at you like SOX, and HIPAA and expect you to nod knowledgeably about how your company is complying with the compliance regulations.  But you may not be.  You may not be all that up to speed on what you need to do to comply with all of these compliance rules.  Well, here’s a collection of documents to get you started on the road to compliance and what you need to do.  Its not as fierce or scary as you may think it is…
IT Audit Process 
By Bill Canning, Program Manager, Microsoft Corporation Audits are a critical component of the regulatory compliance process. Understanding how the audit process works and how auditors operate is important because it informs IT managers how to establish an environment that is compliant and easy to audit. This tip focuses on how auditors conduct the IT audit process.

Regulatory Compliance Planning Guide 
The Regulatory Compliance Planning Guide is designed to help IT managers and Microsoft customers meet specific IT compliance obligations that directly relate to major regulations and standards. The guide introduces a framework-based approach that you can use as part of your efforts to comply with these regulations and standards. The guide also describes Microsoft products and technology solutions that you can use to implement a series of IT controls to help meet your regulatory obligations.

Regulatory Compliance Demystified: An Introduction to Compliance for Developers
For a developer, understanding the issues around regulatory compliance can be a difficult and frustrating endeavour. This article makes sense of regulatory compliance from a developer’s point of view. It examines Sarbanes-Oxley, HIPAA, and other regulations, and covers the most important best practices that are common across multiple pieces of legislation.

Regulatory Compliance and Security Updates
Learn why organisations can and should bring their security and management teams into the process of building policies and procedures to support their regulatory compliance and provide system administrators with the flexibility necessary to meet threats as they arise.

Creating a Systemized Approach to Regulatory Compliance at Microsoft
The purpose of this white paper is to share some of the processes and tools that the Microsoft IT group currently uses to systematize the approach of supporting regulatory compliance activities at Microsoft.

A great start – all in one place…