Compliance Manager Assessments

Build compliance assessments, assign improvement actions, manage evidence, and improve your risk-based compliance score with an auditable operating model.

Microsoft Purview Compliance Manager helps organisations assess and manage compliance by providing pre-built assessments for common standards and regulations, workflow capabilities to complete risk assessments, and step-by-step guidance for improvement actions. It combines your progress into a risk-based compliance score so you can prioritise work based on risk and demonstrate progress to stakeholders and auditors.
LW IT Solutions implements Compliance Manager as a practical compliance operating system. We configure assessments and regulatory templates that match your scope, clarify ownership of customer-managed and shared controls, and convert improvement actions into a realistic delivery backlog. We also establish evidence and testing workflows (manual or automated where supported), assign actions to owners, and set up reporting so Compliance Manager becomes a living programme rather than a static report.

Talk through your requirements and leave with a clear next-step plan.

Book a discovery call

Service Overview

Highlights

  • Compliance Manager readiness: roles, permissions, stakeholder model, and assessment strategy
  • Assessment creation and tailoring using Microsoft’s pre-built assessments and regulatory templates (and custom assessments where required)
  • Baseline and gap analysis: interpret the Microsoft 365 data protection baseline and identify priority improvements
  • Improvement action workflow: assign owners, define testing approach, capture evidence, and track status consistently
  • Scoring and prioritisation: use risk-based scoring to prioritise improvements and create an actionable roadmap
  • Evidence management: standardise evidence capture (documents, screenshots, exports), storage, and audit trails
  • Automated testing configuration where supported; manual testing and evidence where required
  • Reporting: executive summary, audit-ready status, and a delivery backlog aligned to your operating cadence

Business Benefits

  • Accelerate compliance progress by turning requirements into a structured backlog with clear owners and evidence expectations
  • Improve audit readiness with consistent documentation, testing status, and evidence handling
  • Prioritise effort using a risk-based compliance score rather than treating all controls equally
  • Reduce duplicated work by linking improvement actions to real technical implementation activities in Microsoft 365

Typical use cases

  • Establish a compliance programme for standards such as ISO 27001, GDPR, or industry frameworks using built-in templates
  • Evidence compliance controls consistently for auditors and internal governance
  • Create a measurable compliance score and structured roadmap to guide improvements over time
  • Align compliance actions with real configuration work (Purview, Defender, Entra, Intune, etc.)
  • Migrate existing compliance work into Compliance Manager and centralise evidence and tracking

Objectives & deliverables

What Success Looks Like

  • A set of relevant assessments that reflect your organisation’s compliance obligations and scope
  • A prioritised improvement action backlog with owners, testing method, and evidence requirements
  • An operational cadence for maintaining compliance posture and reporting progress

What You Get

  • Assessment plan (which regulations/standards, scope assumptions, and governance model)
  • Configured assessments and templates relevant to your organisation (including tailored/custom assessments where required)
  • Improvement action backlog with owner assignments, target dates, and testing approach
  • Evidence pack structure (evidence requirements, storage, and how evidence is referenced for audits)
  • Executive reporting pack (score drivers, top risks, quick wins, and a delivery roadmap)
  • Operational runbooks and handover

How It Works

  1. Discovery and scoping - identify required standards/regulations, organisational scope, in-scope services, and stakeholder ownership.
  2. Assessment build - configure baseline and relevant assessments; tailor scope assumptions and define control ownership (customer, shared, Microsoft-managed).
  3. Gap and prioritisation - review improvement actions, map to technical/operational work, and prioritise using risk-based scoring.
  4. Workflow and evidence - define testing approach (manual/automatic where supported), create evidence templates, assign owners, and establish tracking discipline.
  5. Operationalise - set governance cadence, reporting, and an execution roadmap aligned to your delivery plan.

Engagement Options

  • Compliance Manager Quickstart - create key assessments and produce a prioritised improvement action backlog
  • Assessment Build-out - expand to additional regulations/standards and implement evidence workflows
  • Audit Readiness Programme - establish a full compliance operating model with reporting and evidence handling
  • Operate - ongoing management of assessments, evidence, scoring improvements, and delivery alignment

Additional Information

Prerequisites & licensing

Available assessments, regulatory templates, and certain premium capabilities vary based on licensing. Compliance Manager also supports multicloud use cases, and can include non-Microsoft services depending on available connectors and configuration. We confirm what is available in your tenant and design an approach that fits your obligations and maturity.
  • Confirm which regulations/standards you need to cover and the scope of in-scope services.
  • Define stakeholder ownership model for customer-managed and shared controls.
  • Decide evidence storage approach and how evidence is referenced for audit readiness.

Security & Compliance Notes

  • Microsoft describes Compliance Manager as using controls, assessments, regulations, and improvement actions as core objects.
  • Improvement actions can be technical or nontechnical (documentation/operational), and can store evidence and status.
  • Microsoft provides a risk-based compliance score based on completion of improvement actions, intended to help prioritise based on risk.
  • Certain improvement actions can be automatically tested; others require manual testing and evidence.

Common Bundles

Customers who use this service often bundle with these services

Information Protection & Sensitivity Labels
Design and deploy Microsoft Purview sensitivity labels to classify data, apply protection controls, and support safer collaboration across Microsoft 365.

Data Loss Prevention (DLP)
Policy-driven Microsoft Purview DLP detects and controls sensitive data across Microsoft 365 and endpoints, balancing protection with user productivity.

Audit & Audit Retention
Search and retain Microsoft Purview unified audit logs to support forensic investigations, internal reviews, and compliance obligations across Microsoft 365.

eDiscovery (Premium)
Configure Microsoft Purview eDiscovery Premium with defensible case setup, legal holds, collections, and review workflows for investigations and litigation support.

Defender XDR Enablement Workstream
Enable Defender XDR capabilities unlocked through E3 to E5 upgrades with scoped implementation, validation, and clear ownership across security teams.

Sentinel Deployment & Integration
Deploy Microsoft Sentinel with structured data onboarding, workspace design, RBAC, and detection content so your SOC operates effectively and predictably.

Cyber Essentials Readiness
Assess your Cyber Essentials readiness through gap analysis, prioritised remediation actions, and evidence preparation aligned to NCSC technical controls.

Frequently Asked Questions

Get an expert-led assessment with a prioritised remediation backlog.

Request an assessment