Complete the following steps to enable Compliance Manager at the organization level:
-
To get the permissions that you need to enable Compliance Manager, ask your administrator to grant you the following IAM roles on your organization:
-
Organization Policy Administrator (
roles/orgpolicy.policyAdmin) -
Security Center Admin Editor (
roles/securitycenter.adminEditor)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
-
Organization Policy Administrator (
- Enable Compliance Manager using one of the following methods:
- If you haven't activated Security Command Center in your organization, then activate Security Command Center Enterprise. Compliance Manager is automatically enabled as part of that process.
- If you've already activated the Enterprise service tier of Security Command Center, add Compliance Manager using the Activate Compliance Manager page.
- Sensitive Data Protection to use data sensitivity signals for default data risk assessment.
- Event Threat Detection (part of Security Command Center) at the organization level.
- Data Security Posture Management for data security frameworks.
- AI protection for AI security frameworks.
- AI Protection
- Data Security and Privacy Essentials
- To support Azure cloud controls and frameworks, Connect Security Command Center to Azure.
When you enable Compliance Manager, the following services are also enabled:
The Cloud Security Compliance service agent
(service-org-ORGANIZATION_ID@gcp-sa-csc-hpsa.iam.gserviceaccount.com) is created when you enable
Compliance Manager. Compliance Manager uses this
service agent to access resources in your organization.
The following frameworks are applied to the organization automatically:
What's next
- Configure IAM roles for your compliance users.
- Apply a framework.
- Configure Data Security Posture Management.
- Configure AI Protection.