Skip to content

Create compliance policy

  1. On the menu sidebar, click Compliance policies.
  2. On the Compliance policies page, click Create compliance policy, and then select the template the policy will be based on:

    • Default template: A selection of compliance rules, with no actions defined.
    • PCI template, HIPAA template: Compliance rules and actions based on the HIPAA and the PCI DSS security standard, respectively.

    Your choice of template doesn’t restrict your subsequent configuration options.

  3. Enter a name and, optionally, a description for the compliance policy.

  4. Repeat the following steps for all required platforms.
  5. Make sure that the Enable platform check box on each tab is selected.

    If this check box is not selected, devices of that platform are not checked for compliance.

  6. Under Rule, configure the compliance rules for the particular platform.

    Each compliance rule has a fixed severity level (high, medium, low) that is depicted by a blue icon. The severity helps you to assess the importance of each rule and the actions you should implement when it is violated.

  7. Select Create alert to trigger an alert when a rule is violated.

    The alerts are displayed on the Alerts page of Sophos Central Admin.

  8. When you have made the settings for all required platforms, click Save to save the compliance policy under the name that you specified.