August 17, 2016

Stay on Top of Your Office 365 Records Management and Compliance

3 minute read

Office 365 records management and compliance is an integral part of any information governance strategy. Microsoft has added some features recently that make this process a little easier for any organization. Below are these features as outlined in a recent Office blog post.

Service Assurance—Dashboard

As part of the Office 365 Security and Compliance Center, this dashboard provides you immediate access to:

  • Details on how Office 365 implements security, privacy and compliance controls including details of how third-party independent auditors perform audits to test these controls.
  • Third-party independent audit reports including: SSAE 16 / SOC 1, SOC 2 / AT 101, ISO 27001 and ISO 27018.
  • Deep insights into how we implement encryption, incident management, tenant isolation and data resiliency.
  • Information on how you can leverage Office 365 security controls and configurations to protect your data.

Service Assurance—Audited Controls

The Audited Controls feature in Service Assurance helps you to understand how Office 365 protects your data by detailing:

  • Test status—Status of the Office 365 controls.
  • Control implementation details—Explanation of how Office 365 implements a control.
  • Testing performed to evaluate control effectiveness—How independent auditors test the effectiveness of our security, compliance and privacy controls.
  • Test date—When a control was validated.
  • Office 365 controls—How the Office 365 internal controls map to standard controls.

Service Assurance—Compliance Reports

The Compliance Reports and Trust Documents provide you independent audit reports, deep-dive white papers and FAQs that are relevant to your geography and industry. Service Assurance helps you to stay secure and compliant with an “end-to-end” view of controls implemented by you as well as by Microsoft. For controls owned by you, it provides actionable implementation plans for relevant features that help you to implement these controls and manage your risks.

The Big Picture

As mentioned at the beginning of this post, Office 365 records management and compliance is an important piece of the information governance puzzle. The bigger key, however, is ensuring all of your organization's data is being properly governed.

There are a lot of models, knowledge and expertise surrounding this topic and unfortunately, many common roadblocks to a successful information governance program. A good first step for any enterprise is to truly evaluate their current information governance environment including Office 365 records management, SharePoint and Outlook compliance, network file shares as well as third-party cloud storage and line-of-business applications. 

Receive News Updates As Soon As They Happen