Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Keep Your Office 365 Compliance On Track

Office 365 compliance is a critical part of any information governance strategy. Microsoft understands this and with the E5 plan, advanced compliance is integrated into the service allowing organizations to meet their unique requirements with their cloud service.

Because businesses require control over access to content stored in cloud services, Microsoft has setup Office 365 to have nearly zero interaction with customer content by Microsoft employees:

"Access is obtained through a rigorous access control technology called Customer Lockbox for Office 365, which helps you meet compliance obligations for explicit data access authorization. In the rare instance when a Microsoft service engineer needs access to your data, access control is extended to you so that you grant final approval for access. Actions taken are logged and accessible to you so that they can be audited."

This distinction is a very important one. As we've discussed before, it is crucial to know everyone that has access to your data and how it is being handled, especially if there is a data breach or some type of litigation. If the data contains sensitive information about your employees or customers, you may be held legally responsible, even if a third-party was involved with the data being exposed.

Watch this video to learn more about the E5 plan.

In addition, Office 365 Advanced eDiscovery helps simplify the eDiscovery process by reducing the volume of data through uncovering near-duplicate files, reconstructing email threads and understanding data relationships. Much of this work is done via machine learning and predictive coding.

Office 365 compliance is a piece of the information governance puzzle that every organization must include in their overall plan. One other element that most companies must consider is their SharePoint environment. Click below to read why a SharePoint add on like Gimmal RecordLion is needed for true information governance.

Related Posts

Creating a Framework for Classification

This is Part 2 in a series about creating and executing an effective file plan for your organization. Click here to read the previous post: Creating a Retention Schedule that Works.

3 Tips to Ensure KORA Compliance

There has been a spotlight on the Kansas Open Records Act (KORA) in the media lately, largely due to recent violations. Under KORA, any individual can request public records from government bodies. If all requested records are not provided within in a specific timeframe, these organizations are subject to significant repercussions. This is merely one example of a ‘sunshine law’. The purpose of sunshine laws is to provide transparency into government agencies by giving the public access to local government proceedings.

Creating a Retention Schedule that Works

Creating a usable, automated, and simple file plan is an important part of ensuring records are managed in a consistent manner and that you are protected from legal risks, such as failure to disclose information during a discovery proceeding or the unauthorized leakage of information. The first step in the process is creating a retention schedule, which outlines how long records are kept in accordance with the organization’s obligations and the law.