Office 365 compliance is a critical part of any information governance strategy. Microsoft understands this and with the E5 plan, advanced compliance is integrated into the service allowing organizations to meet their unique requirements with their cloud service.
Because businesses require control over access to content stored in cloud services, Microsoft has setup Office 365 to have nearly zero interaction with customer content by Microsoft employees:
"Access is obtained through a rigorous access control technology called Customer Lockbox for Office 365, which helps you meet compliance obligations for explicit data access authorization. In the rare instance when a Microsoft service engineer needs access to your data, access control is extended to you so that you grant final approval for access. Actions taken are logged and accessible to you so that they can be audited."
This distinction is a very important one. As we've discussed before, it is crucial to know everyone that has access to your data and how it is being handled, especially if there is a data breach or some type of litigation. If the data contains sensitive information about your employees or customers, you may be held legally responsible, even if a third-party was involved with the data being exposed.
In addition, Office 365 Advanced eDiscovery helps simplify the eDiscovery process by reducing the volume of data through uncovering near-duplicate files, reconstructing email threads and understanding data relationships. Much of this work is done via machine learning and predictive coding.
Office 365 compliance is a piece of the information governance puzzle that every organization must include in their overall plan. One other element that most companies must consider is their SharePoint environment. Click below to read why a SharePoint add on like Gimmal RecordLion is needed for true information governance.