Microsoft Office 365 and the Security and Compliance of your Data

When comparing cloud productivity services such as Google Apps, IBM Lotus Live, and Microsoft Office 365, most companies do not realize that only Office 365 complies with leading information security and privacy standards. As part of their commitment to customers, Microsoft is certified for ISO 9000 and the Health Insurance Portability and Accountability Act (HIPAA).

Microsoft also has implemented a site called the Office 365 Trust Center. This site has comprehensive information about the privacy and security practices for Office 365. The Office 365 Trust Center is available at http://trust.office365.com.

Compliance Updates

The European Union released model contractual clauses that are a standard for transferring personal data internationally outside the European Economic Area(EEA). When these model clauses are included in service agreements with corporations housing the data, customers are assured that their data has been safeguarded, even if that data is stored in cloud-based service centers outside the EEA. Regulators in the EU have stipulated that they can request that customers halt using a data service that has not implemented their specifications for data protection.

Microsoft has used the model clauses specified by the EU, which is something that none of the other cloud service providers has done. Microsoft has also recognized the fact that 27 member countries in the EU have more stringent and specific regulations than the EU Data Protection Directive. Microsoft has added clauses to make them compliant with the requirements of these 27 member states as well.

Creating cloud productivity applications that are suitable to businesses with European customers means more than just building functional applications that work in a browser. Microsoft has taken European data protection and security standards seriously, and they have implemented a comprehensive approach to making sure that their product complies completely.

Another stringent standard for information security management is the ISO/IEC 27001. In addition to strict standards to achieve this benchmark, there is a yearly audit to ensure compliance and maintain the standard. Microsoft Office 365 is the first major cloud software to achieve this benchmark. Microsoft has also ensured that safeguards are in place to make sure that Office 365 is fully compliant with HIPAA.

Lack of HIPAA compliance has previously prevented healthcare organizations from taking advantage of cloud productivity software. Microsoft has removed this barrier by taking the steps with their policies, their program, their security, and the underlying physical architecture of the cloud service centers to ensure that they comply fully with HIPAA standards. Office 365 is a natural fit for the administrative needs of hospitals, health insurers, clinics, and individual physician’s offices. While maintaining compliance, they can lower IT operating costs by using Office 365.

About Office 365

Microsoft Office 365 is the cloud productivity software suite from Microsoft. Included with Office 365  is Microsoft Office, SharePoint, Exchange, and Lync. Office 365 gives you robust E-Mail service for all of your employees, the latest version of Office for their desktops, document storage and collaboration, video teleconferencing, and enterprise instant messaging.  All of these services are more compliant, secure, and reliable at a price hundreds of times lower than would be possible with an on-premises solution would be. As Office 365 does have some technical intricacies in its’ implementation, it is a good idea to have an experienced partner to help you. The Web and I has experience in implementing Office 365, and we are certified Microsoft Channel Partners.  Call us today for a free consultation at 646-853-0573.