Professional Documents
Culture Documents
Compliance
What certifications and capabilities does
Microsoft hold?
How does Microsoft support customer
compliance needs?
Do I have the right to audit Microsoft?
Transparency
Where is my data?
Who has access to my data ?
Security
Is cloud computing secure?
Your
Privacy
Matters
Leadership in
Independently
Relentless on
Compliance with
World Class Industry
standards verified
by 3rd parties
Excellence in cutting
edge security practices
Transparency
Verified
Security
http://trustoffice365.com
Office 365 Privacy Whitepaper
Office 365 Security Whitepaper and
Service Description
Office 365 Standard Responses to
Request for Information
Office 365 is a highly standardized service that Microsoft offers under highly
standardized contractual terms and condition.
Process
Training
Requirements
Establish Security
Requirements
Core Security
Training
Accountability
Establish
release criteria
and sign-off as
part of FSR
Design
Implementation
Verification
Release
Establish Design
Requirements
Use Approved
Tools
Dynamic
Analysis
Incident
Response Plan
Fuzz Testing
Final
Security
Review
Attack Surface
Review
Release
Archive
Create Quality
Gates / Bug Bars
Analyze Attack
Surface
Threat
Modeling
Ongoing
Deprecate
Unsafe
Functions
Static Analysis
Process
Improvements
Incident
Response
(MSRC)
Response
Execute
Incident
Response
Plan
User
Application
Host
Internal network
Network perimeter
Facility
https://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html
No Advertising
No advertising products out of Customer Data.
No scanning of email or documents to build analytics or mine data.
Data Portability
Office 365 Customer Data belongs to the customer.
Customers can export their data at any time.
No Mingling
Choices to keep Office 365 Customer Data separate from consumer services.
We use customer data for just what they pay us for - to maintain and provide Office 365 Service
Microsoft Online Services Customer Data1
Usage Data
Account and
Address Book Data
Core
Customer Data
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Yes
No
No
No
No/Yes
No
No
No
No
No
No
Advertising5
No
No
No
No
Usage Data
Yes.
Yes, as needed.
Yes, as needed.
Yes, by exception.
Support Organization
Engineering
Yes.
No.
Partners
Others in Microsoft
No.
No.
No.
Compliance
ISO27001
ISO27001 is one of the best security benchmarks available across the world.
Office 365 first major business productivity public cloud service to implement rigorous ISO security controls on physical, logical, process
and management
EU Model Clauses
Office 365 is the first major business productivity public cloud service provider willing to sign EU Model Clauses with all customers.
EU Model Clauses a set of stringent European Union wide data protection requirements
Microsoft is offering to sign the Business Associate Agreement (BAA) for any Microsoft Enterprise Agreement customer. The BAA helps
enables our customers to comply with HIPAA concerning protected health information.
EU Safe Harbor
EU generally prohibits personal data from crossing borders into other countries except under circumstances in which the transfer has
been legitimated by a recognized mechanism, such as the "Safe Harbor" certification
Microsoft was first certified under the Safe Harbor program in 2001, and we recertify compliance with the Safe Harbor Principles every
twelve months
All customers
Available
EU Safe Harbor
EU customers
Available
Primarily US customers
Available
US Government
Available
HIPAA/BAA
All Customers
Available
EU Model Clauses
EU Customers
Available
All Customers
Available
EDU Customers
Available
FERPA
Transparency
At Microsoft, our strategy is to consistently set a high bar around privacy practices that support
global standards for data handling and transfer
Policy
Control
Framework
Standards
Step-by-step procedures
Operating Procedures
26
Recommended Partner
investments.
http://trustoffice365.com
Office 365 Privacy Whitepaper (New!)
Office 365 Security Whitepaper and
Service Description
Office 365 Standard Responses to
Request for Information
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The
information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.