Businesses trusting their data to Microsoft Office 365 need assurance the information is protected in the most secure way imaginable and compliant with industry and legal regulations.

To reassure users, Microsoft maintain a ‘Trust Center‘ with details of how the cloud productivity service is trusted with business information.

Top security features

Microsoft Office 365 includes many security-focussed features to protect customer’s data.

Restricted physical access to the data centre — Multiple security provisions are in place, including biometric readers, motion sensors, CCTV and alarms.
Encryption of data at rest and in transit — All information is encrypted, making it impossible for third-parties to access your data if intercepted over a network.
No mining of data for advertising — Unlike some other email providers, Microsoft Office 365 never uses your information to build advertiser-friendly profiles.
No looking in mailboxes without permission — Your data belongs to you and Microsoft will only access it, with your permission, to provide support.
All data regularly backed-up — Regular back-ups of your data ensure reliability of service.
Data held after account cancellation — Office 365 keeps your data archived for a limited time to allow for data migration to other services.
Customer data held ‘in-region’ — Your account is held in the nearest Microsoft data centre to your home region. You can find out where the data centre is on Microsoft’s website.

Top compliance features

As well as providing many security-focussed features, Office 365 also maintains strict compliance with industry and legal requirements.

US-EU Safe Harbor — Office 365 follows the principals and procedures stipulated by Safe Harbor for the transfer of personal data outside of the EU.
ISO 27001 — Office 365 is the first major business productivity public cloud service to implement the controls and requirements defined by ISO 27001.
European Union Model Clauses — The EU Data Protection Directive is a key part of EU privacy and human rights regulations. Microsoft’s EU model clauses FAQ describes Office 365’s approach.
SSAE16 SO 1 Type I and Type II — Office 365 is independently audited and can provide SSAE16 SOC 1 Type I and Type II reports on how controls are implemented.
Gramm-Leach-Biley Act — Office 365 complies with the GLBA and is usable by organisations subject to GLBA requirements.
Federal Information Security Management Act — Microsoft have published a FAQ detailing how Office 365 follows security and privacy policies relating to FISMA.
Health Insurance Portability and Accountability Act — Office 365 provides safeguards to help our customers comply with HIPAA and Microsoft will sign a HIPAA Business Associate Agreement (BAA) with any customer who requires it.
Canadian Personal Information Protection and Electronic Documents Act — Office 365 supports compliance with PIPEDA.

If your organisation is subject to industry regulation, or you have concerned over the security implications of trusting your data to the cloud, contact our sales team.