Interlink Cloud Blog
Eric Brophy

3 Ways Microsoft’s Compliance Manager Helps Meet Regulatory and Data Protection Requirements

3 Ways Microsoft’s Compliance Manager Helps Meet Regulatory and Data Protection Requirements

How to meet the requirements of GDPR, HIPAA, ISO 27001, ISO 27018, NIST 800-53, NIST 800-171, and many others with Compliance Manager.

The need to meet the demands of various regulatory bodies seems to grow daily. This, plus any internal corporate edicts and the job of your company's compliance team, can seem overwhelming. According to a Thomson Reuters report, more than half of respondents said they spend over four hours a week tracking and analyzing regulatory developments and one out of four are devoting more than eight hours a week to compliance management.

Microsoft is aiming to ease your compliance burden with the release of Compliance Manager. Generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers, Compliance Manager enables you to track, assign, and verify your organization’s regulatory compliance activities with respect to Microsoft cloud services.

[...]
Matt Scherocman

The Path to GDPR Compliance

The Path to GDPR Compliance

There are big changes coming for organizations that conduct business in, or store and collect data tied to citizens of the European Union (EU). From data protection and breach reporting to governance documentation, the General Data Protection Regulation (GDPR) calls for businesses in any location that hold data on Europeans to be more efficient and accountable with their IT operations – or face significant penalties.

With May 25th, 2018 as the proposed GDPR enforcement date, you have just a few months to comply with the new (and slightly confusing) GDPR laws. Though that may seem far away, the date will come quick, as will the scrutiny into your data practices.

But the path to compliance doesn’t need to be difficult. At Interlink, through our cloud and on-premises solutions, we’ve identified a path forward. 

[...]
Sarah Bunt

On-Demand Webinar | How to Drive Compliance & Security to the Cloud with Office 365

On-Demand Webinar | How to Drive Compliance & Security to the Cloud with Office 365

On-Demand Webinar & Slides

webinar view o365 security


Are you worried about being vulnerable to an attack in your cloud-based environment? Need help to ensure compliance with outside regulations? 

Join Microsoft and Microsoft Gold Certified Office 365 Partner - Interlink Cloud Advisors - in this on-demand event, for an overview of the powerful benefits of Microsoft’s all-new Office 365 E5 Suite's security and compliance technologies. See for yourself how Microsoft’s advanced tools can be used to protect your environment and make it more secure to help ensure compliance with outside regulations.  

[...]
Matt Scherocman

Data Loss Prevention (DLP) in New Office 2016, SharePoint Online, and OneDrive for Business

Data Loss Prevention (DLP) in New Office 2016, SharePoint Online, and OneDrive for Business

Clients have benefited from Data Loss Prevention (DLP) technology within Exchange Online for years. Microsoft is now expanding the functionality to cover data and documents that may be in Office, SharePoint, and OneDrive. Plus they are enhancing the console where the policy rules are managed so that the policy rules for all of the services are controlled in a single location.

Client can continue to use the templates that Microsoft builds to help them stay compliant with regulations like PCI and HIPPA. Severity levels can also be set – so administrators, for example, could have one set of actions that happen if a user tries to send a credit card number externally and another if they are trying to send a file that contains ten or more credit card numbers in it.

DLP not only is for people who are actively trying to share content that they shouldn’t, it is also for people who didn’t notice that there was a company credit card contained 10 emails down in a thread before they forward it to a new distribution list.

[...]
Matt Scherocman

What Data Security and Compliance is Built into Office 365?

Security is at the heart of Office 365.  Here are some great bullet points from a recent Microsoft blog listing.  Check out the full article here:  http://blogs.office.com/b/office365tech/archive/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365.aspx
Built-in capabilities

    • Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
    • Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
    • Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
    • Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
    • Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.

Compliance

    • Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
    • Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
    • Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations

Privacy

    • No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
    • Data Portability - As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
    • Notice and Consent - When we act upon your data, we let you know why and we ask for permission in advance or redirect any inquiries to our customers unless legally prevented to do so.
    • Breach Response - We have strong, tested and audited processes to inform you if there is a breach and re-mediate issues if they occur.
    • Data Minimization - We strive to minimize the actual amount of customer data that our internal teams have access to.


This posting is provided “AS IS” with no warranties, and confers no rights.

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.