Office 365 Security & Privacy
Home page > Hot Topics > Office 365 Security & Privacy
2 February 2012
The Office 365 Trust Centre has been developed to demonstrate Microsoft’s governing trust principles, and to prevent any concerns around data privacy and security with Cloud solutions. Office 365 is the first major business productivity public cloud service provider willing to sign EU Model Clauses with customers, which address the international transfer of data. 
To gain your trust, Microsoft has proactively answered a broad range of security and privacy questions the Cloud Security Alliance suggests every customer should ask of their cloud service provider. Your Privacy Matters Microsoft respect the privacy of your data •No Advertising: Office 365 does not build advertising products out of Customer Data. Microsoft don’t scan your email or documents for building analytics, data mining, advertising, or improving the service. •No Mingling: Office 365 always allows you to keep your Customer Data separate from consumer services. •Data Portability: Office 365 Customer Data belongs to the customer. Customers can remove their data whenever they choose to. Learn more about data portability here •Learn more about what Microsoft does to help protect the privacy of your data here. Leadership in Transparency As an Office 365 customer, you know ‘where’ your data resides, ‘who’ can access it and ‘what’ Microsoft does with it •Where: You know where Office 365’s major data centres and personnel are located and the logic used to determine where your data is stored. •Who & What: Microsoft offer clear information on who can access your Office 365 Customer Data and under what circumstances they access it. •How: Microsoft notifies you, if requested about changes in Office 365 data centre locations. •Learn more about how Microsoft is committed to help you comply with your regulatory requirements here. Independently Verified Compliance with World Class Industry standards verified by 3rd parties •Certified for ISO 27001: ISO27001 is one of the best security benchmarks available across the world. Office 365 is the first major business productivity public cloud service to have implemented the rigorous set of physical, logical, process and management controls defined by ISO 27001. •EU Model Clauses: In addition to EU Safe Harbour, Office 365 is the first major business productivity public cloud service provider willing to sign the standard contractual clauses created by the European Union (called the “EU Model Clauses”) with all customers. EU Model Clauses address international transfer of data. Visit here to get a signed copy of the EU Model Clauses from Microsoft. •Data Processing Agreement. Microsoft offers a comprehensive standard Data Processing Agreement to any Enterprise Agreement customers that address privacy, security and handling of Customer Data. Our standard Data Processing Agreement enables customers to comply with their local regulations. •Learn more about how Office 365 meets world class industry standards here. Relentless on Security Excellence in cutting edge security practices •Deep Experience. Microsoft has developed our practices and policies as a result of over 15 years of experience in providing security for online data. •Secure Development Lifecycle. Microsoft’s Secure Development Lifecycle ensures security and privacy is incorporated by design from software development to service operations. •5 Layers of Security. Data is secured in 5 different layers – Data, Application, Host, Network and Physical. •Proactive Monitoring. Microsoft proactively monitor to identify potential unknown threats by predicting malicious behavior and monitoring for irregular events that may indicate threats. •Access Restriction. Access to production servers is restricted to a small list of operations personnel. •Learn more about Microsoft’s security practices here. Visit the Trust Centre to learn more about the contractual agreement and to explore and understand the lengths Microsoft go to to protect users’ data privacy, remain completely open around data storage, and our cutting edge security practices and details of third party verification of compliance with world class industry standards.
|