SlideShare uma empresa Scribd logo

SharePoint Governance and Compliance

Transferir como PPTX, PDF
Alistair Pugin
Alistair Pugin

SPC Adriatics 2016 - SharePoint Governance and Compliance

Software
1 de 39
• • • • • • • • • •
Governance Framework
Executive stakeholders Business division leaders Financial stakeholders Software development leaders IT managers Technical specialists Trainers Influential information workers Information architects or taxonomists Compliance officers
• • • • • • • • • • • •
• • • • • •
Communications Sponsor roadmap Training Coaching Resistance management Change management tools Individual phases of change (ADKAR® ) Awareness Desire Reinforcement™ Knowledge Ability
Transparency and Control Office 365
Continuous Compliance in Office 365 Built-in capabilities for compliance with standards Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA Contractually commit to privacy, security and handling of customer data through Data Processing Agreements Customer controls for compliance with internal policies Admin Controls like Data Loss Prevention, Archiving, E- Discovery to enable organizational compliance
SSAE/SOC ISO27001 EUMC FERPA FISMA/FedRAMP HIPAA HITECH ITAR HMG IL2 CJIS Article 29 + SOC 2 Global Global Europe U.S. U.S. U.S. U.S. U.S. UK U.S. Europe Global Finance Global Europe Education Government Healthcare Healthcare Defense Government Law Enforcement Europe Global Standards Certifications Market Region +EU Data Protection Authorities validate Microsoft’s approach to privacy
How Office 365 does Compliance Physical Security Security Best Practices Secure Network Layer Data Encryption Office 365 Service | Control Sets | Certifications DLP OME SMIME RBAC RMS Account Mgmt. Incident Monitoring Data Encryption Encryption of stored data and more… Data Minimization & Retention New Cert’s and more… Access Control Built-in Capabilities Customer Controls
0.43M 1.53M 3.94M 9.50M 39 122 172 313 457 653 Compliance Controls ISO27001 HIPAA BAA DPASAS70 FedRAMP CJIS SOC 2 Type 2 ISO27018 MLPS OFFICIAL IRS1075 DISA IL2 1017 3 3 3 4 9 10 13 Workloads in Boundary Transparency Milestones Proof of ISO report FISMA quarterly contmon reports Finserv summits FedRAMP monthly contmon reports Control sharing, deep contmon, trust.microsoft.com for finserv 2010 2011 2013 2014 2015 ITARMT BPOS-D FERPA SOC 1 Type 2 EU Model Clauses FISMA EU Safe Harbor 2008 2009 2010 2011 2012 2013 2014 201x 3 4 5 8 9 17 Total certifications / standards compliant to 2
Risk Confidentiality Integrity Availability On Premises Cloud On Premises Cloud On Premises Cloud Mitigate Customer Shared Customer Microsoft Customer Microsoft Accept Customer Shared Customer Shared Customer Shared Transfer - Microsoft (Contracts & Compliance) - Microsoft (Contracts & Compliance) - Microsoft (SLA)
http://trust.office365.com – direct link at Data Maps
Ever Evolving Approach to Compliance Market & Competitive Intelligence Compliance Management Framework Regulatory Impact Analysis (RSIA) Define Security, and Privacy controls Determine Implementation Requirements Implement Controls Document Implementation Continuous Monitoring Independent verification (Audits) Remediation Prioritize
Have services independently audited for compliance with this standard Key Principles - Cloud providers must: Not use data for advertising or marketing unless express consent is obtained Be transparent about data location and how data is handled Be accountable to determine if customer data was impacted by a breach of information security Communicate to customers and regulators in the event of a breach Provide customers with control over how their data is used
How Office 365 does Compliance Physical Security Security Best Practices Secure Network Layer Data Encryption Office 365 Service | Control Sets | Certifications DLP OME SMIME RBAC RMS Account Mgmt. Incident Monitoring Data Encryption Encryption of stored data and more… Data Minimization & Retention New Cert’s and more… Access Control Built-in Capabilities Customer Controls
Control Effectiveness Assessment (Audit) Schedule Nov 2014 Dec 2015 Jan 2015 Feb 2015 Mar 2015 Apr 2015 May 2015 Jun 2015 Jul 2015 Aug 2015 Sep 2015 Oct 2015 Nov 2015 ISO FedRAMP MT ISAE3402/SOC ITAR ISO Control Effectiveness Assessment (Audit) Schedule Nov 2014 Dec 2015 Jan 2015 Feb 2015 Mar 2015 Apr 2015 May 2015 Jun 2015 Jul 2015 Aug 2015 Sep 2015 Oct 2015 Nov 2015 ISO FedRAMP MT ISAE3402/SOC ISO Audit cadence
Trust but verify Share latest audit reports (Third-party verification) Compliance Program (Right to Examine*) Transparency and Control through Continuous monitoring * For larger highly regulated customers
 Part of the responsibility for the secure management of the service lies with each customer. Managing Risk Office 365 supports a high degree of customer configuration • Account Management • Access control • Segregation of duties • Awareness and training • Support requests • Use flexible customer controls in Office 365 Customers must put the following controls in place to ensure the security of their data
Compliance controls Helps to Identify monitor protect Sensitive data through deep content analysis Identify Protect Monitor End user education
ALERT CLASSIFY ENCRYPT APPEND OVERRIDE REVIEW REDIRECT BLOCK Flexible tools for policy enforcement that provide the right level of control Transport Rules Rights Management Data Loss Prevention
Email archiving and retention Preserve Search Secondary mailbox with separate quota Managed through EAC or PowerShell Available on-premises, online, or through EOA Automated and time- based criteria Set policies at item or folder level Expiration date shown in email message Capture deleted and edited email messages Time-Based In-Place Hold Granular Query-Based In-Place Hold Optional notification Web-based eDiscovery Center and multi-mailbox search Search primary, In-Place Archive, and recoverable items Delegate through roles-based administration De-duplication after discovery Auditing to ensure controls are met In-Place Archive Governance Hold eDiscovery
Privacy by design means that we do not use your information for anything other than providing you services No advertising products out of Customer Data No scanning of email or documents to build analytics or mine data Various customer controls at admin and user level to enable or regulate sharing If the customer decides to leave the service, they get to take to take their data and delete it in the service Access to information about geographical location of data, who has access and when Notification to customers about changes in security, privacy and audit information
Office 365 Trust Center http://trust.office365.com Office 365 Blog http://blogs.office.com/ • Enabling transparency and control • Enhancing transparency and control for Office 365 customers • Customer Lockbox • Office 365 management activity API for security and compliance monitoring Whitepapers Overview of Security http://aka.ms/securitywhitepaper Overview of Security and Compliance in Office 365 Customer controls for Information Protection http://aka.ms/customercontrolsm Law Enforcement Requests Report http://www.microsoft.com/about/corporatecitizenship/en- us/reporting/transparency/
SharePoint Governance and Compliance
SharePoint Governance and Compliance

Recomendados

AccessPaaS by SafePaaS
AccessPaaS by SafePaaSAccessPaaS by SafePaaS
AccessPaaS by SafePaaS
Jane Jones
 
AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)
Emma Kelly
 
Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)
ZyLAB
 
Soc Compliance Overview
Soc Compliance OverviewSoc Compliance Overview
Soc Compliance Overview
Fabio Ferrari
 
ARMS Inc. Information Management presentation
ARMS Inc. Information Management presentationARMS Inc. Information Management presentation
ARMS Inc. Information Management presentation
Yogican
 
SOLIX - Empowering Data Management
SOLIX - Empowering Data ManagementSOLIX - Empowering Data Management
SOLIX - Empowering Data Management
xmeteorite
 
How to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliantHow to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliant
Proofreading4all
 
Securing your Event Data
Securing your Event DataSecuring your Event Data
Securing your Event Data
GenieConnect
 

Recomendados

AccessPaaS by SafePaaS
AccessPaaS by SafePaaSAccessPaaS by SafePaaS
AccessPaaS by SafePaaS
Jane Jones
 
AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)
Emma Kelly
 
Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)Health insurance portability and accountability act (hipaa)
Health insurance portability and accountability act (hipaa)
ZyLAB
 
Soc Compliance Overview
Soc Compliance OverviewSoc Compliance Overview
Soc Compliance Overview
Fabio Ferrari
 
ARMS Inc. Information Management presentation
ARMS Inc. Information Management presentationARMS Inc. Information Management presentation
ARMS Inc. Information Management presentation
Yogican
 
SOLIX - Empowering Data Management
SOLIX - Empowering Data ManagementSOLIX - Empowering Data Management
SOLIX - Empowering Data Management
xmeteorite
 
How to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliantHow to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliant
Proofreading4all
 
Securing your Event Data
Securing your Event DataSecuring your Event Data
Securing your Event Data
GenieConnect
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
ControlCase
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
 
Nasrhuma Inc Grc Solutions 011010
Nasrhuma Inc Grc Solutions 011010Nasrhuma Inc Grc Solutions 011010
Nasrhuma Inc Grc Solutions 011010
Nasser J Khan
 
08. icv sastanak (microsoft) nikola office 2013
08. icv sastanak (microsoft) nikola office 201308. icv sastanak (microsoft) nikola office 2013
08. icv sastanak (microsoft) nikola office 2013
Menadžment Centar Beograd
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access Management
EMC
 
What’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementWhat’s Happening in Information Risk Management
What’s Happening in Information Risk Management
Michael S. Gurican
 
Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data
Avni Rajput
 
Web Werks Data Center Achieves HIPAA Compliance Certification
Web Werks Data Center Achieves HIPAA Compliance CertificationWeb Werks Data Center Achieves HIPAA Compliance Certification
Web Werks Data Center Achieves HIPAA Compliance Certification
Web Werks Data Centers
 
OEMM & its impact on Oracle partner business
OEMM & its impact on Oracle partner businessOEMM & its impact on Oracle partner business
OEMM & its impact on Oracle partner business
Milomir Vojvodic
 
Identity and Access Intelligence
Identity and Access IntelligenceIdentity and Access Intelligence
Identity and Access Intelligence
Tim Bell
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
Corporater
 
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PALog Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
ControlCase
 
Human resources protecting confidentiality
Human resources protecting confidentialityHuman resources protecting confidentiality
Human resources protecting confidentiality
TaylorCannon8
 
Get to know primero v1.0 may2015
Get to know primero v1.0 may2015Get to know primero v1.0 may2015
Get to know primero v1.0 may2015
RobertMacT
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
ControlCase
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
Aegify Inc.
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
Corporater
 
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
wardell henley
 
Tips of Selecting Digital Asset Management (DAM) Solution
Tips of Selecting Digital Asset Management (DAM) SolutionTips of Selecting Digital Asset Management (DAM) Solution
Tips of Selecting Digital Asset Management (DAM) Solution
Rajneesh Kumar
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
jadams6
 
O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014
Alexey Vlasenko
 

Mais conteúdo relacionado

Mais procurados

08. icv sastanak (microsoft) nikola office 2013
08. icv sastanak (microsoft) nikola office 201308. icv sastanak (microsoft) nikola office 2013
08. icv sastanak (microsoft) nikola office 2013
Menadžment Centar Beograd
 
Identity and Access Intelligence
Identity and Access IntelligenceIdentity and Access Intelligence
Identity and Access Intelligence
Tim Bell
 

Mais procurados (20)

Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Nasrhuma Inc Grc Solutions 011010
Nasrhuma Inc Grc Solutions 011010Nasrhuma Inc Grc Solutions 011010
Nasrhuma Inc Grc Solutions 011010
 
08. icv sastanak (microsoft) nikola office 2013
08. icv sastanak (microsoft) nikola office 201308. icv sastanak (microsoft) nikola office 2013
08. icv sastanak (microsoft) nikola office 2013
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access Management
 
What’s Happening in Information Risk Management
What’s Happening in Information Risk ManagementWhat’s Happening in Information Risk Management
What’s Happening in Information Risk Management
 
Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data Top 5 Ways How Accounting Firms Can Protect Their Client Data
Top 5 Ways How Accounting Firms Can Protect Their Client Data
 
Web Werks Data Center Achieves HIPAA Compliance Certification
Web Werks Data Center Achieves HIPAA Compliance CertificationWeb Werks Data Center Achieves HIPAA Compliance Certification
Web Werks Data Center Achieves HIPAA Compliance Certification
 
OEMM & its impact on Oracle partner business
OEMM & its impact on Oracle partner businessOEMM & its impact on Oracle partner business
OEMM & its impact on Oracle partner business
 
Identity and Access Intelligence
Identity and Access IntelligenceIdentity and Access Intelligence
Identity and Access Intelligence
 
Compliance Management Software | Corporate Compliance
Compliance Management Software | Corporate ComplianceCompliance Management Software | Corporate Compliance
Compliance Management Software | Corporate Compliance
 
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PALog Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
 
Human resources protecting confidentiality
Human resources protecting confidentialityHuman resources protecting confidentiality
Human resources protecting confidentiality
 
Get to know primero v1.0 may2015
Get to know primero v1.0 may2015Get to know primero v1.0 may2015
Get to know primero v1.0 may2015
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
Tips of Selecting Digital Asset Management (DAM) Solution
Tips of Selecting Digital Asset Management (DAM) SolutionTips of Selecting Digital Asset Management (DAM) Solution
Tips of Selecting Digital Asset Management (DAM) Solution
 

Semelhante a SharePoint Governance and Compliance

Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
jadams6
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
wardell henley
 
Data Security Service Offering-v3
Data Security Service Offering-v3Data Security Service Offering-v3
Data Security Service Offering-v3
Abe Newton
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
mbmobile
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 
Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?
boldonjames
 

Semelhante a SharePoint Governance and Compliance (20)

Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
 
O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014O365 security and privacy de_novo_event_july2014
O365 security and privacy de_novo_event_july2014
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
Data Security Service Offering-v3
Data Security Service Offering-v3Data Security Service Offering-v3
Data Security Service Offering-v3
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Framework
 
Using information management to support data driven actions
Using information management to support data driven actionsUsing information management to support data driven actions
Using information management to support data driven actions
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
MSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionMSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information Protection
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Security audit
Security auditSecurity audit
Security audit
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?Boldon James - SharePoint: information security's weakest link?
Boldon James - SharePoint: information security's weakest link?
 
Office 365 Security And Compliance
Office 365 Security And ComplianceOffice 365 Security And Compliance
Office 365 Security And Compliance
 
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
 

Mais de Alistair Pugin

Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...
Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...
Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...
Alistair Pugin
 
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Alistair Pugin
 

Mais de Alistair Pugin (10)

M365SA UG – WEDNESDAY 13th July 2022 – What's new in Microsoft 365 - 6 months
M365SA UG – WEDNESDAY 13th July 2022 – What's new in Microsoft 365 - 6 monthsM365SA UG – WEDNESDAY 13th July 2022 – What's new in Microsoft 365 - 6 months
M365SA UG – WEDNESDAY 13th July 2022 – What's new in Microsoft 365 - 6 months
 
Top 10 use cases for Microsoft Purview.pptx
Top 10 use cases for Microsoft Purview.pptxTop 10 use cases for Microsoft Purview.pptx
Top 10 use cases for Microsoft Purview.pptx
 
Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...Top tips for successfully migrating from SharePoint and file servers to Micro...
Top tips for successfully migrating from SharePoint and file servers to Micro...
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...
Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...
Effective Document Capture in SharePoint - SharePoint Saturday Cape Town - 22...
 
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
 
The Evolution of Forms for SharePoint/O365
The Evolution of Forms for SharePoint/O365The Evolution of Forms for SharePoint/O365
The Evolution of Forms for SharePoint/O365
 
Effective SharePoint Architecture - SharePoint Saturday Stockholm 2016
Effective SharePoint Architecture - SharePoint Saturday Stockholm 2016Effective SharePoint Architecture - SharePoint Saturday Stockholm 2016
Effective SharePoint Architecture - SharePoint Saturday Stockholm 2016
 
Must have tools for SharePoint
Must have tools for SharePointMust have tools for SharePoint
Must have tools for SharePoint
 
Document Lifecycle Management spscpt2015
Document Lifecycle Management spscpt2015Document Lifecycle Management spscpt2015
Document Lifecycle Management spscpt2015
 

Último

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 

Último (20)

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 

SharePoint Governance and Compliance

  • 1.
  • 2.
  • 3.
  • 6. Executive stakeholders Business division leaders Financial stakeholders Software development leaders IT managers Technical specialists Trainers Influential information workers Information architects or taxonomists Compliance officers
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 14.
  • 15. Communications Sponsor roadmap Training Coaching Resistance management Change management tools Individual phases of change (ADKAR® ) Awareness Desire Reinforcement™ Knowledge Ability
  • 16.
  • 18. Continuous Compliance in Office 365 Built-in capabilities for compliance with standards Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA Contractually commit to privacy, security and handling of customer data through Data Processing Agreements Customer controls for compliance with internal policies Admin Controls like Data Loss Prevention, Archiving, E- Discovery to enable organizational compliance
  • 19. SSAE/SOC ISO27001 EUMC FERPA FISMA/FedRAMP HIPAA HITECH ITAR HMG IL2 CJIS Article 29 + SOC 2 Global Global Europe U.S. U.S. U.S. U.S. U.S. UK U.S. Europe Global Finance Global Europe Education Government Healthcare Healthcare Defense Government Law Enforcement Europe Global Standards Certifications Market Region +EU Data Protection Authorities validate Microsoft’s approach to privacy
  • 20. How Office 365 does Compliance Physical Security Security Best Practices Secure Network Layer Data Encryption Office 365 Service | Control Sets | Certifications DLP OME SMIME RBAC RMS Account Mgmt. Incident Monitoring Data Encryption Encryption of stored data and more… Data Minimization & Retention New Cert’s and more… Access Control Built-in Capabilities Customer Controls
  • 21. 0.43M 1.53M 3.94M 9.50M 39 122 172 313 457 653 Compliance Controls ISO27001 HIPAA BAA DPASAS70 FedRAMP CJIS SOC 2 Type 2 ISO27018 MLPS OFFICIAL IRS1075 DISA IL2 1017 3 3 3 4 9 10 13 Workloads in Boundary Transparency Milestones Proof of ISO report FISMA quarterly contmon reports Finserv summits FedRAMP monthly contmon reports Control sharing, deep contmon, trust.microsoft.com for finserv 2010 2011 2013 2014 2015 ITARMT BPOS-D FERPA SOC 1 Type 2 EU Model Clauses FISMA EU Safe Harbor 2008 2009 2010 2011 2012 2013 2014 201x 3 4 5 8 9 17 Total certifications / standards compliant to 2
  • 22.
  • 23. Risk Confidentiality Integrity Availability On Premises Cloud On Premises Cloud On Premises Cloud Mitigate Customer Shared Customer Microsoft Customer Microsoft Accept Customer Shared Customer Shared Customer Shared Transfer - Microsoft (Contracts & Compliance) - Microsoft (Contracts & Compliance) - Microsoft (SLA)
  • 25. Ever Evolving Approach to Compliance Market & Competitive Intelligence Compliance Management Framework Regulatory Impact Analysis (RSIA) Define Security, and Privacy controls Determine Implementation Requirements Implement Controls Document Implementation Continuous Monitoring Independent verification (Audits) Remediation Prioritize
  • 26. Have services independently audited for compliance with this standard Key Principles - Cloud providers must: Not use data for advertising or marketing unless express consent is obtained Be transparent about data location and how data is handled Be accountable to determine if customer data was impacted by a breach of information security Communicate to customers and regulators in the event of a breach Provide customers with control over how their data is used
  • 27. How Office 365 does Compliance Physical Security Security Best Practices Secure Network Layer Data Encryption Office 365 Service | Control Sets | Certifications DLP OME SMIME RBAC RMS Account Mgmt. Incident Monitoring Data Encryption Encryption of stored data and more… Data Minimization & Retention New Cert’s and more… Access Control Built-in Capabilities Customer Controls
  • 28. Control Effectiveness Assessment (Audit) Schedule Nov 2014 Dec 2015 Jan 2015 Feb 2015 Mar 2015 Apr 2015 May 2015 Jun 2015 Jul 2015 Aug 2015 Sep 2015 Oct 2015 Nov 2015 ISO FedRAMP MT ISAE3402/SOC ITAR ISO Control Effectiveness Assessment (Audit) Schedule Nov 2014 Dec 2015 Jan 2015 Feb 2015 Mar 2015 Apr 2015 May 2015 Jun 2015 Jul 2015 Aug 2015 Sep 2015 Oct 2015 Nov 2015 ISO FedRAMP MT ISAE3402/SOC ISO Audit cadence
  • 29. Trust but verify Share latest audit reports (Third-party verification) Compliance Program (Right to Examine*) Transparency and Control through Continuous monitoring * For larger highly regulated customers
  • 30.  Part of the responsibility for the secure management of the service lies with each customer. Managing Risk Office 365 supports a high degree of customer configuration • Account Management • Access control • Segregation of duties • Awareness and training • Support requests • Use flexible customer controls in Office 365 Customers must put the following controls in place to ensure the security of their data
  • 31. Compliance controls Helps to Identify monitor protect Sensitive data through deep content analysis Identify Protect Monitor End user education
  • 32. ALERT CLASSIFY ENCRYPT APPEND OVERRIDE REVIEW REDIRECT BLOCK Flexible tools for policy enforcement that provide the right level of control Transport Rules Rights Management Data Loss Prevention
  • 33. Email archiving and retention Preserve Search Secondary mailbox with separate quota Managed through EAC or PowerShell Available on-premises, online, or through EOA Automated and time- based criteria Set policies at item or folder level Expiration date shown in email message Capture deleted and edited email messages Time-Based In-Place Hold Granular Query-Based In-Place Hold Optional notification Web-based eDiscovery Center and multi-mailbox search Search primary, In-Place Archive, and recoverable items Delegate through roles-based administration De-duplication after discovery Auditing to ensure controls are met In-Place Archive Governance Hold eDiscovery
  • 34.
  • 35.
  • 36. Privacy by design means that we do not use your information for anything other than providing you services No advertising products out of Customer Data No scanning of email or documents to build analytics or mine data Various customer controls at admin and user level to enable or regulate sharing If the customer decides to leave the service, they get to take to take their data and delete it in the service Access to information about geographical location of data, who has access and when Notification to customers about changes in security, privacy and audit information
  • 37. Office 365 Trust Center http://trust.office365.com Office 365 Blog http://blogs.office.com/ • Enabling transparency and control • Enhancing transparency and control for Office 365 customers • Customer Lockbox • Office 365 management activity API for security and compliance monitoring Whitepapers Overview of Security http://aka.ms/securitywhitepaper Overview of Security and Compliance in Office 365 Customer controls for Information Protection http://aka.ms/customercontrolsm Law Enforcement Requests Report http://www.microsoft.com/about/corporatecitizenship/en- us/reporting/transparency/