Sunday 14 February 2016

Notes on Compliance in Office365 & SharePoint

Also see: Data Protection Using SharePoint

Data Loss Prevention (DLP)
Historically used for email to identify, monitor and protect data.  This is the next step on from email policies/IT Policies where sent around and signed with the hope users would behave and only send appropriate information along.   DLP ensure that sensitive information such as patents, financial information, Payment Card Industry Data Security Standard (PCI DSS) , personally identifiable information (PII), or intellectual property (IP) are accidentally shared with external parties.  DLP can inform users before they send email or open access to OneDrive or SharePoint document libraries that the information being shared violates company policy (as configured in the DLP template).
https://blogs.office.com/2013/10/28/office-365-compliance-controls-data-loss-prevention/
https://blogs.office.com/2014/08/27/search-sensitive-content-sharepoint-onedrive-documents/

Information Rights Management (IRM)
IRM-Protect document libraries prevents sensitive information being copied, forwarded, printed

eDiscovery
Find related content with SharePoint, Exchange & files shares to assit with litigation and determining info on a topic ata point in time.

Records Management
Manage a documents life-cycle, stop key docs being amended or edited.

Information management policies
Enforce compliance such as expired content, usage auditing & retention policies

Office 365
All data is encrypted on the servers (encryption at rest) and TLS/SSL on all communications.

Other
DocAve can enhance IRM and archieving & they have a SharePoint Monitoring and Policy Enforcement module.

Reference:
https://support.office.com/en-us/article/Use-Office-365-to-help-comply-with-legal-regulatory-and-organizational-compliance-requirements-ce773cec-2151-4d06-9a4e-2818613bd7e0

0 comments:

Post a Comment