Embed Size (px)
Citation preview
Contact us
@YellowbusTeam
www.yellowbus.uk
Team’s lets you communicate, collaborate & share content across your business giving your business manageability whilst working remotely.
Microsoft Office 365 Teams Compliance
YB1024.1V1
Microsoft Teams
Yellowbus Solutions Ltd4th Floor North, 401 Faraday Street, Birchwood Park, Warrington WA3 6GA
01925 83 83 86
ComplianceThere are many different policies that can be applied to the different areas of Teams such as channels, chats & attachments to make your tenant more compliant with the data it handles. There are also compliance standards that Microsoft follow and apply to your data by default making your business feel more comfortable with how data is being handled. Below we are going to look at how Microsoft are compliant, how your data travels & some of policies that can be applied.
Microsoft Compliance StandardsMicrosoft Teams is Tier D compliant which includes the following standards: ISO 27001, ISO 27018, SSAE16 SOC 1 & SOC 2, HIPAA and EU Model Clauses (EUMC).
Microsoft have a compliance framework
that classifies Office 365 application/services into four categories. Each category is then defined by specific commitments to compliance that must be met. Those categories are A, B, C and D. Services in categories C/D are enabled by default and include industry leading compliance commitments. Services with A/B come with the control to turn on or off per organisation. Teams does also support Cloud Security Alliance Compliance.
Of course, the security & compliance does not stop there, Microsoft are always enhancing security. They have a process called Microsoft Security Development Lifecycle (SDL). When developers are working on software privacy requirements are defined & integrated into the SDL to enhance security in new developments on products or services.
Microsoft Online Services Privacy Statements puts their commitment to keeping data secure in writing & details the data protection policies. Check it out here.
Contact us
@YellowbusTeam
www.yellowbus.uk
Microsoft Teams
Yellowbus Solutions Ltd4th Floor North, 401 Faraday Street, Birchwood Park, Warrington WA3 6GA
01925 83 83 86
Microsoft Primary Principles when handling your data include:
Control:
Putting your business in control of privacy with easy to use tools
Transparency:
Being transparent about data collection & use so that you make informed decisions
Security:
Protecting data with strong security and encryption
Strong Legal Protections:
Respecting your local privacy laws and fight for legal protection of your privacy as a right
No content-based targeting:
Not using your email, chat, files to target advertisements
Benefit to you:
When Microsoft do collect data it is used to benefit you, making your experience better
Global Security Accreditations
Please see below some of the global accreditations that Microsoft Office 365 & Teams adheres too:
• CIS Benchmark / CSA-STAR attestation / CSA-STAR certification / CSA-STAR self-assessment
• ISO 20000-1:2011 / ISO 22301 / ISO 27001 / ISO 27017 / ISO 27018 / ISO 27701 / ISO 9001
• SOC
• WCAG
Contact us
@YellowbusTeam
www.yellowbus.uk
Microsoft Teams
Yellowbus Solutions Ltd4th Floor North, 401 Faraday Street, Birchwood Park, Warrington WA3 6GA
01925 83 83 86
Teams Data Flow
The below diagram shows the flow of data from Teams to Exchange & SharePoint for Files and Teams Messages:
This is how Teams Meetings and call data is flowed to the Exchange:
Contact us
@YellowbusTeam
www.yellowbus.uk
Microsoft Teams
Yellowbus Solutions Ltd4th Floor North, 401 Faraday Street, Birchwood Park, Warrington WA3 6GA
01925 83 83 86
Compliance Tools:
Information Barriers
Information Barriers can be put in place by your administrator to prevent people communicating who have no business need to do so. This can be a great tool to prevent the spread of data across departments that should not have unauthorised data being sent to them. The policies set can impact 1 to 1 user chats, group chats or Team level chats to stop users sharing data to people who do not need to see it.
Communication Compliance
Policies can be configured to users to examine Microsoft Teams communications. This includes offensive Language, sensitive information and any information that relates to internal/regulatory standards. This can be applied across public/private Team’s, individual chats & attachments being sent. This is a great set of tools to keep users safe!
Retention Policies
Useful to setup to ensure data that is important is retained for regulatory, legal & business reasons. They can also be used to remove content & communications that are not relevant and do not need to be retained. Policies can be used to keep data for a certain amount of time before being deleted.
Data Location
The data within Teams is located in the geographic region that has been set by your Office 365 administrator. The United Kingdom is a supported region within Office 365 so our recommendation would be to check with your Office 365 administrator and ensure that this is set. Data being kept within the UK is important to UK businesses as it prevents your data travelling overseas.
A quick tip to check (if you are an Office 365 administrator already) would be to go to the Microsoft 365 Admin Centre – Settings – Organisational Profile & scroll down to data location.
It is important to know how your data is handled and what security standards are being adhered too especially when you are putting your company data in the hands of a third-party company.
If you would like to discuss any of the policies above, please feel free to give us a call on 01925838386 or email us on [email protected]
