SharePoint and Office 365 have always taken security and compliance seriously, and both offer tools to help organisations to manage their data in intelligent ways.Security and Compliance are very different things. Security is all about making sure that people who are not authorised to see things are not able to see them. Compliance is wider ranging – making sure that documents are managed in the correct way: Where is data stored? When is it disposed of? How do I protect who it’s shared with? Does it need to comply with specific standards and regulations?The Office 365 Security and Compliance Center is the place where Microsoft are adding a wide range of tools to enable your company to address these concerns. Currently, there are five areas:
- Security Policies: enabling you to set up Data Loss Prevention policies. These are rules that you can define to work across the whole of Office 365 that will monitor documents for particular patterns or metadata, preventing these documents from being shared or sending notifications when they are.
- Data Management: control how long data is stored for, either in mailboxes or in SharePoint/OneDrive for Business, and what happens to it after a specific timeframe. Documents can be archived or deleted based on metadata, or prevented from being deleted (Preservation Policy). You can also import data into your cloud services from here.
- Search and Investigation: Define searches to run across mailboxes, SharePoint and OneDrive for Business sites and groups. Search large volumes of content to assist with investigations.
- Reports: Query the Office Graph to find out what content users have been accessing. Run reports to view information about the SharePoint Online and OneDrive for Business items in your organization that match your Data Loss Prevention policies and rules
- Service Assurance: A collection of documents and independent reports that describe how Office 365 complies with a whole range of standards and regulations such as ISO and SOC, as well as information on security, resilience, risk management and more.