Back
Security

Office 365 Service Assurance—gaining your trust with transparency

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

As customers consider the transition to the cloud, we often hear that they want to ensure security, privacy and compliance requirements are met. At Microsoft, we believe that customers have the right to know how Office 365:

  • Safeguards confidentiality, integrity, availability and reliability of your data.
  • Let’s you control access to your data.
  • Helps you comply with various regulatory standards.

Service Assurance—Dashboard

We want to ensure that you have access to the information that is relevant for you to perform a risk assessment on Office 365 services—on demand. Access to this information should be seamless. To achieve these goals, we have released the Service Assurance Dashboard as part of the Office 365 Security and Compliance Center, which provides you immediate access to:

  • Details on how Office 365 implements security, privacy and compliance controls including details of how third-party independent auditors perform audits to test these controls.
  • Third-party independent audit reports including: SSAE 16 / SOC 1, SOC 2 / AT 101, ISO 27001 and ISO 27018.
  • Deep insights into how we implement encryption, incident management, tenant isolation and data resiliency.
  • Information on how you can leverage Office 365 security controls and configurations to protect your data.

Service Assurance—Audited Controls

While there are many detailed insights provided through Service Assurance, initial customer feedback indicates that Audited Controls are particularly helpful. The Audited Controls feature in Service Assurance helps you to understand how Office 365 protects your data by detailing:

  • Test status—Status of the Office 365 controls.
  • Control implementation details—Explanation of how Office 365 implements a control.
  • Testing performed to evaluate control effectiveness—How independent auditors test the effectiveness of our security, compliance and privacy controls.
  • Test date—When a control was validated.
  • Office 365 controls—How the Office 365 internal controls map to standard controls.

Service Assurance—Compliance Reports

Office 365 Service Assurance 3

In this open and transparent model, we don’t just tell you “what” controls we have implemented, but also give you insights into “how” Microsoft implements and tests these controls. The Compliance Reports and Trust Documents provide you independent audit reports, deep-dive white papers and FAQs that are relevant to your geography and industry. Service Assurance helps you to stay secure and compliant with an “end-to-end” view of controls implemented by you as well as by Microsoft. For controls owned by you, it provides actionable implementation plans for relevant features that help you to implement these controls and manage your risks.

Tens of thousands of organizations already use Office 365 Service Assurance and have indicated that they are saving a significant amount time in evaluating the security, privacy and compliance of Office 365. Information available through Service Assurance such as the “Customer Security Considerations Workbook” have helped customers secure their Office 365 service with features/configurations that they manage.

Service Assurance is available to all Office 365 tenants as well as to prospective customers with Office 365 E3/E5 trials. To get started, follow this guide at Security and Compliance Center—Service Assurance.

We look forward to your feedback!

—Om Vaiti, senior program manager for the Office 365 Trust Engineering team

Top
4 comments
  1. Compliance Reports and Trust Documents is really essential for every business

    • Thank you Aksa! We truly appreciate you taking the time to share your valuable feedback about Service Assurance. Your feedback helps us improve and ship better products. Please continue to share your thoughts. concerns and ideas to us.

  2. In Office 365/Outlook 2016 – customers don’t have the ability to select AES 256-bit as the encryption algorithm. Any new security features changed in Outlook 2016 encryption? In previous version, for example, in Outlook 2010, users were able to use AES 256 bit encryption to send encrypted email. Any comments/suggestions to understand better Office 365/Office 2016 Security and functions features.

    Thanks!

    • Dear Customer,

      Thank you for taking time to share your feedback! You can find detailed information about Office 365 encryption via “Data Encryption Technologies in Office 365” whitepaper available on Service Assurance. We would also like to understand your question better to help you appropriately – so kindly contact us through using “https://support.office.com/en-us/article/Contact-Office-365-for-business-support-Admin-Help-32a17ca7-6fa0-4870-8a8d-e25ba4ccfd4b?ui=en-US&rs=en-US&ad=US”

Comments are closed.