Taking too long? Close loading screen.

PIPEDA Compliance & Office 365 Compliance Center

Feb 4, 2020

When it comes to collaborative working and remote office setups, Microsoft Office 365 stands head and shoulders above the competition. It makes genuine remote collaboration a truly simple task, encouraging productivity and flexibility, and is able to all elements of the modern workforce. WIth the entire suite of Microsoft Office applications at your fingertips from wherever you are in the world, working in the cloud with O365 is a breeze.

As with all cloud-hosted environments, security is paramount. In order to stay on top of security and compliance, Microsoft rolled out two new portals in February, the Microsoft 365 Compliance Center and the Microsoft Security Center, to replace the Office 365 Security and Compliance Center (SCC) introduced in 2016. Functionality from the SCC will be divided between the two new portals, to allow expansion and to handle extra workloads.

But what does this mean for organizations in Alberta and the rest of Canada? What are the new features that they need to get up to speed with, and how can they ensure compliance? Below, we run through some of the most useful aspects of the new portals, and some of the ways that businesses can engage with this new rollout to remain compliant and ensure effective working practices.

New features

To get to the new Compliance Center, head to the O365 Admin Center, expand the group on the bottom of the left navigation dropdown, and click Compliance. Alternatively, just click here.

Your first interaction with the Compliance Center will be the First Run Experience (FRE). This takes up most of the welcome screen, and provides links to the important documentation, next steps and feedback procedures. You’ll also have the option to Assess, which will give you a snapshot of the current compliance situation, and Protect, where you can deal with DLP and integrated apps.

Plenty of the functionality and resources will be familiar for anyone who has used the SCC in the past. Monitoring and Reports features the same cards focusing on data, alerts and insights, while the Classification section features the same Labels, Label policies and Sensitivity Info types subsections from the SCC. However there are several new features to be aware of.

eDiscovery

eDiscovery allows you to search and retrieve files and resources relating to legal matters, as well as accessing content from Sharepoint sites, Exchange mailboxes and OneDrive locations. It gives users the ability to take large amounts of unsorted data and pinpoint relevant information for particular cases. 

Data Governance

Data governance gives you control over information from a variety of sources, including external platforms and archive mailboxes. You can import emails, and apply policies and rules as needed, as well as ensuring relevant data is retained while unnecessary information is deleted.

Threat Management

Threat management allows you to keep business data safe, prevent data loss and secure your business against malware and spam emails. You’ll be able to easily and quickly identify undesirable activities, and prevent them from becoming issues. In the threat management section you can manage and secure devices, encrypt data and protect inboxes from spam and spyware. 

Set User Permissions

O365 Permissions allows you to assign specific permissions for compliance tasks to individual users, allowing them to complete assignments or access content as needed, while maintaining control and oversight over the wider functions.

O365 Auditing

Auditing happens automatically, and allows you to always be able to be aware of what is going on across the O365 suite of applications. This facility logs and reports activity on an ongoing basis, and keeps you fully informed about potential threats, risks and activities across the O365 environment, giving you the ability to respond to issues immediately.

Alerts

You can set up your own, bespoke alerts based on specific user activities, notifying you instantly whenever certain conditions are met.

How to ensure compliance

The first thing you have to do to ensure compliance is take a look at your Microsoft Compliance Score. This gives you a benchmark to work from in order to improve your compliance score. 

Next up, think about implementing internal risk management policies to help ensure that practices inside your organization are as risk-free as possible, and allow you to quickly see any activities that are risky, and fix or prevent them before they become issues.

Take a look at your organization’s data loss prevention policies and ensure that they are up to date and fully compliant with the relevant documents in the Compliance Center documentation. 

Make sure you are totally up to speed with Microsoft Cloud App Security, and configure it so that your organization’s applications are protected properly. 

Make sure that your internal communication is compliant by implementing policies that allow you to swiftly detect and mitigate code of conduct violations.

Lastly, check in on your Compliance Center often. You’ll be able to see progress you’ve made on your compliance score, and review any security alerts and possible risks or breaches, allowing you to fix problems before they have a serious impact on your organization.

Connections Blog

Cybersecurity During the Holidays

As we start to gear up for the holidays after a tough year, it would be nice to stop worrying about things like cybersecurity for a while. However it isn’t just Santa and his elves who are...

read more

Safewords for CEOs

When most organizations think about computer hacking, it tends to be in high-level, advanced technology terms. Screens of green cascading code, Matrix-style, and the most sophisticated...

read more
Share This