Despite the progress Microsoft is making with Office 365, its claim to universality won't stand up until it gains traction with government and public bodies. Microsoft obviously understands this.
While Microsoft the company has given Office 365 for private enterprises a lot of love in the past few months, it hasn’t been neglecting the public sector either. And that makes the thorny issue of regulatory compliance even more critical.
Regulatory compliance is important for the private sector, but it is essential for public agencies. As a result, Microsoft is introducing IRS 1075 compliance to Office 365. The goal here is to prevent anyone from walking away with personal financial information, especially tax related data.
What's 1075 Compliance?
Under US law (Internal Revenue Code Section 6103(p)), the IRS must protect all the personal and financial information it receives against unauthorized use, inspection or disclosure. So until Microsoft could guarantee that Office 365 met government-mandated security control baselines for compliance, it was never going to make deep inroads into the lucrative public finance market.
The result is IRS 1075 compliance. To find out what this was all about, we looked at IRS Publication 1075. We lost the will to live around page 2 of a 159-page document, but pushed on in order to shed some light on the issue.
Publication 1075 mandates, among other things, that information systems use mechanisms for authentication to a cryptographic module, and protects the integrity and confidentiality of transmitted information. It also addresses security issues regarding remote access, email, data transfers and employee activity.
To meet these requirements, Microsoft has introduced hundreds of controls across multiple standards for Office 365 Government E1, E3, E4, K1 and K2 SKUs. They are designed to ensure that data accessed through government agencies is secure, and also guarantees data protection across the spectrum of application, platform and data center services.
Office365 and Compliance
Not exactly the stuff of IT dreams, but significant nonetheless. The introduction of these compliance standards reflects a wider approach to regulation that has been built into Office 365 public plans from the beginning.
Learning Opportunities
Webinar
Mar
21
Ready to Level Up Your Learning? Discover Your Learning Maturity Score
Learn how to level up your learning program in this free, interactive workshop
Webinar
Mar
29
The CX Commute vs. the CX Joy Ride
Is your CX traffic holding up your customer's journey?
Webinar
Mar
29
Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost
See why MIcrosoft recommends third party backup
Webinar
Mar
30
An Optimized Customer Contact Strategy Combines Transparency and Intelligence: The State of Outbound Communications
Learn from the Neustar-commissioned Forrester Consulting study on challenges and solutions for contact centers
Conference
May
10
CMSWire CONNECT Customer Experience Conference - Austin 2023
Don't miss the top customer experience and digital experience conference of the year — live in Austin, Texas May 10-12.
Conference
May
10
Reworked CONNECT Employee Experience & Digital Workplace Conference Austin 2023
North America's best employee experience and digital workplace conference of the year — live in Austin May 10-12, 2023.
Our approach to compliance, based on built-in security and privacy by design, involves proactively assessing requirements from customers of various sizes and industries—from public safety, healthcare and finance to government, defense and more. With these requirements as a base set, we have built controls that are then used by Office 365 teams to design, build and run the service," Vijay Kuma, senior product manager at Office, wrote in a blog.
In other words, instead of just tacking a few compliance-related controls on top of Office 365, Microsoft is building these compliance controls into the products as customers need them. Microsoft has over 1,000 controls that it can add according to the needs of the customer.
In fact, it currently offers controls that make Office 365 compliant with some of the most vigorous standards in existence, including ISO 27001 and standards like CJIS, SSAE 16, HIPAA and SOC 2, which are applicable to finance, legal, health and other industry verticals.
The bottom line is that Office 365 can meet your compliance requirements, but you have to ask. There are 10 standards that Office 365 is catering to, but there’s probably more if you scratch a bit deeper.
While Microsoft says that the ongoing introduction of new standards demonstrates its commitment to protecting data — we’re not doubting this — it’s also a sure-fire way into the international public sector, which is probably one of the biggest consumers of IT on the planet.
Title image by Ed Yourdon (Flickr) via a CC BY-NC-SA 2.0 license.