Microsoft New Zealand details Office 365 information security and privacy considerations
Posted on 18-Jul-2015 17:24.
Filed under: News
The company has this week published details of how Office 365 addresses key issues presented by the New Zealand Government CIO's Cloud Computing Risk and Assurance Framework.
The NZ Government Chief Information Officer (GCIO) – who is based within the NZ Department of Internal Affairs – has responsibility for providing guidance on how NZ government organisations should adopt cloud computing via the Cloud Computing Risk and Assurance Framework.
As part of this framework, the GCIO has published the document entitled “Cloud Computing: Security and Privacy Considerations”, which comprises 105 questions focused on security and privacy aspects of cloud services that are fundamentally related to the issue of data sovereignty. This tool allows agency Chief Executives to make a risk-based decision on using cloud services.
All State Service organisations must apply this framework when they are deciding on the use of a cloud service.
Microsoft NZ’s National Technology Officer, Russell Craig, says that the information provided will be of great assistance to the wide range of government organisations that are currently evaluating Office 365, showing them how Microsoft’s productivity platform is the most trustworthy available on the market.
“Office 365 offers world-leading security and privacy protections for our customers, and its delivery from our Australian Azure datacentre facilities alleviates any concerns they may have had about data sovereignty,” says Craig.
“To the best of our knowledge, Microsoft is the only vendor of cloud-based productivity solutions to have published such a comprehensive, detailed set of responses to the questions the GCIO has set out.”
“We are very pleased to demonstrate how Office 365 sets the benchmark for providing government with a productivity solution that effectively addresses the security and privacy considerations that government agencies must address when moving to any cloud-based solution,” says Craig.
“If you represent a NZ government organisation that wants to take advantage of the tremendous productivity, performance and innovation benefits that Office 365 enables, we are confident that this information will assist your analysis, and reassure you that your information will be in the safest possible IT environment.”
“If you work outside of NZ government and are interested in the security, privacy and sovereignty aspects of Office 365, you should also find the information we are providing to our government customers to be very useful,” says Craig.
Craig says this information on Office 365 supplements the answers the company published in May about how Microsoft Azure addresses the same questions. He also notes that this framework does not define a NZ government standard against which cloud service providers must demonstrate formal compliance.
“Many of the questions in the framework do, however, point customers toward the fundamental importance of understanding cloud service providers’ compliance with a wide array of relevant standards, the approach they take to security and data privacy, the nature of their contractual commitments and what they do and don’t do with their customers’ data,” he says.
Some government agencies are able to take up Office 365 straight away.