Passing Office 365 regulatory compliance checks with less time and effort

How can you effectively bridge the gap between your organizational policies and Office 365 regulatory compliance requirements? There is a way to kill two birds with one stone: You can streamline compliance processes while staying on top of user behavior to harden your Microsoft cloud security and prevent data loss. Netwrix Auditor for Office 365 will help you successfully tackle these challenges and meet your compliance needs. Its powerful Office 365 compliance features will simplify your reporting processes and enable you to easily prove your SharePoint Online, OneDrive for Business and Exchange Online compliance with HIPAA, PCI-DSS, GDPR, FERPA and other common regulations.

Do you have to keep up with Office 365 HIPAA compliance?

From the moment your organization obtains a patient’s electronic protected health information (ePHI), you must take full responsibility for its safety. In fact, if your healthcare organization stores sensitive data in its cloud-based Office 365 environment, it is subject to the strict Office 365 HIPAA compliance requirements — so you must regularly provide evidence that your security controls align with those Office 365 HIPAA compliance requirements.

Netwrix Auditor can help you establish controls aligned with the following Microsoft Office 365 HIPAA compliance requirements and prove that those controls are in place:

  • Enable efficient security management process (§ 164.308 (a)(1)(i))
  • Analyze risks (§ 164.308 (a)(1)(ii)(A))
  • Manage information access (§ 164.308 (a)(4)(i))
  • Establish authorized access and properly modify it (§ 164.308 (a)(4)(ii)(C))
  • Protect your data from malicious software (§ 164.308 (a)(5)(ii)(B))
  • Enable reporting (§ 164.308 (a)(6)(ii))
  • Gain control over data access (§ 164.312(a)(1))
  • Have all activity trail documented, securely stored and available at an auditor’s request (§ 164.316)
  • And more


Do you need to prove PCI compliance for your Office 365 environment?

Do you have to ensure Office 365 PCI compliance? Did you know that Microsoft acknowledges that Office 365 doesn’t provide functionality for processing, transmitting or storing PCI-governed cardholder data? But an auditor might very well ask you for proof that you never share credit card number via emails or on your SharePoint Online sites, or if you do, that such data is properly protected. Without effective regulatory compliance processes, you may be unable to provide evidence that the required Office 365 security and data security controls are in place — and failing to comply with PCI compliance requirements could result in huge fines and ruin your organization’s reputation.

Netwrix Auditor can help you provide the evidence auditors demand that your cardholder data is safe and no unauthorized users have access to it. Specifically, the solution will help you comply with the following PCI DSS requirements for your Office 365 environment:

  • Requirement 3: Protect stored cardholder data.
  • Requirement 4: Ensure encrypted transmission of cardholder data across open, public networks.
  • Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs.
  • Requirement 6: Develop and maintain secure systems and applications.
  • Requirement 7: Restrict access to cardholder data by business need to know.
  • Requirement 8: Identify and authenticate access to system components.
  • Requirement 9: Restrict physical access to cardholder data.
  • Requirement 10: Track and monitor all access to network resources and cardholder data.
  • Requirement 11: Regularly test security systems and processes.
  • Requirement 12: Maintain a policy that addresses information security for all personnel.


Are you required to achieve GDPR compliance in Office 365?

The General Data Protection Regulation (GDPR) is designed to protect the personal data of EU citizens — but it applies to all organizations that store or process that data, whether they are in the European Union (EU) or outside it. Therefore, even though the GDPR won’t take full legal effect until May 25, 2018, it’s time to start working on your Office 365 GDPR compliance strategy so you’ll be able to satisfy the regulation’s provisions well before the deadline arrives.  

Netwrix Auditor can help you address the following key provisions of GDPR in Office 365:

  • Chapter II. Principles
    Article 5. Principles relating to processing of personal data
  • Chapter IV. Controller and processor
    Article 24. Responsibility of the controller
    Article 25. Data protection by design and by default
    Article 32. Security of processing
    Article 33. Notification of a personal data breach to the supervisory authority.


How can you keep your Office 365 compliant with FERPA?

Office 365 is the most-used collaboration and engagement tool among educational agencies and institutions. To protect students, the U.S. Department of Education established the Family Educational Rights and Privacy Act (FERPA), which requires organizations to strictly control the disclosure of personally identifiable information from student records.

Netwrix Auditor can help you prove that the data security policies established in your Office 365 are FERPA compliant by delivering evidence that your technological controls are in place and educational records are secure. Here are the major FERPA requirements that Netwrix Auditor can help you comply with:

FERPA requirements for educational agencies or institutions:

  • § 99.31 (a)(ii)
  • § 99.31 (c)
  • § 99.32 (a)(1)

FERPA requirements for state or local educational authorities or agencies:

  • § 99.35 (a)(2)


Successfully pass audits with far less effort using Netwrix Auditor

No matter which compliance standards your organization is subject to, Netwrix Auditor for Office 365 has you covered. You’ll have the required Office 365 audit data readily available — and save valuable IT time to boot. With Netwrix Auditor, you can:

  • Slash audit check preparation time by 50% with pre-built compliance reports mapped to the most common regulatory standards, including CJIS, FERPA, FISMA/NIST, GDPR, GLBA, HIPAA, ISO/IEC 27001, PCI DSS and SOX.
  • Spot threats faster and meet compliance requirements by subscribing appropriate security staff to the reports they need most and having them delivered automatically on a specific schedule.
  • Answer auditors’ questions in seconds by quickly drilling down into the audit data from any time range with the Google-like Interactive Search.
  • Finally get a good night’s sleep knowing you’ll be alerted if any of the threat patterns you specify emerges anywhere in your Office 365 environment.
  • Keep your consolidated SharePoint Online, Exchange Online and OneDrive for Business logs securely for years in the cost-effective two-tiered storage (SQL database + file-based), and easily access them any time auditors knock at your door.

HIPAA Compliance reports from Netwrix Auditor: Exchange Online Mailbox Permission Changes and All SharePoint Online Activity by User