Microsoft New Zealand has provided details on how Office 365 provides security and privacy protections for government organisations.
The New Zealand Government chief information office (GCIO), based in the Department of Internal Affairs, provides guidance on how NZ government organisations should adopt cloud computing via the Cloud Computing Risk and Assurance Framework.
As part of this framework, the GCIO has published the document entitled ‘Cloud Computing: Security and Privacy Considerations’, which comprises 105 questions focused on security and privacy aspects of cloud services that are fundamentally related to the issue of data sovereignty.
This tool allows agency chief executives to make a risk-based decision on using cloud services.
All State Service organisations must apply this framework when they are deciding on the use of a cloud service.
Microsoft New Zealand has responded to this document to demonstrate how Office 365 is ‘trustworthy’.
Russell Craig, Microsoft NZ national technology officer, says information provided will be of great assistance to the wide range of government organisations that are currently evaluating Office 365.
“Office 365 offers world-leading security and privacy protections for our customers, and its delivery from our Australian Azure data centre facilities alleviates any concerns they may have had about data sovereignty.
“To the best of our knowledge, Microsoft is the only vendor of cloud-based productivity solutions to have published such a comprehensive, detailed set of responses to the questions the GCIO has set out," Craig says.
“We are very pleased to demonstrate how Office 365 sets the benchmark for providing government with a productivity solution that effectively addresses the security and privacy considerations that government agencies must address when moving to any cloud-based solution,” says Craig.
“If you represent a NZ government organisation that wants to take advantage of the tremendous productivity, performance and innovation benefits that Office 365 enables, we are confident that this information will assist your analysis, and reassure you that your information will be in the safest possible IT environment," he says.
This information supplements the answers the company published in May about how Microsoft Azure addresses the same questions.
Craig says this framework does not define a NZ government standard against which cloud service providers must demonstrate formal compliance.
“Many of the questions in the framework do, however, point customers toward the fundamental importance of understanding cloud service providers’ compliance with a wide array of relevant standards, the approach they take to security and data privacy, the nature of their contractual commitments and what they do and don’t do with their customers’ data,” he says.
Craig says those who work outside of NZ government can also find the information about security, privacy and sovereignty aspects of Office 365 useful.