Streamline PCI, FERPA and GDPR Compliance in Office 365
Looking for a tool that will enable you to harden the security of your Office 365 — and ensure regulatory compliance with far less time and effort? Netwrix Auditor delivers the comprehensive user behavior monitoring you need to prevent data breaches, along with powerful Office 365 compliance features that make it far easier to maintain and prove that your SharePoint Online, OneDrive for Business and Exchange Online environments comply with the requirements of PCI-DSS, GDPR, FERPA and other common regulations.
Do you need to prove PCI compliance for your Office 365 environment?
Proving Office 365 PCI compliance can be quite a challenge. Could you prove to an auditor that you never share credit card numbers via email or on your SharePoint Online sites, or if you do, that the regulated data is properly protected? If not, your organization could be slapped with huge fines and its reputation could be ruined.
Netwrix Auditor will help you ensure that cardholder data in your Office 365 environment is safe — and make it easy to provide the hard evidence that auditors demand. Specifically, the solution will help you comply with the following PCI DSS requirements:
- Requirement 3: Protect stored cardholder data.
- Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs.
- Requirement 6: Develop and maintain secure systems and applications.
- Requirement 7: Restrict access to cardholder data by business need to know.
- Requirement 8: Identify and authenticate access to system components.
- Requirement 10: Track and monitor all access to network resources and cardholder data.
- Requirement 11: Regularly test security systems and processes.
How can you keep your Office 365 compliant with FERPA?
The U.S. Family Educational Rights and Privacy Act (FERPA) requires educational organizations to strictly control the disclosure of personally identifiable information (PII) from student records — including those stored in Office 365. Compliance failures can lead to loss of federal funding, and some states also allow for monetary damages for improper disclosures of PII.
Netwrix Auditor can help you prove that you have the proper controls in place to keep the educational records in your Office 365 secure. Here are the key FERPA requirements that Netwrix Auditor can help you comply with:
Subpart B: What are the rights of inspection and review of education records?
- § 99.10 (a)
- § 99.10 (b)
- § 99.10 (d)(1)
- § 99.10 (e)
- § 99.10 (f)
Subpart C: What are the procedures for amending education records?
- § 99.20 (a)
Subpart E: May an educational agency or institution disclose personally identifiable information from education records?
- §99.31 (a)(ii)
- §99.32 (a)(1)
- §99.32 (a)(2)
- §99.33 (b)
Are you required to achieve GDPR compliance in Office 365?
The European Union’s General Data Protection Regulation (GDPR) requires all organizations — no matter where they are based — to protect the personal data of EU residents that they process or store. Fines for violations can be up to 20 million euros or 4% of the organization’s total global turnover of the preceding fiscal year; in fact, organizations have already been slapped with fines of over a million US dollars.
Netwrix Auditor can help you address the following key provisions of GDPR in your Office 365 environment:
- Chapter II. Principles
Article 5. Principles relating to processing of personal data - CHAPTER III. Rights of the data subject
Article 15. Right of access by the data subject
Article 16. Right to rectification
Article 17. Right to erasure (right to be forgotten)
Article 20. Right to data portability - Chapter IV. Controller and processor
Article 24. Responsibility of the controller
Article 25. Data protection by design and by default
Article 32. Security of processing
Article 33. Notification of a personal data breach to the supervisory authority.
Article 34. Communication of a personal data breach to the data subject
Pass audits with far less effort using Netwrix Auditor
No matter which compliance standards your organization is subject to, Netwrix Auditor has you covered. You’ll have the required Office 365 audit data readily available — and save valuable IT time to boot. With Netwrix Auditor, you can:
- Slash audit check preparation time by 50% with pre-built compliance reports mapped to the most common regulatory standards, including CJIS, FERPA, FISMA/NIST, GDPR, GLBA, HIPAA, ISO/IEC 27001, PCI DSS and SOX.
- Spot threats faster and meet compliance requirements by subscribing appropriate security staff to the reports they need most and having them delivered automatically on a specific schedule.
- Answer auditors’ questions in seconds by quickly drilling down into the audit data from any time range with the Google-like Interactive Search.
- Finally get a good night’s sleep knowing you’ll be alerted if any of the threat patterns you specify emerges anywhere in your Office 365 environment.
- Keep your consolidated SharePoint Online, Exchange Online and OneDrive for Business logs securely for years in the cost-effective two-tiered storage (SQL database + file-based), and easily access them any time auditors knock at your door.