Today, we’re pleased to announce Office 365 was granted the authorization to operate under the Federal Information Security Management Act (FISMA) by the Broadcasting Board of Governors. FISMA is important to our customers because it creates a process for federal agencies to certify and accredit the security of their information management systems. IT solutions with FISMA certification and accreditation have federal agency approval for their use in line with the level of security established by that agency.
We take our responsibility to protect customer data very seriously. While we’re pleased to have been granted FISMA authorization, Office 365 already meets the industry’s most rigorous global security and privacy standards.
Office 365 is the first and only major cloud based productivity service to sign EU Model Clauses with all customers. In addition, we added the Data Processing Agreement (DPA) to the EU Model Clauses to address additional requirements from the EU member states. Office 365 also signs the Business Associate Agreement (BAA) to meet the security requirements of the US Health Insurance Portability and Accountability Act (HIPAA). Importantly, Office 365 signs the HIPAA-BAA, DPA and EU Model clauses with all customers regardless of size. Along with EU Model Clauses and HIPAA, Office 365 is ISO 27001 certified.
We understand people have high expectations of any service provider and an interest in understanding where their data resides, who can access it and what we do with it. To that end, we created the Office 365 Trust Center to enable customers to learn more.
With FISMA, it becomes even easier for governments to choose Office 365 and join the ranks of the USDA, the first federal agency to deploy cloud services, the States of California, Minnesota and New York; the cities of San Francisco, Newark, Plano and many others. The move to Office 365 is afoot in government, and the savings and benefits to citizens are considerable. Today’s news should further hasten that transition.