Educause Security Discussion mailing list archives
Re: Exchange Online
From: "Everett, Alex D" <alex.everett () UNC EDU>
Date: Thu, 13 Aug 2015 17:53:45 +0000
Thanks Jeff and Tina, the BAA is a good point and I recall that was worked on by our legal council also. That certainly would need to be in place to address much of the risk. However, I have some other concerns about risks not related to Microsoft’s storage of the data. Also what controls or policies your institutions have considered for the risks that Microsoft will not have liability for. I will follow up with you both. Sincerely, Alex From: The EDUCAUSE Security Constituent Group Listserv on behalf of Jeff Choo Reply-To: The EDUCAUSE Security Constituent Group Listserv Date: Thursday, August 13, 2015 at 1:00 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" Subject: Re: [SECURITY] Exchange Online Hi Alex, We are evaluating it right now. I am also love to see how everyone else does it. Office 365 does offer a signed BA – but it seems there will be some configuration changes needed on archiving end + email policy change + training on our end to make it work. We are currently using office 365 but have a policy that bans its use for PII/PHI. Regards Jeff Choo - Director, Information Technology | Information Security Officer William James College T - 617-327-6777 Ext. 1202 F - 617-477-2002 W - www.williamjames.edu Jeff_Choo () williamjames edu<mailto:Jeff_Choo () williamjames edu> For support, please send your request to: Email: support () williamjames edu<mailto:support () williamjames edu> Web: http://support.williamjames.edu Phone: 617-327-6777 x1600 Meeting the Needs... Making a Difference From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Everett, Alex D Sent: Thursday, August 13, 2015 11:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Exchange Online I am wondering if any of your organizations have sanctioned the exchange of PII or PHI via e-mail in Office 365 or are evaluating this. Over time, we are seeing more security controls and features added to Office 365 and wondered if any other organizations had made this decision. We have not yet made this decision and are not presently using Exchange Online/Outlook in Office365. If you have or have not, or if you have a policy that you could point me to I would appreciate it. Feel free to e-mail me directly if you don’t want to respond to all. Sincerely, Alex Everett, CISSP IT Security Engineer University of North Carolina at Chapel Hill
Current thread:
- Exchange Online Everett, Alex D (Aug 13)
- Re: Exchange Online Meier, Tina (Aug 13)
- Re: Exchange Online Jeff Choo (Aug 13)
- Re: Exchange Online Jones, Mark B (Aug 14)
- Re: Exchange Online Tevlin, Dave (Aug 14)
- Re: Exchange Online Evans, Edward (Aug 14)
- Re: Exchange Online Jones, Mark B (Aug 16)
- Re: Exchange Online Jeff Choo (Aug 17)
- <Possible follow-ups>
- Re: Exchange Online Everett, Alex D (Aug 13)
- Re: Exchange Online Everett, Alex D (Aug 13)