Office 365: Regulatory Compliance and eDiscovery

Community Content

AppRivereDiscovery 2By Nathan Mitchell, AppRiver

Many organizations have a regulatory obligation to retain various types of data and ensure its authenticity and integrity. So,

it’s not a surprise when customers ask us about eDiscovery capabilities within the popular cloud-based communications and collaboration solution.

Discovery is the term used for the initial phase of litigation where the parties in a dispute are required to provide each other relevant information and records, along with all other evidence related to the case. You can use eDiscovery in Office 365 to search for content in Exchange Online mailboxes, SharePoint Online sites, or both. You can even copy the data to a Discovery Mailbox or export it to a PST file.

One question we hear at AppRiver is, “How do we know our data is going to be secure?” There are several third-party solutions that offer granular security capabilities, but Microsoft addresses the need with its Data Loss Prevention, Message Encryption, Encryption at Rest, Server Redundancy, and Exchange Online Protection.

Another question we hear fairly frequently, “How will Office 365 meet my company’s compliance requirements?” Before we answer, it is important for us to collect more information about that customer’s organizational compliance requirements. Some organizations, for example, are required to maintain all data for seven years, while others are forced to remove all data after six months. No matter what the requirement, Office 365 provides built-in eDiscovery capabilities that can help meet a client’s needs. For those that need to retain data, for instance, Litigation Hold or In-Place Hold is a good place to start. And, for those that need to ensure data is removed, we suggest they check out Retention Tags and Retention Policies.