Describe Microsoft Service Trust Portal and privacy capabilities Flashcards
The Service Trust Portal - Offerings
The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
-STP users can download audit reports
-To access STP, you must log in as an authenticated user with your Microsoft cloud services account (Microsoft Entra organization account) and review and accept the Microsoft non-disclosure agreement for Compliance Materials.
STP Content Categories:
-The certification, regulations, and standards section of the STP provides a wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft Cloud services keep your data secure.
-The Reports, Whitepapers, and Artifacts section, includes, general documents relating to: BCP and DR, Pen Test and Security Assessments, Privacy and Data Protection and FAQ and Whitepapers.
-The Industry and Regional Resources section, includes, documents that apply to the following industries and regions: Financial Services, Healthcare and Life Sciences, Media and Entertainment, United States Government and Regional Resources.
-The Resources for your Organization section, includes, documents applying to your organization (restricted by tenant) based on your organization’s subscription and permissions.
Use the My Library feature to add documents and resources on the Service Trust Portal to your My Library page. This lets you access documents that are relevant to you in a single place.
Microsoft’s Privacy Principles
Microsoft’s products and services run on trust. We value, protect, and defend privacy.
-Control: Putting you, the customer, in control of your data and your privacy with easy-to-use tools and clear choices.
-Transparency: Being transparent about data collection and use so that everyone can make informed decisions. We only process your data based on your agreement and in accordance with the strict policies and procedures that we’ve contractually agreed to.
-Security: Protecting the data that’s entrusted to Microsoft by using strong security and encryption.
-Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right.
-No content-based targeting: Not using email, chat, files, or other personal content to target advertising.
-Benefits to you: When Microsoft does collect data, it’s used to benefit you, the customer, and to make your experiences better. (Troubleshooting, Feature improvement, Personalized customer experience)
Microsoft Priva
Microsoft Priva helps you so you can achieve your privacy goals.
Priva Privacy Risk Management: Provides visibility into your organization’s data and policy templates for reducing risks.
-These visualizations can be found on the overview and data profile pages, currently accessible through the Microsoft Purview compliance portal.
-The overview dashboard provides an overall view into your organization’s data in Microsoft 365
-The data profile page in Priva provides a snapshot view of the personal data your organization stores in Microsoft 365 and where it lives.
-Priva evaluates your organization’s data stored in the following Microsoft 365 services within your Microsoft 365 tenant: Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams
-Also gives you the capability to set up policies that identify privacy risks
Priva Subject Rights Requests: Provides automation and workflow tools for fulfilling data requests.
-These requests are sometimes also referred to as data subject requests (DSRs), data subject access requests (DSARs), or consumer rights requests.