Describe the Service Trust Portal and privacy at Microsoft Flashcards

1
Q

Microsoft Service Trust Portal

A
  • The Service Trust Portal (STP) provides resources about Microsoft cloud services’ data protection, cloud data security, and compliance management.
  • It is a public site for publishing audit reports and compliance-related information.
  • STP users can access and download external audit reports and Microsoft-authored whitepapers.
  • Access to some resources requires authentication with a Microsoft cloud services account and acceptance of the Microsoft non-disclosure agreement for Compliance Materials.
  • The content on the STP is organized into categories: Certifications, Regulations, and Standards; Reports, Whitepapers, and Artifacts; Industry and Regional Resources; and Resources for your Organization.
  • The STP landing page provides quick access to these content categories, and users can easily navigate back to the home page.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Certifications, Regulations, and Standards section of the Service Trust Portal (STP)

A
  • This section provides information on security implementation and design to help organizations meet regulatory compliance objectives.
  • The STP offers a variety of documents related to certifications, regulations, and standards.
  • The documents are organized into tiles on the STP home page.
  • Selecting a tile provides a list of available documents, along with descriptions and last update dates.
  • For example, selecting the ISO/IEC tile displays a list of documents specifically related to ISO/IEC certification.
  • Users can access and review these documents to understand how Microsoft Cloud services ensure data security and compliance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Reports, Whitepapers, and Artifacts

A

This section includes general documents relating to the following categories:

*BCP and DR - Business Continuity and Disaster Recovery

*Pen Test and Security Assessments - Attestation of Penetration tests and security assessments conducted by third parties

*Privacy and Data Protection - Privacy and Data Protection Resources

*FAQ and Whitepapers - Whitepapers and answers to frequently asked questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Industry and Regional Resources

A

This section includes documents that apply to the following industries and regions:

*Financial Services - Resources elaborating regulatory compliance guidance for FSI (by country/region)

*Healthcare and Life Sciences - Capabilities offered by Microsoft for Healthcare Industry

*Media and Entertainment - Media and Entertainment Industry Resources

*United States Government - Resources exclusively for US Government customers

*Regional Resources - Documents describing compliance of Microsoft’s online services with various regional policies and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Resources for your Organization

A

This section lists documents applying to your organization (restricted by tenant) based on your organization’s subscription and permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

My Library feature in the Service Trust Portal (STP)

A
  • My Library allows users to add documents and resources from the STP to a personalized page for easy access.
  • To add a document to My Library, select the ellipsis (…) menu next to the document and choose “Save to library”.
  • My Library helps users keep track of relevant documents in a single location.
  • Notifications can be set up to receive email updates when a document in My Library is updated.
  • To configure notifications, go to My Library and select “Notification Settings”. Choose the frequency of notifications and specify an email address for receiving them.
  • Email notifications include links to updated documents and a brief description of the update.
  • If a document is part of a series, users will be subscribed to the series and receive notifications for updates within that series.
  • My Library provides a convenient way to manage and stay informed about important documents in the STP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Microsoft’s approach to privacy

A
  1. Control: Microsoft puts customers in control of their data and privacy through easy-to-use tools and clear choices. Customers have access to their data, can modify or delete it at any time, and Microsoft only uses the data with customer agreement.
  2. Transparency: Microsoft is transparent about data collection and use, ensuring customers can make informed decisions. Subcontractors and subprocessors are bound by the same privacy commitments, and the Microsoft Online Services Subprocessor List provides information on authorized subprocessors.
  3. Security: Microsoft protects customer data using strong security and encryption measures. Data is encrypted at rest and in transit, with multiple layers of encryption. Encryption keys are secured, and tools like Azure Key Vault help customers control access to passwords and encryption keys.
  4. Strong legal protections: Microsoft respects local privacy laws and advocates for privacy as a fundamental human right. Legal protections, contractual commitments, and rigorous scrutiny of government requests ensure privacy rights are upheld. Microsoft notifies customers of data requests and directs governments to seek data from customers directly.
  5. No content-based targeting: Microsoft does not use personal content for advertising purposes. Data is not shared with advertiser-supported services, and it is not mined for marketing research or advertising.
  6. Benefits to customers: When Microsoft collects data, it is used to benefit customers. This includes troubleshooting, improving features, increasing reliability and protection, and providing personalized customer experiences.

These principles guide the design of Microsoft’s products and services and prioritize customer privacy and data protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Microsoft Priva and privacy challenges

A
  1. Privacy concerns: Privacy is a growing concern for organizations and individuals, driven by regulations and increased awareness of data handling practices.
  2. Regulatory compliance: Organizations need to meet regulatory requirements and build customer trust by adopting a “privacy by default” approach.
  3. Common challenges: Organizations face challenges such as employee training, data risk assessment, and fulfilling data subject requests.
  4. Comprehensive solution: Microsoft Priva offers a comprehensive solution to address privacy challenges and achieve privacy goals.
  5. Priva capabilities: Priva provides two solutions: Priva Privacy Risk Management offers visibility into data and policy templates to reduce risks, while Priva Subject Rights Requests provides automation and workflow tools for efficient data request fulfillment.

By leveraging Microsoft Priva, organizations can navigate privacy challenges effectively and uphold privacy standards in their operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Priva Privacy Risk Management

A
  1. Understand data assets: Priva automates the discovery of personal data assets in your organization and provides visualizations to understand essential information about your data.
  2. Overview dashboard: The overview dashboard offers a comprehensive view of your organization’s data in Microsoft 365. Privacy administrators can monitor trends, identify risks, and access key activities like policy management and subject rights requests.
  3. Data profile page: The data profile page provides a snapshot view of the personal data stored in Microsoft 365, including its location and data types.
  4. Supported services: Priva evaluates data stored in Microsoft 365 services such as Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.
  5. Policy management: Privacy Risk Management enables the setup of policies to identify privacy risks in your Microsoft 365 environment and facilitate easy remediation.
  6. Key policy objectives: Policies help detect overexposed personal data, control data transfers across departments or regions, and reduce unused personal data.
  7. Interactive guide: Access the interactive guide in the Learn more section of the Summary and resources unit to explore more about Priva Privacy Risk Management.

By leveraging Priva Privacy Risk Management, organizations can gain insights into their data, monitor risks, and establish policies to ensure privacy compliance in their Microsoft 365 environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Priva Subject Rights Requests

A
  1. Subject Rights Requests: Priva Subject Rights Requests is a solution designed to help organizations handle requests made by individuals to review or manage their personal data.
  2. Data subject requests: These requests, also known as DSRs, DSARs, or consumer rights requests, allow individuals to access their personal data held by companies.
  3. Workflow and automation: Priva Subject Rights Requests provides workflow, automation, and collaboration capabilities to streamline the process of handling subject rights requests.
  4. Searching for subject data: The solution assists in searching for relevant data within your organization’s storage to fulfill subject rights requests.
  5. Review and collection: Priva enables you to review the findings, collect the appropriate files, and prepare reports for the subject rights request.

By leveraging Priva Subject Rights Requests, organizations can efficiently manage and respond to subject rights requests, ensuring compliance with privacy regulations and providing individuals with control over their personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When browsing Microsoft compliance documentation in the Service Trust Portal, you have found several documents that are specific to your industry. What is the best way of ensuring you keep up to date with the latest updates?

A. Save the documents to your My Library.

B. Print each document so you can easily refer to them.

C. Download each document.

A

A. Save the documents to your My Library.

Saving the document to the My Library section of the Service Trust Portal, will ensure you have the latest updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Microsoft’s approach to privacy is built on six principles: Three of the principles are strong legal protections for privacy, no content-based targeting, and benefits to customers from any data we collect. Identify the three other principles that are part of Microsoft’s approach to privacy.

A. Customer control, transparency, and security.

B. Shared responsibility, transparency, and security.

C. Customer control, transparency, and zero trust.

A

A. Customer control, transparency, and security.

The foundation of Microsoft’s approach to privacy is built on the following six principles:
*customer control
*transparency
*security
*strong legal protections for privacy
*no content-based targeting
*benefits to customers from any data we collect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly