In a bid to make the Office 365 cloud-based productivity suite more attractive to European and US customers subject to regulatory compliance, Microsoft Wednesday announced it would accept contractual obligations and add new software features.
In Europe, Microsoft (NASDAQ:MSFT) said it would now sign the European Union's standard contractual clauses—commonly referred to as "model clauses"—to help customers certify compliance with the European Commission's Data Protection Directive.
"Developing cloud-based productivity tools that meet the needs of European businesses means more than simply building apps in a browser," said Jean-Philippe Courtois, president of Microsoft International. "Microsoft has a more complete approach to European data protection and security laws than any other company, and we're proud of the work we've done to ensure the widest range of organizations can move to the cloud with confidence—or choose an equally functional on-premises option."
The EU released its model clauses in February 2010 in an effort to regulate the transfer of personal data via international networks to locations outside the European Economic Area (EEA). When included in service agreements with data processors, the model clauses are intended to assure customers that their data is properly safeguarded, even if it resides in a datacenter outside the EEA. The model clauses also give European regulators the option of blocking the use of a service that has not taken such steps until the regulators can evaluate the service and deem it compliant.
In addition to the model clauses, Microsoft said it would also include a data-processing agreement for EU customers, which will help it meet the requirements of the EU member states that have more exacting requirements than the EU's Data Protection Directive.
Microsoft also said it has developed online services to provide physical, administrative and technical safeguards that facilitate full compliance with the requirements of the US's Health Insurance Portability and Accountability Act (HIPAA) when working with healthcare companies.
"Until recently, concerns about the security and privacy of patient data have been the most common barrier to healthcare organizations realizing the full potential of cloud-based technologies," said Michael Robinson, general manager for US Health & Life Sciences at Microsoft. "Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 that enable health organizations to address their HIPAA compliance requirements. Today, Office 365 can help hospitals, insurers and clinics confidently empower their staff to be efficient and productive virtually anytime and almost anywhere while substantially reducing their IT operating costs."
Microsoft has already certified Office 365 under ISO/IEC 27001, an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). As part of the certification, the company submits to a yearly audit of its information security policy by an independent expert and shares the results with its customers.
Office 365 has already proven to be highly popular with small business, according to Microsoft. Microsoft has claimed that Office 365 is on track to become one of the fastest growing offers in its history, and 90 percent of adopters so far are from the small business crowd. But the Redmond, Wash.-based software behemoth also wants to capture the enterprise with its services offering.
Last week it sealed a deal with Hewlett-Packard to increase the service's international availability. Under the agreement, HP (NYSE:HPQ) will resell Office 365 and package it with HP Enterprise Cloud Services-Messaging, Enterprise Cloud-Services Collaboration and Enterprise Cloud Services-Real-Time Collaboration.