Read on Twitter
The ACSC has just published a security guide for Web Conferencing in which they pose six important questions Australian organisations should consider. This thread is a Microsoft Teams perspective for Australian Government with more information links.
https://www.cyber.gov.au/publications/web-conferencing-security
(1/7)
https://www.cyber.gov.au/publications/web-conferencing-security
(1/7)
Q1. Is the service provider based in Australia?
Yes. Microsoft Teams services and data operate and reside in Australia and are IRAP assessed to Australian Government PROTECTED security classification requirements.
https://docs.microsoft.com/office365/enterprise/o365-data-locations#australia
(2/7)
Yes. Microsoft Teams services and data operate and reside in Australia and are IRAP assessed to Australian Government PROTECTED security classification requirements.
https://docs.microsoft.com/office365/enterprise/o365-data-locations#australia
(2/7)
Q2. What is the service provider's track record?
Microsoft has a strong record of security and compliance attestation, including global GDPR compliance and Australian IRAP with ongoing commitment to continually update and re-attest as each permits.
https://docs.microsoft.com/microsoft-365/compliance/get-started-with-service-trust-portal
(3/7)
Microsoft has a strong record of security and compliance attestation, including global GDPR compliance and Australian IRAP with ongoing commitment to continually update and re-attest as each permits.
https://docs.microsoft.com/microsoft-365/compliance/get-started-with-service-trust-portal
(3/7)
Q3. Are privacy, security and legal requirements being met?
Yes. Microsoft Teams delivers on a global high standard of privacy, security, legal, and contract terms. Including ISO 27018 Privacy, PROTECTED IRAP, concise legal principles and contracts.
https://docs.microsoft.com/microsoft-365/compliance/offering-home
(4/7)
Yes. Microsoft Teams delivers on a global high standard of privacy, security, legal, and contract terms. Including ISO 27018 Privacy, PROTECTED IRAP, concise legal principles and contracts.
https://docs.microsoft.com/microsoft-365/compliance/offering-home
(4/7)
Q4. What information and metadata does the service provider collect?
Microsoft has high transparency around data collection, used only to benefit customers. And do not scan email, documents, or teams for advertising or anything not service-related.
https://docs.microsoft.com/microsoftteams/security-compliance-overview
(5/7)
Microsoft has high transparency around data collection, used only to benefit customers. And do not scan email, documents, or teams for advertising or anything not service-related.
https://docs.microsoft.com/microsoftteams/security-compliance-overview
(5/7)
Q5. Does the service provider use strong encryption?
Yes. Teams meets the Australian Government requirements for PROTECTED classified systems. The underlying Office 365 services also employ encryption in transit and at rest.
https://docs.microsoft.com/microsoftteams/teams-security-guide
https://docs.microsoft.com/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview
(6/7)
Yes. Teams meets the Australian Government requirements for PROTECTED classified systems. The underlying Office 365 services also employ encryption in transit and at rest.
https://docs.microsoft.com/microsoftteams/teams-security-guide
https://docs.microsoft.com/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview
(6/7)
Q6. What is the reliability and scalability of the service provider's web conferencing solution?
A 99.9% SLA, ISO 22301 certified BCP, natively delivered and scaled by one of the largest cloud service providers in the world, Microsoft.
https://docs.microsoft.com/office365/enterprise/office-365-data-resiliency-overview
(7/7)
A 99.9% SLA, ISO 22301 certified BCP, natively delivered and scaled by one of the largest cloud service providers in the world, Microsoft.
https://docs.microsoft.com/office365/enterprise/office-365-data-resiliency-overview
(7/7)
