Q (from Olawale):
I have a customer that is going through some PCI compliance issues in that they are being hit with fines for non PCI compliance. They are looking at either upgrading their Exchange environment or moving to Office 365. I want to get them on an E3 subscription. I want to know if the Rights Management capabilities for the subscription would satisfy any PCI compliance controls. If so what controls would they satisfy. If there is a document that you could provide that would explain how it works that would be great. The customer is a medical outpatient facility.
I get questions similar to this frequently; remember, technology doesn’t make an organization compliant, technology supports the compliant process defined by the organization. “Yes”, Office 365 and Azure can fit into a compliant process and “Yes” we have received certifications that our process and technology are pre-approved.
I always start by pointing everyone to the Office 365 Trust Center:
and in this case navigate down to the PCI compliance site (Continuous Compliance / Learn About Certifications / Learn about Offerings / PCI):