One of the biggest challenges facing software and technology suppliers selling to state, local and federal government agencies lies in developing products that meet their myriad security compliance requirements. That’s why Microsoft’s rollout of a new IRS-compliant offering for its Office 365 for government comes as a welcome development for state IT officials.
IRS 1075 provides guidance to ensure that the policies, practices, controls and safeguards employed by agencies that use Office 365 adequately protect the confidentiality of federal tax information and related financial tax return data used by many state agencies.
The IRS 1075 compliance requirement joins a list of other compliance milestones that company has hit in the state and local space, most notably for handling sensitive consumer information required by the Criminal Justice Information Services standard for law enforcement, the Family Educational Rights and Privacy Act for education, and the Health Insurance Portability and Accountability Act for health care. The compliance packages have become more complicated, and increasingly important, as agencies move more of their computing operations into the cloud.
That’s been especially true for the handling of criminal justice information, under CJIS, which continues to be one of the largest obstacles that cities in particular have faced in moving to cloud solutions.
Since Microsoft received its CJIS certification, the company has seen a number of large municipalities – especially in California – move to the Microsoft’s Office 365 for government, including cities like San Francisco and San Mateo, and Los Angeles County.
“Through this process of working with our customers, we have built controls that are used by Office 365 teams to design, build, and run the service,” Michael Donlan, vice president of U.S. state and local government of Microsoft Corp., wrote in a blog post. “Today we have over 1,000 such security and privacy controls in Office 365 that address various standards and regulations. This ability to support a broad scope of control and regulatory requirements has enabled us to meet some of the most stringent requirements. Signing up for those same requirements means we are doing our part to help them protect their data.”
“Managing and mastering new technology at the state and local government level is all about balancing the need to streamline services, keep costs contained, and modernize systems, all while meeting the variety of security and privacy compliance requirements that exist,” Donlan said in a previous interview with StateScoop.