Online Compliance Center
What is behind the Online Compliance Center?
The Online Compliance Center is the framework for various modules that enable companies to optimise thier ITcompliance. With dashboards, monitoring and reporting functions, and supporting documents, customers always have a clear overview and can check their individual IT compliance status at any time.
How does onboarding work?
Onboarding is straightforward and takes place via the free trial version. Your microsoft 365 organisation will be linked there and an initial backup can be performed.
In which regions is the data stored?
The data is stored in Germany.
For which company sizes is the OCC suitable?
The Online Compliance Center is particularly suitable for medium-sized companies and corporate structures.
Are there any trial or pilot versions?
Yes! You can test the modules of the Online Compliance Center free of charge for 14 days without providing any payment details.
OCC - Backup & Restore
How many Microsoft 365 users should I back up?
Does Microsoft 365 already back up my data automatically?
It is a common misconception that Microsoft automatically backs up all your Microsoft 365 data within the cloud service you have purchased. While Microsoft offers high reliability and integrated tools for various functions, it does not provide an integrated back up solution as part of normal Microsoft 365 usage. Microsoft refers to the so-calles shared responsibility model: it describes what the cloud service provides and what responsibility customers themselves must assume for protecting their Microsoft 365 data.
How can you back up your Microsoft 365 data?
To back up your Office 365 data, we recommend using a third-party backup solution (read our whitepaper Microsoft or Third Party?). Backup&Restore offers simple processes for creating backups and sufficient flexibility in scheduling to meet all RPO (Recovery Point Objectives) and RTO (Recovery Time Objectives). Furtermore, Backup & Restore offers a fast and granular data recovery with advanced search capabilities via the eDiscovery portal, allowing administrators to quickly find the items they need to meet various compliance requirements.
What is the default retention policy in Microsoft 365?
The retention periods for deleted data in Office 365 vary depending on the application. In an Exchange Online mailbox,” Deleted items” are stored for 14 days by default, although this period can be extended to up 30 days.
In Sharepoint Online, deleted files that have been removed via the browser remain in the recycle bin for 93. days.
If an employee`s Microsoft account is deleted after they leave the company, the associated user data is also removed after 30 days and is only available if it has been previously backed up in a backup solution. Setting up retention policies is time-consuming, and human error during configuration can lead to data loss. This is another reason why backing up Microsoft 365 data is essential to protect against such risks.
How is Backup & Restore licensed?
A licence under Backup & Restoreis required for each account that has a backup. A Backup & Restore licence includes one email account, one OneDrive account, two Sharepoint sites and two Teams. The minimum purchase is 10 licences. If the customer requires more Sharepoint sites or more Teams backups, these can be purchased separately.
Accounts in the backup are automatically deleted if they have not been included in an active backup job for one year. However, the customercan add these accounts to their backup at any time and will be reminded of this in goodtime before deletion, so that there is sufficient time to take action.
Why should I use Backup&Restore instead of Microsoft`s own backup solution?
Microsoft now has its own backup solution. Nevertheless, this means that all your data is stored with a single provider and you are independent on Microsoft. You can be secure and independent if the backup of this data is carried out by a third-party provider such as sitaas GmbH. This is because a backup strategy that is independent of the actual manufacturer is essential in order to implement all compliance requirements.
Backup & Restore is a solution that has been developed from the archiving of this data. Data backup and recovery is secure, reliable and fast. The service also leaves nothing to be desired in terms of functionality and is significantly more comprehensive than its well-known competitors, e. g. from Switzerland. Backup & Restore also has a solution for working with Microsoft Purview Information Protection and sensitivity labels. Backup & Restore is a German solution that is particularly suited to the needs of German SMEs. The data is stored in Germany. All in all, it is a solution or service that German companies shpuld use to take control of their data.
Why should I use Backup & Restore instead of other third-party solutions?
Customers can only be secure and independent if their Microsoft 365 data is backed up by third-party provider such as sitaas GmbH. In recent years, a number of providers have established themselves and made a name of themselves in the field of backup and restore, including veeam, AvePoint and Skykick and Barracuda. Some of these providers are now also working on archiving solutions to expand their portfolio.
Backup & Restore is a solution that has envolved from the archving of this data. Data backup and recovery is secure, reliable and fast. The service also leaves nothing to be desired in terms of functionality ans is significantly more comprehensive than its well-known competitors. One forward-looking difference is the handling with Microsoft Purview information Protection and sensitivity labels., to which most providers do not yet have an answer. Backup & Restore can process the labels for backup and restoration. Backup & Restore is a German solution that is particularly suited to the needs of German SME`s. The data is stored in Germany. All in all, it is a solution or service that German companies should use to take control of their data.
We have tested some of the established solutions on the market and produced a white paper on the key differences. Take a look at “ White Paper” and see for yourself.
Are there configuration options for OCC Backup & Restore?
Yes, you have the option to configure and schedule your backup. This also allows you to start individual backups.
Does OCC Backup & Restore automatically recognise new users?
Yes, the OCC Backup & Restore module automatically detects new users and integrates them into the regular backup jobs. You do not need to add users manually.
OCC - Compliance Archiving
Is there a minimum order quantity?
The minimum order quantity is 10 user licences. For extension licences, the end of the term is identical tothe endof the term for the existing user licences.
What are the consequences of not archiving data?
I business related data is not archived, this constitues a failure to comply with accounting obligations. Accordingly, a company without an appropriate archive is non-compliant. In addition for possible penalties for tax evasion (Section378 AO) or tax fraud (Section 370 AO), thetax officemay, as a practical measure, restrict input tax deductibility. For SMEs, these measures can be expensive and even threaten their existence. For managing directors, personal liability can become an issue here if duties of care have been violated. Furthermore, sanctions under the GDPR can be imposed, which can result in much higher penalties. There are de facto two different laws in Germany that require data archving.
What distinguishes compliance archiving from other providers?
Compliance archiving has various advantages over other providers of archiving solutions abd has established itself in recent years as THE compliance archive. Furthermore, compliance archiving offers the creation of separate archiving locations for sensitive data, which can only be opened in accordance with the dual control principle and are therefore initially excluded from standard enterpreise searches. Unlimited data volume and storage in German ISO-certified data Centers are also included.
What are sensitive archive locations?
Sensitive archiving locations are specially protected areas in which data is archived via standard rules or manual categorisation of data using folders or categories. This is useful, for example, for separately archiving the communication of sensitive groups within the company, such as works council communication, management communication or HR communication. In addition, employees can be allowed or at least tolerated to use the system for private purposes, as they are given the opportunity to classify this private communication. In this way, sensitive data can only be searched if there is a justified need to do so and the previously defined persons authorise access. This can be done in various ways and can be defined individually with the customer.
How can companies ensure data protection when business communication tools are used for private purposes?
With the entry force of the GDPR, companies should establish clear rules regarding the handling of private messages via business email accounts or teams. Compliance Archiving offers a wide range of options to support customers in both permitting and prohibiting the private use of business communication tools.
How is compliance archiving licensed?
A licence for compliance archiving is required if the archived mailbox belongs to an active Exchange mailbox in which at least one item is archived. An active mailbox is a service that can be accessed by the user, such as a regularly archived email mailbox, resource or shared mailbox. Mailboxes that cannot be accessed by a user on the archive system are not counted. The minimum purchase are 10 licences. Former employees whose archive data is accessed via proxy access, are not activemailboxes and do not require a licence.
Why is it important to raise employee awareness of compliance archiving?
Compliance archving involves tamper-proof data storage. Raising awareness and training employees is essential and mandatory.We therefore recommend offering appropriate training, particularly when introducing a compliance archive and during the onboarding process for new employees. It is also advisable to raise awareness among all employees on a regular basis.
What is the legal basis for data archiving?
The obligation to archive emails in an audit-proof manner arises from the GoBD, the principles for the proper management and storage of books, records and documents in electronic form and for data access, which haven been in force since January 2017. Since then, digital business documents must be archived digitally for six to ten years. These regulations were updated in spring 2024 to include, in particular, stricter data security requirements and detailed regulations for cloud services.
With the entry into force of the GDPR, email archving is also experiencing a revival, as it is an important component in meeting all compliance requirements. Companies have a duty to ensure order and transparency when handling personal data with regard to technical and organisational measures. Audit-proof data archving ensures that ptential data protection violations or non-compliance with requirements are detected, especially in digital correspondence.
Can applicant data be archived?
Data protection requirements and the GDPR oblige companies to delete applicants documents after a certain period of time if the applicant is not hired. Even if the statutory retention periods are shorter, it is generally recommended to delete this data after a maximum of 6 months.
Therefore, processes must be created to prevet the archving of apllicant data. For example, applicants can only be accepted in a central applicant mailbox that is excluded from cloud archving, internal conduct guidelines can also stipulate that forwarding apllicant emails between employees is prohibited, as otherwise the applicant data will end up in email mailboxes that are part of an archive. Appropriate regulations must also be implementes fpr handing outsied of Exchange.
What does the eDiscovery tool offer?
The eDiscovery tool is provided free of charge, allowing you to quickly find relevant conversations and files during legal reviews.