Companies without on-premise environments have difficulty presenting solutions and evidence for the various questions asked in supplier evaluations. We support our clients in facing these challenges; see the table below with the most common questions and answers:
| Requirement | Answer | Evidence |
|---|---|---|
| Data encryption at rest (Microsoft) | Data stored in SharePoint and OneDrive complies with the encryption defined by the service provider using its own AES 256-bit keys | Published at the link learn.microsoft.com |
| Data encryption in transit (Microsoft) | Data is transmitted to/from the storage service provider using a secure SSL connection with certificates issued with a minimum length of 2048 bits. | Published at the link learn.microsoft.com |
| Data encryption at rest (Google) | Data stored in Shared Drives and My Drive complies with the encryption defined by the service provider using its own AES 128-bit or higher keys | Published at the link services.google.com |
| Data encryption in transit (Google) | Data is transmitted to/from the storage service provider using a secure SSL connection with certificates issued with a minimum length of 2048 bits. | Published at the link services.google.com |
| Log retention and audit trail (Microsoft) | The service provider's standard audit log retention policy is retained for 180 days. | Published at the link learn.microsoft.com |
| Log retention and audit trail (Google) | The service provider's standard audit log retention policy is retained for 180 days, except for some types of events as detailed in the provided link. | Published at the link support.google.com |
| Log retention and audit trail (Acronis) | The service provider's standard audit log retention policy is retained for 90 days. | Published at the link care.acronis.com |
| Data storage region (Microsoft) | Microsoft indicates that data stored by the service is currently hosted in the country [COUNTRY]. | Published at the link entra.microsoft.com, properties tab |
| Data storage region (Google) | Google indicates that data stored by the service may currently be hosted in the United States and European Union when no preference is specified. | Detailed at the link support.google.com, if applicable, published at the link admin.google.com |