All your data safe within your firewall
All ShareControl products – Contract, IFRS 16 og Transparency – store your organisation’s data directly in your own Microsoft 365 environment. No data held by a third party, no external infrastructure.
Data in your own tenant
No THIRD-PARTY STORAGE
Azure AD sign-in
EXISTING USERS – NO EXTRA PASSWORDS
ISO 27001 · SOC 1-3 · GDPR · DORA
MICROSOFT CERTIFICATION INCLUDED
AES-256 encryption
TLS 1.2+ i transitt
Microsoft Defender ATP
GDPR & DORA compliance
Data in EU/Norway
Defined and configured by ShareControl
Security in ShareControl is an interplay between two layers: functionality that ShareControl configures for your organisation during implementation, and the general security framework already in place in Microsoft 365 that your IT department manages.
Local data storage
ShareControl creates dedicated libraries in your existing SharePoint where all data from Contract, IFRS 16 and Transparency is stored. Everything remains in your own Microsoft 365 tenant – no external transfers, no third-party servers. No configuration required from IT.
SHARECONTROL CREATES THE LIBRARIES · IT DOES NOTHING
Role-based access control
ShareControl provides standard user profiles with predefined access levels and permissions, assigned to the relevant users in your organisation during implementation. If a user requires specific access beyond the standard profiles, ShareControl assists with the configuration.
STANDARD USER PROFILES FROM SHARECONTROL · CUSTOM ACCESS ON REQUEST
Audit log
ShareControl has a dedicated version log that gives auditors full visibility into changes in lease agreements and contracts that affect the financial result. The organisation can also see who has created new contracts or made changes following negotiations or contract reviews – with timestamp and user.
DEDICATED IN SHARECONTROL · FOR AUDITORS AND INTERNAL CONTROL
General Microsoft 365 security
Applies automatically to ShareControl because the products run in M365 – configured and managed by your organisation’s IT department.
Azure AD & MFA
Users sign in with their existing Microsoft 365 accounts via Azure Active Directory – no new passwords or separate login systems. If multi-factor authentication (MFA) is enabled in your M365 tenant, this automatically applies to all ShareControl products without any additional configuration.
AUTOMATIC VIA M365 · MANAGED BY IT
AES-256 encryption
All data at rest is protected with AES-256 encryption, and all communication takes place over TLS 1.2 or higher. This is part of the Microsoft 365 platform and applies to all data in your tenant – including everything stored via ShareControl. Dette er en del av Microsoft 365-plattformen og gjelder for all data i din tenant – inkludert alt som lagres via ShareControl. Encryption level and policy is defined by your IT department.
AES-256 · TLS 1.2+ · MANAGED BY IT
Microsoft Defender ATP
Microsoft Defender and Advanced Threat Protection continuously scan all files and documents in SharePoint for malware, viruses and malicious links – including data from ShareControl products. This is part of the M365 platform and is managed by your IT department.
DEFENDER · ATP · MANAGED BY IT
Version control & recovery
SharePoint provides automatic version control of documents at library level – all files stored via ShareControl products are covered. Deleted documents can be restored from the SharePoint recycle bin. The feature is enabled and managed by IT per document library.
SHAREPOINT-FUNCTIONALITY · MANAGED BY IT
GDPR & DORA compliance
Data is stored in Microsoft’s data centres in the EU, with the option of storage in Norway. Microsoft 365 is certified to ISO 27001, ISO 27018 and SOC 1–3, and is fully compliant with Schrems II. This is part of your organisation’s general M365 setup and is not changed in connection with ShareControl.
GENERAL M365 CONFIGURATION · ISO 27001 · SOC 1-3
DLP via Microsoft Purview
Through Microsoft Purview, your organisation can set up Data Loss Prevention (DLP) and information governance policies that prevent sensitive information from being shared unintentionally. This applies to all data in the M365 tenant – including ShareControl – and is configured and managed by IT.
PURVIEW DLP · MANAGED BY IT
COMPARISON
ShareControl (M365-based) vs. third-party SaaS
An objective overview of the key security differences. Where third-party SaaS solutions can offer equivalent functionality, this is indicated.
| SECURITY ELEMENT | SHARECONTROL (M365-BASED) | THIRD-PARTY SAAS |
|---|---|---|
| Data ownership | ✓ Data in your own tenant and firewall | ✗ Data on the vendor’s servers |
| Authentication & MFA | ✓ Azure AD SSO built in – no integration required. MFA inherited automatically from M365 policy. | ~ SSO via Azure AD possible, but requires separate integration per solution. MFA available, but setup and consistency varies. |
| Access control | ✓ Directly in SharePoint and Active Directory – no separate administration. | ~ Managed in the vendor’s system. AD sync possible via SCIM, but requires separate setup and maintenance. |
| Encryption | ✓ AES-256 + TLS 1.2+ – Microsoft’s platform, certified and documented. | ~ Most reputable vendors use AES-256 + TLS 1.2+, but key management and documentation vary. |
| Threat detection | ✓ Microsoft Defender ATP – well-known, certified and integrated in your M365 environment. | ~ Varies per vendor. Limited visibility into how scanning is performed. |
| Audit log | ✓ M365 Compliance Center – automatic. | ✗ Limited – outside your control. |
| GDPR | ✓ Covered by your organisation’s existing GDPR compliance. Possible revision of the data processing agreement for new data types. | ✗ Requires full GDPR process – data processing agreement, assessment of data storage geography and ongoing compliance follow-up. |
| Vendor change | ✓ Data always remains in your organisation’s own tenant regardless of the vendor relationship. | ✗ Data must be exported and migrated from the vendor’s systems – process and format depend on the vendor. |
| IT administration | ✓ Managed via existing M365 tools. | ✗ Additional systems and integrations. |
DATA CONTROL
Your data – always within your control
None of ShareControl’s products introduce new data flows outside your organisation. Contract, IFRS 16 and Transparency all operate within your existing Microsoft 365 environment.
No new data path out
ShareControl consists of SPFX web parts running in the user’s browser against your SharePoint installation. No data from Contract, IFRS 16 or Transparency passes through Share Control AS’s servers.
Local customers – local data storage
Microsoft offers customers the option of storing data in local data centres. Your organisation can meet strict requirements for geographic data storage.
Simple transition when changing vendor
Data always remains in your tenant. If you switch solution, there is no risk of data migration to external infrastructure – your IT department retains full control.
DATA FLOW IN SHARECONTROL
SSO + MFA
User (browser)
Signs in with existing M365 account via Azure AD
Code only
ShareControl (SPFX web part)
Runs in the browser – no external server involved
Your infrastructure
Your SharePoint Online tenanT
All data stored in your M365 tenant in EU/Norway
Integrated
Microsoft 365 security layer
Defender, Purview, Compliance Center, Azure AD – all active
Ready to see the security difference for yourself?
Book a walk-through and see how ShareControl Contract, IFRS 16 and Transparency fit into your Microsoft 365 infrastructure – with security included from day one.
CERTIFICATIONS AND STANDARDS
Built on Microsoft’s globally recognised security foundation
The Microsoft 365 platform is certified to the most stringent international standards for information security and privacy.
ISO 27001
International standard for information security management
ISO 27018
Privacy protection for processing personal data in the cloud
SOC 1 – 3
Independent audit of controls for operational security
GDPR · DORA
European privacy and resilience requirements met
SAME LEVEL OF SECURITY IN ALL SHARECONTROL PRODUCTS
IFRS 16
Calculation and reporting on all leasing and rental agreements.
Contract Management
Contract management and agreement management for overview and control.
Transparency Act
One place to handle all processes related to Transparency Act compliance.
Board portal
Effective board work in a safe and secure manner.
Latest from our blog
Sorry, no posts were found.
