Andrzej Kaźmierczak

Get IT solutions today!

Microsoft Azure – Compliance

Share this post to your SOCIAL MEDIA!

Microsoft invests heavily in being as much compliant with different regulations, standards and law as it can. Especially regarding cloud services. More and more customers are expecting such approach as they may have good evidence for their clients and auditors that services they are subscribed to are meeting all required criteria.

Microsoft public cloud – Microsoft Azure – meets a broad set of international, regional, and industry-specific compliance and regulatory standards. To give you on insight on the timeline have a look at the figure below.

As you can see it covers global (like SOC1, SOC2), US (FedRAMP, HIPAA) and others (EU Data Protective Directive, ISO 27018) standards and regulations. Some of the most important Standards/Regulations (of course other standards may be most important for others):

  • FIPS 140-2. US government standard that defines a minimum set of security requirements for products and systems that implement cryptography.
  • HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates patient Protected Health Information (PHI).
  • ISO/IEC 27018. Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers.
  • PCI DSS. Azure is Level 1 compliant with Payment Card Industry (PCI) Data Security Standards (DSS) version 3.0, the global certification standard for organizations that accept most payments cards, as well store, process, or transmit cardholder data.

For Microsoft, it is a continuous compliance approach driven by rigorous third-party audits, in example performed by the British Standards Institute. The list of standards is still growing. So to easier verify which cloud service (Microsoft Azure, Microsoft Office 365, etc.) complies with which standard in which Datacenter you should follow this site ref. https://www.microsoft.com/en-us/TrustCenter/Compliance/default.aspx . It gives a full overview of compliance of Microsoft cloud services. It also includes description and introduction of Microsoft Common Controls Hub (ref. https://www.microsoft.com/en-us/trustcenter/Common-Controls-Hub ) which is a subset of more than 200,000 individual compliance mandates from more than 800 laws and standards.

Andrzej Kazmierczak

About Andrzej Kazmierczak

Andrzej Kaźmierczak is an IT professional with many years of IT security experience to his credit. As a certified Architect and Systems Engineer in the field of Microsoft security solutions, Andrzej expands on his vast knowledge of the industry working with many major worldwide corporations and organizations from a wide variety of industry fields. Andrzej is also a published author of many security articles and blogs. His key specialties include the architecture, design, implementation and support for Identity Federation, Azure and Cloud, work in the field of Public Key Infrastructure and smart cards, as well as a wide array of Information Protection and Rights Management. Follow on twitter: @ANDKAZM View all posts by Andrzej Kazmierczak →
This entry was posted in Microsoft Azure and tagged , . Bookmark the permalink.

Leave a Comment

Your email address will not be published. Required fields are marked *