Earlier this week marked a major milestone; Microsoft is raising the bar on security and compliance and officially stepping into the realm of international cloud privacy with the adoption of two new standards: ISO/IEC 27018 and HITRUST.
Microsoft has been tireless in its efforts to continually protect its customers’ data and provide compliance capabilities fit for any industry or geographical location. These new certifications validate Microsoft’s dedication to sophisticated innovation and consistent improvement in security and compliance capabilities, resulting in a safer enterprise cloud.
What do these new certifications mean for Microsoft customers?
Microsoft Azure, Office 365, Dynamics CRM Online, and Microsoft Intune were all certified under ISO/IEC 27018, which is designed by the International Organization of Standardization (ISO) to protect Personally Identifiable Information (PII) in public clouds. ISO/IEC 27018 the world’s first internationally standardized framework for protecting the privacy of personal data stored in the cloud.
Achieving this means that Microsoft has made security a priority and operates under a stronger, industry-wide framework built on six defining principles:
Consent: Personal data will never be processes for reasons outside of the instructions of the customer, including the use of information for advertising or marketing purposes. Customers should never have to agree to have their data used for advertising or marketing purposes in order to use the service.
Control: Customers have complete control over how their information is used.
Transparency: The customer will be informed by Microsoft where their data is stored and how it is handled.
Communication: Microsoft will let customers know at the moment breaches occur, keeping record of the incident and how they responded.
Auditing: Microsoft will be subject to independent and periodic audit to ensure that it conforms to ISO/IEC 27018 standards.
Viewed as particularly important for U.S. Healthcare organizations, the HITRUST assessment speaks to a cloud provider’s ability to protect information in a reliable and sustainable way. The HITRUST has established the Common Security Framework (CSF), which is the most widely adopted security framework for organizations that handle personal health and financial information, and provides a rating based on five maturity levels. An independent assessor evaluated Microsoft Office 365 at Level 5–the highest possible rating.
These new standards are just two of the ways Microsoft is demonstrating their commitment to protect their customers’ data through dedicated resources and continued innovation.
SADA Systems is a Microsoft National Solutions Provider with Gold Competencies and more than a decade of experience implementing Microsoft cloud solutions. To learn more about Microsoft enterprise cloud solutions, visit our website or email us at email@example.com.