Because ISO/IEC 27018 requires certified CSPs to inform customers of the countries in which their data may be stored, Microsoft cloud service customers have the visibility they need to comply with any applicable information security rules. Customers of Microsoft cloud services know where their data is stored.To remain compliant, Microsoft cloud services must be subject to annual third-party reviews.īy following the standards of ISO/IEC 27001 and the code of practice embodied in ISO/IEC 27018, Microsoft demonstrates that its privacy policies and procedures are robust and in line with its high standards. As part of this compliance verification process, the auditors validate in their statement of applicability that Microsoft in-scope cloud services and commercial technical support services have incorporated ISO/IEC 27018 controls for the protection of PII in Azure.
This audit provides independent validation that applicable security controls are in place and operating effectively. Based on EU data-protection laws, it gives specific guidance to cloud service providers (CSPs) acting as processors of personally identifiable information (PII) on assessing risks and implementing state-of-the-art controls for protecting PII.Īt least once a year, Microsoft Azure and Azure Germany are audited for compliance with ISO/IEC 27001 and ISO/IEC 27018 by an accredited third-party certification body. In 2014, the ISO adopted ISO/IEC 27018:2014, an addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. The ISO/IEC 27000 family of standards helps organizations of every type and size keep information assets secure.
The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world's largest developer of voluntary international standards.
0 kommentar(er)
