locked
To which regulations are microsoft and their services compliant RRS feed

  • Question

  • Hi all,

    I am hoping to find a nice list of which regulations Microsoft maintains compliance too.

    I.E. for azure data centers in Ireland - ISO 27001, EU GDPR, etc etc.

    The closest thing I can find is a long list of Microsoft audit reports in the compliance manager, however it will take a good while to parse through the entire list and compile a table of their compliance relative to each service, data centre region etc.

    Is anyone aware of a neatly compiled overview of such information?

    Thanks in advance.

    Wednesday, July 17, 2019 12:54 PM

Answers

All replies

  • Hello Jeffrey,

    yes there is.

    Have a look here: https://www.microsoft.com/en-us/trust-center/compliance/compliance-overview


    Peter Geelen - MVP Enterprise Mobility (Identity and Access) (user page)

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]


    Thursday, July 18, 2019 11:40 AM
  • Hi Peter,

    Thank you for the response,

    I have seen this area but all i can find is where they can assist me in proving our companies compliance with regards to the microsoft services we utilize.

    i am looking for an overview report of Microsofts own internal compliance to regulations. Essentially what you would look for if your company audited Microsoft.

    The compliance center only has a list of all the audits, please see an example of the kind of info i would be looking for below.

    Perhaps I am missing something but i dont seem to be able to find this sort of overview

    

    Friday, July 19, 2019 9:33 AM
  • Jeffrey,

    The Microsoft compliance to these regulations is documented here: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

    The ISO9001, ISO27001, PCI-DSS, .. and lots more GRC, CSA,ENS, FEDRAMP, ... it is in there...

    Azure is in there, Exchange as part of O365 is in there...

    Office 365 Exchange Online Cohasset SEC 17a-4(f) Assessment

    It's not only a list of audits, it also shows the certifications... 

    An audit with certification IS proving compliance.

    Also the design blue prints can be consulted.

    https://servicetrust.microsoft.com/ViewPage/BlueprintOverviewv3

    Also: 

    https://download.microsoft.com/download/A/C/5/AC5977D4-A7AE-443A-9099-4711D143B581/Ask_your_cloud_provider_about_compliance.pdf

    And you can even consult how they do the penetration tests on the Microsoft environment.
    https://servicetrust.microsoft.com/ViewPage/TrustDocumentsV3

    That is more informaiton than you can ever compile yourself in a lifetime, ...

    But that will not necessarily mean that YOUR company is compliant using these services. That is your responsibility, using them correctly. 


    Peter Geelen - MVP Enterprise Mobility (Identity and Access) (user page)

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Friday, July 19, 2019 10:02 AM
  • So no one has done my job for me i guess :), to me that is the raw list that I need to neaten up abit.

    I appreciate your responses,

    Thanks,

    Kind Regards,

    Friday, July 19, 2019 10:19 AM