When you choose a cloud provider, you should understand how this provider can help you comply with standards and regulations.
Depending on the industry your business is in, you may need to comply with different standards and regulations.
Let's talk about just a few of the compliance offerings in Azure
now. This isn't a comprehensive list, but it can give you a sense as to the extent to which cloud providers and more specifically, azure will go to. In order to give you everything you need to run your applications in the cloud,
we'll start with some generic security standards.
One of those is the Cloud Security Alliance Star certification.
In order to achieve this certification, as you're also needed to achieve ISO 27001 certification and meet criteria specified in the Cloud Control matrix,
next is the National Institute of Standards and Technologies Cybersecurity Framework.
This is a voluntary framework that consists of standards, guidelines and best practices to manage cybersecurity related risks.
There are also some industry specific certifications that will talk about
one of those is a, I Think Pa Sock,
which stands for service organization controls.
There are three levels of those 12 and three
Microsoft Services are audited annually against the SOCK report framework using an independent third party auditor.
The Health Insurance Portability and Accountability Act is a U. S federal law that regulates patient protected health information
as your offers its customers a business associate agreement in compliance with the Security and Privacy Provisions in the Hippo and the Health Information Technology for Economic and Clinical Health Act. Also called high tech.
The payment Card Industry Data Security standard is a proprietary information security standard for organizations that handle branded credit cards.
Those are the credit cards from the major credit card issuing companies like Visa, MasterCard, American Express, Discover and J C B.
Azure is certified to host workloads that provide transaction information or processing according to the P. C. I. D. S s standard.
If you develop applications for any U. S. State or local agency and need to access the Criminal Justice information services from the FBI, you need to to adhere to the C. G. I s security policy.
Azure is the only major cloud provider that commits to conformance with the C. G. I s security policy
Now, So far, we've been discussing only American or U. S based regulations. What about the international ones?
But one of the biggest ones is the General Data Protection Regulation that took effect on May 28th 2019
in the European Union.
It is a law that imposes new rules on anybody who collects private information from European citizens.
This law and the GDP are they apply no matter where you're located.
The UK government G Cloud is a certification for cloud computing products and services used by government entities in the United Kingdom.
Azure has official accreditation from the UK government for such services.
The multi tier cloud security assessment is conducted by the MTC s certification body, which is part of the Media Development Authority of Singapore.
Microsoft is the first global cloud provider who received certification across all three service classifications
infrastructure as a service platform as a service and software as a service.
This list gives you a glimpse of some of the certification offerings that are offered by Azure.
For more details, you can go and get the complete list from the Azure Trust website