Microsoft employs an ongoing management and governance process—the Business Continuity Management Plan Development Lifecycle—for its cloud-based offerings. This process ensures that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products and services.
What industry audit and security certifications cover the Microsoft platform? Microsoft online services environments must meet numerous government-mandated and industry-specific security requirements in addition to Microsoft’s own business-driven specifications. As Microsoft online businesses continue to grow and change and new online services are introduced into the Microsoft cloud, additional requirements are expected that could include regional and country-specific data security standards. Microsoft Global Foundation Services (GFS) works across operations, product, and service delivery teams and with internal and external auditors to ensure Microsoft is in compliance with relevant standards and regulatory obligations.
One of the successes of Microsoft’s efforts in this regard is that the Microsoft cloud infrastructure has achieved both SAS 70 Type I and Type II attestations (moving to SSAE 16 and ISAE 3402 in 2012) and ISO/IEC 27001:2005 certification.