A logo represent compliance

Cloud Security Mark Gold (CS Gold Mark)

Microsoft received the CS Gold Mark in Japan for Azure (IaaS and PaaS) and Office 365 (SaaS).

Microsoft and CS Gold Mark

After rigorous assessments by a JASA-certified auditor, Microsoft received the CS Gold Mark for all three service classifications. Accreditations were granted for Microsoft Azure Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), and for Microsoft Office 365 Software as a Service (SaaS). Microsoft was the first global CSP to receive this accreditation across all three classifications.

Learn how to accelerate your CS Gold Mark deployment with our Azure Security and Compliance Blueprint.

Download the Microsoft Cloud - Azure and Office 365 CS Gold Mark Baseline Coverage User Guide

Microsoft in-scope cloud services

Audits, Reports and certificates

Accreditation is valid for three years, with a yearly surveillance audit to be conducted.

CS Gold Mark Overview

The Cloud Security Mark (CS Mark) is the first security standard for cloud service providers (CSPs) in Japan, and is based on ISO/IEC 27017, the international code of practice for information security controls. This in turn is based on ISO/IEC 27002 for cloud services, which addresses information security in cloud computing and the implementation of cloud-related information security controls.

The CS Mark is accredited by the Japan Information Security Audit Association (JASA), a nonprofit organization established by the Ministry of the Interior and the Ministry of Economy, Trade, and Industry to strengthen information security in Japan. The CS Mark promotes the use of cloud services and provides:

  • A common standard that CSPs can apply to address common customer concerns about the security and confidentiality of data in the cloud and the impact on business of using cloud services.
  • Verifiable operational transparency and visibility into the risks that customers face when they use cloud services.
  • Objective criteria that enterprises and government can use to choose a CSP, and clarification of the security requirements that CSPs must follow to be accredited.

JASA developed the Authorized Information Security Audit System (AISAS), which specifies the audit of approximately 1,500 controls covering such areas as organization for information, physical, and development security; the security of human resources; and business continuity, disaster recovery, and incident management. The AISAS offers CS Gold Mark accreditation that requires an independent auditor authorized by JASA to perform a stringent audit. A CS Gold Mark means that in-scope services can host important government data.

female working on laptop with male colleague looking at her screen
female working on laptop with male colleague looking at her screen

Assess your GDPR compliance

Find out if your organization meets personal data protection requirements. Take our quick, interactive 10-question evaluation to assess your readiness to comply with the GDPR today.

Take the assessment

Frequently asked questions

If your organization is using Azure or Office 365, you will need to ensure that the CS Mark addresses your own security requirements. If CS Mark does address your security requirements, then you can use the Microsoft accreditation and audit report as part of your own accreditation process. You are responsible for engaging an auditor to evaluate your implementation for compliance, and for the controls and processes within your own organization.