2 min read

Announcing that Power Virtual Agents is FedRAMP, HITRUST, PCI, and OSPAR compliant

Last year, we announced that Power Virtual Agents was covered under HIPAA and acquired SOC, ISO, & CSA certifications. Today, we are excited to announce that Power Virtual Agents acquired the following four additional certifications:

1. Federal Risk and Authorization Management Program (FedRAMP)

FedRAMP was established to provide a standardized approach for assessing, monitoring, and authorizing cloud computing products and services under the Federal Information Security Management Act (FISMA) and accelerating the adoption of secure cloud solutions by federal agencies.

Microsoft’s government cloud services meet the demanding requirements of  FedRAMP.

By deploying protected services including Azure Government, Office 365 U.S. Government, and Dynamics 365 Government, federal and defense agencies can leverage a rich array of compliant services.

Power Virtual Agents availability in GCC plan is estimated to be generally available in June 2021.

2. Health Information Trust Alliance (HITRUST)

HITRUST is an organization governed by representatives from the healthcare industry. HITRUST created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers consistently demonstrate their security and compliance.

The CSF builds on HIPAA and the HITECH Act, which are US healthcare laws that have established requirements for the use, disclosure, and safeguarding of individually identifiable health information and enforce non-compliance.

HITRUST provides a benchmark — a standardized compliance framework, assessment, and certification process — against which cloud service providers and covered health entities can measure compliance.

3. Payment Card Industry (PCI) Data Security Standard (DSS)

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data.

Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands:

  • Visa
  • MasterCard
  • American Express
  • Discover
  • Japan Credit Bureau (JCB).

Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data.

4. Association of Banks in Singapore (ABS) Outsourced Service Provider’s Audit Report (OSPAR)

The OSPAR framework was established by the Association of Banks in Singapore (ABS), which formulated IT security guidelines for outsourced service providers (OSPs) seeking to provide services to Singapore’s financial institutions. The ABS Guidelines are intended to help financial institutions understand approaches to due diligence, vendor management, and key technical and organizational controls that should be implemented in cloud outsourcing arrangements, particularly for material workloads.

To learn more about Power Virtual Agents compliance offerings, see the documentation here.

We’d love to hear about your experience with this feature! Please visit our community forum at https://aka.ms/PowerVirtualAgentsForum and share your feedback.

If you have any idea requests, please submit them at https://aka.ms/PowerVirtualAgentsIdeas.