The Microsoft Trust Center is expanding, and today we’re adding more of our enterprise cloud services—Microsoft Commercial Support, Microsoft Dynamics AX, and Microsoft Power BI. These services join Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365 into the Trust Center.
Additionally, we are adding two new compliance attestations, ENS in Spain and FACT in the UK. These two new certifications, added to those announced in March—CS Mark in Japan and MPAA— bring our total to 37—the most comprehensive of any major cloud service provider in the world.
We launched the Trust Center in November 2015 to create a central point of reference for cloud trust resources and to detail our commitments to security, privacy and control, compliance, and transparency. It is here that we document our adherence to international and regional compliance certifications and attestations, and lay out the policies and processes that Microsoft uses to protect your privacy and your data. Here, too, you’ll find descriptions of the security features and functionality in our services as well as the policies that govern the location and transfer of the data you entrust to us.
The new Microsoft compliance certifications and attestations include:
- ENS. The Esquema Nacional de Seguridad (National Security Framework) in Spain provides ICT security guidance to public administrations and service providers. Microsoft was the first cloud service provider to receive the ENS certification—for Azure and Office 365.
- FACT. The Federation Against Copyright Theft in the UK developed a certification scheme based on ISO 27001 that focuses on physical and digital security to protect against the theft of intellectual property. Azure was the first multitenant public cloud to achieve FACT certification.
- MPAA. Azure was the first hyperscale cloud provider to comply with the Motion Picture Association of America guidance and control framework for the security of digital film assets.
- CS Mark. The Cloud Security Mark is the first security standard for cloud service providers in Japan. Microsoft achieved a CS Gold Mark for all three service classifications: Azure for IaaS and PaaS, and Office 365 for SaaS.
The Trust Center website reflects the principles that underpin our products and services:
- Security. Get an overview of how security is built into the Microsoft Cloud from the ground up, with protection at the physical, network, host, application, and data layers so that our online services are resilient to attack.
- Privacy and control. Get visibility into our datacenter locations worldwide, data access policies, and data retention policies, backed with strong contractual commitments in the Microsoft Online Services Terms.
- Compliance. Here you’ll find comprehensive information on Microsoft Cloud certifications and attestations such as EU Model Clauses, FedRAMP, HIPAA, ISO/IEC 27001 and 27018, PCI-DSS, and SOC 1 and SOC 2. Each compliance page provides background on the certification, a list of compliant services, and detailed information such as implementation guides and best practices.
- Transparency. The Microsoft Cloud is built on the premise that for you to control your customer data in the cloud, you need to understand as much as possible about how that data is handled. You’ll find a summary of the policies and procedures here.
Visit the Microsoft Trust Center.