With the cloud becoming more and more prevalent, the number one question is this: Is it safe? With Microsoft’s Azure and Visual Studio Team Services, the answer is absolutely. These cloud offerings are backed by several compliance certifications. In fact, Microsoft has the most comprehensive set of compliance offerings of any cloud service provider. These certifications include ISO/IEC and HIPAA, among others.

ISO/IEC

The International Organization for Standardization, or ISO, is an independent organization that develops voluntary international standards. The International Electrotechnical Commission, or IEC, develops and publishes standards for electrical, electronic, and related technologies. Together, these organizations form the ISO/IEC subcommittee. The ISO/IEC 27000 family of standards outlines controls to allow organizations of all sizes to maintain the security of information assets.

The international acceptance of ISO/IEC 27001 – a specification for information security management systems – is why this standard is at the forefront of Microsoft’s approach to implementing and maintaining information security. Furthermore, Microsoft follows the standards laid out by ISO/IEC 27018, which gives guidance specifically to cloud service providers handling personally identifiable information. Azure Public and Azure Germany are audited at least once a year by a third party in order to maintain this certification. This also means that other Microsoft cloud services, like VSTS, undergo this annual audit as well.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. healthcare law that sets requirements for the use, disclosure, and protection of individual health information. This law applies to healthcare providers, such as hospitals and insurance companies. If one of these covered entities engages a business associate – Microsoft, in this case – to help with its healthcare functions, the covered entity must have a written contract with the business associate. The HIPAA website specifies what exactly must be contained in these contracts.

While there is no official certification for HIPAA, Microsoft’s contracts with covered entities have undergone annual audits by accredited independent auditors for the ISO/IEC 27001 certification. It is also important to remember that Azure backs Microsoft tools such as VSTS and Office 365. Thus, these cloud-hosted tools are supported by every certification that Azure has obtained.

Still have questions about Microsoft’s cloud-based tooling certifications? Contact our team here at PRAKTIK for more information.