Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 3 - Privacy, Compliance & Data Protection Standards (Compliance…
Module 3 - Privacy, Compliance & Data Protection Standards
Compliance Offerings
CJIS. Any US state or local agency that wants to access the FBI’s Criminal Justice Information Services (CJIS) database is required to adhere to the CJIS Security Policy. et.
CSA STAR Certification. Azure, Intune, and Microsoft Power BI have obtained STAR Certification, which involves a rigorous independent third-party assessment of a cloud provider’s security posture
-
EU Model Clauses. Microsoft offers customers EU Standard Contractual Clauses that provide contractual guarantees around transfers of personal data outside of the EU.
HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates patient Protected Health Information (PHI)
ISO/IEC 27018. Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers.
-
Service Organization Controls (SOC) 1, 2, and 3. Microsoft-covered cloud services are audited at least annually against the SOC report framework by independent third-party auditors
National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). NSIT CSF is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks.
UK Government G-Cloud. The UK Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom
-
Trust Center
a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services
In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
Recommended resources in the form of a curated list of the most applicable and widely used resources for each topic.
Information specific to key organizational roles, including business managers, tenant admins or data security teams, risk assessment and privacy officers, and legal compliance teams.
Cross-company document search, which is coming soon and will enable existing cloud service customers to search the Service Trust Portal.
-
-
-
Compliance Manager
Detailed information provided by Microsoft to auditors and regulators, as part of various third-party audits of Microsoft 's cloud services against various standards (for example, ISO 27001, ISO 27018, and NIST).
Information that Microsoft compiles internally for its compliance with regulations (such as HIPAA and the EU GDPR).
-
Enables you to assign, track, and record compliance and assessment-related activities, which can help your organization cross team barriers to achieve your organization's compliance goals.
Provides a Compliance Score to help you track your progress and prioritize auditing controls that will help reduce your organization's exposure to risk.
Provides a secure repository in which to upload and manage evidence and other artifacts related to compliance activities.
Produces richly detailed reports in Microsoft Excel that document the compliance activities performed by Microsoft and your organization, which can be provided to auditors, regulators, and other compliance stakeholders.