ARN

Microsoft Azure gains ‘icing on the cake’ compliance standard

Attains new ISO 27701 certification in privacy first

Microsoft Azure has claimed to become the first major US cloud provider to obtain the new privacy international standard.

The new Privacy Information Management System (PIMS) certification is designed as an added extension to existing global privacy control standards and has been described as the “icing on the cake” for security compliance.

Microsoft’s attainment of this for Azure will mean its cloud partners can enable Azure customers to build upon its certification to comply with new global privacy requirements.

According to Microsoft, the PIMS creates a “strong integration point” for aligning security and privacy controls, by creating a framework for managing personal data that can be used by both data controllers and data processors.

A PIMS audit also requires an organisation to declare applicable laws or regulations in its criteria for the audit meaning that the standard can be mapped to requirements under the European Union’s General Data Protection Regulation (GDPR) and Australia’s Privacy Law.

Requirements for organisations to obtain ISO 27701 include confidentiality agreements, training, oversight and governance, stricter internal policies and record-keeping of all personally identifiable information.

In addition, the certification acts as a template for implementing compliance with new privacy regulations, which Microsoft claims will help reduce the need for multiple certifications and audits against new requirements.

“This will be critical for supply chain business relationships as well as cross-border data movement,” the vendor added in a blog post.