• 3 min read

Azure compliance white paper-o-rama

To help our customers understand how to deploy in Azure while successfully interpreting US and international governance requirements, we produced a series of documents that can be leveraged during your cloud-adoption journey. The following white papers include guidance for US law enforcement, US education, UK G-cloud, and Cloud services in Germany, Malaysia, New Zealand, Singapore, and Australia.

Following national and regional regulations of the countries your business operates in is not an easy task, yet it is an absolute necessity as businesses across all industries see their customer bases expand geographically. Whether you’re a business or an organization operating within the boundaries of a single country or across the globe, you can confidently move to the cloud and still maintain alignment with regional and international requirements. To help our customers understand how to deploy in Azure while successfully interpreting US and international governance requirements, we produced a series of documents that can be leveraged during your cloud adoption journey.

The following white papers include guidance for US law enforcement, US education, UK G-cloud, and Cloud services in Germany, Malaysia, New Zealand, Singapore, and Australia. These papers shed light on the nuances we want our customers to be aware of when interacting with government or regional authorities as it relates to adopting Azure cloud services.
 
Here's a short summary of our most recently produced white papers:

  •  The CJIS Implementation Guidelines for Azure Government, Office 365 Government, Dynamics CRM Online Government white paper is designed to provide insight into the Criminal Justice Information Services (CJIS) security controls applicable to Microsoft Cloud services, and provide guidance to law enforcement agencies on where to access detailed information to assist in CJIS audits. This document provides guidelines and resources to assist CJIS Systems Agencies (CSA) and law enforcement agencies (LEA) in implementing and utilizing Microsoft Government Cloud features, which meet the applicable CJIS certification standards and are consistent with FBI CJIS Security Policy.
  • The FERPA Implementation Guide for Microsoft Azure white paper helps educational organizations that are considering a move to Azure and are looking for guidance in designing and operating solutions that incorporate security controls to help them meet their compliance challenges. This paper provides insight into how Microsoft meets its compliance obligations on the platform and presents best practices and security principles that are aligned to the Family Educational Rights and Privacy Act (FERPA), International Organization for Standardization (ISO) 27001, Microsoft’s Security Development Lifecycle (SDL), and operational security for online security.  
  • The Microsoft Cloud Germany for commercial customers in the European Union (EU) and European Free Trade Association (EFTA) white paper provides guidance on how to store and manage customer data in compliance with applicable German laws and regulations as well as key international standards. By leveraging the Microsoft developed data trustee model that provides and enables European customers to move to the cloud, EU and EFTA customers can achieve compliance while utilizing Azure cloud services.
  • The Microsoft Azure Compliance in the context of Malaysia Security and Privacy Requirements white paper addresses Malaysian regional compliance matters in the context of Malaysia Security and Privacy Requirements. Read this white paper to learn more about the questions faced by customers in Malaysia who are considering a move to the cloud.
  • The Microsoft Azure Compliance in the context of New Zealand Security and Privacy Requirements white paper is written for IT decision makers in New Zealand who are considering whether to move their data to Microsoft Azure. This paper addresses questions like: Does Microsoft Azure meet New Zealand’s compliance requirements? Where is data stored and who can access it? What is Microsoft doing to protect data? How can a customer verify that Microsoft is doing what it says? New Zealand organizations in need of meeting compliance requirements can read this paper to learn about Azure key security and privacy principles that will enable them to meet their compliance goals.
  • The Microsoft Azure Compliance in the context of Australia Security and Privacy Requirements white paper is written for Australian organizations looking to navigate their country-specific security and privacy requirements. Protecting data, monitoring and securing access, and meeting customer promises are achieved by Azure through implementing security and privacy principles, enabling Australian customers to leverage our cloud offerings with confidence. 
  • The Microsoft Azure Compliance in the context of Singapore Security and Privacy Requirements white paper addresses the Singapore standards Multi-Tier Cloud Security (MTCS) and how Microsoft complies with the Singapore Personal Data Privacy Act (PDPA). This means both government and commercial customers can have confidence knowing they comply with Singapore legislative and certification requirements when deploying data to the cloud.
  • The 14 Cloud Security Controls for UK cloud using Microsoft Azure white paper provides customer strategies on moving their services to Azure while meeting their UK obligations mandated by the CESG/NSCS. Customers of the UK can learn how Azure can be used to help address the 14 controls outlined in the cloud security principles. This paper also outlines how customers can move faster and achieve more while saving money as they adopt Azure cloud services.

These white papers represent a set of new guidance created to help customers understand local laws and governance issues, and provide insight into the local regulatory requirements when deploying to the cloud. Check out these papers as well as other useful guidance on the Microsoft Trust Center.